►
From YouTube: TGI Kubernetes 055: Building container with Kaniko
Description
Come hang out with Kris Nova as she does a bit of hands on hacking of Kubernetes and related topics. Some of this will be Kris talking about the things she knows. Some of this will be Kris exploring something new with the audience. Come join the fun, ask questions, comment, and participate in the live chat!
A
Hey
everybody
and
welcome
to
TGI
K
live
in
the
1500
studios
here
in
Seattle
how's
everyone
doing
today,
I'm
your
host
Chris
Nova,
just
opening
up
on
my
YouTube
e
stuff
hold
on
folks.
I
got
I
like
we
can't
miss
the
hello
everyone
section
of
today,
so
we're
gonna
make
sure
I
like
have
everything
lined
up
for
that,
but
yeah
it's
good
to
see
everybody.
Let's,
let's
see
it
looks
like
folks
already
in
the
chat
here.
Let's
see
what
we
got
going
on,
olav
was
our
winner.
A
Today
he
was
the
first
one
joy
to
the
kubernetes
world.
I
decent
good
to
see
you
I've
been
seeing
you
a
lot
lately,
thanks
for
joining
again
good
evening
from
Russia
evening
from
the
Scottish
Highlands
nice
to
see
you
Rory,
hey
guys,
greeting
from
Hamburg
good
to
see
you
Suresh
and
then
George
is
joining
us
George's
on
the
hefty
of
account,
and
he
says
alright
welcome.
This
is
George
I'll,
be
assisting
Chris
with
notes
yeah,
so
we
always
have
a
hack
MD
that
George
will
put
in
the
chat
here
in
a
moment.
A
If
folks
want
to
take
notes-
or
it's
a
good
way
to
share
links
since
we
can't
share
links
in
the
the
YouTube
chat
over
here,
we
have
good
night
from
Paris
good
to
see
you
Philippe
from
branch,
wig,
Christopher,
happy
Friday,
hi
from
Tanzania
makedonia
Bristol
and
there's
George's
hacking
d-link.
As
per
usual.
It's
good
to
see
everyone,
and,
as
always,
we
have
people
from
literally
all
around
the
world.
So
thank
you
for
joining
no
matter
what,
time
of
day
or
night
it
is
yeah.
A
So
this
week
on,
TGI
K
we're
kind
of
following
up
a
little
bit
on
what
we
talked
about
last
week,
so
kind
of
on
a
whim.
I
decided
to
do
the
build
a
container
image
building
tool
and
we
had
a
lot
of
folks
who
were
interested
in
it
and
asked
a
lot
of
questions
about
other
container
image
building
tools,
and
we
kind
of
thought
that
maybe
it
would
be
a
little
bit
of
fun
to
kind
of
do
a
quick
mini
series
that
was
a
little
unexpected.
So
that's!
A
What
we're
doing
today
is
we're
going
to
be
doing
another
container
image,
building
tool
and
talking
about
how
this
compares
to
build
up
from
last
week
and
the
the
pros
and
cons
or
just
the
the
technical
is
between
the
two
tools
and
we'll
go
into
like
a
little
bit
more
detail
about
canna
Co,
which
is
what
we're
gonna
be
talking
about
today.
A
little
bit
later,
it
looks
like
more
folks
are
saying:
hi
we
have
hi
from
austria,
steve
sloka
good
to
see
you
happy
Friday
hi
from
Phoenix
Arizona,
yes,
love
the
desert,
'la
Maddie!
A
Are
you
going
to
continue?
This
awesome
container
build
episodes
with
image
next
week?
Okay,
so
the
Maddie
was
the
first
one
to
ask
the
million
dollar
question
so,
like
I
feel
like
there,
you
go
with
Maddie.
You
can
have
a
go
gopher
for
your
prize
for
asking
the
million
dollar
question,
but
yeah
so
I
think
I,
I,
don't
know
if
it's
gonna
be
next
week,
but
I
I
think
doing
a
TGI
K
on
image,
or
at
least
a
TT
gik
on
you
know
another
one
of
these
container
image
building
tools
and
talking
about
image.
A
A
little
bit
on
there,
you
know
honestly
I,
don't
know
if
I'm
even
saying
that
correctly,
but
I'm
gonna
just
call
it
image
for
now
or
maybe
would
be
a
better
way
of
pronouncing
it,
but
yeah
I
think
we're
gonna.
Do
it
I've
been
talking
to
some
folks
about
it
and
I'm
gonna
poke
around
not
a
little
bit
more,
and
hopefully
we
can.
We
can
get
one
more
of
these
container
image
building
sessions
out
of
the
way,
and
we
could
talk
about
that
one.
So,
yes,
stay
tuned
coming
soon
to
TGI
Kenny.
A
Are
you
Duffy
you
good
to
see
you
hi
all
Duffy's
got
the
ranch,
which
means
he
can
help
out
if
folks
need
anything.
Sayyid
hello
from
London
good
to
see
you
Syed
I,
guess,
since
we're
on
the
topic
of
London
I'm
gonna
be
in
London
next
week
for
velocity.
Con
I
have
a
keynote.
So
if
folks
in
London
want
to
get
together
and
talk,
kubernetes
and
hang
out,
I
feel
free
to
hit
me
up
on
any
of
the
usual
avenues
and
we
can
get
together
and
talk.
A
Kubernetes
there's
usually
a
group
of
us
who
get
together
in
London
and
go
out
and
just
talk
about
like
what's
been
going
on
in
the
kubernetes
space.
So
if
you
want
to
join,
let
me
know
we
have
Bob
hello
from
beautiful,
Hollywood
California
good
to
see
you
Bob
I
was
just
in
Los
Angeles
on
Wednesday
I
want
to
say
for
like
an
hour.
A
It
was
good
to
be
there
good,
all
of
LA
Robert
Lancer
hello
from
New
York
City,
hello,
Robert,
good,
to
see
you,
okay,
so
I'm
gonna
move
right
in
because
we
got
a
lot
to
cover
today
for
the
this
week
in
kubernetes,
and
you
have
some
other
links.
I
want
to
show
folks.
So,
let's
cut
over
to
the
screen
plus
my
face
here,
I
love
this
view
because
I'm
like
up
in
the
top
corner-
and
you
still
gotta-
see
my
screen-
okay,
so
here's
our
hack
indie
that
we
put
together.
A
You
can
do
like
the
split
view
here
at
the
top
and
you
can
like
go
between
the
different
views
or
whatever
I
like
to
do
this
one.
So
you
get
the
mark
down
on
the
left
and
then
here
on
the
right
we
get
the
actual
render
to
mark
down,
and
you
can
see
we
have
a
pretty
big
list
of
stuff
to
go
through
today.
A
So
let's
just
get
started
and
actually
I'm
going
to
Koff
and
have
some
baked
cocoa,
really
quick,
okay,
so
I
think
the
the
first
one
here
is
kubernetes
one
dot
12.2
is
out,
and
here
is
the
changelog
and
I
like
just
solved.
Another
email
going
around
about
1.13
I,
can't
believe
we're
already
on
version.
1.13
I
literally
feel
like
we
were
on
one
dot
for
just
the
other
day,
so
kubernetes
flying
by
as
per
usual.
So
why
we're
here
on
the
changelog?
This
is
actually
a
question.
A
Somebody
asked
me
in
my
workshop
I
gave
earlier
this
week
at
all
things
open,
which
was
a
great
conference
by
the
way,
which
was
where's,
like
the
de
facto
go-to
spot,
to
learn
about
all
the
changes
in
kubernetes.
So
we're
looking
at
here.
This
link
that
George
put
in
our
hack
MD
is
a
changelog
and
they
actually
build
all
of
the
changelog
here
from
the
git
commits
of
all
the
PRS
that
were
merged.
A
So
you
can
come
in
and
actually
get
all
the
technical
nitty-gritty
detail
that
you're
looking
for
more
people
saying
hello,
we
have
a
high
from
Turkey
and
Josh
X,
says
hi
all
as
well:
okay,
cool,
so
yeah.
If
you
were
to
come
and
check
out
what
changed
in
version,
1.12
dot,
one
to
version,
one
12.2
feel
free
to
come,
take
a
look
and
then,
of
course
you
can
always
grab
all
of
the
the
binaries
to
client
by
mary's
of
server
binaries
in
the
node
binaries
here
as
well,
and
that's
the
official
community
release
of
kubernetes.
A
This
is
the
spot
to
come.
Get
it
excuse
me
I,
like
how
to
call
for
a
couple
weeks
got
a
little
bit
better
and
now
I'm
back
to
having
a
coffee
ghin.
So
it
looks
like
our
next
one.
Here
we
have
we
flux
version,
1.6
and
1.8,
so
those
are
out.
Let's
look
at
what
is.
This
is
like
the
more
recent
one,
so
Joe
I
think
Joe
did
it.
He
GI
can
we
flux
a
while
ago.
So
I
won't
go
too
detail
here.
A
But
if
you
want
to
go
to
the
TGI
K
repository
and
find
out
more
about
flux,
you
certainly
can
I
think
the
TLDR
is
flux,
help
solving
a
lot
of
the
C
ICD
problems
that
you
see
in
kubernetes
and
it
looks
like
we
have
another
big
release
of
it,
so
hats
off
to
our
friends
at
weave
for
continuing
to
support
and
maintain
a
helpful
tool
that
makes
the
community
more
effective.
Oh,
this
is
an
exciting
one,
a
hep
to
our
conversion.
0.9
point
nine
bug-fix
releases
out
I'm
curious.
What
bug
fix?
We
fix
okay.
A
So
this
is
another
one
of
the
discussed
kubernetes
io
things.
So
yeah
I've
had
a
few
folks
asking
me
about
just
this
site
in
general.
If
you
don't
know
about
it,
it's
a
pretty
cool
site.
It's
called
discuss:
kubernetes
dot,
io,
it's
sort
of
like
an
active
bit
of
documentation,
so
you
can
actually
open
up
issues
and
respond
to
them
and
you
can
like
login
with
your
github
here.
A
If
you
just
do
login,
you
can
like
access
it
with
your
github
and
then
once
you're
logged
in
with
github,
you
can
actually
come
in
and
like
I
could
come
and
type
a
reply.
If
I
wanted
to
it's
pretty
handy
but
yeah.
If
you
want
to
come
check
out
the
arc
version
0.9.0
lease,
let's
see
if
we
can
find
here,
are
the
binaries.
But
what
does
it
say?
Ok
check
if,
in
it
containers
key
exists
before
attempting
to
remove
volume
outs?
A
Ok,
it
looks
like
we
just
had
some
logical
discrepancies,
so
we
just
like
reordered
it
a
few
things
in
arc
and
I
guess
why
we're
here
we've
been
talking
about
doing
FTO
art
for
a
while
and
I
feel
like
it's
just
gonna,
be
another
week
of
me
being
like
we're
gonna.
Do
it
one
day,
but
we
are
gonna.
Do
a
one
day,
I
think
what's
kind
of
holding
us
back?
Is
we
want
to
make
sure
that
we
have
the
engineers
somehow
looped
into
the
call
so
like?
A
Maybe
we
can
get
some
time
on
the
calendar
in
the
future
and
how
one
of
the
engineers
joined
me
here
in
the
studio
or
something
but
anyway,
hefty
work
is
really
rad.
It
allows
you
to
backup
your
kubernetes
cluster,
not
only
just
the
kubernetes
resources,
but
also
the
underlying
data
store,
that's
stored
on
all
of
your
physical
volumes
under
near
persistent
volumes
underneath
so
that's
really
exciting.
A
A
I'm
gonna
turn
this
down
and
just
kind
of
skim
through
this
and
see
what
we
got
going
on.
Okay,
so
it
looks
like
they
had
to
kind
of
go
through
and
learn
about
all
of
the
underlying
infrastructure
of
kubernetes,
and
they
put
together
this
really
nice
presentation
on
how
they
get
everything
up
and
running.
Oh
this
looks
cool.
This
might
be
a
really
good
put
it
on
like
two
times
the
speed
and
listen
to
it
at
your
desk
type
of
video.
A
A
It's
actually
pretty
exciting
because
you
kind
of
like
it
get
into
the
two-times
mode
or
whatever,
and
actually
because
to
sound
normal,
but
you
can
like
knock
out
an
hour-long
video
in
30
minutes,
so
it's
pretty
cool,
so
yeah
that
looks
like
a
good
one.
I
would
totally
come
check
out.
Sean
Smith
hello
from
Seattle
everyone,
sorry
I'm
late,
welcome,
Sean
good
to
see
you!
Okay!
Next
we
have
our
old
friend
Michael
husband,
blasts,
interesting
that
a
tribute
between
me
and
Michael
is.
A
He
was
one
of
the
few
people
at
the
original
Cuba
corn
release
table
party
at
gopher
con
2
to
go
for
cons
ago.
When
were
you
released
Cuba
corn?
He
was
the
one
who
like
wrote,
the
reddit
article
that
blew
up
and
helped
me
again:
Cuba
corn
to
number
one
trending
on
github.
So
that's
like
my
last
in-person
memory
of
my
time
with
Michael.
A
It
was
really
a
good
day,
but
anyway
he
blogs
a
lot
and
it
looks
like
he
has
a
great
blog
entry
on
applied
kubernetes
security,
just
subtle,
J
sizzle
on
the
phone
good
to
see
you
Jeff,
New
Jersey,
is
in
the
house.
Welcome
Jeff
good
to
see
you
Jeff
is
were
the
folks
who
I
have
to
go
so
I
call
him
Jason.
So
he's
a
good
dude
and
if
she
says
start
at
2:00
and
come
down
to
1.5
your
ears
get
used
to
it.
A
Okay,
so
as
she
suggests
for
if
you're
gonna
speed
up
a
YouTube
video
start
at
2x
the
speed
and
then
come
down
a
little
bit
and
then
your
ears
actually
get
used
to
it.
So
anyway,
here
is
Michael's,
blog
I
have
pulled
up.
It
looks
like
pizza.
First
is
not
the
agenda,
that's
pretty
funny,
and
also
very
Michael.
If
you
know
him
so
yeah.
On
my
way
home
from
Berlin,
we
had
a
really
good
cloud
native
CN,
CF
Meetup
applied
kubernetes
security.
A
Other
exercise
that
you
do
need
to
go
through
in
kubernetes
simply
using
kubernetes
does
not
automatically
give
you
a
security,
although
there
are
tools
out
there
that
make
it
a
lot
easier
after
you,
asana
boy
is
a
really
great
example
of
just
checking
to
make
sure
you're
running
a
conforming
cluster,
but
this
looks
like
it
goes
off
into
a
lot
of
the
exciting
and
probably
low-hanging
fruit
for
security
kubernetes
cluster.
So
if
you're
thinking
about
running
in
production,
this
is
probably
a
good
resource
for
you
to
come
check
out.
A
Ok,
let's
see!
What's
next
I
told
you
all,
we
had
a
lot
of
these
so
I'm
trying
to
go
kind
of
quick
on
them.
What
in
the
hell
is
a
pod
anyways?
Well,
it's
one
or
more
containers
with
shared
volume
or
shared
storage
and
shared
networking.
If
you
look
at
the
kubernetes,
the
I/o
Doc's
actually
I
want
to
see
if
I
just
got
that
right
from
memory
kubernetes
that
I/o
pod.
If
I
got
this
right,
it's
nerdy
super
hilarious,
pods,
kubernetes
pods
are
the
smallest
employable
units
of
computing
that
can
be
created
in
kubernetes.
A
A
pod
is
a
group
of
one
or
more
containers,
with
shared
storage
and
network
yeah
from
memory
Chris,
Nova
buddy.
Let's
see
what
Dominic
has
to
say
about
a
pod,
though
so
kubernetes
is
a
container
orchestration
engine
designed
to
host
containerized
applications
on
a
set
of
nodes.
Ok,
so
I
think
he
goes
in
and
just
talks
about
a
pod
in
reference
to
all
of
the
kubernetes
objects.
Oh,
this
is
actually
really
good.
Ok,
so
I
have
a
link
for
something
like
this
later,
because
this
is
actually
relevant
to
Kanaka
for
today.
A
Processing
a
pod,
so
status
in
a
pod
is
really
important.
Oh
does
he's
saying
something.
I
feel
like
Duffy
always
has
important
comments
that
I
need
to
read
them.
Let's
see
what
nephew
says
on
the
security
topic,
Opik
is
another
good
read
related
to
the
federate
Fredericks
pods,
not
pods
the
talk
that
Federative
gave
okay,
so
Duffy.
If
you
want
to
add
a
link
for
folks
to
the
hack.
Indeed,
I
would
be
rad
anyway.
A
You
can
see
that
states
of
a
pod
are
important
and
we're
gonna
actually
get
ipod
into
a
completed
state
later
today,
when
we
actually
generate
some
container
images
with
candy
co
or
Conoco
I'm,
not
even
but
I
feel
like
Conoco
is
like
a
gas
station.
Let's
call
it
Canaan
code,
okay,
plus
one
for
candy
Co
plus
two
for
Conoco.
Let's
see
what
people
have
to
say
anyway,
this
talks
about
all
the
different
states
of
pod
campion.
A
So
if
you
really
want
to
like
brush
up
on
your
pod,
a
trivia
and
really
understand
how
it
is
executed,
and
probably
more
importantly,
how
they're
terminated
or
what
the
policy
is
around
them.
This
looks
like
a
really
good
read
to
really
gain
a
mastery
of
probably
the
most
important
resource
in
all
of
kubernetes.
The
one
that's
actually
running
your
application,
the
pod.
So
this
is
a
good
resource.
I
would
check
that
out.
A
Let's
see
Oh
folks
are
typing
hold
on
wait
for
Duffy
to
finish
typing
this
thing,
but
I
think
our
next
one
is
moving
Canary
deployments
on
AWS
using
lb
to
kubernetes
using
traffic.
Okay,
so
I
did
a
TG
I,
can't
traffic,
which
was
actually
one
of
our
more
successful
TG
IKS.
A
If
you
measured
it
in
terms
of
views
of
people
who
were
interested
a
she
says,
Google
for
what
happens
when
Kate's
know
a
second
issue
that
I
think
it
would
be
funny,
then
maybe
I'll
do
it
tweeted
about
it
afterwards
or
something
Suresh
votes
for
Conoco,
+24,
Conoco
I
really
can't
say
that
because
I
just
sounds
like
a
gas
station
anyway,
moving
Canary
deployments
on
AWS
using
lb
to
kubernetes
using
traffic.
What
do
when
people
say
Canaria
deployments
they
usually
can
mean
more
than
one
thing.
A
A
A
It
looks
like
we
have
my
apt
example,
comm
and
canary
in
my
app
okay,
so
I
think
what
they
mean
by
canary
in
this
case
is
simple,
simply
like
having
an
application
that
you're
gonna
put
up
and
running
somewhere
on
the
public
internet
and
in
controlling
traffic
to
the
canary
version,
meaning
like
the
first
version.
The
word
Canaria
comes
from
like
the
first
canary
coming
out
and
singing.
So
usually
people
refer
to
the
word
canary
in
technical
situations
as
like
the
first
rendition
of
something
in
this
case.
A
It's
the
first
rendition
of
releasing
an
application
on
the
internet
and
I
think
this
is
just
a
blog
that
talks
about
how
using
lbs
and
traffic
you
can
control
the
differences
between
like
one
domain
and
the
other,
so
that
you
can
ease
people
into
your
your
initial
release
of
your
application.
So
I
think
that's
what's
going
on
here.
So
that's
interesting.
A
If
you're
working
in
Amazon
and
you're
trying
to
ease
people
into
your
application
and
it's
like
sort
of
slowly
switch
or
transition
into
that
new
application,
okay,
next
up
kay
features
is
now
kay
enhancements.
Okay,
I'm
sorry
can
I
just
rant
about
this.
For
a
second
I
mean
I
I'm
here
in
the
tgia
studio,
using
K
as
a
shorthand
for
kubernetes
I,
really
strongly
disagree
with
it
and
I
would
say.
A
Civet
ii,
I
like
to
encourage
people
to
actually
type
out
kubernetes,
even
though
it
is
a
little
bit
longer.
I
think
it's
important.
So,
let's
see
if
I
can't
change
this
really
quick,
ricki,
ok
features!
So
kubernetes
is
now
kubernetes
slash
enhancements.
I
just
think
yeah
again,
it's
a
little
more
inclusive
and
friendly
to
a
newer
folks
to
the
project.
Ok,
so
next
we
have
oh
I.
Guess
I
can
click
on
this.
A
If
you
want
to
come
check
it
out,
you
can
go
to
github.com,
slash
kubernetes
sacha
enhancements,
and
this
is
where
all
of
the
the
big
feature
requests
basically
for
the
kubernetes
project
come
through
so
I
think
they
just
renamed
the
repository.
So
this
is
good
to
know
and
also
the
way
github
works.
Don't
you
don't
have
to
worry
about
it,
but
they
have
this
really
cool
redirect
feature
built
in
so
that
all
of
your
get
referenced
paths
still
work.
A
So
if
you
actually
go
to
kubernetes,
slash
features
you'll
see
that
you
automatically
get
forward
and
back
here
to
kubernetes
enhancements.
So
if
you
actually
try
to
like
include,
you
know
software
from
the
old
name
and
it
tries
to
pull
that
software
down
it'll
get
a
301
redirect
as
long
as
whatever
you're
using
the
vendor.
That
code
for
responds
to
301
redirects
you'll
actually
get
this
new
code
in
this
new
repo
name.
So
things
to
reference
it
github
for
doing
that.
For
us,
that's
a
really
cool
feature.
A
A
Syed
says,
but
aliasing
k4k
for
kubernetes
in
the
terminal
is
fine.
I
I
mean
I,
just
think
documentation.
It's
important
to
be
explicit,
I
mean
I
in
a
UNIX
command
line
world
where
keystrokes
are
important
and
it's
you
know,
for
the
sake
of
a
demo.
I
think
it's
okay,
especially
if
you
call
it
out,
but
just
in
code,
especially
in
documentation
like.
Is
it
really
that
hard
to
do
a
find
and
replace
4k
/
take
kubernetes
to
help
new
folks?
That's
my
two
cents
anyway
feel
free
to
do
whatever
you
guys
want.
Okay!
A
So,
let's
see
what's
next
cube
admin
GA?
Okay,
so
this
is
really
important
because
we've
been
talking
about
bringing
cube
admin
to
GA
like
ever
since
I
can
remember.
This
has
been
on
folks
is
mine
for
quite
some
time,
but
we're
very
close
thanks
to
all
of
our
friends
at
C,
cluster
lifecycle
and
I
know.
A
Tim
has
done
a
lot
of
work
and
making
this
thing
come
to
life,
so
once
it
goes
to
GA,
this
is
gonna,
be
a
huge,
a
huge
like
your
breaking
point
for
the
cube
admin
and
kubernetes
infrastructure
realm
of
things
for
a
lot
of
companies
can't
adopt
a
tool
until
it's
got
some
sort
of
GA
level
support
so
actually
moving
cube.
Admin
to
GA
officially
is
more
of
a
political
move
than
it
actually
is
a
software
level
move,
but
that
political
move
is
really
in
my
mind.
A
Gonna
help,
drive
adoption
and
further
standardized
cube
admin
as
the
de
facto
way
of
installing
the
kubernetes
components.
So
duffy
sends
me
a
cube
admin,
yes
cube.
Adnan
is
amazing.
It's
what
cubic
or
news
is
it's
what
we
use
in
the
cluster
api
to
bring
up
our
clusters
and
it's
in
my
mind,
sort
of
the
the
the
official
way
of
doing
the
kubernetes
stand,
be
parts
of
bringing
up
a
cluster.
A
So
thank
you
to
our
friends
at
said
cluster
lifecycle
and
a
big
congratulations,
and
thank
you
for
all
of
their
hard
work,
because
this
has
not
been
easy.
Getting
something
to
GA
and
kubernetes
is
extremely
tedious
and
takes
a
lot
of
time.
So
thank
you
again
we're
all
very
grateful
for
that.
Hard
work.
Okay!
A
So
a
friendly
reminder
were
everywhere
and
we
contribute
to
kubernetes
and
we're
right
here
live
on
TG,
ok.
So
this
is
an
important
to
me
and
if
it's
important
to
you
to
feel
free
to
share
a
screenshot
of
this
on
Twitter
and
show
your
support
this
week,
it's
pretty
important.
So
this
is
a
picture
of
me
last
week
or
earlier
this
week
at
the
all
things
open
conference.
A
So
I
put
this
on
stage
as
well,
so
thanks
for
letting
me
share
that
that
this
week
next
up,
is
this
really
exciting
blog
if
you're
interested
in
unprivileged
container
builds,
which
this
whole
conversation
is
long
conversation
we're
about
to
go
off
in
the
weeds
on
this
blog,
in
my
mind,
really
bottom
lines
it
for
everyone.
If
you
want
to
come
in
and
actually
get
an
understanding
of
how
a
container
is
built,
what
actually
needs
to
happen
on
the
host
and
the
container
file
system
in
order
to
generate
a
container
image?
A
And
then
why
is
a
lot
of
container
building
tools
like
docker
require
you
to
be
route
in
order
to
eat,
for
you
to
build
a
container
now.
This
whole
conversation
is
like
relevant
because,
if
you're
building
a
CI
CD
system
to
automatically
build
in
deploy,
containers,
giving
a
Jenkins
job
route
on
that
system
is
pretty
dangerous
and
pretty
terrifying
for
a
lot
of
operators
out
there.
So
this
goes
into
the
nitty
gritty
detail
of
the
different
like
these
are
all
the
difference.
A
This
calls
you
would
possibly
need
to
use,
and
can
you
do
any
of
this
without
root?
This
is
relevant
for
today's
episode,
because
the
the
container
image
building
tool
can
ago
or
Conoco
advertises
that
you
can
build
a
container
without
root
access
on
your
underlying
system
and
we're
about
to
put
that
to
the
test.
A
A
Ok,
so
it
looks
like
our
last
one
here:
ignite
talk.
What
is
kubernetes
it's
another
YouTube
video
me
close
this.
Oh
it's
Joan
and
Craig
and
Brendan
at
DevOps
days,
Kansas,
City
and
I.
Think
it's
probably
the
three
of
them
talking
about
what
is
kubernetes.
Oh
my
god,
look
how
cute
this
is
and
they
have
cute
little
drawings.
So
this
is
adorable,
so
Shawn
Smith
says
yeah
I
read
a
fleet
of
VMs
I
have
that
access
to
the
docker
daemon
to
build
them
that
get
paid
to
every
once
in
awhile?
A
Okay,
so
it
looks
like
Shawn
is
having
this
is
going
back
to
the
running.
A
privileged
container
image
build
so
Shawn
is
having
some
of
those
woes
run
time
right
now:
okay,
so
yeah!
If
you
want
to
listen
to
Joe
Craig
and
Brendan
talk
about
kubernetes,
it
looks
like
there's
a
little
late-night
talk
here.
You
can
go
and
check
out.
That
might
be
a
good
like
you
know,
in
between
meetings,
if
you
have
a
few
extra
minutes,
go!
Listen
to
that
really
quick,
but
yeah
I!
A
A
Okay,
I
want
to
catch
up
and
what
folks
are
saying
before
I
switch
over
to
candy-coat
building
mode,
let's
see
in
the
chat,
so
Duffy
coolly
says
plus
I,
like
that
looks
like
one
trillion.
Maybe
more
I,
don't
know
how
many
a
lot
of
zeros
if
anybody
can
find
out
actually
the
proper
way
of
pronouncing
that
you
should
drop
in
chat,
because
that
would
be
fun
tom
says!
That's
why
I'm
here
I'm
supporting
you,
okay,
I,
think
these
are
people
talking
about
my
transgender
sign
that
I
had
up
a
second
ago.
A
So
thanks
folks
and
then
Duffy
says
also
follow
Akio
Sudha
on
Twitter,
okay,
so
Duffy
suggests
following
this
person
on
Twitter,
if
you
enjoy
the
unprivileged
container
blog
that
I
just
brought
up.
So
that's
good
to
know,
Duffy
that
they
are
active
on
Twitter
as
well.
This
person
has
done
a
ton
of
work
on
on
root
container
stuff.
So
that's
awesome
and
I
feel
like
a
lot
of
the
the
concerns
folks
are
having
a
round
container
image.
A
Building
tools
all
revolve
around
whether
or
not
you
have
to
run
as
a
privileged
user
or
not
a
KA
runny-nosed
root.
So
the
Gustavo
hello
from
Chicago
welcome.
Thank
you
for
joining
and
Jeremy
says
thanks
for
going
over
the
news,
yep
totally
like
Chris,
Nova
news,
broadcaster
right
and
now
we're
gonna
turn
into
Chris,
Nova,
Linux,
enthused,
okay,
so
Jeremy
says
ton
of
stuff
to
read
now:
okay,
cool,
let
us
know
what
you
think
we're
on
Twitter,
we're
on
slack
and
I'm.
You
know
these.
A
A
What's
going
on
in
the
cloud
native
space,
so
here
on
TGI
K,
we
take
a
single
tool
and
we
explore
a
single
tool
in
an
episode
we're
going
to
do
a
podcast,
that's
more
of
like
listen
to
it
on
your
way
to
work
kind
of
thing.
Where
we're
going
to
talk
about
a
concept
first
and
then
after
we
explain
the
concept
and
talk
about
what's
important
behind
the
concept,
then
we
can
talk
about
the
different
tools
as
sort
of
an
afterthought
to
that
original
concept.
A
So
stay
tuned
for
more
information
about
the
podcast,
we're
just
now
kind
of
ramping
up
with
it,
but
that's
like
the
first
unofficial
official
announcement,
I'm
sure
there'll
be
like
Twitter.
You
know
fireworks
and
stuff
later
whenever
it
happens,
but
that's
just
like
the
behind-the-scenes
gossip
thanks
for
joining
TGI
K,
and
this
is
why
you
get
all
the
sweet,
good
underground
news.
Okay,
so
Josh
says
that's
14,
zeros
15
would
be
quadrillion,
so
maybe
it
was
a
typo
okay,
so
Josh
actually
did
the
math
for
us
Thank,
You
Josh,
and
it's
close
to
1
quadrillion.
A
So
Duffy
like
that
1
quadrillion
times,
Thank
You
Duffy.
Okay,
so
let's
jump
in
my
terminal
here
actually
before
we
do
that
before
we
go
into
terminal
land,
let's
actually
go
to
github
and
pull
up
the
Google
container
tools,
Kanaka,
okay,
so
every
week
before
tgia
starts,
I
always
kind
of
hack
around
on
a
tool
just
enough
to
kind
of
like
get
some
demo
e
ideas
in
mind.
But
a
lot
of
this
that
I
do
here
I'm
kind
of
just
doing
on
the
fly.
A
So
there's
probably
you
know,
80%
improv
with
20%,
like
I,
ran
a
few
commands
and
I
got
some
ideas
in
my
head
and
I'm
gonna
just
talk
about
what
it
was
like
for
me
approach
this
repository,
knowing
nothing
about
this
tool
other
than
it
would
advertise
to
build
container
images.
Duffy
says
nice.
Well,
that's
the
measure
of
my
support
for
trans
folks
being
people
with
rights.
Thank,
You
Davi
like
seriously
right,
hear
me
Duffy.
This
is
for
you
rock
on
Duffy
rock
on
okay,
so
Google
container
tools,
capitalized
github
org.
A
That
just
frustrates
me
for
a
number
of
reasons.
Asher!
Does
that
too
I?
Just
really
don't
like
capital
letters
in
URLs,
and
you
see
that
up
here
and
that
just
for
some
reason
or
another
bothers
me,
I
have
no
technical
reason
why
it
bothers
me,
it's
just
a
personal
thing
and
then
we
have
candy
Co.
So
you
can
come
in
and
you
can
see
it's
a
go
repository
and
if
you
come
down
here
and
look
in
the
readme,
it
talks
about
like
getting
it
up
and
running
and
they
have
this
demo.
A
Here,
that's
a
gif
that
is
actually
it
was
good.
Cuz
I
had
a
lot
of
good
information,
but
my
one
gripe
with
this
gif
is
you
can't
posit
or
anything
if
you
click
on
it,
it
just
opens
up
the
demo
gif
and
it
goes
kind
of
fast
and
there's
this
one
part,
let's
see
if
we
can
see
it
coming
up
in
about
40
seconds
or
so
that
was
actually
super
relevant
that
you
couldn't
find
anywhere
else
in
the
documentation.
A
Let's
see
if
I
can
actually
just
like
take
a
screenshot
of
this,
so
we
can
save
it
that,
in
my
mind,
really
helped
to
glue
everything
together
and
it's
right
here.
Kanaka
needs
access
to
these
sources.
I
think
we
might
have
missed
it.
Actually,
it's
the
bit
that
talks
about
how
to
upload
your
context
to
the
cloud
and
we're
gonna
look
at
what
all
this
stuff
means
when
we
actually
generate
one
of
these.
A
But
anyway,
if
you
want
to
go
through
and
watch
this
demo,
it's
helpful
and
there's
bits
and
pieces
in
here
you
can't
get
anywhere
else
in
the
docs
that
are
important
if
you're,
if
you're,
trying
to
do
this
for
the
first
time.
Okay.
So
if
you
come
here
on
the
left,
you
see
we
have
using
Kanak.
Oh,
we
talked
about
build
context,
so
the
build
context
here
is
an
interesting
bit
of
vernacular.
So
this
is
a
you
know.
A
This
is
another
gripe
of
software
anytime,
you
design
software
and
you
use
a
word
like
context
or
you
know.
Controller
is
another
good
example
of
this
or
operator
even
I
feel
like
it's
a
good
example
of
this,
and
you
have
some
sort
of
underlying
assumption
about
what
this
word
means.
Technically
you're
basically
read
teaching
your
audience
what
this
word
means
in
relevance
to
your
program
only
and
if
everybody
on
the
internet
went
around
using
the
word
context.
However,
they
wanted
to.
A
A
It
basically
just
means
it's
a
directory
with
a
docker
file
in
it
and
then
that
directory
needs
to
get
tarred
up
using
this
tar
gzip
command
our
turning
to
the
start
at
gzip
file
using
this
tar
capital
C
command,
and
then
the
context
is
sort
of
like
what
you
intend
to
build.
So
I've
got.
If
you
look
in
the
github
repo,
let
me
actually
pull
up
my
terminal
here,
so
you
can
see
we're
in
my
go
path:
github
FDOT
gik,
which
is
a
TGI
kaa
repo
episodes
55.
A
If
we
actually
explore
this
a
little
bit,
we
can
see
that
I
have
a
directory
called
context
and
within
that
context,
I
have
a
docker
file
and
if
we
actually
cat
out
this
context,
docker
file,
you
can
see
it's
literally
the
world's
simplest
docker
file
and
actually
I'm
gonna
fix
that
I.
Don't
like
that,
there's
not
a
new
line
at
the
end.
A
So
let's
do
context,
slash
docker
file
and
actually
I'm
gonna.
Do
this,
let's
see
what
this
done!
I
don't
know
if
that's
gonna
work
or
not,
let's
see
no
I
got
my
new
line.
I'm
actually
gonna
edit.
This
now,
because
that's
gonna
not
compile
okay
Syed
says
all
the
worlds
have
been
taken
in
computing.
All
the
words
have
been
taken
in
computing.
They
totally
have
okay,
so
there's
our
world's
simplest
docker
file.
A
Let's
cut
this
out
one
more
time
and
you
can
see
all
it
does
is
it
says
echo
TG,
I
K
is
the
best
way
to
learn
kubernetes
and
sleep
for
a
thousand
seconds,
and
it
just
runs
that
and
they'll
vary
simple,
a
bunch
of
container.
So
this
really
isn't
important,
because
this
is
just
it
needs
to
just
do
something
and
we're
gonna
try
to
run
in
kubernetes.
But
what
is
important
is
how
we're
gonna
sort
of
get
this
docker
file
to
turn
into
an
image
and
push
that
somewhere
on
a
decent
size.
A
A
That's
all
we
really
want
and
then
also
of
course
you
know,
Diet
Coke
and
other
things
like
polka
dot,
dresses
but
like
whatever
okay.
So
anyway,
here's
our
docker
file.
So
let's
go
back
to
our
documentation
and
let's
actually
go
through
this
running
in
kubernetes.
So
we
look
to
add
a
build
context
and
we
learned
that
it's
just
basically
a
directory
with
a
docker
file
in
it,
and
we
learned
that
Kanaka
at
some
point
expects
there
to
be
this
tar
ball
of
this
directory
that
we're
going
to
refer
to
as
a
context
later
on.
A
So
I
think
you
know
mentally
I'm.
Thinking
to
myself,
like
we
have
one
context,
that
is
this
docker
file
we
just
looked
at,
but
we
can
probably
have
multiple
contexts:
plural
somewhere
on
our
file
system
or
may
be
stored
in
like
a
git,
repo
or
something
and
those
different
contexts
are
going
to
like
sort
of
represent
all
the
different
containers
that
our
team
would
be
building
I'm,
so
40
gik.
We
just
made
that
very
simple
one.
Ok!
So
now,
let's
look
at
running
Kanak.
A
Oh,
let's
do
a
quick
show
of
hands
who
wants
to
do
Kanak,
oh
in
a
kubernetes
cluster.
First,
let's
do
you
don't
write
this
down,
so
we
can
see
it
and
we
can
jump
to
what
folks
and
when
I
do
so
dot
camera.
So,
let's
do
plus
one
for
kubernetes.
First
I
was
gonna,
write,
Kade
split,
some
sidekick
dong
k,
slash
earlier
I'm,
actually
write
kubernetes
out
all
the
way
and
let's
do
plus
two
for
running
it
locally.
First
and
when
I
say
locally,
I
mean
here
on
my
macbook.
A
If
folks
would
like
to
vote,
we
can
figure
out
which
one
we
do
first
they're,
both
really
interesting
to
to
see
and
we're
gonna
learn
a
lot
I'm
running
it
both
ways.
But
if
you
want
to
vote,
if
you
have
an
opinion
on
which
one
you
would
like
to
learn
about,
first
feel
free
to
vote
now.
Also
I
kind
of
want
to
do
locally.
First
I
think
I'm,
a
plus
two,
but
let's
other
folks
have
to
say
so.
A
Duffy
and
George.
Can
you
all
like
we
limit
this
to
137
p.m.
and
let
me
know
which
one
wins,
because
I
have
a
feeling.
All
the
votes
are
gonna
start
coming
in
and
I'm
going
to
kind
of
start
team
things
up
while
folks
are
voting
off.
The
cuff,
it
looks
like
I
can
already
almost
tell
that
plus
two
is
winning
okay,
I
think
I'm
gonna
go
with
plus
two
first
yeah,
the
plus
twos
just
keep
rolling
in
okay
by
an
overwhelming
majority.
A
A
A
Although
there
is
some
support
for
using
s3
and
we'll
talk
about
why
you
might
need
to
do
that
in
a
little
bit
when
we
get
on
to
pushing
a
container,
but
mostly
I
just
noticed,
there's
a
lot
of
assumptions
and
a
lot
of
the
shell
scripts
and
even
the
program
itself
and
I
just
sort
of
assume
you're
running
in
Google.
So
that
would
be
my
first
gripe
with
the
project
is,
it
seems
to
be
tightly
coupled
to
Google
anyway,
I'm
often
the
with
weeds
here
angel
says
and
yeah.
A
It
makes
sense
to
see
it
locally
first
before
going
into
the
wild
yeah,
but
actually
I
think
running.
That
locally
is
actually
going
to
be
a
little
more
complicated,
maybe
than
running
in
kubernetes
running
it
locally
for
me
actually
took
a
lot
more
time
to
get
right
than
getting
it
running
as
a
pot
in
kubernetes,
but
yeah
well,
we'll
start
with
locally
and
we'll
understand
how
it
works
and
then
we'll
just
get
it
up
into
a
pod
and
we'll
about
some
pod
statuses
along
the
way.
Okay.
A
So
the
first
thing
you
need
to
know
is:
if
you
run
this
locally,
you
can
build
it
using
make
images.
So
I
did
this
earlier
and
actually
generated
some
images
locally,
but
we're
gonna
be
running
the
latest
version
of
the
container
from
the
google
GCR
repo
and
then
in
order
to
run
it
you're.
Actually,
using
this
shell
script
here
called
run
in
docker,
and
then
you
pass
in
a
few
arguments
and
that
actually
shows
you
how
you
can
run
this
thing
locally.
A
So
in
general,
this
is
I
feel
like
I've
been
griping
a
lot
on
this
episode,
maybe
I'm
just
an
ingrate
be
nude
today.
Also
I
didn't
take
my
HRT
this
morning.
So
now
I
have
something
to
do
with
it,
but
anyway,
I
forgot,
who's,
gonna,
say
the
oh,
the
running,
docker
shell
script
is
married
and
tightly
coupled
to
Google
and
then
in
general,
it's
in
the
documentation.
It
says,
do
not
try
to
build
this
or
run
it
locally.
A
This
is
designed
to
be
ran
in
a
container,
and
you
will
always
kind
of
want
to
run
this
thing
in
a
container
and
I.
Think
that's
how
we're
getting
away
with
some
of
the
unprivileged
container
building
features
here
is
by
actually
running
the
software
to
generate
a
second
container
in
a
container
itself,
so
that's
pretty
exciting
as
well.
So
what
I
did
in
order
to
give
myself
a
little
bit
more
of
a
command-line
feel
is
if
I
actually
spit
out
my
alias
here.
You
can
see
all
I
did
was
I,
as
aliased.
A
Can
ACOTA
docker
run
GCR
kanika
project
executor
latest?
So
if
I
just
want
to
run
that
locally,
I
just
run
this
alias.
Not
actually
just
does
a
docker
run.
You
see
it
takes
a
second
to
load,
and
then
we
just
get
our
good
old
familiar
go
cobra
output
here
that
we
see
with
almost
every
command-line
tool
we
interact
with
here
on
TG,
okay,
let
me
see
if
I
can
zoom
out
a
little
bit.
Okay,
that's
a
little
bit
easier
to
read.
Can
folks
I
can
folks
see
that?
A
Okay,
if
I
ferony,
is
the
text
big
enough
for
folks
at
home?
If
somebody
wants
to
drop
in
chat
if
they
would
like
it
a
little
bit
bigger
feel
free
to,
but
here
you
can
see
that
you
execute
the
program
called
executors
and
then
you
can
pass
in
a
couple
of
flags.
Oh
and
look,
there's
one
for
the
azure
container
registry
config
as
well,
and
it
looks
like
we
have
some
very
simple:
we
have
this
force
command.
A
We
have
this
insecure
it'll
push
to
registry
using
plain
old
HTTP,
but
mostly
this
command
kind
of
does
one
thing
only
which
is
just
build,
docker
containers
syed
says:
do
you
use
docker
with
mac
for
with
kubernetes
enabled
so
syed
is
asking-
and
I
don't
know
if
I
can
show
this
or
not
here.
Actually
you
know
what
I
can
do.
A
I
can
take
a
screenshot
if
I
use
docker
for
mac,
and
I
do
and
let's
see
if
I
can't
pull
up
the
screenshot
and
share
it
in
OBS
do
do
then
it's
gonna
be
on
my
desktop
and
where
is
this
thing
at
nope
there?
It
is
oh,
my
gosh
my
face
looks
ridiculous
in
this,
but
we
should
know
that's
not
gonna
work,
let's
see
if
I
can
just
pull
it
up
here
anyway,
I
was
gonna,
show
you
that
I
do
actually
run
docker
on
the
kubernetes
edge
for
docker,
but
I.
Just
don't
here.
A
It
is
here
running
and
that
just
means
I
have
this
little
kubernetes
drop
down
here.
If
folks
want
to
use
that
as
well,
I
don't
use
it
very
often.
Basically,
the
only
thing
I
use
it
for
is
to
manage
cute
configs,
cuz
I,
get
like
the
nice
drop-down,
in
which
my
current
context
is,
and
that
gives
me
a
visual
way
of
switching
my
cube
configs
around
instead
of
having
to
do
like
the
KTX
thing
that
I
showed
folks
on
a
previous
episode.
So
that's
99%
of
my
use
case
with
it
anyway.
A
That
answers
your
question:
Sayed,
okay,
so
going
back
here,
we
now
know
that
we
have
the
Kanaka
image
that
we've
pulled
down
to
my
local
file
system
and
we're
able
to
do
a
docker
run
on
that
and
we've
a
leus
that
to
this
command
here
called
Kanak.
Oh
the
first
thing
that
you
should
know
about
building
a
container
with
Kanna
Co
is
it?
Does
everything
in
one
fell
swoop?
So
with
docker
you
can
do
a
docker
build.
A
You
can
even
do
a
docker
tag
and
actually
give
a
build
a
tag,
and
then,
after
you've
built
in
optionally
tagged
your
image,
you
do
a
docker
push
and-
and
that
actually
is
that
the
action
that
pushes
it
up
to
some
sort
of
registry
here
with
Kanak.
Oh
you
just
sort
of
have
this
one
command
that
does
all
the
things
it'll
build
your
image
and
then
simultaneously
well,
not
simultaneously,
but
secondary
to
that
it
will
push
it
up
to
container
image
registry.
A
Earlier
I
mentioned
that
a
lot
of
the
Kanaka
is
tightly
coupled
with
Google.
You
see
that
here,
as
it
just
assumes
you
have
AGC.
Our
registry
is
set
up,
which
of
course,
I
do
and
if
she
says
cubic
dole
config
view,
minify
is
another
way
of
doing
that
as
well.
So
Ashish
is
referring
to
this
command
minify
and
it's
one
no
two
dashes
and
that
kind
of
gives
you
the
sort
of
demo
friendly
version
of
what
kubernetes
cluster
is.
You
have
up
and
running
without
sharing
any
of
your
secrets.
A
So
that's
good
to
know.
Thank
you
for
sharing
Ashish.
We
all
know
that
I
have
a
terrible
habit
of
sharing
secrets
here,
live
on
TGA,
okay,
so
that's
really
handy
to
know
I
wonder
if
I
should
probably
probably
should
alias
that
I
can
do
that.
Later,
though,
Gustavo
says
this
looks
like
an
easy
way
to
send
contacts.
Please
share
the
link
on
how
to
do
this
with
docker
edge
thing
you
mentioned
so
Gustavo,
if
actually
Duffy
or
George.
A
Could
one
of
you
find
the
installing
the
kubernetes
edge
thing
was
docker
and
put
a
link
in
there
for
gustavo?
If
you
stop,
if
you
haven't
had
a
buddy
into
the
episode
ping
me
and
I'll,
look
it
up
and
help
you
find
it,
but
it
is
pretty
handy
for
switching
your
contacts
just
by
I
drop
down.
Okay,
so
we're
off
in
the
weeds
and
I'm
trying
to
keep
us
focused
here
so
yeah.
A
If
you
want
to
actually
do
the
whole
container
run
thing,
you
can
run
the
shell
script
and
let's
actually
go
and
take
a
look
at
the
shell
script
here
and
we're
going
to
do
that
by
we're.
Actually
gonna
go
into
go
source,
github,
calm,
capital,
Google,
annoying
and
kanuk,
oh,
and
in
here
we're
actually
going
to
open
up
the
run
in
docker
shell
script,
which
is
what
the
documentation
suggests.
We
should
have
opened
up.
So
we're
gonna
open
this
up
in
Emacs
and
we
can
see
we
have
a
very
simple
bash
script
here.
A
I
do
love!
Looking
at
a
good
bash
script
as
much
as
I,
don't
necessarily
enjoy
writing
them
for
an
enterprise
level
situation,
but,
as
we
all
know,
the
cloud
runs
on
bash.
So
this
is
perfectly
fine.
Okay,
so
here
is
our
first
little
input
to
the
program.
It
says.
Basically,
we
need
to
have
three
arguments
and
if
there's
not
three
arguments,
it'll
just
echo
this
out,
I
think
exit
or
something
it
doesn't
exit.
Oh
my
god!
If
anybody
wants
to
open
up
a
PR
that
looks
like
might
be
a
little
bit
better
of
logic
there.
A
So
anyway,
it
assigns
one
two
and
three
to
dockerfile
context
in
tag.
So
those
are
the
first
three
arguments
to
the
program
and
then
it'll
actually
check
here's
another
example
of
being
tightly
coupled
to
Google.
If
you
don't
have
your
G
cloud
application
default
credentials,
JSON
file,
it
yells
at
you
and
says,
run
this
G
cloud
off
log
in
thing
and
it'll
configure
it
for
you.
So
I've
already
done
all
that,
so
all
of
our
creds
are
all
magically
working
and
we
should
just
be
able
to
run
this
command
so
forming.
A
This
command
is
actually
a
bit
confusing
to
folks
who
have
never
ran
this
specific
command
before
and
I.
Think
we're
running
into
this.
This
case
of
the
word
context,
meaning
something
special
to
the
engineers
that
maybe
doesn't
necessarily
register,
resonate
with
us
as
users
right
away.
So
if
you
look
they're
also
doing
a
docker
run,
the
first
argument
is
they're
mounting.
A
Letters
and
paths
got
a
less
once
I
realized
I
could
set
case-insensitive
tab,
completion
and
best
first
thing:
I
do
in
every
box,
they
login
to
okay,
so
yeah
Rory
also
gets
annoyed
with
capital,
letters
and
URLs
and
get
paths,
and
then
they
have
a
case.
Insensitive
bash
plug-in
they
use
to
make
it
easier
for
them
sounds
like
a
good
idea:
boy.
Okay,
so
we
passed
it
in
our
G
cloud
credentials
and
if
we
don't
have
that
set,
the
program
will
exit.
A
So
you
can
pretty
much
only
run
this
program
if
you
plan
on
doing
things
in
G
cloud,
otherwise
you
probably
want
to
write
a
secondary
script.
That
looks
very
similar
that
doesn't
have
this
check
and
maybe
doesn't
share
these
specific
credentials.
So
the
second
volume
we
mount
is
the
context
directory
which
remember
this
is
a
directory
on
my
host
system
and
we're
going
to
mount
that
to
slash
workspace
within
the
container.
So
we
have
that
context
file
in
the
TGI
K
episode,
55
directory
that
we're
going
to
pass
in
for
the
context
variable
here.
A
Next,
we
tell
it
what
container
we
want
to.
In
this
case,
it's
the
candy
co
project
executed
latest
and
the
final
command
here
is
now.
These
are
arguments
to
the
Kanaka
program
that
remember
I
just
ran
on
my
local
here.
The
first
one
is
f
dockerfile
this
next
one
is
d
tag,
which
is
the
tag,
probably
isn't
the
best
name
for
this
variable.
This
is
actually
the
full
URL
of
the
registry.
A
When
you
want
to
push
I,
don't
know
why
they
need
a
tag
and
then
it
says
C
workspace,
and
if
we
actually
go
and
run
this
again,
we
can
actually
see
save
file,
no
I'm,
not
gonna,
save
it,
because
I
don't
want
to
PR
right
now.
If
we
actually
run
Kanak
o,
we
can
see
the
f,
the
D
and
the
C
defined
here.
So
here's
C,
which
is
context.
It
says,
path
to
the
dockerfile,
build
context
by
default.
It
goes
to
a
workspace
which
we
saw
that
move
a
script,
so
that
should
be
fine.
A
The
D
is
the
destination.
This
was
the
tag
variable
in
the
bash
script,
and
this
is
just
the
GCR
repo,
the
registry
that
we're
going
to
push
up,
and
this
last
one
F,
for
whatever
reason
f
is
docker
file,
which
is-
and
this
is
the
confusing
part-
where
is
the
docker
file
in
reference
to
the
current
working
directory
in
the
container?
Not
where
is
the
docker
file
on
your
local
host
system?
So
where
will
the
docker
file
be
after
you've
mounted
that
into
the
container?
Is
what
we're
passing
in
here
so
Duffy
says,
plus
11.
A
If
it
weren't
for
tab,
completion,
I
would
not
be
able
to
computer
efficiently,
I,
don't
know
I'm
old
school.
My
bash
profile
is
literally
just
a
bunch
of
aliases
that
save
me
keystrokes
I,
don't
really
have
any
magic
other
than
just
using
a
regular
old,
vanilla,
bash
I,
don't
know
just
the
way
I've
always
been
so
anyway.
If
we
run
this
docker
running
docker
shell
script,
which
is
here,
you
can
see
that
it's
actually
gonna
spit
out
help,
and
it
says
error:
you
must
provide
destination
or
use
no
push.
A
Okay,
so
I'm,
assuming
this
no
push
is
how
you
turn
off
the
second
half
of
the
the
Kanaka
build,
which
is
the
part
that
would
push
up
to
a
registry.
So
if
we
formulate
our
command,
what
were
the
arguments
again,
let's
see
so
its
path
to
docker
file,
I'm,
actually
gonna,
just
echo
this
out.
So
this
is
a
good
trick.
I
like
to
do.
A
If
folks
don't
know
this,
you
can
create
a
comment
in
your
Bosch
terminal
and
you
can
just
paste
like
a
little
bit
of
like
friendly
information
and
then,
if
you
need
to
get
to
it,
you
it's
actually
in
your
batch
history
and
you
can
just
pull
it
up
and
you
can
even
hit
enter.
It
won't
do
anything
because
it's
just
a
comment
and
you
can
sort
of
get
that
at
the
top
of
your
screen
whenever
you
need
to
so
just
makes
working
in
a
terminal
a
little
bit
easier.
A
So
anyway,
we're
going
to
do
running,
docker
the
path
to
our
docker
file
within
the
context
of
the
container.
So
because
we're
mounting
the
context
directory
into
slash
workspace,
the
docker
file
will
be
in
our
working
directory.
So
we're
actually
just
gonna
write
the
word
docker
file
here.
That's
all
you
need
to
do
the
next.
One
is
the
contacts
directory
now
this
is
not
within
the
context.
Oh
my
god
see.
This
is
why
we
can't
use
the
word
context.
This
is
not
in
the
context
of
the
container.
A
This
is
in
the
context
of
my
host
Mac
work,
my
local
macbook
that
were
working
on
here,
so
that
is
going
to
be
and
I'm
going
to
type
the
full
path
explicitly.
Users
Nova
go
path:
source,
github,
comm
hab,
do
T,
gik
episodes,
55
context,
I
know
that's
very
long,
but
that's
where
a
context
for
the
episode
is
and
then
the
next
is
our
image
tag.
So
before
we
type
our
image
tag.
Let's
just
look
at
my
Google
console
that
I
have
really
quick,
so
I
think
it's
cloud
google.com.
A
You
can
click
on
this
console
button
up
here,
and
this
will
actually
take
you
to
consult
cloud,
google.com
and
I.
Think
if
we
come
here,
we
can
do
GCR
and
you
can
see
they
have
a
Google
container
registry,
and
here
at
the
name
of
my
registry,
is
hep
to
advocacy
and
then
you
can
see.
I
have
a
bunch
of
like
test
containers
and
test
images
and
tgia
things
that
I've
just
used
for
miscellaneous
and
demos.
So
anyway,
we're
gonna
be
creating
one
live
today.
So
this
is
our
registry
that
I
have
set
up.
A
So
here,
I'm
going
to
type
GCR
io
/
hep
do
advocacy
/,
let's
do
TDI,
KO,
55
and
I.
Don't
think
we
do
it.
I
can't
remember
if
you
actually
or
not,
let's,
let's
give
it
a
tag
and
then,
if
we
need
to
get
rid
of
it
later,
we
can
okay.
So
this
should,
if
I
typed
everything
correctly
actually
build
a
container
and
push
it
to
GGC,
are
called
TGI
ko
55
like
fingers
and
toes.
Let's
see
what
happens
to
their
so
running,
docker.
Okay,
so
it
says
downloading
base
image.
A
A
But
the
TLT
are,
is
this
gives
concerned
about
accessing
this
thing
called
run
proc
that
jesse
has
a
PR
open
for
anyway
I,
don't
wanna
go
off
too
deep
in
the
weeds
there,
but
it
is
possible,
and
we
just
did
it
here,
live
so
anyway.
We
can
actually
go
to
your
GTR,
and
if
we
refresh
this,
we
should
see
that
we
have
a
TGI
ko
55
and,
let's
see
if
our
latest
tag
made
it
in
here.
Yes,
it
did
ok,
so
we
did.
A
We
were
able
to
actually
pass
in
the
tag
and
it
respected
that
ok,
so
that's
it
I
mean
that
was
building
a
container
image
with
candy
code
locally,
using
an
unprivileged
user
by
running
it
in
a
container
because
we're
running
this
in
a
container.
This
is
also
important
because
you
would
be
able
to
run
almost
this
exact
same
bash
command
on
a
Linux
file
system,
our
Linux
operating
system,
a
linux
host
and
still
get
a
container
image
built-in
pushed
so
now.
A
The
first
question
I
had
was
like
ok,
but
does
it
work
with
other
container
registries
and
do
I
have
to
be
authenticated
to
Google
Cloud
and
there's
this
whole
like
being
married
to
Google,
set
of
concerns
that
I
had
and
I
think
there
is
a
lot
of
work.
We
saw
that
they
had
the
azure
registry,
config
command
line,
flag,
they
took
and
I
know
there
was
some
stuff
in
the
documentation
about
s3,
which
is
relevant.
We
run
in
kubernetes,
so
I
think.
Maybe
you
know
if
folks
are
interested
in
getting
this.
A
This
level
of
parody
in
other
systems,
I'm
assuming
pull
requests
are
accepted
and
I.
Think
it's
more
of
a
cosmetic
change
and
not
necessarily
an
underlying
system
change,
because
you're
actually
getting
all
the
advantages
of
running
in
a
container
to
build
more
containers,
so
it
should
run
anywhere
so
anyway,
that's
my
rant
about
if
you
want
to
go,
contribute
to
can
ago
or
even
write
some
documentation
on
how
you
were
able
to
get
it
up
and
running
with
other
registries
might
be
a
really
cool
opportunity
for
folks
to
get
involved.
A
Okay,
so
does
anybody
have
any
questions
about
running
locally
or
should
I
switch
over
to
running
in
kubernetes
I?
Think
probably,
the
only
thing
I
wanted
to
point
out
is
the
docker
file
itself
and
if
you
go
into
the
canna
Co
code
base,
so
I've
checked
this
out
locally.
Let
me
let
me
zoom
in
here.
This
takes
a
moment,
so
bear
with
me
so
I
think
I
go
there
and
then
I
can
go
view
tool.
Windows
I
want
project,
okay,
yeah.
A
So
this
should
be
a
little
bit
easier
for
folks
to
see
if
you
actually
go
into
the
canna
Co
code
tree
and
then
go
into
this
deploy
directory.
You'll
actually
see
that
we
have
a
docker
file
and
if
you
go
and
you
look
at
the
make
file-
and
we
find
the
build
images
this
last
target
here-
this
last
make
target
here-
you
can
see
that
we
actually
build
this,
deploy
docker
file,
doing
a
docker,
build
T,
so
we're
actually
using
docker
in
our
make
file
to
generate
the
container
that
we
can
then
build.
A
Other
containers
with
this
is
so
interesting
because
we're
back
to
GCC
all
over
again
like
we're
back
to
using
other
compilers
to
cross,
compile
our
compiler
so
that
we
can
compile
other
code
all
over
again.
So
anyway,
that's
how
they
were
able
to
get
it
up
and
running
using
docker
and
then,
after
the
this
images
dealt.
We
then
have
this
ability
to
generate
more
containers
and
self-replicate
further.
A
But
if
we
actually
look
at
this
docker
file,
you
can
see
it's
very
primitive
like
we
actually
do
this
from
scratch
thing
down
here
and
the
way
that
this
works
is
we
actually
perform
the
first
half
of
these
tasks
on
a
goal
line
contain
image,
and
we
like
do
some
busy
work
here.
We
do
some.
Here's
more
hard-coded
GCR
stuff,
but
we
actually
go
in
and
we
run
some
commands.
A
So
this
is
kind
of
cool
because
it
actually
makes
running
the
container
a
lot
faster,
but
it's
kind
of
annoying
because
you
can't
really
to
bug
anything
and
to
give
you
an
example
of
that
me
being
the
curious
hacker.
That
I
am,
of
course,
wanted
to
go
and
inspect
this
container
before
I
ran
it
on
tjk.
So
how
I
tried
to
do?
That
is
what's
the
name
of
this
and
you
pull
this
back
up,
really
quick,
what
it's
called
canna
co-executors
but
I-
think
it's
can
encode
project
executors
where's!
A
A
So
at
the
entry
points
hard-coded,
so
if
you're
a
really
awesome,
clever
hacker,
you
can
come
in
and
actually
do
this
entry
point
command
and
save
in
bash
and
you're
like
okay,
now
I,
you
know,
I'm
really
good
at
this
time,
I
know
the
workaround
and
you
try
to
run
it.
And
then
you
get
this
error
that
says
it's
sorry,
I
can't
even
find
it
and
if
you
actually
go
and
try
to
like
do
shell
or
even
try
to
do
like
a
simple
like
LS
like
let's
just
try
to
do.
A
Ls
right,
like
that,
should
exist
on
a
filesystem
you'll,
see
that
none
of
these
commands
here
and
but
I
would
like
eliminating
all
of
these
other
things
that
we
expect
to
be
inside
of
a
container.
We
actually
ended
up
making
it
harder
for
people
to
to
break
into
this.
So
this
is
actually
a
really
interesting
security
feature.
That's
super
annoying
for
folks
like
me,
who
are
actually
trying
to
like
gain
access
to
the
container
and
inspect
and
see.
A
What's
going
on
there
Josh
says:
I
submitted
your
suggestion,
change
to
the
script
as
PR
415,
Thank,
You,
Josh
really
awesome.
So
anyway,
it's
very
primitive
container,
no
bells
and
whistles
whatsoever.
It
pretty
much
does
one
thing
in:
does
it
well,
which
is
just
to
run
the
Kanaka
builder,
so
pros
and
cons
fair
of
doing
the
from
scratch
and
actually
building
a
very
explicit,
simplified
container
that
we
see
here
and
then
you
can
see
that
entry
point
here
is
a
Kanako's
Secutor,
so
first
half
at
the
dockerfile
building
our
go
binary.
A
Second
half
at
the
dockerfile
simplifying
our
container
and
making
it
as
bare
voice
as
possible.
So
clever,
docker
file
here,
folks,
very
clever,
okay,
so
that's
how
the
candy-coat
container
image
is
built.
So
now
we
want
to
run
this
thing
in
kubernetes
and
actually
get
a
feel
for
what
it's
like
running
in
kubernetes
and
I'll
save
the
opinions
about.
You
know
if
this
is
a
good
idea
or
a
bad
idea.
A
I
told
the
end
here,
but
if
folks
want
to
start
the
banter
now
about
running
a
container
building
container
inside
of
kubernetes
and
what
that
might
mean
for
you
and
your
team
feel
free
to
let
it
rip
Sayid
says:
I
use,
docker
multi
stage
build,
but
use
Alpine
for
the
latest
image.
Instead
of
scratch.
Ok
and
Duffy
says
from
scratch.
Is
the
bomb
yeah
I
think
it's
the
bomb
for
security,
but
it's
annoying
for
engineers.
A
A
Dudu
where's
our
running
in
kubernetes,
it's
up
here
at
the
top
okay
cool
running
Kanak,
oh
and
a
kubernetes
cluster.
Okay,
so
running
Kanaka
into
kubernetes
cluster
use
requirements.
You
need
a
standard,
kubernetes
cluster.
Let's
make
sure
we
have
one
of
those
kagan
nodes.
Yes,
I
created
a
cubic
corn
cluster
beforehand
running
an
AWS
I.
A
Guess
if
folks
are
curious,
I
can
just
give
you
a
quick
behind
the
scene
here
and
then
also
like
I
feel
like
this
is
more
for
me
to
be,
like
I'm
gonna,
create
a
container
in
a
google
container
registry
running
in
a
cluster
in
Amazon.
To
me
that
doesn't
really
like
scare
me,
and
it
seems
like
a
normal
part
of
my
day,
but
if
you
rewind
four
or
five
years
ago
before
containers
and
cloud
native
was
really
you
know
as
big
as
it
is
now.
A
This
is
kind
of
new
like
the
fact
that
we're
running
all
these
different
things
in
multiple
clouds
and
they're
kind
of
working
harmoniously
together,
it's
kind
of
proof
that
this
whole
cloud
thing
is
kind
of
working.
So
this
is
exciting.
So,
anyway,
going
into
ec2
world's
simplest
kubernetes
cluster
using
cubic
corn,
we
should
have
two
instances
yeah
two
running
instances.
A
We
have
a
master
in
a
node
for
a
TT
Iko
55,
and
we
can
actually
see
what
version
of
kubernetes
are
running
Duke
a
version
you
can
see
on
running
1.10
to
you
and
1.2,
not
four,
okay.
So
that's
my
kubernetes
cluster
that
we're
going
to
be
running
the
canna
co
container
in
to
build
other
containers
and
push
those
to
the
Google
container
registry,
so
Auto
May
says
also.
You
can
probably
create
a
docker
file
based
on
its
container
and
just
copy
a
few
debug
tools
into
it.
A
A
That
makes
it
a
little
bit
easier
to
debug
and
it
does.
It
looks
like
it's
a
busy
box
volume
as
well
so
yeah.
If
you
wanted
to
create
a
different
docker
file
and
build
that
container
and
debug
it,
you
totally
could
so
thanks
for
that
mention
automated.
That
was
good
to
point
out.
Okay,
so,
let's
go
back
to
running
kubernetes.
A
We
have
our
kubernetes
clusters,
so
where's
our
documentation.
We
have
this
first
bit
satisfied
and,
of
course
you
know
you
can
create
one
would
gke
if
you
want.
I
just
didn't:
keep
a
coordinate
in
Amazon,
because
I
have
aliases
for
those
commands
and
I'm
super
lazy,
and
then
we
need
this
kubernetes
secret
okay.
So
this
took
me
maybe
20
or
25
minutes
yesterday-
to
to
get
this
dialed
in
correctly,
but
I
will
just
walk
folks
through
what
they
need
to
do
so
that
you
kind
of
have
like
the
the
TLDR.
A
What
are
what
are
the
steps?
I
really
need
to
know
about.
Ok,
so
in
order
to
create
the
secret,
it
says
to
create
the
secret.
You
first
need
to
create
a
service
account
if
you
want
to
push
the
final
image
with
storage
admin
permissions
and
you
can
download
this
Jason
key
for
it.
So
basically,
what
they're
saying
is
come
to
GCP
type
service
account
right
here,
find
this
thing
that
says
it's
called
service
accounts,
which
is
like
GTP's
version
of
I
am
stuff:
I
am
stuff
official
term
there.
A
This
is
how
you
control
users
and
what
they
can
and
can't
do
in
your
cloud.
So
anyway,
come
in
here.
You
can
see
that
I've
created
this
canna
Co
image.
I,
don't
think
I'm
gonna
expose
any
secrets,
because
I
think
they're
kind
of
like
obfuscated
to
use
the
correct
security
word
and
I
think
if
I
click
on
that,
you
can
see,
I
have
a
key
ID,
but
the
actual
serv
material.
A
The
important
secret
e
stuff
is
hidden
from
view
and
I
can
like
hit
this
edit
button
up
here
at
the
top
and
I
can
delete
this
key
and
I
can
create
a
new
one
and
then
actually
like.
If,
let's
let's
do
this,
let's
create
a
key
and
you
hit
Jason
and
you
can
hit
create
and
then,
if
you
watch
down
here
in
the
corner,
you
can
see
this
hep
do
advocacy.
Jason
file
was
downloaded
to
my
local
file
system
and
there's
a
really
important
step.
A
That's
not
in
the
documentation
that
I'm
about
to
tell
you
about
so
make
sure
you're
paying
attention.
So
you
would
take
this
file
and
for
us,
let's
go
back
to
itgi
k.
Repo
is
source,
github
calm,
a
hefty
Oh.
Actually
I
have
this
alias
now
I
can
just
type
T
gik,
then
go
into
episodes
and
then
go
into
55.
Okay,
so
I
have
the
secret
here
and
let's
do
a
tree
to
make
this
easier
for
folks.
A
Let's
do
this
one.
It's
got
this
long
name
here
now.
If
you
actually
tried
to
use
that
secret
and
pass
it
into
the
the
pod
command
that
we're
about
to
define
it's
not
gonna
mount
and
you're
gonna
have
a
bad
time,
so
you
actually
have
to
rename
your
secret
to
meet
what
you're
gonna
define
in
the
pods
back
in
a
moment
which
was
do
tree
again.
Is
this
canna
Co
secret
Jason,
here?
A
Okay,
so
you
downloaded
your
I
am
Jason
file,
you
renamed
it
to
Kanako's
secret
and
you
put
it
somewhere
safe,
where
you're
not
gonna
accidentally
commit
it
to
get
hub,
which
is
what
we
have
here.
So
let's
go
back
to
our
documentation
and
then
you
do
this
Kubek
tool
create
secret,
and
this
is
why
we're
naming
it
is
important.
So
if
you
do
this,
Kubek
tool
create
and
I'll
copy
everything
up
to
from
file
and
actually
before
I.
A
Do
that
I've
already
done
a
lot
of
this
so
I'm
gonna
do
Kubek,
don't
get
secrets
and
Kubek
build
elite
secret,
Kanak,
Oh,
secret,
okay,
so
now
I
can
run
this
command
from
file
and
I'm
gonna.
Just
call
it
the
Kanako's
secret
adjacent
file
here
in
my
current
directory,
so
poof
Kanako's
secret
created.
So
now
after
that
is
done,
it
basically
gives
us
a
pod
spec.
So
this
is
like
I'm
gonna
go
off
in
a
couple
of
minutes
here
talking
about
positive
kubernetes,
so
you
know
grab
a
cup
of
tea.
A
The
the
pod
spec
here
is
exciting
because
we're
not
associating
a
higher-level
pod
management
resource
with
this.
So
usually,
if
you
run
a
pod
in
cooling
at
ease,
you're
gonna
get
like
a
stateful
set
or
a
daemon
set
or
a
deployment
or
there's
all
there's
the
you
know
different
ways
of
creating
and
managing
pods
automatically.
So
what
this
documentation
is
alluding
to
is
that
we
are
going
to
create
a
pod
ad
hoc
and
not
pods.
Entire
job
is
going
to
be
to
create
one
container
image
and
push
that
up
to
an
image
registry
for
us.
A
So
it's
handy
because
we
would
be
able
to
sort
of
this
pod
that
we
know
is
only
doing
one
thing
and
we
would
be
able
to
get
the
status
of
that
pod,
so
we're
effectively
using
a
kubernetes
pod
as
our
CI
CD
system,
but
it
would
also
lead
to
if
you
wanted
to
do
this
sort
of
like
for
real
you're
gonna
need
some
tooling,
that's
gonna.
Do
a
québec
tool,
apply
and
run
a
pod
and
maybe
check
the
status
and
make
sure
everything
worked
out.
Okay
and
then,
if
it
did
it,
maybe
it
wants
to.
A
Maybe
you
want
to
rerun
it
again,
but
you're
getting
off
in
the
weeds
and
you're
sort
of
reinventing
some
of
these.
These
deployment
tools
as
well,
so
you
could
use
a
kubernetes
cron,
for
instance,
to
run
this
like
every
hour.
But
ultimately,
if
you
wanted
to
have
some
sort
of
work
or
queue
that
would
create
pods
as
needed,
you
as
an
engineer
would
need
to
come
up
with
some
tooling
to
actually
make
this
happen
by
running
it
in
kubernetes.
So
that's
the
first
pod
rant.
A
The
second
one
here
is
in
order
for
you
to
build
a
container
image.
You're
probably
gonna
have
to
interact
with
underlying
parts
of
the
hosts
file
system
that
are
probably
very
delicate
on
a
kubernetes
cluster
and
that
blog
that
I
shared
earlier,
would
allude
to
some
of
these
things,
but
running
this
pod.
That
has
this
sort
of
natural
built-in
capability
to
to
influence
those
into
interface
with
those
presents
a
fairly
large
security
concern
for
you
and
your
cluster.
A
So
we've
been
talking
about
it
a
little
bit
internally
here
to
have
do
I
had
a
couple
of
engineers
suggest
things
like.
Maybe
you
would
want
to
cordon
this
pod
off
so
that
it
only
runs
on
like
the
designated
like
this
is
our
this
is
our
node
that
builds
containers
and
we
don't
actually
run
any
workloads
on
it,
but
either
way,
you're
introducing
a
lot
of
risk,
and
potentially
some
engineering
complexity
for
actually
running
this
in
kubernetes
as
a
pod.
A
There
feel
free
to
share
I'm
happy
to
read
them
out
for
for
others
watching
so
anyway,
let's
go
ahead
and
let's,
let's
take
this
pod
definition
and
let's
kind
of
plug
in
our
bits
that
we're
going
to
be
using
here
on
TG
I
came
so
let's
go
to
our
terminal
and
let's
actually
cat
out
I
have
the
example
pod
one
dot,
yeah
mole,
that
is
in
the
TGI
K
repo
already,
and
actually,
let's
not
cap
this
out,
let's,
let's
yellow,
let's
go
here:
we're
gonna
open
this
up
and
Emacs
okay.
A
A
Here
we're
going
all
out
the
long,
explicit
docker
file
flag,
which
those
are
the
same
thing
and
we're
setting
that
to
docker
file
again-
and
this
is
again,
this
goes
back
to
the
context
thing
and
the
whole
concept
of
like
needing
to
you
know
have
a
context
and
then
inside
of
that
context,
which
remember,
is
really
just
a
directory
where's
who
docker
file
for
us.
It's
just
the
only
thing
in
that
directory,
so
we
just
have
to
just
say
docker
file
and
then
we
say
context
is
equal
to
GS,
:,
whack-whack,
Chris,
Nova
and
I'm.
A
Like
oh
wait,
a
minute
what's
going
on
here
and
if
you
actually
go
back
to
your
documentation,
it
says
you
need
a
standard,
kubernetes
cluster
and
a
kubernetes
secret.
You
also
need
to
upload
your
context
to
some
cloud
storage
utility
as
well,
and
this
is
where
the
s3
stuff
that
I
talked
about
a
little
bit
earlier
comes
into
play.
A
A
And
then
you
need
like
some
special
cloud
security
or
cloud
authentication
stuff
in
place
to
make
everything
kind
of
work,
but
you're
able
to
run
it
unprivileged
and
then
here
in
kubernetes
we
were
just
done
talking
about
how
here
are
two
out
of
the
three
requirements.
The
first
one
is
a
cluster.
The
second
one
is
a
kubernetes
secret
and
the
third
one
is
some
sort
of
file
store
that
is
accessible
via
HTTP
such
as
s3
or
the
Google
Cloud,
one
that
were
using
and
andreas
says.
Perhaps
you
can
use
locally
context
to
like.
A
Perhaps
you
can
mount
a
different
kubernetes
storage
to
the
pod
and
then
find
the
context
there.
I
don't
know
andreas.
If
you
want
to
find
something,
you
want
me
to
pull
up
I'm
happy
to
take
a
look
at
that.
I'm
just
gonna
go
this
way,
because
it's
the
way
the
documentation
alluded
to,
and
I'm
kind
of
you
have
myself
teed
off
here,
but
if
there's
another
way
to
do
that,
I'm
super
curious,
okay,
so
here
at
the
bottom,
is
where
it
kind
of
alludes
to
this
third
requirement.
A
That
says
this
example
pulls
the
build
context
from
a
GCS
bucket
to
use
a
local
directory
build
context.
You
could
consider
using
config
Maps
to
mount
in
small,
build
contexts.
Okay,
so,
instead
of
using
a
online
file,
storage
is
three.
It
says
you
could
use
that
config
map,
which
is
a
kubernetes
object
as
well
I.
Think
it's
full
follows
this
pattern
of,
like
you
sending
your
docker
file
up
somewhere.
A
A
This
is
like
the
engineer
brain
of
me
thinking
here
to
have
some
sort
of
operator
that
would
watch
a
directory
like
say
and
s3
as
you
uploaded
context
to
it
would
go
and
automatically
build
spit
them
out
for
you,
and
that
could
sort
of
the
operator
can
then
manage
actually
the
creating
configuring
deploying
and
then
deleting
all
of
these
pods
as
little
worker
pods.
That
might
be
an
interesting
project
if
folks
are
wanting
to
take
this
next
step
further.
Okay.
A
So
anyway,
let's
get
our
context
with
the
world's
simplest
docker
file
up
into
a
Google
cloud,
hosted
somewhere
as
a
tarball,
so
that
we
can
pull
it
down
using
our
our
cluster.
So
to
do
that,
we
go
back
to
our
Kanak
code
build
context,
and
this
is
where
this
stuff
that
we
looked
at
at
the
beginning
of
the
episode
comes
into
play.
So,
let's
create
our
tar
ball
doing
this
command
here.
Let
me
get
out
of
this
really
quick,
so
we'll
paste
our
command.
A
It
says
tar
tap,
see
path
to
build
context
which,
in
our
case,
is
this
directory
here
locally
called
context:
ZZ
CBF
context,
tar.gz
this
whole
directory.
So
you
can
see
wheat,
the
lowercase
a
means
added:
we've
added
the
docker
file
to
our
tar
ball,
and
if
we
list
here
you
can
see
we
now
well.
We
had
one
before,
but
we
just
recreated
it
on
this
context,
our
gzip
and
then,
if
you
want
to
use
gsutil
to
do
this,
you
certainly
can.
A
But
you
would
be
able
to
use
s3
here
as
well,
so
we're
gonna
copy
the
first
half
of
this
and
we're
gonna
paste
this
in
here
and
we
need
to
get
our
bucket
name
so
to
do
that.
Let's
come
here
and
I
am
actually
just
going
to
type
bucket,
and
you
can
see
that
we
have
these
things.
These
things
called
storage,
buckets,
oh
I,
don't
want
to
create
woman,
I
want
to
go
to
storage,
and
you
can
see.
A
I
have
stocked
hardest,
downloaded
here
to
my
local
MacBook,
so
you
would
be
able
to
get
this
tar
ball
downloaded
virtually
from
anywhere
in
the
internet,
which
is
cool
and
because
our
kubernetes
cluster,
your
has
X
the
internet.
Our
kubernetes
cluster
can
now
get
our
terrible
so
again,
we're
doing
this
all
over
the
public.
Internet
security
concerns
there.
If
you're,
perhaps
running
some
sort
of
proprietary
software
or
a
docker
file
that
you
don't
want
folks
to
see,
you
might
want
to
look
at
tightening
the
screws
on
that
just
a
little
bit
more
as
well.
A
Okay.
So
anyway,
let's
go
back
to
our
pod
and
let's
look
at
and
see
how
we
have
this
figured
now
that
we've
uploaded
this
context.
Tar
ball
is
the
third
requirement
that
we
didn't
know
we
needed
to
do
so.
Remember
we
have
our
docker
file.
That
is
just
called
docker
file.
Our
context
is
GS:
Google
storage,
Chris,
Nova,
TDI,
K
context,
tar
gzip.
So
if
you
had
software
in
place,
you
probably
want
to
give
this
thing
a
unique
name
and
then
destination
is.
A
This
is
where
we
wanted
to
tell
Kanna
ko
to
push
our
container
image
to
once.
It's
done
and
we're
gonna
pass
in
GC.
Our
have
to
do
advocacy,
TG
I
can
tap
latest
and
then
you
can
see
all
the
rest
of
this
is
basically
just
mounting
the
secret
that
we
created
earlier
so
that
it
has
all
of
the
auth
credential
information.
It
needs
to
actually
push
this
container
image
up
to.
A
Gc
our
what
mr.
blank
okay
and
let's
call
this
I
think
we
did
t
gik
Oh
55
latest,
and
we
have
our
secret
here
and
that
looks
good
to
me,
and
so
this
is
really
cool,
so
I'm
gonna
type,
a
pretty
long
command.
So
folks
get
to
see
this
whole
thing
happen
in
real
time,
so
the
first
bit
of
our
command
is
going
to
apply.
A
This
ya
know
file,
which
is
that
the
second
command
we're
going
to
run
immediately
afterwards
is
going
to
be
a
Kay
get
Pio
and
then
I
wish
there
was
and
then
I
think
I
have
a
K
log
I'm.
Actually
reading
this
K
log,
Hanako
minus
F
I
think
that
should
work.
K
log
is
an
alias
as
a
bash
function.
I
wrote,
I
just
looks
up
a
pod
and
will
to
get
the
logs
based
on
a
string
and
that
string
is
Kanako's.
A
So
any
pod
that
has
the
word
can't
go
in
it,
we're
just
going
to
grab
logs
for
it.
So
this
should
work
nope,
the
first
half
oh
okay,
hold
on
this
is
why
I
didn't
work.
I've
already
got
a
pod
running
from
Riley,
so
now's
a
good
chance
to
point
out.
The
status
here
is
completed,
which
means
the
pot
exited
and
because
we
don't
have
a
deployment
or
a
stateful
side
or
a
demon
set
attached
to
this
pod
once
it's
completed
and
it
exited
zero
kubernetes
is
done
with
it.
A
It's
done
everything
that
you
told
it
to
do
so.
It
just
goes
into
state
completed
and
there's
effectively
nothing
running
there
and
there's
not
a
container
running
anymore,
but
we
have
a
reference
to
an
old
container
that
used
to
be
running,
so
we
want
to
tell
kubernetes
to
go
ahead
and
delete
that
pod
called
Kanak.
Oh
so
now,
let's
do
this
catalog
command
again
and
see
if
this
works-
okay,
perfect,
okay,
so
it
did
work
but
we're
just
waiting
for
the
container
to
start
clog,
Hanako.
A
Okay,
perfect!
So
we
have
some
errors
here.
Let's
see
what
happened
so
we
were
able
to
create
the
pod
and
it
says,
error,
resolving
context.
Chris
Nova
OS
cannot
fetch
bad
requests,
thar
dodgy
Zeb,
and
then
you
can
see
that
our
our
pod
actually
aired
here.
So
what
this
is
telling
me
is
that
this
is
actually
not
resolvable,
which
means
did
I
make
a
typo
I
bet
I
did
make
a
typo
tar.gz
and
what
is
our
GS?
A
You
tell
yep
I
totally
did
tar.gz
so
now,
let's
try
to
upload
that
or
the
destination
must
be
restarted.
The
destination
bucket,
GS,
Chris,
Nova,
t
JK,
oh
I,
know
why
I
know
why
come
on
folks.
Everybody
makes
mistakes.
Okay,
contact,
starred,
oh
Jesus,
let's
run
that
BAM
okay!
So
now
we
have
that
uploaded.
So
now,
let's
get
our
pods
to
leave
this
pod
notice.
It's
in
status
error,
which
means
the
pod,
is
no
longer
running
kate
elite,
Pio
Kanak,
oh
and
let's
do
our
our
big
command
again.
A
Here,
creates
the
pod
and
lets
it
still
seem
to
get
sister.
You
can't
get
pio
still
in
status,
error,
Kate
logs
the
name
of
the
pod
f.
It
still
says
that
it
cannot
find
this
tar
ball,
let's
see
if
we
can
find
it.
This
is
just
me
debugging
trying
to
figuring
out
what's
going
on
here.
Okay,
so
it
doesn't
work.
A
A
A
Why
does
this
no
one
want
to
work?
Okay,
get
P!
Oh,
let's
try
this
one
more
time:
okay,
delete,
Kanak,
Oh,
OOP,
sorry,
Kay
delete
P,
o
Kanak;
oh
I'm,
gonna
kind
of
wipe,
everything
and
start
from
scratch
and
see.
If
we
can't
get
this,
but
it
should
work
really
really
well
I,
had
it
working
earlier
and
I'm,
not
sure
why
it's
not
working
now.
So,
let's
delete
this
delete
that
and.
A
A
A
storage
class
multi-regional
public
access,
not
public
I,
wonder
if
that's
right,
yeah,
okay!
So
now,
if
you
hover
over
this
I
wish,
I
could
do
this.
But
if
you
look
down
in
the
bottom
left
above
my
downloads
here,
it
now
has
the
correct
URL
so
I'm
wondering
if
just
deleting
and
recreating
let's
see
if
this
fixes
it,
let's
see
still
not
wanting
to
download
Chris
novo,
TGI,
kate,
r,
dot,
gzip.
And
let's
see
what
this
says.
A
A
A
People
are
saying
a
lot
of
things:
I'm
gonna,
try
this
and
if
not
I'm
gonna
read
what
folks
are
saying.
Let's
see
if
candy
Co
is
going
to
allow
us
to
use
an
HTTP
instead
of
a
GS
colon
backslash
backslash,
it
should
work.
But
you
know
the
software
is
always
been
a
key.
So
let's
try
to
apply
this
again.
Okay,
get
P
Oh
container,
creating
status
error
again,
k
logs,
Kanak,
Oh,
Oh
yep
sure
enough
can
only
use
GS
:
dirt
or
s3
okay.
So,
let's
go
back
and
let's
change
that
back.
A
And
actually,
let's,
let's
just
do
this
get
reset
hard
BAM
and
now,
let's
open
this
thing
up
again,.
A
Okay,
so
here's
our
dust,
our
context
again:
GS
Chris,
Nova
TJ,
k
context
hard
gzip.
So
now,
let's
go
back
here,
we'll
see
what
folks
are
saying
tom
says:
make
it
public
I'm,
not
a
super
big
Google
user.
So
how
would
I
make
this
thing?
Public
managed
holds?
No,
that's
not
it
is
it
over
here.
Maybe
edit
permissions
add
item
entity,
no
I,
don't
know
how
would
I
make
this
thing
public
bucket,
lock
permissions
edit
bucket,
maybe
multi-regional,
show
advanced
settings
nope.
A
A
Fields,
update
permissions.
Try
again
later
save
I
wonder
if
we
could
try
to
use
s3.
Let's
see
if
we
get
any
clues
here.
It
says
public
object
me
accessed
yeah,
that's
what
we
want,
but
how
do
we
change
it
learn
more
to
stop
sharing
an
object.
Publicly
I
want
to
start
sharing
an
object
publicly
making
data
public.
A
Hey
hey,
that
was,
it
looks
like
balance.
Hado
is
our
one
with
the
correct
syntax.
So
let's
try
this
now.
Thank
you
for
that.
That
was
really
helpful
users.
All
users
yeah,
so
I
think
we
got
that.
So,
let's
save
this,
and
now,
let's
try
to
run
this
again:
hey
Julie,
8p,
o
Kanak,
oh
wow,
that
was
really
unused
friendly
to
make
that
thing.
Public
I
was
really
expecting
there
to
be
like
some
sort
of
like
click
here
to
make
it
this
public
button,
something
that
was
kind
of
annoying,
but
we
got
it.
A
A
Right
I
thought
that
didn't
you
change
that
to
Jess
and
that
is
resolvable
I,
don't
know
what
it's
talking
about:
I,
just
downloaded
it.
Oh
hey,
Gibby!
Oh
hey,
Gibby,
oh
Kanak!
Oh
you
know!
What's
going
on
in
our
example,
animal
context
is
yeah
that
looks
right.
Let's
try
this
again:
hey
Gibby,
oh
okay,
really,
weird
I!
A
A
A
A
Valiant
said:
has
the
secret
setup?
That's
a
good
question.
Well,
we
did
the
create
secret
command
earlier
that
we
saw
here
and
I
created
the
secret
I
mean
we
can
create
a
new
secret
for
good
measure.
We
went
on
so
let's
RM
RF
Kanaka
secret
get
rid
of
that.
Let's
go
back
here.
The
service
account
all
I'm.
Doing
right
now
is
creating
a
new
secret
just
for
good
measure,
just
to
try
something,
and
if
not,
we
can
try
to
run
this
thing
in
s3
anyway.
A
The
desired
behavior
here
as
soon
as
you
get
all
this
stuff
hammered
out
is
basically
it
just
does
what
we
ran
locally
and
just
creates
a
container
and
pushes
it
up
up
for
you
and
it's
almost
the
exact
same
one
for
one
that
we
saw
locally
and
you'll
get
those
in
the
queue
back
to
logs
and
then
your
as
long
as
the
secrets
configured
correctly
it'll
be
able
to
push
that
up
to
GCR
I.
A
Don't
know
why
the
secret
would
have
anything
to
do
with
the
HTTP
request,
but
we
should
totally
just
forget
measure
it
roll
it
anyway
and
just
see.
What's
going
on,
bjaaland
says
it
seems:
GCS
is
complaining
about
the
JWT
format,
which
is
the
token
in
the
secret
Oh
interesting,
so
I
guess
those
do
have
something
with
each
other.
So
let's
nuke
this
and
let's
just
start
fresh,
so
delete
that
create
key.
Actually
before
we
do
this
yeah.
Do
we
want
to
make
it
just
a
new
a
service
account
yeah?
A
Let's
just
do,
let's
just
go,
yellow
and
create
a
whole
new
thing:
okay,
so
create
service
account,
TGI
K
live
55
create,
and
then
we
want
to
make
sure
we
give
it
the
it
says
here
in
the
documentation
under
build
contacts.
A
Supports
local
directories,
cloud
storage-
it
tells
you
what
kind
of
permissions
you
need.
Let's
prep
for
service
account
there.
It
is
okay,
so
decreed
a
service
account.
You'll
need
to
create
a
service
account
in
the
Google
cloud
project
with
storage.
Admin
is
what
we
want.
That's
the
magic
phrase,
so
we
should
be
able
to
type
that
here.
A
A
See
correct
we're
not
a
secret
here,
and
this
is
what
we
want
and
I
see
folks
in
chat.
So
one
second
I'll
check,
let
me
create
the
secret
first
from
file.
I
can't
go
secret.
Duchies
in
it's
like
folks
were
saying
they
love
watching
me,
debugging
I,
guess
this
is
the
part
that
everybody
joins
for,
but
it's
always
the
part
I
struggle
with
the
most
cuz
I'm,
like
I,
don't
understand
what's
going
on,
but
yeah.
This
is
just.
This
is
like
the
good
TGI
K
meat
here
is
the
the
debugging
part.
A
Okay,
so
k
good
secrets.
So
we
have
a
secret
that
looks
good,
okay,
get
P,
oh
okay,
delete
P,
o
Kanak,
oh
not
can't
go,
see
Greg.
Why
did
I
tap
him?
There,
hey
delete,
P,
Oh,
Hanako
and
then
k
apply
off
example:
pod
1,
yeah,
Mall
I
can't
get
P
oh
container,
creating
running.
Oh
my
gosh.
What
is
the
logs
gonna
say,
k
logs,
candy
co.
It
worked
yeah.
This
is
like
the
best
part
rock
on
okay,
okay,
cool,
so
yeah,
okay,
really,
weird
and
I'm
glad
we
found
this
cuz.
A
A
It
looks
like
the
JWT
signature
I'm,
assuming
maybe
I,
just
created
the
secret
wrong
earlier,
or
there
was
something
going
on
in
that
secret
was
faulty
in
some
way
and
so
creating
a
new
one
seemed
it
fix
the
problem
and
you
were
then
able
to
actually
pull
down
from
the
Google
cloud,
store
a
storage
engine
and
actually
get
the
the
context
tar
ball,
but
for
whatever
reason,
the
secret
was
influencing
the
way
that
we
were
pulling
from
Google
cloud,
so
I'm
wondering
if
it
was
automatically
trying
to
use
it
or
something
because
it
was
in
place
so
yeah
how'd
soft
about
I'm,
sure,
I'm,
saying
this
wrong,
but
valiant
for
helping
us
out.
A
That
was
really
helpful.
The
the
user
is
equal
to
all
users
and
and
the
the
JWT
token,
where
are
two
big
hints
there,
but
anyway
so
now,
we've
got
echo
TGI
K
is
the
best
way
to
learn
kubernetes
and
if
all
goes
according
to
plan
Jeremy
says,
did
you
delete
the
wrong
key
earlier
would
have
to
check
this
dream.
I,
don't
know
what
I
did
Jeremy.
Maybe
I
did
like
accidentally
delete
the
wrong
key,
because
I
really
remember
I
deleted
a
key
after
I
created
one
just
to
show
folks
how
to
create
it.
A
Maybe
that
could
have
done
it
as
well,
but
go
back.
I'm
sure
like
this
is
like
watching
a
Quentin
Tarantino
movie
like
go
back
in
time
and
like
look
at
the
clues
and
see
how
I
messed
up
feel
free
to
add
a
comment
in
the
YouTube
video
and
pick
on
me
and
tell
me
where
I
goofed
up
anyway,
we're
actually
gonna
see
if
we
can
get
TGI
K
is
the
best
way
to
learn
kubernetes
by
doing
a
local
docker
run
and
that
will
kind
of
be
our
round
robin
test
for
Kanaka
for
the
day.
A
A
If
you
have
questions-
and
if
not
it's
been
a
lovely
episode,
thanks
for
everybody
who
join
and
thanks
for
helping
me
to
bug,
it's
been
a
ton
of
fun
and
you
know,
keep
building
container
images
and
if
you
can
try
to
build
them
unprivileged
and
if
you
can
to
help
contribute
to
tools
like
Hanako
or
bilder,
to
make
it
a
little
bit
easier
for
folks,
like
me,
trying
to
do
demos
or
folks,
like
you,
trying
to
improve
your
organization's
container
building
pipeline,
feel
free
to
help
out.
Open-Source
is
all
about
contributions
from
folks.
A
A
So
we
can
actually
just
cheat
and
do
415
adding
exit
one
front
end
docker
script,
you'll
get
all
of
the
happy
faces
from
me:
cool
thanks
for
opening
up
the
PR,
that's
really
great
and
funny
that
we
got
one
merge
live
in
TGA,
okay,
the
Ellen
says.
Thank
you.
Great
session
have
a
great
weekend.
Y'all
do
the
same.
I
think
I'm,
climbing
a
mountain
this
weekend
who
woulda
guessed
we're
just
gonna,
wait
and
see
what
the
weather
does
so
I
hope
everybody
has
good
plans
for
the
weekend.
A
Take
some
time
off
from
kubernetes
we're
not
going
anywhere
we'll
be
back
next
week.
Take
a
break.
You
all
deserve
it,
and
thanks
for
joining
us
live
from
the
FTO
studios,
it's
been
a
wonderful
wonderful
week
and
I
think
we're
ready
for
our
weekend.
So
Oh
tom,
let's
see
thank
you
Chris.
Thank
you
have
to
go.
Hopefully
you
guys
come
down
too
zealand
for
the
linux
conf
in
january.
Hopefully
us
girls
come
down
there
too,
because
I
definitely
want
to
climb
mountain
cook,
which
is
it's
harder
than
the
rattling
mount
cook.
A
Just
to
let
you
guys
know
you
see,
I
just
did
it,
you
folks
know
is
actually
harder
than
Liberty
Ridge
where
I
broke
my
hand,
so
you
can
see
how
insane
I
am
and
how
intense
the
mountains
are
in
New,
Zealand
I
haven't
heard
of
the
Linux
comps,
but
I
will
definitely
check
it
out.
International
travel
is
always
a
bit
hands
up.
We
never
really
know
if
it's
gonna
make
sense.
A
You're
not,
but
I'll
definitely
check
it
out,
and
hopefully
we
can
come
see
you
I
know
we
have
Dave
down
in
Australia,
so
it
might
make
sense
to
do
like
a
little
down
under
tour
and
come
down
and
see
what's
going
on
on
that
side
of
the
world.
That's
really
in
the
future.
My
favorite
part
of
that
side
of
the
world
already
on
their
weekend,
Syed
says
London
is
returning
to
form
next
week,
weather-wise,
it's
been
unusually
warm
recently,
that's
good
to
know.
A
I'm
excited
to
be
in
London,
primarily
excited
for
the
curry
and
Brick
Lane,
but
it'll
be
a
good
time
and
comes
to
check
out
Mikey
know
it's
gonna
be
really
cool
keynote
talking
about
more
communities.
Okay
thanks
everyone,
I'm
gonna,
get
out
of
here,
go
and
join
my
weekend
and
do
my
snippets
for
the
week
have
a
great
week.
Everyone.