►
From YouTube: TGI Kubernetes 189: Quotas and Budgets
Description
Join Evan Anderson to learn more about managing Kubernetes resource usage in clusters with tools like KubeCost, LimitRanger and Quotas. These tools can help bring visibility into resource usage by different teams in a cluster, and enable better resource usage and sharing of cluster resources.
A
Hello,
everyone
welcome
to
tgik
at
one
o'clock
now
sorry
about
anyone
who
got
an
early
notification
that
I'd
gone
live.
I
was
just
getting
obs
set
up
and
I
forgot
that
when
you
say
start
streaming,
it
kicks
off
youtube
immediately.
A
Yeah
we've
had
a
few
weeks
off,
we've
been
talking
that
we
might
make
tgik
more
of
a
sort
of
a
monthly
occurrence
rather
than
an
every
week
occurrence,
because
there's
a
lot
of
stuff
going
on
in
the
world
and
as
exciting
as
kubernetes
is
there's
a
lot
of
other
things
that
people
have
life
going
on
and
so
showing
up
every
week,
finding
a
new
topic
and
doing
all
of
the
production
and
post-production
and
so
forth,
starting
to
get
it
to
be
a
little
bit
of
a
load.
A
A
We
will
be
talking
about
kubecon
eu
shortly,
among
other
things,
so
I'm
going
so
I'm
hoping
to
see
some
of
you
there.
If
you
didn't
see
any
of
the
various
communications
from
the
cncf
masks
are
still
required,
so
we're
going
to
you
know
we're
all
going
to
see
each
other
safely.
You
know
this
is
going
to
be
my
first
international
flight
in
quite
a
while,
so
I'm
a
little
nervous,
but
looking
forward
to
it.
A
So
for
those
of
you
who've
forgotten
how
this
works.
Usually
we
start
with
a
little
review
of
what's
going
on
in
the
general
kubernetes
ecosystem,
and
this
week
we
already
talked
about
the
kubecon
eu.
A
If
anyone
has
particular
you
know,
oh
days,
you
know
here's
this
day,
zero
thing,
that's
really
awesome.
You
know
feel
free
to
chime.
In
there
we
virtual
tickets
are
also
still
available.
I
forgot
to
check
if
non-virtual
tickets,
if
physical
tickets
are
still
available
or
if
that's
sold
out.
A
In
case
you're,
thinking
of
going,
I'm
looking
forward
to
seeing
the
folks
who
are
there
and
the
kubernetes
release
team
for
those
of
you
who
haven't
been
keeping
track,
releasing
kubernetes
and
getting
a
kubernetes
release
out
on
time
with
the
thousands
of
contributors-
and
you
know,
probably
about
a
dozen
or
so
sigs,
each
of
whom
have
features
and
caps
and
so
forth,
going
in
is
a
pretty
complicated
process.
A
But
if
you're
on
one
of
those
things
you're
not
doing
it
alone,
there's
a
team
that
shepherds
the
release
from
the
beginning
to
the
end
and
so
they're
keeping
track
of
the
timelines
and
the
caps
and
what
features
are
going
to
go
in
and
which
features
aren't
and
the
way
that
this
works
is
there's
an
experienced
team
there.
But
they're
always
looking
for
new
people
to
jump
in,
and
you
start
with
a
shadow
rotation.
A
So
you
are
following
along,
but
you're,
not
the
person
who's
critically
responsible
for
getting
a
certain
feature
done,
and
so
you
get
to
learn
how
all
this
stuff
works
and
learn
the
ropes.
And
then,
after
that's
done,
you
get
to.
You
know
you're
you're,
part
of
the
release
team
and
you
get
to
you
know,
work
on
a
release
and
say
hey
look.
I
was
one
of
the
folks
who
shipped
you
know,
125
or
126
or
wherever
it
is,
but
they
are
currently
looking
for
volunteers.
A
And
so
I
don't
have
a
link
for
that
one
either.
If
someone
wants
to
put
a
link
in
go
for
it,
otherwise
I'll
slip.
One
in
afterwards.
The
big
news
that
I
saw
in
the
larger
case
ecosystem
is
that
istio
has
applied
to
join
the
cncf.
For
those
of
you
who
weren't
aware
is
a
project
that
was
initiated
by
ibm
and
google
to
build
a
service
mesh
using
envoy
as
a
substrate
and
was
announced
several
years
ago.
A
Google
announced
that
they
would
be
setting
up
a
new
foundation
to
hold
those
trademarks
for
reasons,
but
they
have
decided
that
those
reasons
didn't
make
as
much
sense
as
they
thought
and
instead
istio
is
going
to
join
the
cncf
and
be
a
regular
cncf
project
which
hopefully,
will
make
it
a
little
bit
easier
for
groups
that
that
liked
the
istio
idea,
but
felt
a
little
bit
nervous
that
it
wasn't
in
a
neutral
foundation
and
didn't
feel
like
they
could
contribute
or
that
their
needs
might
get
ignored
in
the
future
that
they
could
now
feel
confident
that
that's
going
to
be.
A
You
know,
that's
going
to
work
for
them
and
I'm
sure
that
we'll
be
seeing
a
whole
bunch
more
announcements
in
the
coming
weeks.
As
kubecon
comes
up,
I'm
guessing
that
there's
a
lot
of
dry.
You
know
a
lot
of
folks
working
hard
to
get
stuff
ready
and
with
that,
let's.
A
Let's
dive
in
to
cube
cost
and
the
general
problem
that
these
different
tools
that
I
promised
we're
going
to
talk
about
are
here
to
solve
so
and
if
you
were
following
my
my
twitter
earlier
we're
going
to
be
doing
this
on
a
cluster,
that's
been
running
for
a
while,
because
I
forgot
I
had
it
running,
and
so
it's
been
sitting
around
paid
for
my
employer
and
had
a
demo
or
two
running
in
it.
A
But
the
demo
wasn't
needed
anymore,
and
so
it
was
just
just
sitting
there
eating
money.
A
And
now
we're
gonna
look
at
what's
on
there,
we're
gonna
load
some
extra
stuff
in
and
then
based
on
that
we'll
see
a
little
bit
about
how
these
costing
and
budgeting
and
quota
tools
work.
I've
used
kubernetes
quotas
before
a
couple
years
ago.
I
set
up
a
lab
environment
for
a
kubecon
event,
so
we
had
three.
A
We
we
had
about
200
or
300
cores.
By
the
end
we
under
provisioned
at
the
start,
which
was
a
problem,
but
we
had
about
100
people,
learning
to
use
k-native
and
building
stuff
with
tecton
and
so
forth
on
a
cluster,
and
we
gave
everyone
a
quota
of
three
or
four
cpus,
but
when
they
weren't
using
it,
canadian
would
spin
things
down
so
we'd
slightly
oversubscribe
the
cluster,
and
you
know
we
used
quotas
and
limit
ranger
to
say.
A
So
kubernetes
has
this
mechanism
called
resource
quotas,
and
the
idea
is
basically
that
it
lets.
You
say:
hey
this
namespace
isn't
allowed
to
use
more
than
a
certain
amount
of
resources
and
this
acts
as
an
admission
controller.
So
because
it's
an
admission
controller,
it
only
happens
when
you
go
to
create
a
resource.
So
when
you
go
to
create
a
pod,
it
will
keep
track
of
how
many
resources
this
namespace
is
already
using.
Add
that
pod
on
and
see
if
it's
above
the
limit.
A
Basic
resources
that
you
can
set
quotas
for
so
cpu
and
memory
for
both
requests
and
limits.
So
you
can
say
all
the
all
the
pods
can't
have
limits
of
you
know
if
you
add
all
their
limits
together,
you
get
12
cpus,
but
you
can't
have
limits
higher
than
that,
which
will
mean
that
that
namespace
can't
ever
use
more
than
12
cpus,
even
if
there's
empty
resources
available
in
the
cluster,
because
that's
how
limits
work
they're
that
hard
upper
limit
there's
also
requests
which
is
used
for
scheduling.
A
So
you
can
say:
hey
you
can't
request
more
than
8
cpu,
but
if
we
don't
have
a
limit
enforced,
you
can
burst
above
that
and
if
everyone's
in
the
cluster
and
trying
to
burst
above
that,
they'll
probably
end
up
getting
proportionally
about
what
they
expect.
But
you
can
run
into
some
surprises.
Then,
where
oh,
no
one
was
in
the
cluster.
A
I
thought
I
was
fine,
but
I
was
way
above
my
requests
and
someone
else
showed
up
and
now
all
of
a
sudden
I
was
using
more
than
I
needed,
but
I
didn't
know
it,
and
so
now,
my
when
my
when
my
available
cpu
drops
then
my
requests,
you
know
I'll
still
be
getting
what
I
requested,
but
I
actually
requested
less
than
I
needed
it
looks
like
huge
pages.
A
Are
another
thing
I
know
some
apps
are,
you
know
benefit
a
lot
from
huge
pages
for
those
of
you
who
don't
know
what
those
are
on
linux
and
x86.
Your
normal
page
size
is
about
4k
and
you
say
four
kilobytes,
but
my
machine
has
64
gigabytes
of
ram
and
yes
and
the
way
that
intel
handles
this
and
amd
handles
this
and
lots
of
other
systems
handle.
It
is
that
you
have
a
table
that
says.
A
Okay
here
are
two
gigabyte
chunks
of
memory
and
then
inside
those
two
gigabyte,
chunks
of
memory,
we're
gonna
break
them
down
into
like
eight
megabytes,
smaller
chunks
and
then
those
down
into
2k
into
4k
chunks,
huge
pages.
Let
you
use
those
two
gigabyte
chunks
contiguously,
and
so
you
don't
have
to
go
through
two
extra
translation
layers
which
can
really
speed
up
some
applications.
I
think
jvm
likes
that
quite
a
lot,
so.
A
You
may
end
up
needing
to
tweak
that
if
you're
focusing
on
performance,
I've
never
needed
to
tweak
it
in
my
own
kubernetes
usage,
but
it's
there
if
you
need
it,
but
you
can
set
also
on
extended
resources
like
hey.
This
namespace
can't
request
more
than
four
gpus
now
the
funny
thing
about
gpu
resources
is,
if
you
have
mixed
types
of
gpus,
it
doesn't
care,
it
just
says:
hey
it's
a
gpu.
A
I
don't
care
if
it's
an
itty-bitty,
gpu
or
a
big
great
big
gpu
you're
only
allowed
four,
so
you
have
to
use
node
affinities
or
the
like
to
manage
the
rest.
Oh
this
is.
I
had
not
realized
here
as
well.
A
You
can
also
set
limits
on
storage
so
and
you
can
do
it
by
storage
class,
so
you
can
say
hey.
You
know
we
have
some
highly
replicated,
or
maybe
some
ssd,
storage
and
you're
only
allowed.
A
A
I
actually
don't
know
how
those
how
that
I
o
sharing
would
work,
but,
but
you
might
be-
I
o
limited,
but
you're
allowed
huge
amounts
of
that.
A
Oh
and
you
can
also
have
quotas
for
how
many
so
you
can't
you
know
you
can't
just
go
and
create,
say,
5000,
config
maps
and
use
that
for
storage,
which
would
be
expensive
on
the
cluster,
because
each
one
of
those
config
maps
is
a
separate
std
object.
So
you
can
say:
hey.
A
A
So
this
is
one
of
those
things
in
the
documentation
that
I
I
always
find
interesting
is
there's
a
whole
bunch
of
sort
of
conceptual
information
about
here's,
the
stuff
it
can
do
and
then
there's
a
separate
thing
of.
I
want
to
use
this.
Let
me
get
started
using
it
real,
quick
and
sometimes
those
are
far
apart.
In
this
case,
there
happened
to
be
a
link
that
wasn't.
B
A
So
we're
going
to
apply
this
resource
quota
to
the
small
namespace.
A
So
this
is
actually
an
interesting
case
where
you
want
to
be
a
little
careful
with
your
r
back,
because
the
resource
quota
is
a
resource.
That's
inside
the
namespace,
and
if
you
give
someone
like
edit
on
all
resources
in
the
namespace,
for
example,
they
may
have
permission
to
update
their
own
resource
quotas,
which
is
probably
not
what
you
want.
A
And
so
you
can
see
here
that
here's
a
set
of
api
groups,
but
we
only
have
get
list
and
watch
for
edit
right
here,
so
that's
relatively
safe
for
the
edit
role
and
that's
the
only
place
where
resource
quotas
show
up.
So
it
looks
like
by
default.
The
edit
role
doesn't
actually
have
edit
on
the
resource
quotas
in
that
namespace
and.
B
B
C
C
A
And
so
we
can
see
that
we've
asked
for
five,
but.
A
Let's
see
so,
if
we
look
at
the
conditions
on
this
deployment,
we
can
see
that
it
has
a
replica
failure.
Well
that's
hard
to
read,
but
it
has
a
replica
failure
error
because
creating
a
second
pod
exceeds
the
requests
available.
A
A
So
you
can
see
here
as
well,
actually
here's
an
example
of
kubernetes
model
working
for
accounting.
So
in
the
spec
it's
reporting
what
you
know,
you're
you're
saying
these
are
the
hard
limits
that
I
want.
I
think
that
there
may
also
be
soft
limits
where
you
can
warn
people
if
they're
above
their,
if
they're
above
a
certain
threshold.
A
But
you
can
see
that
in
the
status
it
re
repeats
back
the
quota
that
it's
currently
enforcing
and
also
reports.
The
usage
that
it's
calculated,
because
it
can
be
hard
to
figure
out.
A
A
There's
just
one
we
may
need
to
poke
the
deployment,
because
it's
given
up
it
said:
oh,
I
can't
create
pods
and
it
may
come
back
after
a
while,
but
a
quick
thing
you
can
do
to
get
it
to
realize.
That
faster
is
to
patch.
B
A
It
looks
like
maybe
there's
only
hard
quotas.
Someone
was
asking
if
there
were
soft
quotas
too,
and
it
looks
like
there's
no
soft
quotas
at
the
moment.
If
that's
a
useful
feature
for
you
to
be
able
to
warn
people
before
they
hit
their
limits,
a
kepp
would
probably
be
the
right
place
to
propose
it.
The
the
validating
admission
web
hooks,
which
is
probably
what
this
is
using.
A
If
certainly
if
I
was
building
this
outside
of
core
kubernetes,
I
would
use
a
validating
admission
web
hook
and
they
do
now
have
the
ability
to
provide
warnings
as
well
as
errors.
So
you
can
say:
hey
I
accepted
this,
but
you
should
know
you
know
hey.
You
know.
You
asked
me
to
install
a
resource
quota
and
it's
less
than
your
current
usage.
C
A
You
you
proposed,
it
looks
like
maybe
demis
proposed
the
the
soft
quota
and
then
something
changed.
Let's
see
so
that's
still
at
a
small,
so
we're
gonna
cube
control
patch.
A
A
I
had
the
name
wrong:
that's
what
happens
when
I
type
it
out,
but
by
by
bump,
by
changing
the
annotation,
I've
changed
the
data
in
kubernetes,
and
so
the
controller
is
going
to
have
been
watching
that
and
said,
hey,
there's
an
object,
update
and
so
it'll
get
to
it
faster.
Otherwise,
when
it's
retrying
something
like
this,
it
will
just
do
a
back
off
and
maybe
it'll
visit
again
in
10
minutes.
A
Maybe
it'll
be
two
hours
if
you're
managing
everything
where
eventually
it
needs
to
be
in
the
right
place,
then
that's
great
if
you're
hoping
that
right
away,
you
know
you
fix
something
and
you'll
see
a
result.
Sometimes
you
need
to
go
and
patch
the
resource
with
some
sort
of
no
op
operation
to
make
it
clear
that
it
needs
to
go
and
change
things.
A
So
the
question
that
was
being
asked
next
was:
how
do
I
find
the
right
limits
for
the
resource
quota,
and
this
is
where
this
goldilocks
tool
that
I
just
heard
about
recently,
although
it's
been
around
for
a
couple
of
years,
apparently
works.
This
is
using
the
kubernetes
vertical
pod.
Auto
scaler,
in
suggestion
mode,
so
for
those
of
you
who
aren't
familiar
kubernetes
shipped
with
something
called
a
horizontal
pod,
auto
scaler
and
the
way
to
think
about
that
is
basically
assume
your
kubernetes
applications
scale.
A
You
know
every
time
you
add
a
new
pod,
you
get
one
more
unit
and
they're
all
basically
equally
powerful,
so
you
look
at
how
much
resources
you're
using
and
you
basically
grab
it,
and
you
just
stretch-
and
you
know
you
get
8,
pods
or
12
pods,
or
something
like
that
and
then
you're
using
less
and
you
just
kind
of
squish
it
back
down,
but
some
applications
don't
scale.
Well
that
way
they
don't.
You
know.
Adding
another
container
adds
some.
A
You
know
contention
overhead
or
maybe
there's
even
a
unique
resource
that
you
need
so
the
vertical
pod,
auto
scaler,
is
a
different
tool
that
basically
looks
at
how
much
resources.
Is
this
pod
using
and
suggests?
A
Hey
here's
a
better
pod
size
for
you,
so
you
get
as
small
a
gap
as
possible
between
your
requests
and
and
potentially
your
limits
and
what
you
actually
use,
and
this
will
track
over
time
and
sort
of
try
to
figure
out
okay.
What
is
your?
What
do
your
peaks
look
like
and
make
sure
you're
within
that
peak?
A
And
so
then
goldilocks
is
a
tool
which
creates
a
vertical
plot
autoscaler
for
every
single
deployment
that
you've
got
and
sets
it
in
recommendation
mode.
So
it
doesn't
actually
change
your
pods
at
all,
but
it
tells
you
hey.
The
size
of
this
is
between
x
and
y,
and
then
you
can
manually
go
in
and
update
it.
A
Part
of
the
reason
it
explains
this
here
is
that
the
horizontal
polar
scale
and
the
vertical
pod
autoscaler
don't
work
well
together.
A
If
you
have
one
thing:
that's
trying
to
figure
out
sort
of
how
tall
your
rectangle
needs
to
be
in
order
to
get
all
the
work
done,
it
needs
to
get
done
and
you
have
a
second
thing.
That's
kind
of
making
your
rectangle
wider
and
narrower
you
kind
of
end
up
doing
some
of
this
stuff
and
your
box
gets
to
be
funny
sizes
rather
than
sort
of
smoothly
growing
and
shrinking,
because
neither
one
knows
the
other
is
doing
something
and
they
don't
coordinate.
A
But
this
is
saying:
okay,
we're
going
to
use
horizontal,
potato
scaler
for
sort
of
immediate
reactive
stuff,
and
we
use
vertical
pod,
auto
scaler
every
once
in
a
while
to
set
new
values
for
how
how
high
that
rectangle
is
and
then
day
to
day.
We
just
stretch
that
rectangle.
A
We
need
to
have
vertical
pod,
auto
scaler
installed,
so
vertical
pod,
auto
scaler
is
not
installed
by
default.
This
is
one
of
these
additional
things
which
is
part
of
what's
so
exciting
about
kubernetes.
Is
that
it's
extensible
enough
that
you
can
add
a
new
auto
scaler
to
it
without
needing
to
do
work
in
the
kubernetes
core.
A
A
Okay,
so
yeah
we,
it
looks
like
we're
going
to
to
clone
this,
we're
going
to
see
what
tools
are
needed
to
install
vpa
and
then
you
know
130
megabytes
of
source
code.
Later
we
can
go
into
autoscaler.
A
Else:
okay:
let's
see
what
that
script
actually
did
now
that
we've
done
it,
it
calls
vpa
process
yamls
with
a
create
argument.
B
C
A
So
print
help
if
it
doesn't
have
an
arg
just
one
argument:
if
it's
delete
diff
or
print,
we
add
another
component
to
this
list
of
components.
A
Really
so
it
appears
that
this
script
is
vpa
process
yamls,
dot,
sh
is
a
plural
and
then
there's
a
script
without
the
s
that
we
call
for
each
component
to
actually
install
it
by
processing
the
yaml
and
piping
it
to
cubecontrol,
unless
we
say
print
so
it
looks
like
we
should
be
able
to
do
this
and
see
all
the
yes.
So
this
is
all
the
different
stuff.
That's
getting
installed.
C
A
A
Oh,
it
allows
you
to
switch
what
registry
and
tag
you're
using
it
looks
like,
and
then
it
will
sub
that
stuff
in.
So
this
is
a
place
where
they've
decided
the
easiest
way
to
do.
It
is
with
a
said,
rather
than
using
customize
or
helm,
or
something
like
that.
A
Okay,
so
now
we've
got
this
on
the
cluster
and
great.
Now
we're
gonna
go
back
over
to
what
we
really
were
trying
to
do
to
install
goldilocks.
Okay,
we've
got
some
workloads
with
pods.
B
B
A
It
would
be
nice
if
the
documentation
linked
to
how
you
get
a
metric
server,
if
you
don't
have
one
but
metric
server
is
used
by
kubernetes
for
the
hpa,
as
well
as
the
vpa,
to
keep
stats
on.
A
You
know
how
many
resources
the
pods
are
using
and
then,
when
you
go
to
horizontally
vertically
pod
auto
scale,
you
have
some
measure
of
how
much
is
being
used,
that
you
can
use
to
sort
of
threshold
things
and
they've
built
their
own
here,
because,
yes,
you
could
use
prometheus.
Yes,
you
could
use
datadog.
Yes,
you
could
use
google
stackdriver
or
new
relic
or
the
fact
that
there
are
50
choices
meant
that
they
felt
like
they
needed
to
create
another
choice,
because
no
one
would
like
one
of
the
choices
that
they
picked.
A
A
So
you
can
see
that
this
is
what
metric
server
is
intended
for.
The
horizontal
and
vertical
auto
scaling
in
the
cluster.
Don't
use
it
for
anything
else.
Basically,.
C
A
So
and
they
say
hey
by
the
way,
you
don't
actually
need
the
update
or
admission
web
hook.
You
only
need
the
recommender
piece.
A
So
the
updater
depends
on
the
recommender,
but
this
is
just
going
to
use
the
recommender
without
the
updater
and
it
suggests
that
prometheus
may
give
you
things
that
are
more
accurate.
A
I'm
not
sure
I
quite
understand
what
choco's
asking
about
here.
Vpn
goalie
locks
help
you
determine
the
right
resources
for
your
workload.
A
You
should
probably
be
setting
resource
quotas
based
on
something
like
a
budget
or
resource
forecast,
rather
than
just
the
current
amounts
of
resource
usage
in
the
cluster.
So
you
should
say
you
know
hey.
You
know.
The
cluster
is
size
x,
we're
willing
to
use
up
to
size
y
for
this
application,
and
then
you
should
set
the
resource
quota
based
on
that
and
it's
fine.
If
applications
are
bull
if
a
namespace
is
below
its
resource
quota,
were
I
running
a
cluster?
A
I
would
track
sort
of
the
aggregate
resource
usage
to
figure
out
when
it
was
time
to
resize
the
cluster
and
then
use
the
quotas
for
individual
teams
to
track
them
against
their
projected
resource
usage
and
if
their
projected
resource
usage,
you
know
suggest
that
I'm
going
to
need
new
hardware
in
a
month.
If
it's
a
physical
hardware
cluster,
then
you
know
I
better
start
ordering
that
hardware.
Now
I
can
also
track.
Oh
hey.
Everyone
said
that
they
need
they
were
going
to
need
altogether.
A
So
it
looks
like
there's
a
dashboard
and
they're
suggesting
that
you
find
the
pod
that
is
hosting
the
dashboard
to
port
forward
it,
but
instead
I'm
going
to
realize
that
this
is
a
linux.
Shell
and
I
need
a
windows.
Shell
and.
B
C
A
Let's
see
here
we
go
so
now.
We
need
to
pick
an
application,
namespace
and
label
it
in
order
to
see
recommendations.
A
C
A
A
So
this
is
different:
kubernetes
resource
classes
for
requests.
So
you
can,
you
can
designate
different
pods
to
have
different
cpu
guarantees.
So
if
you
set
a
pod
to
have
a
request
and
limit
that
are
equal,
then
you're
basically
saying
hey.
I
guarantee
I'm
going
to
guarantee
that
this
gets
all
the
resources
it
needs
and
it's
not
going
to
use
any
extra.
A
You
can
also
say
hey,
this
is
burstable
and
you
can
set
the
limits
higher
than
the
requests
and
if
you
do
that,
you'll
get
your
requests,
but
you
may
get
more
than
that
and
your
quality
may
vary.
Your
quality
of
service
may
vary
depending
on
who
your
neighbors
are,
and
it
actually
gives
you
a
nice
little
yaml
that
you
can
copy
and
say
hey,
you
know,
use
these
settings
and
it
looks
like
it
would
actually
suggest
increasing
the
amount
of
memory
we
would
burst
to.
A
It.
Kind
of
looks
like
this
is
a
multiplied
by
five
recommendation
here,
but
the
cpu
is
higher
than
that.
So
I'm
not
quite
sure
where
those
details
come
from.
A
I'm
not
sure
whether
this
web
interface
is
slow
because
the
goldilocks
system
is
under
provisioned
or
something
else
in
the
network.
That's
not
working
well.
A
A
So
this
might
be
something
that
you
want
to
enable
and
teach
the
people
using
your
clusters
about
if
you're,
a
cluster
administrator
and
then
you'll
know
that
they
will
be.
A
Hey
you
didn't
give
me
enough
stuff,
and
if
they
do,
then
they
can
point
and
say:
look
I'm
really
using
everything
you
gave
me,
because
if
people
can't
can't
see
what
they're
using
and
they
don't
really
know,
you
know,
don't
really
know
how
to
set
these
values
and
they
can't
really
see
the
effects
of
them.
Then
they'll
just
say
give
me
more.
A
A
A
Now
we
are
going
to
take
a
look
at
cubecost,
so
cubecost
is
a
different
tool
with
sort
of
a
different
attitude
towards
this.
So
rather
than
trying
to
limit
how
much
someone
can
use
of
your
kubernetes
cluster,
it
tells
you
how
much
it's,
how
much
it's
costing
you
to
run
the
cluster
and
how
much
individual
namespaces
share
of
that
cost.
Is
you
can
go
back
to
people
and
say
hey,
you
know
our
cluster
overall
costs
two
thousand
dollars
a
month
to
run
you're
using
half
the
cluster.
A
We
need
a
thousand
dollars
of
budget
transfer.
Basically,
and
then
people
can
say
you
know.
Oh
okay,
here
you
go
here's
my
budget
or
they
can
say
gosh
we
didn't
know
we
were
using
that
much.
How
can
we
reduce
our
usage
and
cubecost
will
give
you
a
you
know
some
answers
on
that
so
yeah,
so
it
can
break
things
down
by
deployment
service,
namespace
label
and
so
forth,
and
it
looks
like
it
will
even
work
across
multiple
clusters.
A
So
this
is
kind
of
funny.
So
this
is.
This
is
one
of
those
places
where
open
source
and
running
a
business
have
a
little
tension,
so
it
looks
like
the
core
model
is
open
source,
but
if
you
install
cubecost
and
run
it,
it
will,
by
default,
call
back
to
the
commercial
version
and
or
to
the
commercial
product
and
leverage
that
commercial
product
for
part
of
the
value
that
they're
giving
you.
A
I
don't
know
how
easy
it
is
to
unhook
the
open
source
part
from
the
commercial
part.
So
sometimes
you'll
see
hey.
We
have
this
piece,
that's
open
source
that
runs
on
your
cluster,
but
we
also
have
this
commercial
part
and
no
one
else
has
an
equivalent
commercial
part
so
or
an
equivalent
part
open
source
or
otherwise.
So,
yes,
this
piece
is
open
source,
but
using
this
open
source
kind
of
locks
you
to
our
other
commercial
piece
in
other
cases,
it's
not
that
sort
of
cut
and
dried
and
yeah
there's
an
open
source
one.
A
It
just
means
that
you'll
be
taking
a
lot
of
the
work
that
cubecost
would
be
doing
for
you
and
you
know
going
back
to
that
pricing.
A
Is
it
worth
you
know,
800
a
month
to
you
to
run
your
own,
your
own
measurement
for
those
200
nodes,
or
would
you
rather
pay
someone
who's
an
expert
hundred
dollars
and
have
someone
to
yell
at
if
it
stops
working
rather
than
just
being
upset.
A
And
so
let's
see
here
is
how
so
when
you
go
to
install
it,
they
solicit
your
email.
I've
already
put
mine
in
and
you
can
see
that
they
give
you
a
token
in
the
install
instructions.
So
I'm
assuming
that,
if
you
put
in
your
own
email,
address
you'd
get
a
different
token,
and
then
there
is
this
port
forward,
which
we
will
try
to
look
at
the
dashboard
with
let's
see
and
again
they're
pointing
at
a
deployment
rather
than
a
service.
A
Helm
values;
okay,
I'm
not
quite
sure
what
that
is,
but
it
looks
like
we
need
something
with
persistent
volume,
support.
B
A
A
This
is
one
of
those
places
where
it's
frustrating
that
kubernetes
has
all
these
plugins,
but
there
are
no
d,
there's
no
like
basic
default
for
some
things,
like
storage
classes,.
A
Oh
good
question:
let's
see,
I
just
did
this
helm
install.
B
B
Go,
let's
see.
A
Prometheus
server,
persistent
volume-
I
think
the
other
thing
that's
happening
on
it-
is
that
my
screen
resolution
is
higher
than
youtube's.
So
maybe
next
time
I
will
crank
my
screen
resolution
down.
C
C
B
B
B
A
A
A
And
it
looks
like
so
I'm
running
tons
of
community
edition
and
this
installs
piniped,
which
is
a
external
system
to
basically
set
up,
oidc
or
or
active
directory
type
authentication
within
the
cluster.
And
it
looks
like
the
concierge
piece
that
does
the
open,
id
authentication
or
authorization
has
been
throttled.
C
B
A
Yeah
I
found
piniped
very
useful
just
as
a
kubernetes
developer,
because
I
appreciate
being
able
to
test
with
restricted
rbac
and
the
two
ways
I
know
of
doing
this
are
either
to
create
a
service
account
and
then
steal
its
token
and
use
that
as
my
auth
token,
which
always
feels
a
little
bit
dirty
to
be
stealing
a
service
account's
credentials
or
to
set
up,
pin
ipad
and
say:
okay,
here's
an
additional
user.
A
I
use
auth0,
which
has
a
nice
free
tier.
So
you
know
look,
please
authorize
this
email
account
and
then
I'll
log
in
through
piniped
and
I'll
have
the
restricted
permissions
and
I'll
also
have
the
static
admin
auth
token
for
managing
the
cluster,
and
then
I
can
check
and
see.
Does
stuff
work
with
restricted
permissions?
Can
I
deploy
software?
Can
I
you
know
debug
this
thing?
Can
I
look
at
logs
and
so
forth
in
the
way
that
I'd
expect
does
port
forward
work?
A
Nice,
so
you
can
set
labels
to
say
who
the
owner
of
something
is.
Similarly,
you
know
what
the
team
is,
what
department
they're
in
and
so
forth,
and
these
are
configurable.
So
if
you
already
have
a
schema
for
tracking
these
things
and
the
owner
is
something
else
like
you
know,
owner
id,
for
example,
you
could
just
change
this
to
say
owner
id
and
then
it
would
pick
up
on
those
labels
instead,.
A
Get
billing
data
about
s3
and
other
costs
that
might
be
associated
with
the
cluster,
but
not
in
the
cluster.
I
don't
have
any
of
that
set
up.
I
don't
have
rds
instances
in
this
account,
for
example,
so
I'm
not
going
to
use
that,
but
it
looks
like
for
both
aws
and
gcp.
You
can
get
additional
costs
and
allocate
them
to
teams.
A
Oh,
this
is
nice,
so
so
there's
a
section
here
on
sharing
tendency
costs.
So
every
time
you
start
up
a
kubernetes
cluster,
there
is
certain
cost
to
just
having
a
cluster
like
you've,
got
cube
api
server
and
cube
dns
and
so
forth,
and
it
looks
like
you
can
choose
whether
to
split
those
costs
out
among
everyone
using
the
cluster
or
to
keep
it
back.
So
if
you
were
an
I.t
department,
that's
really
trying
to
encourage
people
onto
kubernetes.
A
We
just
want
to
get
you
on
to
kubernetes,
we'll
ask
you,
you
know
pay
for
your
machine
usage,
just
like
you
had
to
pay
for
your
machine
usage
before,
but
you
won't
have
to
pay
any
extra
overhead
and
then
you
know,
maybe
in
a
year
or
two,
when
80
percent
of
your
organization
is
on
kubernetes,
you
say:
hey,
you
know,
everyone
basically
is
on
kubernetes.
Now
all
our
tooling
is
kubernetes.
You
should
be
there.
A
A
You
and
you
can
list
which
namespaces
count
as
shared
things.
So,
for
example,
if
you
are
running
istio,
you
might
say
you
know
the
istio
namespace
costs
should
be
shared
across
the
cluster
everyone's
using
those
istio
d
resources-
or
I
don't
know-
maybe
goldilocks
and
cubecost-
are
part
of
the
overhead
of
running
the
cluster
and
you
shouldn't
have
to
you
know.
Everyone
should
be
paying
a
little
bit
for
those.
A
A
And
it
looks
like
you
can
also
charge
people
for
the
idle
resources
in
the
cluster.
If
you
were
trying
to
say
hey,
you
know,
all
the
other
departments
have
to
pay
for
this
resource
usage.
We've
got
no
budget
for
it,
then
you
could
say
hey
all
that
idle
space
somebody's
got
to
be
paying
for
it.
On
the
other
hand,.
A
You
may
not,
you
know,
you
may
say
hey
that
extra
idle
capacity
is
overhead.
It
looks
like
you
can
actually
come.
You
know,
choose
your
own.
Thank
you.
You
can
choose
your
own
pricing
for
cpu
and
ram
and
so
forth.
If
you're
running
on
premise,
for
example,
so
you
can
report
hey
you
know
for
a
month
it
costs
me
30
to
run
a
cpu
and
you
know
2.50
for
each
gig
of
ram.
B
A
We've
got
all
these
different
things
and
right
now,
they're
not
costing
us
any
they.
They
don't
have
enough
information.
The
antraya
agent,
I
guess,
has
a
little
bit
of
cost,
but
it
looks
like
it's
a
half
a
cent
worth
alex
worth
collected
and
you
look.
We
can
aggregate
it
by
a
bunch
of
different
stuff,
including
aggregating
it
by
node.
Instead.
A
And
so
we
can
see
that
each
of
these
nodes
is
generating
a
certain
amount
of
cost
and
then
idle
is
generating
the
most
cost
and
I'm
kind
of
curious.
What
idle
is
now
and
if
it
shows
up
for
any
of
these
other.
A
Let's
see
if
we
look
at
small
does
this
have?
Oh,
this
looks
a
little
different
than
cube
system.
Maybe
it's
because
there's
only
one
deployment
in
there,
but
it
shows
us
our
cost
and
a
cost
efficiency
which
I'm
guessing
is
actually
similar
to.
What
goldilocks
is
telling
us
that
we
could
be
asking
for
and
using
a
lot
less
resources.
C
B
A
A
B
A
A
Point
of
view-
and
so
it
looks
like
this-
would
recommend
reducing
the
cpu
and
actually
increasing
the
memory
requests
and
limits
for
these
pods.
A
C
A
C
A
It
seems
to
be
happy,
as
is
to
think
that
we're
using
about
nine
percent
of
our
ram
efficiently
and
the
rest.
A
Not
if
we
go
back
here,
it
still
says
we're
collecting
data
check
back
in
five
minutes.
A
A
Let's
see,
I
think,
that's
about
all
we've
got
today
if
any,
unless
anyone
has
further
questions
about
this
stuff,
as
far
as
I
can
tell,
cubecost
is
the
main
system
that
people
use
for
figuring
out
how
to
do
these
chargebacks
or
they've
built
something
their
own
internally
that
they're
not
sharing.
A
A
You
can
enable
and
disable
prometheus
or
you
can
use
an
existing
prometheus
instead
or
they
will
bundle
in
a
prometheus.
A
So
that's
all
prometheus
settings.
There's
the
persistent
volumes.
Oh,
you
can
get
it
to
create
an
ingress
for
you,
so
you
can
expose
it
through
an
ingress,
although
there's
no
auth
policy
on
the
ingress.
So
that
would
mean
that
anyone
in
the
world
who
finds
your
ip
address
can
start.
Looking
at
your
cost
information-
and
you
probably
don't
want
that.
A
You
can
also
configure
some
tls.
You
can
use
network
policy
to
gate
things
off
further,
but
by
default
it's
a
service
within
the
cluster.
So
you
need
to
use
port
forward
to
get
to
it.
C
A
A
Grafana
resources,
creating
a
service
account,
so
what
they
don't
have
documented
here
is
this
cube
cost
token,
which,
interestingly,
they
have
a
static
token
here,
which
was
different
than
the
token
that
I
got.
A
So
they
have
a
cost
model
and
a
cost
analyzer
seemed
to
be
the
and
then
prometheus
seemed
to
be
the
key.
A
A
And
then
cost
analyzer
is
a
bunch
of
target
zips,
which
kind
of
feels
like
maybe
it's
built
from
somewhere
else,
but
I
don't
quite.
This
doesn't
quite
feel
like
normal
open
source
to
me.
A
A
A
A
Get
some
of
this
information,
but
most
of
it
most
of
the
interesting
stuff
that
gives
you
the
allocation
of
how
much
resources
were
used.
A
particular
time
is
actually
part
of
a
hosted
service
and
isn't
open
source
at
all.
A
Goldilocks
is,
as
far
as
I
can
tell
fully
open
source,
but
it
doesn't
give
you
that
aggregated
view,
it's
great
for
an
individual
team
to
do
the
right
thing
on
their
own,
but
for
like
a
business
trying
to
figure
out
where
their
cloud
costs
are
coming
from.
It
looks
like
there
isn't
something:
that's
open
source
right
now,.
A
So
I
don't
know
exactly
when
I
will
next
be
doing
tgik,
but
if
you're
going
to
cube
connie
you
I
will
see
you
there
and
yeah.
It
was
fun
to
shake
off
the
rust
and
get
back
into
exploring
this
stuff.
And
now
I
know
a
little
bit
more
of
what
I
mean
when
I
say
oh
yeah,
you
could
use
cubecost.
A
See
you
all
in
a
couple
weeks
and
I
think
joe's
going
to
make
an
announcement
about
what
our
upcoming
schedule
looks
like
I
don't
know.
If
we're
going
to
do
anything
at
cube
county
you
or
not,
tgik
wise.
A
I'm
probably
not
going
to
have
much
of
my
gear
there,
so
you'll
probably
have
to
be
someone
from
someone
europe,
local,
bringing
you
know
stuff
to
do
a
broadcast.