►
From YouTube: TGI Kubernetes 046: Knative continued (2/?)
Description
Notes and links at https://github.com/heptio/tgik/tree/master/episodes/046.
Come hang out with Joe Beda as he does a bit of hands on exploration of Kubernetes and related topics. Some of this will be Joe talking about the things he knows well. Some of this will be Joe exploring something new with the audience. Ask questions, comment and help decide where things go.
This week we'll be continuing to look at Knative. We'll dig deeper into the serving abstractions and perhaps start looking at the "build" components"
A
Hello
and
welcome
to
another
episode
of
tea,
GI
kubernetes
I'm,
your
host
Joe
Beda
I
am
CTO
and
founder
of
hep
tio.
We
are
a
startup
in
Seattle
and
are
actually
around
the
world
now,
where
we
are
helping
to
bring
kubernetes
to
enterprises
and
beyond.
So
for
those
not
familiar
tji
kubernetes
is
a
weekly
as
a
live
stream
that
either
I
or
chris
we're
gonna
have
some
other
folks
from
around
hefty
at
work
on
it.
Where
we
go
and
we
talk
about
some
of
the
kubernetes
topics
of
the
day.
A
A
She
talked
about
CNI
and
networking
and
calico,
and
so
we're
switching
off
a
little
bit
but
I
like
to
start
by
saying
hello
to
everybody.
So
one
of
the
things
I
was
doing
is
I
was
messing
with,
like
so
I
use,
OBS
for
doing
this
stuff
and
I
can
host
the
chat
over
here
on
the
on
the
right.
But
I
was
messing
with
the
CSS
overlay
on
that
and
I
screwed
up
somehow
so,
there's
some
like
weird
white
outlines
that
I
haven't
had
a
chance
to
figure
out.
A
B
A
No
sorry
give
me
a
second
here,
I'm
down
here,
off-screen
here,
trying
to
like
copy
this
link
so
that
you
all
can
see
this.
So
this
is
a
link
that
you
can
go
to
if
you
want
to
help,
take
collaborative
notes
on
this
stuff
and
so
there's
something
that
we're
trying
out.
Please
everybody
be
respectful
Chris.
If
you
could
take
a
look
at
that
and
maybe
work
with
Carly
Xie,
who
was
helping
us
out
here
to
lock
that
down
if
we
start
seeing
some
some
bad
stuff
happening
so.
A
A
Let's
see,
George
is
on
vacation,
Oh
justice.
Here,
how's
it
going
Justin
good
to
see
you
I'm
glad
you
could
join
us.
Let's
see
now
dear
good
evening,
yeah!
So
like
it's,
it's
it's
1
p.m.
Pacific
time.
For
me,
this
is
like
the
worst
time
for
me
to
choose
to
do
this
live
stream
because
most
of
the
rest
of
the
world,
it's
either
Friday
evening
or
Saturday
morning.
But
you
know
here
we
are
it
kind
of
named
it
now
I'm
stuck,
let's
see
so
New
Year
good
evening,
Partha
bond
fabio
Lucas,
let's
see
so.
A
If
we
could,
the
watch
live
now
linked
in
the
repository
2.2,
this
episode,
yeah.
We
got
to
figure
out
how
to
actually
automatically
update
that
stuff.
Okay,
hey
Chris,
could
you
file
a
bug
on
that
one
just
to
make
sure
that
we
don't
lose
it?
It's
lost
from
Finland
I'm,
not
gonna,
oh
I'm,
sure
I'm
butchering
it
Moodie
from
new
york,
chrome
fire
in
germany,
aaron
and.
C
A
A
You
everybody
for
joining
other
than
math
joining
us
he's
on
the
K
native
team,
and
so
hopefully,
when
I
get
in
the
weeds
he'll
be
able
to
sort
of
real
me
back
in
here.
I
appreciate
that
you
joining
us
here,
Matt
and
then
Ashish
is
watching
from
the
car
dealership
American
from
Turkey
awesome
all
right,
Gopal
from
from
Amsterdam.
You
know
it
always
blows
me
away.
Just
seeing
folks
come
from
everywhere.
It
really
is
super
super
cool,
so.
A
And
I'm
gonna
jump
right
in
okay,
Isla
Maddy
st.
Joe.
Did
you
happen
to
find
out
if
they're
going
to
split
out
the
monitoring
page
fluid
in
prometheus
from
the
K
native,
install
I?
Don't
think
that's
happened
yet
I
think
there's
plan
on
yeah
SEZ
SEZ,
yes,
I
am
gonna,
so
I
spun
up
a
new
cluster
and
I
kind
of
took
it
to
where
we
were.
Last
time.
There
have
been
a
few
changes
in
the
in
the
ammo.
A
A
So
the
first
thing
I
mentioned
this
and
I
put
the
link
in
there
is
that
there's
a
there's,
some
a
markdown
document
that
we're
gonna
check
into
our
repo
that
has
a
bunch
of
nodes
with
timing
and
stuff
like
that,
so
we're
trying
to
get
some
process
here,
so
we
collect
more
data
and
folks
can
make
easier
use
out
of,
like
you
know
an
hour
and
a
half
livestream,
so
yeah.
So
so,
if
you
all
want
to
join
in
and
help
with
this,
this
would
be
would
be
really
really
useful
and
really
helpful.
A
So
there's
that
I
might
just
turn
my
volume
down,
although
I
think
goes
a
little
hot,
and
then
we
have
some
links
that
I
want
to
actually
get
going
on
here,
because
there's
some
really
really
interesting
stuff.
So
the
first
one
and
I'm
not
going
to
use
this
because
I
just
haven't
had
a
chance
to
play
with
it.
Yet.
B
A
That
we're
starting
to
see
some
really
interesting
community
tools
come
around
4k
native
and
I
saw
this
on
I.
Think
one
of
the
the
K
native
mailing
lists.
This
is
KN,
cuddle,
I'm,
gonna
call
it
K
knuckle
cuz,
I,
don't
know
what
else
to
call
it,
and
you
know
you
always
have
to
pronounce
these
things
in
the
most
unpredictable
way
necessary.
A
But
this
is
a
helper
tool
that
sort
of
builds
on
topic.
A
native
that
was
really
built
for
K
native
I.
Think
what's
interesting,
is
that
some
of
the
other
sort
of
you
know
a
function
as
a
service
offerings
out
there
and
I'm
thinking,
specifically
of
the
one
that
was
sponsored
by
typical
RIF
and
I,
think
open
wisk
they're
looking
at
how
can
they
provide
sort
of
a
their
experience
building
on
top
of
some
of
the
components
on
K
native,
which
I
think
is
really
interesting,
we're
starting
to
see
this
thing.
B
A
It
turns
out
that
serverless
is
made
of
a
bunch
of
different
parts.
K
native
provides
some
of
those
and
then
other
folks
are
starting
to
actually
add
stuff.
On
top
of
it,
I
think
that's
really
exciting.
When
you
start
seeing
that
ecosystem
come
along
so
Carlos
you
are
not
too
late.
Welcome
and
then
Aaron
is
in
San
Francisco
good
to
see
you
yeah,
so
I
haven't
had
a
chance
to
play
with
K
knuckle
yet
I'm
sure
somebody's
gonna
be
mad.
A
That
I'm
pronouncing
it
that
way,
but
it
looks
really
interesting
and
I
think
maybe
after
we
dive
into
some
of
the
details,
this
might
be
something
to
to
take
a
look
at
and
take
a
step
back,
I
news
from
death
deli
nice
nice
to
see
you
thanks
for
joining
us
all
right.
So
that's
really
cool.
The
the
next
thing
I
had
on
here
was
I.
A
A
I
actually
have
a
different
cube,
config
file
per
cluster,
and
there
wasn't
easy
ways
to
actually
pick
different
cube,
configs
for
the
for
the
vs
code,
extension
and
so
III
wind
on
Twitter
I
tried
to
do
it
nicely,
but
I
still
want
on
Twitter
and
and
and
and
like
almost
immediately
there
was.
There
was
a
PR
to
actually
fix
this.
That's
that's
still
sitting
there,
and
this
is
I.
Think
I'm,
trying
to
remember
this
person's
name,
I
think
it's!
The
I
stands
for
Ivan
I.
A
Think
I'm
horrible,
oh
and
I
have
an
extension
that
actually
turns
the
github
github
things
into
into
Microsoft
logos.
I
forgot
I
had
that
installed.
So
so
that's
really
excited
I'm
really
excited
about
that.
Lets.
See
someone
to
catch
up
here
so
Syed
in
London
sent
in
Washington,
Brad
and
Auckland
car
keep
Kane
a
CTL
yeah
nice
to
see
you
also
it's
yeah,
it's
good
to
start.
Seeing
that
stuff
actually
come,
it's
Ivan!
Okay,
so
Ivan
tells
telson
is,
is
the
person
that
did
that.
So
thank
you
very
much.
Ivan
forgetting
started
on
that.
A
That's
really
exciting,
because
I
do
want
to
I
want
to
start
playing
with
that
thing,
but
it's
just
like
the
way
I
deal
with
cube.
Configs
made
it
a
little
bit
tricky.
Let's
see
so
other
interesting
stuff
that
happens-
and
this
is
something
I
haven't
had
enough
of
a
chance
to
dig
into
as
I'd
like,
is
that
github
announced
an
open
source
load,
balancer
called
GL
B
and
they
had
been
working
on
some
stuff
in
in
the
past
and
I.
A
Don't
know
if
this
has
a
link
to
some
of
their
previous
stuff,
but
this
is
essentially
you
know,
and
if
you
go
back
and
you
take
a
look
at
I
did
an
episode
on
a
TGI
K
on
load,
balancing
and
ingress
in
the
past,
where
I
actually
drew
out
the
relationships
between
like
l7
load,
balancing
and
the
way
that
you
can
do.
Like
sort
of
you
know,
l3,
l4,
load,
balancing
and-
and
there
are
different
layers,
different
scale
when
you're
operating
in
the
cloud.
A
They
generally
have
something
that
can
do
either
layer,
4
or
layer,
7,
load,
balancing,
and
it's
not
uncommon
for
folks
to
use
the
cloud
version
of
layer
4,
but
to
save
costs
and
flexibility.
They'll
use
their
own
software
version
of
layer
7
with
kubernetes,
but
when
you're
running
on
Prem
or
bare
metal,
you
don't
actually
have
a
lot
of
options
with
respect
to
layer
for
load
balancing,
and
so
it's
really
really
exciting
to
see
some
new
options
actually
come
out
here.
A
So
again
this
doesn't
replace
like
H,
a
proxy
nginx
or
Envoy
when
you're
using
it
in
that
mode,
it
actually
plays
and
I,
don't
know,
I'm
sure
they
mentioned
it.
Do
they
mention
Maglev?
No,
they
don't
mention
mega
the
goo
there's
a
Google
paper
on
one
called
maglev
I
haven't
had
a
chance
to
dig
into
this
as
much
as
I
like
to
see
how
much
this
actually
borrows
and
sort
of
builds
on.
Some
of
the
ideas
and
maglev
vs.
A
introduces
new
ideas,
but
it
looks
really
really
interesting,
so
lemme
yeah,
so
it
this
operates
at
a
different
level
than
GLB
or
nginx
right.
So,
if
you're
on
the
Amazon
world,
this
sort
of
replaces
NLB-
and
it's
probably
most
similar
to
metal
ellby,
which
is
a
non-official
google
project,
I
believe
I
believe
it's
that
is
like
for
bare-metal
also
and
so
I
don't
know
yeah.
This
is
not
official
Google
project,
but
just
happens
as
a
Googlers
that
did
it
so
I
would
say.
A
The
GLB
and
metal
lb
are
probably
the
most
most
equivalent
here,
but
again,
I
haven't
had
a
chance
to
dig
into
this
world
as
much
as
as
I
would
like
so
yeah,
but
these
operated
a
different
level
than
like
nginx
or
h8
proxy,
or
what
have
you
and
then
Justin,
saying,
there's
also
Cutrone
from
Facebook,
which
is
very
similar
to
okay.
So
this
is
we'll
put
these
in
the
notes.
Cut,
Tron,
I
hadn't,
seen
this
one
Justin
is
all
about
keeping
up
with
all
this
stuff,
so
this
is
a
skin.
A
This
is
the
Facebook
scalable
Network
load,
balancer
and
again
these
things
operate
it's
sort
of
like
a
lower
level.
Then
then
the
l7
load
balancers
that
come
into
play.
Let's
see
so
sense,
says:
IP,
vs,
load
balancers,
an
interesting
tool
for
cube,
1.11
yeah,
so
IP
vs
I,
don't
know
which
of
these
uses
itvs,
but
there's
also
a
mode
for
cube
props
that
use
IP
V
s.
So
this
world
is
incredibly
confusing.
A
So
if
you're
watching-
and
you
have
no
idea
what
I'm
talking
about
when
I
say
layer,
four
layer,
three
layer,
seven
and
we're
talking
about
these
different
things-
don't
worry
this
stuff
really
is
hard.
There's
a
lot
of
detail
here
and
a
lot
of
these
things
really
come
into
play
when
you're
actually
running
a
lot
of
stuff
at
scale
right.
So
when
you're
doing
small
things,
there's
a
lot
of
options
that
are
a
lot
easier
to
work
and
you
don't
have
to
sweat
all
these
details.
A
A
lot
of
this
is,
like
you
know,
a
bunch
of
car
geeks
geeking
out
over,
like
the
different
types
of
engines
and
sizes
and
stuff
like
that,
like
a
lot
of
this
stuff
doesn't
come
into
play
when
you
just
like
you,
don't
want
to
put
your
foot
on
the
pedal
and
go
so
okay.
So
so,
let's
so,
let's,
let's
get
these
so
I'm.
C
B
A
A
A
Let's
see
you
can
expand,
there's
a
whole
bunch
of
Doc's
and
stuff
that
we're
working
on
here
we're
starting
to
actually
build
out
a
cluster
API
implementation
for
AWS,
starting
to
scope
that
out,
because
doodles
and
Docs
okay,
so
doodles
and
Docs
is
the
way
to
go
and
and
so
yeah
if
you're
interested
in
getting
involved.
This
is
so
you
know
we
did
an
episode
on
cluster
API
Chris
did
one
on
cubic
horn.
A
A
Three
is
wrought
by
IP
layer,
four
is
IP
in
port
and
then
layer
seven
is
like
packet
content.
So
typically,
when
people
say
layer,
seven
they're
talking
about
HTTP,
aware
load,
balancing
yeah
the
eight
layers,
the
political
layer,
exactly
yeah,
then
the
one
is
the
magic
sort
of
like
physical
layer.
Alright,
so
there's
that,
let's
see
the
next
thing,
that
I
think
is
interesting.
I'm,
not
sure
this
is
the
best
link.
A
A
Of
these
things,
where
there's
all
sorts
of
options
out
there
and
they
all
have
trade-offs
and
there's
really
none
that
are
that
are
perfect,
and
so
it's
great
to
see
more
options
there,
and
especially
one
that
ones
that
will
be
developed
in
the
open
where
we
can
sort
of
you
know
over
time,
move
this
in
the
direction
that
we
want
to
go.
So
yes,
I
think
this
would
be
an
excellent
TGI
episode.
I
would
love
to
do
an
episode
on
on
harbor
I.
Think
that
would
be
great.
A
Let's
see
the
next
link
I
had
here.
Oh,
is
last
call
on
cube
con
Seattle
CFP,
so
this
Sunday,
if
you
want
to
speak
in
Seattle
at
cube
con,
you
have
to
get
your
August
12th,
which
is
Sunday.
You
have
to
get
your
your
proposal
in
there.
I
put
one
end,
we'll
see.
If
it
happens,
I
don't
have
an
inside
line,
so
you
know
maybe
I'll,
maybe
I'll
get
to
speak.
A
A
Alex
is
saying
that
900
words
is
never
enough.
It's
I
believe
it's
900
characters
or
nine.
It's
like
it's
there's
a
character
County.
So
it's
like
it's
actually
pretty
limited
in
terms
of
the
number
of
characters
that
you
can
actually
put
there,
so
that
the
synopsis
of
your
of
your
talk
has
to
be
pretty
darn
short
and
then.
A
So
that's
really
cool,
but
yes,
our
characters,
which
is
like
really
short,
yes,
is
no
repeats.
Yet
so
again,
there's
a
lot
of
talks
there.
You
should
feel
free
to
like.
If,
even
if
you
don't
consider
yourself
an
expert,
you
do
have
a
perspective
to
bring
I
think
it's
important
to
realize
this
world
is
moving
so
fast
nobody's
a
perspex
Peart
on
these
things,
so
bring
your
perspective,
don't
be
afraid
to
submit
a
talk
proposal.
It's
it's.
Definitely
a
really
exciting
thing
to
do.
A
A
The
other
thing
I
forgot
is
Prometheus
graduated,
let's
see
so,
let's
put
the
TechCrunch
article.
So
Prometheus
is
the
second
project
in
the
CNC
F
to
graduate
from
being
an
early
tool
like
what
do
they
call
not
a
incubating
tool
to
to
a
full
full
project,
so
that's
actually
really
really
great
to
see.
So
let
me
go
and
we'll
say.
A
That
yeah
anything
I
miss
alright,
let's
just
jump
in
here.
Okay,
so
let
me
I
picked
up
where
we
left
off
before
so,
let
me
go
through
and
what
we
did
is
we
went
through
installing
K
native
on
top
of
a
kubernetes
cluster,
oh
part
of
them
on
CN
CF,
graduation.
What's
the
quality?
That's
a
really
good
question.
This
is
the
type
of
thing
that
a
lot
of
people
get
together
and
argue
about
in
really
boring
meetings.
I've
been
in
some
of
these.
A
It's
not
a
lot
of
fun
but
the
graduation,
it's
based
on
usage
and
maturity,
and
so
the
CNC
F
has
different
levels.
There's
their
sandbox,
which
is
very
early
projects
that
are
still
in
active,
active
sort
of
like
building
they're
building
their
usages.
I.
Think
the
next
level
is,
is
it's
not
it's?
It's
it's
not
incubated
or
yeah.
A
At
the
same
time
and
I'll
show
you
what
I
mean
so
if
I
go
through
and
like
2k
native
currently
depends
on
top
of
this,
do
there's
some
discussion
of
actually
making
that
BA
a
sort
of
more
decoupled
relationship
between
between
K
native
and
sto.
But
currently
it
depends
on
sto.
Installing
sto
is
you
know
installing
one
yamo
file,
but
that
yamo
file
is,
is
absolutely
enormous,
and
so
that's
what
I
mean
by
complex,
because
if
you
really
want
to
understand
what's
going
on
there,
you
know
so.
A
A
One
of
the
things
based
on
some
of
the
feedback
from
from
two
weeks
ago
that
the
the
K
native
team
is
working
on
is
making
this
stuff
be
more
Alucard,
so
that
folks
can
actually
install
some
of
this
stuff,
but
not
other
stuff.
Oh
I
got
blurry
there
for
a
second,
especially
around
the
monitoring
piece,
because
you
may
already
have
monitoring
to
some
degree
on.
Let's
see
so,
Matthew
says
that
we're
going
to
talk
about
our
plans
to
D
couple
at
this
week's
API
working
group
for
those
that
are
interested
yeah.
A
It
also
can
be
used
for
stuff
coming
in
and
out
of
your
cluster,
but
a
lot
of
the
focus
has
been
that
east-west
traffic,
so
in
and
out
of
the
cluster
is
north-south.
Traffic
between
clusters
are
within
a
cluster
is
east-west
traffic.
This
is
just
the
nomenclature
that
people
use
when
they
talk
about
this
stuff.
A
The
the
north-south
traffic
is
not
as
as
much
of
a
focus
for
his
do
right
now
it
is
so
it
allows
you
to
do
dynamic,
routing
there
based
on
a
whole
bunch
of
stuff.
It
allows
you
to
get
metrics
and
insight
who's
talking
to
whom,
how
much
traffic
look
at
error
rates
and
then
finally,
there's
a
security
component
to
it
in
terms
of
being
able
to
make
sure
that
the
right
folks
are
talking
to
the
right
places
and
the
right
time
and
writing
security
Akal.
So
it
brings
all
those
things
together.
A
It's
a
pretty
complex
system,
but
it
also
brings
a
lot
of
benefits,
also
all
right.
So
so
that's
me.
That's
I
that
doesn't
demystify
sto
that
helps
too
find
it
so
I'm
not
going
to
try
and
demystify
okay.
And
then,
if
we
look
at
the
like
the
full
meal
deal
4k
native
this
one
is:
it's
called
release.
Yeah
Mon,
when
you
download
it
it's
17,000
lines
in
llamo.
Now
don't
freak
out
about
that.
A
lot
of
that
is
like
like
HTML
and
configuration
files
that
are
embedded
into
config
maps
without
the
monetary
and
I.
A
Imagine
that
that
gets
dramatically
smaller
and
I
do
think
you
know.
As
a
community,
we
need
to
find
better
ways
to
actually
ship
things
like
dashboards
and
stuff.
So
so
that's
that's.
What's
going
to
talk
about
that
installed
and
then
what
you
can
do
is
you
can
define
a
service,
and
this
is
the
the
simplest
sort
of
hello
world
service
that
they
have,
where
you're
specifying
an
image.
A
But
when
you
apply
this,
this
will
set
up
a
que
native
service,
which
is
an
expanded
idea
of
of
it's,
not
just
the
service.
In
the
kubernetes
service,
which
is
really
sort
of
a
name
and
routing
type
of
thing.
It
ends
up
being
that
plus
being
able
to
actually
get
a
bunch
of
pods
together.
So
it's
kind
of
like
a
deployment
plus
setting
up
the
routing
plus
optionally,
doing
a
build,
and
that's
not
happening
in
this
example,
and
bringing
that
all
that
stuff
together
into
a
single
yamo
file.
A
Let's
see,
I'd
love
to
see
an
episode
on
linker,
d2,
yeah,
I'd
love
to
I'd
love
to
dig
into
that
also-
and
you
know,
and
the
I
did
is
Tia
what
a
long
time
ago
it's
changed
dramatically.
So
that
would
be
definitely
be
something
worth
worth
digging
into.
Also,
okay,
so
so
I
went
ahead
and
I
applied.
This
and
I
did
some
other
stuff
also
so
that
I
actually
I'm
hosting
this
on.
A
You
know
on
the
internet
with
my
domain
name:
oh
one
of
the
things
that
changed
since
two
weeks
ago
and
I
brought
this
up
to
the
K
native
teams.
Attention
is
that
now
there's
like
three
load
balancers
that
get
created,
but
but
you
only
need
one
of
them.
So
if
I
do
cube,
control
and
sto
system
gets
serviced,
you'll
see
that
there's
there's
actually
three
of
them.
There's
one
called
sto
ingress,
sto,
ingress
gateway
and
then
K
native
ingress
gateway.
This
is
the
one
that
we
care
about.
A
This
I
remapped
this
to
a
domain,
TG
I,
K,
dot,
IO,
dot,
IO
and
then
there's
a
config
map
in
the
K
native,
the
the
K
native
system,
namespace
that
you
can
change
so
that
it
knows
about
T,
GI
k,
dot,
IO
yeah,
it's
gonna
be
expensive
to
do
one
of
those
I
brought
that
up
with
the
team.
This
is
the
type
of
thing
when,
like
you,
don't
have
to
pay
for
your
cloud.
A
Resources
should
do
this
stuff,
but
I'm
sure
they're,
gonna,
I'm,
sure,
they're,
gonna
dig
into
that
and
address
that
so
and
then
I
went
through
and
like
in
route
53
here
I'm
using
one
of
our
QuickStart
clusters
and
route
53,
you
can
see
I
set
up
a
couple
of
cname
start
at
TGI,
K,
dot,
IO
and
then
start
at
default.
Itj
K,
dot,
IO,
so
so
Alex
is
referring
to
what
I
did
open
fast.
There
was
like
we
were
moving
fast
and
somebody
actually
got
access
to
the
control
plane
directly
and
it
did
not.
A
It
did
not
end
well.
I
felt
really
bad
about
that.
This
is
open
to
the
Internet,
but
this
is
only
data
plane
stuff.
This
is
only
stuff
so
right
now,
if
folks
go
to
hello,
world
dot
go
dot,
default,
itgi,
dot,
K.
So
what
I
want
to
do
this?
First,
don't
do
that
yet
get
pods.
Okay,
there's
no
pods
here!
A
Thing
here
is
that
we're
doing
this
with
a
with
a
generic
container
image
and
I
believe
and
I
think
this
is
something
that
we
can
dig
into
a
little
bit
is
that
it
can't
be
necessarily
any
old
container
image.
There
has
to
be
I,
don't
know
you
can
tell
me
if
I'm
wrong
aright
with
this
man,
there
has
to
be
some
level
of
interaction
or
sort
of
interface
to
that
container
image
that
it
can
actually
play
well
with
this
stuff.
I
may
be
wrong
there,
though.
A
Ok,
so
that's
where
we
left
things
last
time
and
then
I
was
I
was
catching
up
on
the
episode
and
I
had
a
diagram
there
about
the
objects
that
exist
in
Kay,
native
and
and
so
alex
has.
The
auto
scan
goes
a
bit
wild
at
the
moment,
trying
to
maintain
one
pod
per
request:
okay,
there's
a
runtime
contract
describing
some
of
the
constraints
yeah;
okay,
so
it
can't
be
any
container.
C
A
C
A
This
actually
has
requests
here,
but
it
doesn't
have
limits,
but
but
the
the
requests
I
believe
means
that
it
and
I
we
did
an
episode
on
limits
and
request.
Is
that
you
can't
overload
a
cluster
with
this.
Well,
you
can
overload
it
in
terms
of
like
at
some
point
will
actually
be
able
to
at
some
point
will
be
able
to
go
through
and
we'll
fill
the
cluster
up,
but
we
won't
necessarily
overcome
the
well.
Some
of
this
is
like
okay,
so
this
is
not
bounded
in
RAM.
A
Do
that's
the
SDO
and
l1
yeah,
so
so
at
least
there's
there's
limits
in
here
that
actually
helps
to
make
sure
that
this
doesn't
totally
take
down
a
cluster.
But
there
we
go
okay.
So
this
stuff,
there's
there's
stuff
coming
and
going
here
as
it
scales
stuff
up
and
down
so
Aaron
says
you
could
theoretically
fill
the
IP
space
with
the
closer
to
pod.
Ips
we'll
run
out
of
room
on
the
cluster,
but
because
there's
there's
requests
in
there.
I
believe
that
that
it'll
stop
packing
things
in
at
some
point
yeah.
A
So
so
nice
plot
to
take
out
a
company
out
of
business,
have
wild
otters
mean
most
of
the
time
when
folks
do
auto-scaling,
there
is
some
level
of
limits.
I
was
actually
I
was
at
a
conference
last
week,
and
one
of
the
things
that
came
out
of
that
this
was
was
observability
khan
ali
khan
down
in
san
francisco
is
that
the
failure
modes
of
systems
in
the
cloud,
especially
serverless
and
you
see
a
little
bit
here
is
is-
is
different
because
a
lot
of
times
things
fail
and
like
things,
you
stop
serving
your
requests.
A
When
you're
running
in
the
cloud
with
server
list,
essentially
things
like
lambda
when
you
fail,
it
actually
hits
your
credit
cards
because,
like
there's
a
credit
card
in
the
loop
and
so
the
failure
mode
is
not
necessary,
your
app
going
down,
but
really
really
big
bills,
which
is
which
is
an
interesting
aspect
to
that.
Ok,
so
so
we
got
that
up
and
running,
which
is
really
interesting.
One
of
the
things
I'm
gonna
switch
to
my
doc,
camera
and
and
last
time,
I
noticed
that
I
did
a
bad
job
of
making
sure
this
was
Center.
A
Is
that
we
have
this
object
in
right
now
it's
called
a
service,
but
there's
confusion,
vs
and
there's
no
good
names
left
in
anything.
That's
why
we
came
up
with
pod.
There's
no
good
names
left
in
anything
in
computing,
so
don't
give
them
too
hard
a
time,
but
a
service.
This
thing
does
building
it.
It.
A
Which
manages
a
replica
set
which
manages
pods
and
then
and
then
the
service
and
we're
not
going
to
do
the
building
yet,
but
the
service
also
manages
a
thing
called
a
route,
a
key
native
route,
and
this
goes
ahead.
This
configures
this
do
to
be
able
to
point
at
this
so
point
at
the
well
I
mean
eventually
points
at
the
pods
right
and
so
service
is
a
one-stop-shop
for
configuring.
All
that
stuff
and
yeah.
A
Between
configuration
and
revision
is
is
similar
in
some
ways
to
replica
set
and
pods
or
deployment,
and
replica
set
is
probably
the
more
similar
relationship
there.
So
one
of
the
things
that
I
wanted
to
dig
into
is
that
there's
certain
things
that
you
can
do
with
service,
but
then
there's
other
other
places
where
you're
going
to
want
to
deal
with
routes
and
configurations
directly
and
so
I
wanted
to
start
today.
A
You
know
we're
36
minutes
in,
but
I
wanted
to
start
today
by
digging
into
some
of
the
relationships
between
those
things
and
explore
that,
and
so
the
example
that
I
was
going
to
start
with
here,
and
let
me
switch
back
to
this
screen-
is
this
routing
and
managing
traffic
with
a
Bluegreen
deployment
and
so
with
a
Bluegreen
deployment?
What
you're
going
to
have
is
multiple
revisions
and
you're
going
to
set
up
a
route
so
that
it
actually
manages
across
those
revisions.
A
But
if
you
launch
something
with
a
service,
is
there
a
way
to
say
you
know
what
I'm
you
know
it's
like
when
you're
driving
your
car
and
it's
automatic
and
they
have
that
thing
where
you
can
shift
it
into
manual
and
say
I'm
going
to
control
the
gears
now.
Is
there
a
way
that
I
can
actually
shift
gears
from
doing
something
as
a
service
and
then
like
say,
hey
I'm
gonna
manage
the
routes
in
the
configuration
manually.
Ok,
no.
A
You
have
to
go
ahead
and
recreate
it
essentially
to
do
that.
There
might
be
an
interesting
scenario
to
think
through
because
there
are
technically
ways
to
do
that
and
with
with
kubernetes
by
manipulating
labels
and
stuff,
and
so
you
know
being
able
to
make
those
transitions
happen
might
be
something
it's
it's
gonna
be
rare,
but
it's
doable
all
right,
so
we're
gonna.
So
we
have
the
hello
world
up
and
running,
but
we're
gonna
actually
start
a
new
one
called
Bluegreen
demo,
ok
and
so
we're
gonna
create
a
new
file
called
Bluegreen
demo,
config
gamal
and.
A
So
so
this
is
essentially
gonna
launch
this
thing
this
looks.
You
know,
honestly,
a
heck
of
a
lot
like
a
deployment,
I'm
sure
there's
some
in
the
revision
template
looks
a
little
bit
like
the
pod
template
that
the
deployment
sets
up,
but
this
also
deals
with
some
of
that
zero
to
one
requests
stuff
that
you
have
to
deal
with.
Okay,
so
this
says
okay,
so
we
have
one
and
we
have
an
environment
variable
saying
it's
blue
we're
going
to
go
ahead
and
do
that
and
we're
gonna
do
cute
control
applied
glue?
A
Okay,
so
we're
going
to
go
ahead
and
do
that
and
you'll
see
that
it's
usually
like
when
you
first
launch
these
things.
It
has
a
pod
and
then
eventually
it'll
scale
that
back
down
to
zero
I.
Think
that'll!
That's
what
will
happen
here.
I
haven't
done
this
yet
so
we'll
see
what
happens
ooh.
We
got
a
bunch
of
these
things.
The
somebody
is
definitely
hitting
this
hard.
So
as
these
things
spin
up,
there's
by
the
way
is
one
of
the
hard
things
with
auto
scaling.
A
Is
that
how
do
you
make
sure
that
you
actually
are
scaling
the
right
way?
There's
certain
types
of
languages
like
Ruby,
where
you
want
to
have
a
lot
of
backends
because
they
can
each
only
handle
one
request
at
a
time.
Something
like
go
is
a
lot
more
flexible
and
there's
ways
when
you
describe
your
image
to
K
native
in
terms
of
what
mode
there
is
that
that's
running
and
I
believe
that's
part
of
the
contract
with
the
with
the
pod
alright.
B
A
Okay,
so
we'll
go
ahead
and
we
took
that
down
so
now,
we're
gonna
we're
gonna,
get
a
cleaner
view
of
all
the
pods
and
by
the
way,
Alex
I.
Don't
know
you
know
who's
hitting
that
but
like
when,
when
we
did
it
the
early
one,
why
I
was
using
really
small
images
for
that,
and
so
one
of
the
things
I
learned
my
lesson
about
is
that
when
you're
doing
these
demos
you
don't
want
to
have
a
totally
other
provision
cluster,
because
you
never
know
what's
gonna
happen
here,
so
so
yeah.
A
A
B
A
Yeah,
so
our
cluster
did
fill
up.
That
was
a
denial
of
service
attack
due
to
the
autoscaler
there
yeah
okay.
So
since
this
docker
seems
to
get
some
performance,
issues
created
and
terminate
containers
container
D
seems
better
yeah,
so
container
D
is
actually
really
coming
along.
They've
been
doing
a
lot
of
work
to
integrate
their
CI
CD
with
the
kubernetes
CI
CD
make
sure
these
things
work
together
and
so
from
what
we've
been
seen.
A
I
know,
you
know:
Red,
Hat
and
folks
have
been
putting
a
lot
of
work
into
into
cryo,
but
in
terms
of
working
with
the
community
container,
DS
really
coming
a
long
way,
which
is
really
exciting.
Okay,
so
now
that
things
running
alright
but
you'll
notice
that
if
I
cute
control
gets
it's
called
the
configurations.
A
B
A
A
A
You
know
you
can't
specify
your
route
and
your
configuration
at
the
same
time
because
you're
not
exactly
you,
can't
be
a
hundred
percent
sure
what
the
revision
is
going
to
be
named,
and
so
maybe
a
way
to
actually
name
revisions
would
be
helpful
there.
But
then
you
have
to
worry
about
well
what
if
revisions
are
like?
A
Whatever
revisions
are?
Are
you
know
you
get
changes
to
revisions
because
I
think
they
view
revisions
beautiful.
So
that's
something
that
I
think
is
interesting
here,
but
anyways
now
we're
sending
100%
of
the
the
stuff.
Here
you
can
you
can.
If
you
name
the
configuration
in
in
the
route,
you
can
name
the
configuration
in
the
route,
ok,
which
then
sends
it
to
latest
ok
gotcha.
A
A
But
now,
if
I
do
cute
control
get
route
or
keep
control,
apply
the
route
that'll
go
ahead
and
do
that
cute
control
get
route
Bluegreen
demo
and
if
I
look
at
this,
what
you'll
see
is
that
ok,
I
have
a
I,
have
a
domain
now,
ok,
so
we
got
that
up
and
running
if
all
goes
well,
and
it
may
take
a
little
bit
of
time
for
this
stuff
to
actually
come
together.
But
if
I
go
ahead
and
get
this,
did
it
already
spin
things
down
because
I
talked
too
much?
No,
that's
probably.
A
So
app
v1
is
our
blue
one,
because
it's
blue
look
at
that.
How
great
is
that
you
can't
miss
it?
This
is.
This
is
a
this.
Is
a
demo
made
to
be
done
on
stage?
You
can
tell
all
right
so
that's
great,
and
so
now
we're
seeing
how
we're
sort
of
manually
configuring
both
the
route
and
the
the
configuration
now.
A
The
interesting
thing
here
is
that
I
can
go
through
and
if
I
go
back
here,
I
can
go
through,
and
now
let's
update
the
let's
update
the
the
configuration,
and
so
what
we're
gonna
do
here
is
I
can
do
this
by
hand
also,
but
we're
going
to
from
blue
here.
We're
gonna
say
make
this
one
be
green,
so
that's
a
different
version.
We're
going
to
change
this
to
green
I,
don't
know
why
I
need
to
change
both
of
them,
so
what
I
just
go.
A
So
this
is
like
hey
I
upgrade
to
v8
version
2
or
whatever
yeah,
viele
and
Mark
didn't,
say.
I
did
see
this
demo
on
stage,
but
I
wanted
to
like
touch
it
and
feel
it
myself,
because
you
know,
look
under
the
covers
and
see
what's
happening
and
all
that
so
now,
if
I
do
through
and
I
do
an
apply
of
that
that'll
go
through
oh
wait,
it
says
unchanged,
did
I
save
it.
Oh
that
was
the
route.
I
changed
the
route.
Okay,
so
where's.
My
other
apply.
A
That
config,
okay,
so
now
I
got
that
going
so
Justin
I
love
how
you
get
excited
for
things
that
I'm
sure
you've
done
a
thousand
no
I
haven't.
So
this
is
the
sadness
of
my
job.
All
my
we
like
every
day.
Every
meeting
is
just
talking
to
people,
I
don't
get
to
play
with
computer
as
much
anymore.
It's
like
this
and
then
weekend's
it's
like
this
is
the
thing
that
sucks
about
it
is
startup
is
I,
don't
get
a
lot
of
time
to
code
right
now,
so
this
is
fun.
A
This
is
like
the
highlight
of
my
week
to
do
this
stuff,
all
right.
So
so
now
we
got
this
up
and
running
and,
like
we've
updated
the
configuration
but
you'll
see
that
like
nothing's
changed
right
and
this
is
actually
by
design,
because
now,
if
I
do
keep
control
get
revisions,
I
see
I
have
both
of
these
things
running
and
if
I
do
cube,
controlled
get
pods.
A
So
what
we're
going
to
say
here
is
that
we
have
the
traffic
for
this
particular
route
and
I
have
a
revision,
name
and
I'm
going
to
send
0%
of
my
main
traffic
to
it.
But
I'm
going
to
I'm
gonna
have
a
name
brought
which
is
sort
of
an
alternate
way
to
actually
get
to
this
stuff,
and
so
that's
what
this
v2
here
is
now
as
I.
Do
this
I'm
gonna
you're?
What
you're
gonna
see
it's
gonna
happen?
Is
I'm
gonna
go
ahead,
I'm
gonna
apply
this
and
and
it's
gonna
configure
things
now.
A
If
I
just
went,
I
know
I'm
getting
in
there
Matt
you're
way
ahead
of
me.
Don't
worry,
I
know
how
DNS
works
man,
but
if
I
went
through
and
if
I
did
like
v2
dot
and
I'm
not
gonna
hit
this
because
they're,
both
in
caches
and
it's
gonna,
screw
things
up
and
I
may
have
already
done
that
because,
like
I'm
sure
Chrome
is
already
looking
this
stuff
up
on
me.
But
if
I
do
this,
this
is
actually
going
to
like
not
resolve
with
DNS
right.
A
So
now
what
I
need
to
do
is
I
need
to
actually
it's
like
because
of
there's
no
way
in
route
53
at
least
and
I.
Don't
think
Google
does
it
either
because
they
not
only
want
to
do
a
wild
car
I
wish
I
could
do
something
like
I
wish.
I
could
do
something
like
star
star
dot,
T
GI
k,
dot
IO
as
being
a
record,
which
means
that,
like
hey
I,
want
to
do
everything
deep
I
just
want
you
to
go
deep
on
this,
but
unfortunately
you
can't
do
that.
A
A
So
give
me
a
second
here:
I'll
explain,
what's
going
on
here,
so
I'm
setting
up
a
new
DNS
record
that
says
start
up
blue
green
demo
default.
The
tgia
IO
goes
to
that
even
press
controller
that
we
had
before,
and
this
is
a
cname
record,
which
is
essentially
like
a
soft
link
for
DNS
and
I'm.
Saying
the
TTL
is
five
seconds
because
we're
going
to
be
changing
this
stuff
a
lot
and
then
the
create
button
is
all
the
way
down
here
in
the
AWS
console.
It's
really
confusing.
A
It's
easy
to
actually
miss
it
and
you're
going
to
sit
there
staring
and
it
go
and
like
how
do
I
actually
make
this
thing
work,
and
so
what
you
end
up
doing?
Is
you
end
up
having
you
create
this
cascade
of
DNS
for
like
okay?
Well,
I
want
to
do
one
for
like
TGI,
K,
dot,
IO
and
then
default,
and
then
blue
green
demo.
A
The
ultimate
thing
that
we're
going
to
want
to
see
here
is
integration
with
K
native
was
something
like
external
DNS,
which
is
a
project
that
started
as
part
of
I
believe
sagaie
WS.
That
automatically
goes
out
and
figures
API
driven
DNS
services
like
route
53
for
you,
so
that
it
can
automatically
set
up
these
records
and
make
sure
that
everything
works.
A
So
now
let's
go
through,
and
if
we
do
the
to
dot
this
look
now
we
got
app
dot
v2
and
we
can
actually
go
through
and
we're
hitting
that
one
directly
so
you're
a
way
to
actually
change
this
stuff.
As
you
go,
and
so
you
can
sort
of
test
out
the
next
version
before
you
actually
do
the
do
the
previous
version
and
like
we
call
this
blue
green,
but
it,
but
there
I've
also
heard
people
refer
to
this
as
sort
of
like
rainbow
deployments,
because
you
can
have
it
like.
A
You
can
have
thirty
of
these
things
running
at
once.
So
what
is
that?
The
docks
on
the
DNS
haven't
update
the
DNS
or
namespace
collision,
so
you
know,
but
but
the
general
idea
is
that
you
can
have
multiple
instances
of
your
app
bring
in
at
once,
and
you
can
start
trying
them
out
before
you
sort
of
swap
it
in
into
the
new
one.
Oh,
the
external
DNS
stuff.
Getting
that
up
and
running
yeah
that'd
be
super
sweet,
okay.
So
now,
but
if
I
go
back
to
these
sort
of
like
the
regular
one,
it's
it's.
A
A
Okay,
so
this
thing
should
be
updated.
Okay,
so
what
so
I'm
doing
I'm
doing
command
shift
R,
which
tells
the
browser
hey,
do
a
full
refresh
because
a
lot
of
times,
if
you
okay,
it's
not
doing
caching
a
lot
of
times
when
you're
doing
demos
like
this
they'll
be
like
HTTP,
keep
Alive's
and
stuff
like
that,
or
something
will
actually
say:
hey
I'm,
just
gonna
like
keep
using
the
connection.
I
have
and
it'll
be
really
difficult
to
demo.
A
These
things
so,
like
you
are
like
doing
50:50
traffic,
but
but
because
of
caching
and
stuff,
you
don't
necessarily
always
see
it
so
I'm,
not
sure
I'm,
seeing
exactly
50/50,
but
now
we're
seeing
50/50.
And
so
now
you
can
like
a
lot
of
times.
People
will
do
like
hey
I
want
to
do
like
10%
to
my
new
stuff.
A
When
we
talk
about
new
stuff,
we
don't
actually
understand
that
Doug
there's
a
lot
of
people
out
there
and
so
I
want
to
make
sure
that
that
I'm
actually
sort
of
representing
that
it
is
I,
think
you
know
you
know
at
least
traditionally
you
know
it's
been.
It's
been
a
little
bit
of
a
rough
experience,
so
one
of
the
first
things
that
we
did
is
hep
do
is
we
did
this
QuickStart?
A
That
makes
it
easy
to
get
up
and
running
with
AWS
I
want
to
keep
that
exercise
and
use
that
it's
something
that
we
did
and
then
also
I
think
it's
important
to
make
sure
that
we
keep
everybody
honest
about
about
portability
around
these
things
and
I.
Think
what's
really
really
interesting
here
and
I
think
this
is
actually
really
awesome.
Is
that
I'm,
like
80%
sure
that
nobody
on
the
K
native
team
actually
ran
K
native
on
AWS?
A
Maybe
they
did
I,
don't
know,
but
I
don't
think
they
did
before
before.
I
did
the
TGI
K
two
weeks
ago,
and
and
when
you
go
to
the
when
you
go
to
the
install
instructions
for
4k
native,
what
you'll
see
is
that
there's
a
bunch
of
sort
of
documentation
for
installing?
Let's
see
where
that
go
installing
on,
like
you
know,
aks
Gardner,
gke,
IBM,
mini
cube,
openshift,
PKS
or
pivotal.
Is
that
the
same
as
PKS
yeah,
I
guess
so?
A
But
I'm
like
hey,
you
know,
kubernetes
is
like
it's
it's
more
than
just
these
distributions,
and
so
I
gave
the
team
a
little
bit
of
crap
on
Twitter.
It
probably
came
out
a
little
bit
harsher
than
I
meant
about
like
hey,
like
you
know
what
about
just
plain
old,
kubernetes
and
then
like
within
you
know,
10
minutes
Evan,
who
I
used
to
work
with,
had
a
PR
to
actually
do
this
key
native
install
on
any
kubernetes
and
the
fact
that
it
actually
worked
is,
is
you
know
pretty
much
out
of
the
box?
A
I
think
really
speaks
to
the
level
of
portability
that
kubernetes
brings
to
the
table,
and
I
really
want
to
keep
exercising
that
now.
It's
not
I'm,
not
gonna,
promise
that
it's
always
gonna,
be
seamless
and
you're.
Never
gonna
hit
issues
across
platforms,
but
like
the
fact
that,
like
these
things,
mostly
just
work
out
of
the
box
is
really
pretty
amazing
across
cloud,
then
Alex
says
are
using
eks
or
just
your
own
cluster.
On
VMs
we
are
using
I'm,
not
using
eks.
A
This
is
the
the
hep
tio
QuickStart,
and
so
this
is
it's
a
solution
that
we
did.
A
reference
deployment,
the
AWS
quickstarts,
which
is
a
single
zone,
cluster
cloud
formation,
template,
and
so
it
builds
on
top
of
cloud
formation
and
cube
admin
to
bootstrap
stuff
up,
and
so
we
did
this
a
while,
but
we've
been
keeping
this
up
to
date
over
time,
it's
pretty
bulletproof
when
you
just
want
to
quit
cluster
on
AWS
and
and
if
you're,
okay
with
a
single
availability
zone.
A
It's
not
crazy
if
you
run
multiple
these
things
for
redundancy
to
actually
use
this
for
for
production
services,
so
yeah.
So
there's
that
so
that's
what
we're
using
there!
Okay!
So
now!
This
is
up
and
running
now
we're
totally
on
v2.
But
if
we
want
to
go
back
to
v1
because
you
know
I'm,
all
retro
I
can
still
do
that,
because
I
kept
that
route
around
at
the
show
notes
yeah.
It's
also
youtube.com/
like.
If
you
go
to
our
YouTube
channel,
it's
like
right
up
here,
I
think
takes
you
to
it.
Yeah.
B
B
A
Ya
and
like
the
naming,
there
is
a
freaking
mouthful
because
the
Linux
Foundation
has
like,
like
we
had
to
work
with
the
trademark
cuz.
You
can't
call
it
like
hefty
Oh
kubernetes,
because
we
don't
know
him.
Kubernetes
kubernetes
is
a
as
a
community
project
right.
So
it's
a
quick
start
for
kubernetes
buy
hefty
Oh
is
sort
of
the
what
the
lawyers
decided,
I
so
yeah.
A
So
there's
that
okay,
so
we
got
this
up
in
Ronnie,
which
is
really
cool,
so
that
I
think
is
really
exciting,
that
you
can
actually
go
through
and
you
can
start
doing
this
Bluegreen
deployment,
which
is
something
that
was
possible
to
do
outside
of
Kay
native,
but
you
had
to
be.
It
was
a
lot
more
manual
to
actually
sort
of
manipulating
agressor
outs
to
be
able
to
do
this
stuff.
You
know
like
muck
with
labels
and
stuff
like
that.
So
that
is
super
cool.
A
That's
so
that's
what
I
wanted
to
dig
into
and
I
think
we
pretty
much
went
through
the
demo
here,
routing
all
traffic
and
then
cleaning
up
we'd
go
ahead
and
delete
that
stuff
yeah.
C
A
A
Raspberry
PI's
is
actually
you
know
or
something
where
it's
like
a
little
lab
environment
is
a
good
place
to
go
with
bare
metal
alright.
So
we
got
that
so
that
I
think
is
a
really
cool
demo.
I
think
that's
probably
the
way
that
we
want
to
go
with
serving
I
want
to
find
some
time
and
we
have
about
a
half
an
hour
left
here.
I
want
to
start
digging
into
the
build
stuff,
because
I
think
that's
really
interesting
and
I
haven't
had
a
chance
yet
to
really
dig
into
that.
A
So
this
is
kubernetes
bill,
but
I
want
the
documentation
or
Kane
ate
it
build
so
that
points
to
that
where's.
The
documentation
for
samples
and
demo
will
do
the
source
to
Earle
deployment,
because
this
actually
brings
it
all
together
and
then
okay,
oh,
shoot
we're
gonna
have
to
we're.
Gonna
have
to
do
this,
okay,
so
so
the
first
thing
we
need
to
do
is
we're
gonna
install
the
can't
go,
build
template,
so
so
can't
am
I
saying
it
right
can
Eko
I'm,
gonna,
say
Kaneko,
so
I'm,
sorry
Jason,
you
can
catch
up
later
afterwards.
A
Just
remember
you're
you're
about
an
hour
in
and
if
you
watch
it
at
1.5,
it'll
take
less
of
your
time.
So
we're
gonna
download
this.
So
this
is
a
build
template.
So
we're
like
I'm
like
what
the
heck
is,
a
build
template.
Let's
look
at
that.
This
is
essentially
a
new
thing.
That's
part
of
the
K
native
world.
A
So
that
looks
pretty
useful
and
I
think
the
idea
is
that,
like
at
the
end
of
the
day,
so
many
of
these
builders
can
be
reduced
to
you
have
some
input
parameters,
and
then
you
have
a
set
of
containers
that
you
want
to
execute.
What
I
think
is
interesting
and
I'd
love
to
dig
into
this
and
I
know
sure.
A
So
this
looks
cool,
so
matt
says
we
want
to
standardize
a
number
of
docker
file
builders
to
have
a
common,
build
template.
Signature,
yeah
I
think.
But
the
interesting
thing
is
is
that
this
idea
of
steps
is
more
generic
than
just
building
it's
more.
You
know,
and
so
there's
other
places
where
that
makes
sense,
but
but
there's
also
like
hey.
Let's
just
you
know,
create
the
create
the
experience
which
I
totally
totally
get
also
all
right.
C
A
C
A
A
What
we're
gonna
do
is
you're
gonna
steer
well
actually,
here
here,
I'll
show
you
what
we're
gonna
do
I'm
going
to
switch
back
to
the
camera,
we're
going
to
use
the
we're
going
to
use
the
the
AWS
registry
to
do
this
stuff.
So
this
is
its
it's
under
the
elastic
container
service,
tab
and
I
have
an
example
Python
here
let
me
delete
that
repository
now.
The
Amazon
one
I
did
a
TGI
K
on
this.
Also.
Is
that
we're
gonna
call
this
one?
Oh
look.
We're
gonna
look
read
ahead
on
here.
A
Google
Cloud
Builder
a
similar
approach,
steps
I,
hope
it
works.
We're
gonna,
try
this
out
man,
so
that's
okay,
right,
like
like
this
is
the
promise
of
this
world
is
that
this
stuff
should
mostly
work,
but
we're
going
to
call
it
from
source.
Now
one
of
the
like
the
pain
in
the
butt
points
about
ECR
is
number
one.
Is
that
it
you
have
to
create
each
repository
a
priori.
A
A
You
know,
and
it
depends
I
think
yeah,
so
so
what
you
end
up
doing
is
the
other
thing.
That's
a
total
pain
in
the
butt
with
ECR.
Is
that
without
using
other
systems,
you
only
get
ever
get
short-term
credentials,
and
so
so
what
we
have
here
is
we
can
do
we
run
this
and
I'm.
Just
gonna
hope
that
nobody
like
tries
to
copy
my
screen
here,
because
there's
a
lot
here.
The
user
is
AWS.
Okay,
so
let's
go
back.
We
have
that
going
on
there,
okay,
so
we're
gonna
create.
A
B
A
A
A
B
A
So
there
we
go
so
is
that
right
did
I
screw
that
up
okay.
So
what
do
we
have
before?
Let
me
make
sure
that
I'm
not
confused,
and
that
has
a
slash
at
the
end,
let's
put
a
slash
at
the
end,
just
to
be
safe.
So
so
so
the
thing
is,
is
that
Amazon
gave
me
an
encoded
password,
but
then
we
have
to
encode
it
again.
A
So
it's
an
actually
base
double
base64
encoding
and
then
the
secret
will
like
onion
code
it
and
then
that'll
get
uploaded
and
then
Amazon
will
unencoded
again
and
so
a
lot
of
times
in
this
world.
What
you'll
find
is
that
you
can
like
have
things
be
like
double
base64
encoded,
because
folks
aren't
sure
exactly
where
it's
gonna
show
up
because
like
if
you
look
at
like
JW
T's
jobs,
they'll
actually
be
basic,
C
4
encoded
also,
and
we
can
actually
try
with
it.
So
you
can
do
like
like
we
can
do
echo.
A
A
A
Alright,
so
we
get
that
where
and
then
deploying
the
sample.
Okay,
this
sample
uses
this
thing
to
create
a
basic
go
application.
We'll
look
at
this,
and
this
has
just
a
docker
file
that
uses
the
golang
docker
image
and
copies
some
stuff
in
and
then
does
some
stuff
copy
from
okay
yeah
and
then
this
is
a
multi.
A
So
what's
interesting,
this
is
a
multi-stage
docker
file
and
there's
a
point
of
order
here,
because
it
turns
out
that,
like
the
versions
of
docker
that
are
well
supported
and
battle-tested
with
kubernetes
aren't
necessarily
the
ones
that
have
the
the
multi-stage
build
support
and
so
using
something.
That's
totally
user
mode
like
the
can
of
go
stuff
is
interesting
because
you
you
it's
totally
independent
from
the
version
of
docker
that
you're
actually
running
under
the
under
the
covers,
which
is
really
good.
A
So
we
got
that
going
on.
So,
let's
see
if
it's
done
with
the
Kentico
config
map,
it'll
use
the
IAM
instance
profile.
I
think
maybe
I
didn't
want
to
rely
on
that
and
a
lot
of
times
if
I
believe
we
actually
block
access
from
containers
to
the
metadata
server
on
the
host,
because
it's
kind
of
unsafe
to
enable
that
for
everybody
we
do
that
in
the
QuickStart.
It's
probably
best
practice
when
running
on
AWS
in
general.
So
unless
you're
running
something
like
cube,
ke
I
am,
which
also
has
its
own
issues.
A
A
A
Okay,
so
we're
gonna
like
rename
service
die
animal
because
we're
doing
a
bigger
service
dog
yeah
mo
this
one's
called
app
from
source,
and
now
we,
instead
of
just
the
revision
template
we
have
this
thing
called
bill
and
there
is
a
some
funky
yamo
going
on
here.
That's
what
I'm
going
to
call
this
funky
mo
and
it's
turn
so
it
turns
out
that
when
we
started
using
the
ammo
for
kubernetes,
we
just
wanted
like
a
prettier
Jason,
because
Jason
is
a
total
pain
in
the
butt
to
author
by
hand.
A
A
A
Right
with
that
awesome,
nine
five
zero
zero
five
four
like
it
just
rolls
off
the
tongue.
We
put
this
once
and
then
this
is
actually
gonna.
This
is
the
image
that
the
Builder
is
going
to
create
because
see.
This
is
the
argument
coming
in
and
then
you
can
say
that
that
same
image
is
the
one
that
we're
going
to
go
ahead
and
launch,
and
so
I
believe
that
the
way
that
service
works
is
it
launches
the
build
it
sees.
If
the
build
successful,
if
the
build
successful,
then
it
goes
ahead
and
actually
creates
the
revision.
A
So
there's
a
sort
of
workflow
built
in
into
that
yeah
and
so
I
mean
some
of
the
questions
I
have
here,
maybe
like
I
need
to
learn
more.
Is
that
like?
Is
there
a
way
to
say,
hey
I,
want
to
like
automatically
make
sure
that
that
the
tag
actually
matches
up
can
I.
We
have
my
my
build
actually
have
an
output,
which
is
the
image
name
that
gets
plugged
in
here.
Is
there
a
way
to
actually
plumb
parameters
through
that
you
can
do
in
a
general
sort
of
CD
type
of
pipeline?
A
Or
is
this
something
where
you
just
always
use
latest
and
you
do
image
pull
policy
and
you're
all
like
you
all
know
about
it
and,
let's
see
so
Aaron
says
lots
of
projects
using
a
museum.
Oh
as
a
poor
man,
it's
a
claret
of
language,
my
CI
just
does
helm
template
and
outputs
the
render
templates,
yeah
so
I
think
a
lot
more
folks
are
using
home
template.
This
is
what
sto
is
doing
right
now
without
using
tiller,
because
tiller
has
its
own
sort
of
set
of
set
of
ups
and
downs.
A
A
What
I'm
gonna
do
is
I'm
going
to
do
this
and
then
we're
immediately
gonna
watch
the
pods
that
are
coming
in,
so
we
saw
the
blue-green
stuff
brought
in
so
now
we're
running
app,
dots
or
app
from
source.
So
it's
actually
it
took
that
thing.
It
launched
it
now.
It's
launching
that
first
step
in
there
with
the
inputs
that
we
gave
it
it'll
then
go
through
sink
to
that
get
repo
run.
The
can't
go,
build
thing
generate
the
container
image
and
this
all
happens
inside
the
container
in
a
relatively
safe
way.
A
It
still
needs
root
in
the
container,
so
it
doesn't
support
rootless
containers,
but
it
doesn't
need
what
are
called
privileged
pods
with
kubernetes.
It
doesn't
need
special
privileges
above
and
beyond,
just
being
able
to
run
with
root.
This
will
generally
work
in
most
clusters.
Unless
you
have
a
pod
security
policy
that
says
you
must
run
as
non-root,
in
which
case
Conoco
will
not
work.
There
is
efforts
to
be
able
to
support.
You
know,
building
docker
images
with
true
rootless
containers,
and
so
rootless
means
that
you
you.
A
You
know,
you
don't
need
to
be
rude,
to
be
able
to
launch
the
containers
and
do
stuff,
but
that
is
that's
still
work
in
progress
like
openshift
for
doing
the
ruthless
stuff.
The
build
of
stuff
still
needs
like
daemon
access.
So
a
lot
of
the
work
going
on
with
open
ship
does
not
do
this
Jesse's
been
pushing
this
stuff
with
their
image
stuff
and
then
Lord
cypher
of
God.
What's
I,
don't.
C
A
Been
working
from
the
from
the
OCI
side
of
the
house
for
a
long
time,
and
so
there
are
efforts
in
that
direction
to
be
able
to
do
true,
less
things
here
so
Matthew
says
it's
somewhat
a
function
of
trying
to
make
these
separable
building
blocks.
We
want
folks
to
be
able
to
build
Dorota
and
images
or
things
other
than
images.
Okay,.
C
A
C
A
B
A
A
B
A
Docker
and
docker
is
if
you're
doing,
doctor
and
docker
or,
if
you're,
giving
access
to
the
docker
game
and
essentially
you're
giving
folks
root
on
your
cluster.
So.
A
B
C
B
C
A
A
Let's
give
that
a
try.
Does
that
actually
tell
me
what
happened?
Okay,
there
we
go.
Alright,
no
files
were
changed,
adding
empty
layer
to
config
no
matching
credentials
found
for
this
okay,
so
it
wasn't
able
to
find
the
credentials.
Does
that
mean
that
we
screwed
up
in
the
secret,
where
we
have
to
do
that?
Maybe
how
does
it
actually
find
the
credentials
did
it
did
that?
Did
that
slash
actually
hurt
things?
A
A
Like,
let's
say,
I
have
a
service
I
do
a
new
build,
I
could
also
okay,
so
I
could
also
go
to
the
latest
to
latest,
and
that
would
tweak
it
okay.
So
it's
similar
yeah
I,
would
think
about
like
there's
times
when,
like
the
declarative
model
of
kubernetes
actually
falls
over,
and
that's
things
like
hey
I,
want
to
like
I
push
a
new
image.
It's
they're
both
called
latest.
How
do
I
do
this
with
deployment?
A
You
know
you
generally
like
would
do
like
an
annotation
on
that.
In
fact,
there
was
a
threat
on
Twitter
recently,
where
folks
were
like
hey.
How
do
you
make
sure
that
you
roll
your
deployment
when
you
update
your
config
map
and
and
oftentimes
people
will,
like
you
know
you?
Can
you
can
set
up
the
GC
stuff
and
there's
some
really
interesting
stuff?
That's
sort
of
bleeding
edge
there,
but
a
lot
of
times
people
will
have
an
annotation
in
their
in
their
deployment
that
actually
points
to
this
stuff.
C
A
A
A
A
A
All
right,
it's
gonna
work
this
time
for
sure
you
think
I
may
have
double
encoded
the
secret
last
time,
I
think
you're
right.
So
it
was
like
triple
encoded,
see
you
later
Alex,
sorry,
you
couldn't
stay
to
see
it
to
the
end.
We're
like
we
had
three
minutes
for
my
like
hour-and-a-half
thing
here.
We're
gonna
see
how
this
goes.
Okay,
so.
A
C
A
A
C
A
Yeah
we
pushed,
but
now
we
can't
pull.
Oh,
oh
man,
okay,
all
right
so
note
yeah!
So
there's
the
tag
to
digest
resolution.
That
might
be
it
also,
but
I
think
we
definitely.
Oh
man.
A
Yeah,
okay,
so
there's
this
ER
updater
thing
so
so
the
problem
is
that
we're
not
pushing
to
a
public
repository,
and
so
that
means
that
we
have
to
configure
kubernetes
to
be
able
to
pull
from
this,
which
is
interesting
because
it's
a
pull
secret
image,
cool
secret,
which
is
different
from
the
push
secret
and
I.
Think
one
of
the
things
I'd
like
to
see
is
actually
using
the
same
secret
type
for
both
the
pushing
and
the
polling,
which
is
which
is
interesting.
A
C
C
C
B
A
So
I
did
a
TGI
Kay
on
this
and
so
I
don't
know.
Is
there
a
way
to
tell
Kay
native
to
use
a
specific
yeah
copy?
This?
You
know
it'll
expire
in
12
hours,
so
you
guys
can
push
images
all
you
want
for
the
next
12
hours.
Is
there
a?
Is
there
a
way
to
have
K
native
uses,
specific
kubernetes
service
account
I.
Think
that's
an
interesting
question.
Also,
alright.
So
we
want
to
do
this
cube
control.
B
B
A
A
C
A
A
And
then
that
gets
applied
to
the
pod,
then
you're,
using
that
pod
with
that
service
account.
Okay,
all
right
now.
These
are
the
nitty-gritty
details
when
you're
using
this
stuff
for
real.
That's
just
good
that
just
get
painful
and
I
know
it's
like
painful
to
watch
also,
but
I
also
think
that
folks
appreciate
seeing
like
hey.
You
know
this
stuff
isn't
easy.
There's
a
lot
of
like
oh
I
got
a
slash
wrong.
A
I
got
a
try
again,
you
know
documenting
this
stuff
is,
is
tricky
because,
like
I
think
you
know
this,
the
documentation
here
was
using
docker
with
a
public
repo
right,
and
the
truth
of
the
matter
is:
is
that
anybody
who's
anybody's
gonna
want
to
use
private
repos
for
this
stuff,
yeah
dr.
Krantz,
it's
a
it's
a
mess,
that's
for
sure,
okay!
So
this
completed
now,
oh.
A
C
B
A
True
means
done,
raka
sign
it,
so,
okay,
false
meaning
it's
failed
unknown
means
we
don't
know
yet.
Okay
and
the
conditions
so
I
do
like
that.
K
native
uses
conditions
a
lot,
because
conditions
are
better
than
like
a
lot
of
other
stuff.
In
kubernetes
like
when
you
have
like
an
error,
an
image
point.
It
ends
up
being
showing
up
in
the
event
stream,
and
these
things
are
not
events
they're
like
conditions
right.
There
are
things.
The
revision
controller
look
is
dead.
Okay,
so
I
may
have
found
a
bug
which
case
I
apologize.
C
A
Native
team
for
doing
this,
yeah
no
I
really
like
the
conditions
pattern,
I
wish
we
were
using
it
more
in
in
kubernetes,
there's
a
there's,
a
subtlety
of
like
when,
when
it
stuff
sort
of
full-fledged
status
versus
when
is
it
a
condition
and
and
I
think
we're
still
figuring
out
sort
of
the
right,
the
right
view
of
that
stuff?
Okay,
so
this
thing
looks
like
it's
broke:
keep
controlled,
K
native.
B
A
Yeah
it
looks
like
it's
broke.
It's
on
the
cluster.
If
you
did,
the
full
install
I
did
do
the
full,
install
but
I
think
we're
gonna.
We're
gonna
have
to
call
it
here.
Unfortunately,
folks,
alright,
so
Kay
native
team
I
am
happy
to
help
debug
this
stuff
later.
If
you
want
I,
think
you
know,
I
did
what
I
should
write.
I
think
you
know
what
we're
gonna
find.
A
Is
that,
like
this
idea
of
using
some,
you
know
non
docker
registry,
that's
going
to
be
local
type
of
thing
is
going
to
be
probably
the
norm
for
folks
that
are
using
kubernetes
and
anger.
You
know
there's
folks,
like
jay
frog
that
do
this
stuff,
all
the
time
so
they're,
you
know,
there's
there's,
there's
Quay,
there's
quays
on-prem,
there's
the
cloud
ones,
so
you
know
there's
just
this
mode
like,
even
though
I'm
sending
it
to
ECR.
This
idea
of
using
a
separate
registry
is
going
to
be
really
important.
A
I,
don't
know
where
it
fell
over
I
think
we're
probably
out
of
time
to
dig
into
this.
That's
not
satisfying
I
wanted
to
yeah,
but
you
use
GC
our
width
integration.
That
actually
means
that
you
don't
have
to
do
image
secrets.
I
think!
That's
the
probably
that's
probably
the
question
here,
but
I
am
happy
to
help
you
all
debug,
this
stuff
and
yeah
using
anger
is,
like
you
know,
use
it
for
real
versus,
like
just
pretending.
This
is
not
using
a
nagger.
This
is
just
playing
with
it.
A
B
B
A
C
B
A
A
A
A
A
Yeah
I
think
it's
broke
all
right.
Well,
that
is
unfortunate.
I
always
like
to
end
these
things
with
like
a
victory,
dance,
yeah,
so
something's
wrong
here,
we'll
get
to
it.
I
think
you
know
it's
it's.
It's
I
pay
a
lot
of
times.
I
stretch
this
stuff
in
ways
that
wasn't
originally
intended,
and
that's
one
of
the
reasons
why
I
like
to
do
this
stuff
on
AWS.
Is
that
you
know
it's.
A
It
helps
to
sort
of
you
know
suss
out
some
of
the
some
of
this
sort
of
edge
cases
make
sure
that
you
know
the
this
stuff
is
not
you
know,
smoke
and
mirrors.
I'm.
Not
you
know,
K
native
is
not
smoking
mirrors
I'm,
just
I'm,
guessing
that
this
is
probably
just
some
simple
bugs
or
something
you
know
dropped
out
of
sinking,
and
so,
if
you
give
it
the
right,
kick
things
would
go
ahead
and
get
started
again,
but
we're
out
of
time.
Unfortunately,
thank
you.
A
Sorry,
we
we
didn't
get
that
exciting
thing
at
the
end,
but
hopefully
you
all
get
a
feel
for
how
this
stuff
works
and,
and
once
you
get
this
stuff
rolling,
I
think
the
idea
is
that
you
know
building
and
pushing
and
naming
all
this
stuff
becomes
really
really
really
seamless,
so
have
a
good
weekend.
If
your
weekend
hasn't
already
started
and
I'll
see
you
next
time.
Thank
you.