►
From YouTube: TGI Kubernetes 074: Exploring KubeVirt
Description
Come hang out with Kris Nova as she does a bit of hands on hacking of Kubernetes and related topics. Some of this will be Kris talking about the things she knows. Some of this will be Kris exploring something new with the audience. Come join the fun, ask questions, comment, and participate in the live chat!
A
Hello
and
welcome
to
Friday
afternoon
tea,
GI
kubernetes
I,
am
your
host
Chris
Nova
from
broadcasting
live
here
from
the
hefty
o
studios
one
more
time.
How
is
everyone
doing
today?
It's
really
great
to
see
everybody.
Let's
do
my
favorite
part
of
the
week
where
we
get
to
go
through
whom
you
need
to
say
hi
to
all
of
our
friends
who
join
us
for
a
tea,
GI
kubernetes
every
week
and
see
where
folks
are
joining
us
from.
So,
let's
see
first
person
to
say
hello
was
Olaf,
so
Olaf
wins
for
this
week.
A
Next
off
we
have
Fabien
D,
which
I
believe
Bobby
and
you've
been
helping
me
behind
the
scenes
with
Qbert,
which
is
what
we're
doing
our
episode
on
today,
a
little
bit
in
the
kubernetes
slack
and
if
you're
the
same
person
I
just
wanted
to
say.
Thank
you
so
much
for
all
your
help.
It
was
really
wonderful
and
it's
making
the
episode
gonna
be
a
lot
more
exciting
because
of
how
we
got
some
of
the
kinks
worked
out
earlier.
A
Okay,
so
next
we
have
bass,
Bank
says
yo
Charles
says
hello,
Peter
says
yo
Suresh
yo
lots
of
us.
Today.
It's
a
yo
kind
of
day
Martin
says
yo
l'm
a
d
good
to
see.
You
know
Matty,
always
joining
us
one
of
our
regulars.
Here,
one
of
my
favorite
people.
We
have
Martin,
they
say:
yo
Charles
at
Charles,
predator,
you
gotta,
follow
convention
I
mean
Hef,
do
says:
yeah,
okay.
So
let's
see
what
George
says
in
the
hefty
o
channel.
A
A
Charles
still
talking
about
yo,
gage
hello,
the
big
smiley
face,
David
howdy.
Excuse
me,
Christopher,
says
hello,
Ismael,
sits
low
soul,
says
hello,
Ali
says
hello,
ffs
Daniel
says
hello,
sk,
says
hello,
assume
deep,
okay
and
then
George
dropped
in
a
link.
Here.
If
folks
want
to
look
it's
over
on
the
right
side
in
your
chat,
it
is
our
hack
MD,
which
is
an
interactive
document
that
we
can
work
on
together.
It
respects
github
markdown
and
that's
where
we
keep
all
of
our
show
notes.
A
So
if
you
want
to
click
on
that,
it's
going
to
have
links
and
pointer,
and
hopefully
some
good
information
as
we
learn
about
Kubrick
and
a
handful
of
other
things
here
in
the
kubernetes
space
for
the
week.
So
next
up,
we
have
Ismael
says
hello
from
Ankara.
Yes,
I
eat
from
London
hello
from
Chennai,
hello
from
Germany,
Istanbul
and
Rotterdam
alrighty
well,
I'll
come
back
and
I'll
check
the
chat
a
little
bit
more.
A
If
folks
want
to
start
trickling,
another
closing
and
I'll
come
back
and
do
one
more
read
through
and
try
to
get
your
name
out
there.
For
you
also
a
friendly
reminder:
let's
see
if
I
can
do
this
right,
where
is
it
I
hit
that
subscribe
button
right
there,
if
you
haven't
done
it
before
so
that
you
get
reminders
every
week
for
tea
gik
brought
to
you
by
VMware
so
anyway,
a
little
bit
about
me?
My
name
is
Chris
Nova
I'm,
a
developer
advocate
here
at
VMware
I
used
to
be
a
part
of
heck.
A
Do
we
joined
up
with
VMware
and
I'm
here
at
our
Seattle
office?
I
thought
last
week
was
gonna
be
my
last
week,
but
I
think
it's
going
to
be
this
week,
but
it's
coming
soon
and
then
I'm
gonna
move
over
and
I
think
I'm
gonna
start
doing
TGI
K
from
my
arch
linux,
computer
at
home
through
oil.
So
that
should
be
exciting.
So
we
can
hack
around
on
some
some
Linux
tools,
something
that
we
haven't
really
had
a
chance
to
do
in
the
past,
and
I
am
very
excited
to
show
everybody.
A
The
over-engineered
Arch
Linux
computer
system
that
I
have
built
that
I've
been
using
for
the
past
couple
of
years,
so
that'll
be
fun.
A
nice
like
revamp
of
TGI
K
and
in
my
system
it'll
be
pretty
exciting
I'm.
Also,
it's
got
a
lot
more
resources,
so
we
can
actually
like
have
some
fun
with
compiling
things.
A
So,
let's
see
the
first
one
here
we
have
introducing
cube
iptables
taylor
saeed
says:
are
you
leaving
nope
not
at
all?
Well
I
mean
for
the
weekend
yeah,
but
like
no
I'm
happy
life's
good
so
anyway,
introducing
cube
I,
pee
tables,
Taylor,
better
networking
visibility
in
clusters
improved
experience
for
app
owners.
A
Let's
see
what
we
got
here:
process
behind
cube,
iptables,
Taylor,
okay,
so
what's
going
on
here,
so
we
have
a
watcher
and
it
detects
changes
in
configuration
and
then
it
sends
it
out
to
the
parser
and
the
parser
filters
that
parses
that
and
then
sends
it
out
to
the
poster.
The
poster
then
applies
kubernetes
api
to
locate
and
summit
events
to
pods
okay.
A
So
this
is
just
a
way
of
mutating
IP
tables
declared
in
philly,
which
is
exciting
because
a
lot
of
the
sinaia
providers
that
we've
looked
at
do
a
lot
with
IP
tables
and
setting
up
your
your
route
table
on
your
system.
That's
how
the
pod
networks
are
built,
so
I
think
this
is
sort
of
a
declarative
way
of
defining
what
you
want.
Your
IP
tables
to
look
like,
and
this
will
enforce
them
over
time,
which.
B
A
A
Like
a
boss,
thank
you
thanks
bye,
that's
my
colleague
and
good
friend
Nicholas,
who
works
here
in
Seattle
with
me,
and
he
likes
to
bring
me
presents
and
come
and
talk
about
his
happy
hour
that
he
does
every
Friday
afternoon
after
tea
gik
that,
if
you
want
to
join,
you
certainly
can
join
and
we
can
get
a
link
and
drop
that
in
the
chat.
If
there
isn't
one
already.
A
So,
let's
see
what
folks
are
saying,
Sayid
says
because
he's
heard
you
tik
from
home
in
the
future:
oh
yeah,
no
we're
just
getting
a
different
office,
so
this
office
is
shutting
down.
So
why
were
we
waiting
for
the
new
studio
to
get
built
at
the
other
office
up
here
in
Washington,
Joe
and
ila
will
be
doing
TDI
K
from
home
for
a
couple
of
months,
but
yeah,
that's
just
gonna
I'm,
just
gonna
be
working
from
home
for
a
while,
as
all
that
boils
down
to
Shawn,
sighs.
A
Hey
me
from
across
the
street
Christian
Christian
says
service
and
Brian
says
hi
from
Denmark
and
it
looks
like
we
have
somebody
from
Belgium
and
Eric
from
Seattle
good
to
see
everyone,
hello
from
Tokyo
Japan,
hi
Conrad,
thanks
for
joining
and
hello
from
Tokyo
Japan,
okay,
so
yeah
it'll
watch
changes
on
iptables
log
files,
it'll
pars,
iptables
and
in
locate
pods
and
send
out
events.
So
this
is
just
a
really
interesting
service
for
managing
IP
tables,
which
we
do
a
lot
in.
A
Kubernetes
is
specifically
with
our
c,
and
I
implementations,
I
think
pretty
much
everyone
I
think,
except
for
see.
Liam
uses
IP
tables
to
some
degree.
So
we
do
a
lot
of
mutation
there
and
sometimes
these
IP
table
rules
can
get
extremely
complex
and
there
can
be
a
lot
of
them,
as
our
networks
start
to
get
more
and
more
complex
and
having
a
tool
like
this
would
simplify
the
problem
of
needing
to
mutate,
your
rules
and
actually
making
figuration
changes.
Okay,
so
that's
the
IP
tables
Taylor.
A
A
So
yeah,
let's
see
somebody
hello
from
Paris
good
to
see
you
Sean
Smith
said
yeah.
We've
had
to
move
to
see
Liam
for
some
stuff
because
it
doesn't
use
IP
tables,
see.
Liam
is
an
awesome,
CNI
provider.
If
you
haven't
checked
out
the
tea
dik
I
did
on
see.
Liam
I
strongly
suggest
checking
it
out.
It's
really
exciting
stuff,
really
cool
tool
and
they
did
a
really
good
job
with
it.
Okay,
so
def
cube.
Currently
a
lot
of
kubernetes
bootstrappers
are
black
boxes.
A
We
don't
provide
a
lot
of
flexibility
on
how
did
the
cluster
is
set
up?
Not
cubic
corn,
cuz
I
explicitly
called
that
out
when
I
was
designing.
It
dev
cube
changes
based
off
of
Kelly's,
cumin
or
Kelsey's
kubernetes
the
hard
way
it
wires
together.
It
costs
a
cluster
with
custom
binaries.
That's
a
cluster
with
custom
binaries,
that's
hard
to
say
complete
with
flannel
and
core
DNS,
which
we
all
know
is
the
the
new
preferred
DNS
that
I
think
came
out
one
or
two
kubernetes
versions
ago.
A
Maybe
you
need
to
flip
a
bit
or
there's
a
constant
that
you
need
to
change
its
value
to
or
you
want
us
to
change
some
setting
in
there
that's
hard-coded,
and
then
you
want
to
be
able
to
run
a
kubernetes
cluster
with
your
specifically
unique
copy
of
like
the
API
server
or
the
controller,
the
schedule
or
whatever
you
would
be
able
to
glue
a
cluster
together
using
custom
pieces
and
maybe
on
conventional
non
custom
pieces
as
well.
So
that's
what
def
cube
helps
you
do
so.
This
looks
exciting.
A
I
know
a
lot
of
people
who
who
work
on
kubernetes,
who
this
has
been
a
problem
for
specifically
for
us
here,
as
we
were
working
at
building
out
our
version
of
kubernetes
having
something
that
we
could
spend
up.
Kerbin
any's
easily
with
our
own
custom
binaries
would
have
been
really
helpful.
I
think
we're
using
cubic
corn
right
now
to
do
that.
But
this
is
another
tool,
I
notice,
it
says
no
cube
admin.
So
I
think
this
is
pretty
exciting.
Ok,
actually,
real,
quick!
A
Why
we're
here
I
wonder:
does
this
do
infrastructure
2,
or
is
this
just
like
cube
admin
or
it
just
starts
the
custom
binaries
use
custom
binaries
for
each
component
change
the
flags.
Add
new
nodes,
yeah
create
the
VM?
Ok,
so
it
does.
It
does
mutate
infrastructure
as
well.
Ok,
that's
exciting,
so
it
does
a
little
bit
more
than
what
cubed
min
does
ok.
A
So
next
up
we
have
kubernetes
identity
management,
authentication,
kubernetes,
identity
management,
authentication
have
you
deployed
kubernetes,
but
now
you're
going
to
get
in
the
hands
of
your
developer
and
admins
securely
kubernetes
has
taken
the
world
by
storm
arm
in
just
a
few
years,
has
gone
from
an
interesting
project
to
a
driver
for
technology
and
innovation,
I'm
still
confused.
What
this
thing
does.
A
A
B
A
Open
ID
connect
parameter
okay,
so
this
is
gluing
together,
open
ID,
with
the
kubernetes
off
system,
that's
already
in
place,
so
kubernetes
has
a
basic
authentication
system
and
that
we
call
our
back
role
based
access,
control
and
I.
Think
this
just
Maps
an
existing
off
system
down
to
the
kubernetes
one.
Let's
see
Christine
here
says
that's
a
great
article.
The
IDM
one
is
that
this
one
are
we
looking
at
the
IDM
one
yeah
I?
Guess:
I,
don't
know
anyway.
If
you
want
to
read
more
about
kubernetes
identity
management.
A
This
is
a
good
article
here
and
I.
Think
Christian
is
alluding
to
the
fact
that
they
also
enjoy
this
article
so
come
check
it
out
load
balancing
strategies
in
kubernetes,
so
this
sounds
exciting
elf
for
round-robin
load,
balancing
with
cue
proxy
okay.
So
what
we
have
here,
we
have
cube
proxy
that
does
a
round-robin
load,
balancing
which
round-robin
basically
says.
If
we
have
five
things,
we
just
grow
in
a
circle
and
repeat
ourselves,
so
we'll
distribute
our
load.
We'll
send
one
request
here.
A
The
next
request
here
the
next
request
here-
the
next
request
here
then
here
and
then
just
start
that
cycle
over
again
and
just
repeat
that
indefinitely
and
that's
what
round-robin
means
is.
It
goes
around
in
a
circle.
So
that's
how
that
load,
balancing
works
and
there's
different
algorithms
that
do
different
things
and
like
are
smart
enough
to
spread
your
load
in
other
ways
as
well.
A
B
A
In
the
classic
sense,
that's
one
of
my
favorite
parts
of
it,
but
a
process
that
implements
a
virtual
IP
for
the
service.
Iptables
rules
there,
those
iptables
rules
again,
let's
zoom
forward.
Moreover,
it
routes
at
l4
tcp,
so
there's
different
layers
of
where
how
high
or
how
low
on
the
network
you
can
know
and
that's
where
you
get
l4
vs.,
l7
round-robin
load
balancing
with
a
tool
like
Q
proxy.
A
So
now,
let's
go
down
here
to
l7
what,
if
you're,
using
a
multiplex
to
keep
a
live
protocol
like
G,
RPC
or
HTTP
to
some
multiplex
in
this
example,
just
meaning
it
can
do
both
ways:
communication
you
can
send
and
you
can
send
back
up
to
it.
You
can
send
messages
to
it.
Vice-Versa,
okay,
so
you
can
use
API
gateway
for
kubernetes
such
as
ambassador,
and
you
can
bypass
q
proxy
altogether.
Okay.
So
this
is
just
talking
about
the
differences
between
l4
and
all
sub
and
load.
A
So
if
load,
balancing
is
a
concern
of
yours,
you
want
to
more
learn
more
about
the
hashing
algorithms
and
the
way
we
distribute
traffic
come
check
this
article
out,
and
it
should
be
able
to
give
you
a
pretty
good
head
start
on
understanding
this
stuff
and
figuring
out.
What
of
these
various
combinations
are
going
to
be
right
for
you
and
your
team.
Ok,
the
Telus
folks
are
working
on
talis
cluster
API
integration,
we're
looking
for
feedback.
This
sounds
exciting.
You
don't
even
know
what
Telus
is
and
we're
on
reddit.
How
did
this
happen?
A
We
started
working
on
cluster
API,
provided
for
Tallis
a
few
weeks
back.
So
I
think
everybody
here
has
probably
heard
me
do
this
is
Tallis,
but
I
think
everybody
here
has
heard
my
rant
on
cluster
API,
at
least
once.
If
anybody
wants
me
to
go
on,
my
rant
again
feel
free
to
drop
a
note
in
the
chat
and
I'm
happy
to
explain
what
cluster
API
is,
but
just
in
case
I'm
gonna
make
an
assumption
that
folks,
here
are
you
kind
of
have
an
idea
of
what
cluster
API
is
so
anyway.
A
This
says
a
moderate
modern
operating
system
for
kubernetes.
What
on
earth
does
that
mean?
Talas
is
a
modern
operating
system
for
kubernetes
that
provides
a
number
of
capabilities.
A
few.
Our
security
predictability
in
evolvability
features
uses
muscle,
Lib
seeds
written
in
go
use,
gr,
peace,
see
it
runs
container
D
and
it
uses
cube
admin
to
bootstrap
clusters.
It's
secure,
it's
minimal
examples,
OS
cuddle,
PS,
Oh,
interesting
okay,
so
it
looks
like
it's
it's
a
tool.
Okay,
Eric
wants
to
hear
the
rant.
Okay,
I'll
go
on
the
rant
you
get
in
here,
just
in
one.
B
A
A
A
We
thought
it
was
a
good
idea,
the
idea
kind
of
stuck,
but
we
never
really
finished
it
and
it
kind
of
just
got
kicked
to
the
side,
especially
as
things
like
third-party
resources
came
to
play
and
then
ultimately
see
IDs
an
aggregated,
API
server.
So
anyway,
this
is
a
conversation
we
had
and
you
can
see
this
got
closed
in
2018,
but
this
was
sort
of
how
the
whole
idea
of
cluster
API.
A
We
first
started
talking
about
it
and
we
kind
of
haven't
stopped
talking
about
it
since
we
originally
brought
this
up
and
so
I
think
the
probably
the
best
resource
to
learn
about
cluster
API
is,
if
you
go
to
hefty
Oh
cluster
it
right
here.
This
is
like
a
state
of
the
world.
It's
a
blog
I
wrote
last
year
that
sort
of
explains
like
how
everything
came
to
be
in
a
lot
of
detail,
but
I'll
kind
of
just
give
you
the
high-level
overview.
What
you
need
to
know
here,
so
there
was
a
lot
of
folks.
A
Looking
at
this
idea
of
you
know
having
an
API
for
cluster
management
service,
we
have
a
tool,
there's
one
called
Archon
or
Archon.
Let's
see
here,
our
cons
do
kubernetes,
kubernetes,
Cuba,
Archon
or
Archon.
However,
you
want
to
pronounce
it.
This
kind
of
does
like
an
API
built
into
kubernetes
that
you
can
interact
with
and
we'll
actually
go
and
like
create
a
cluster
for
you
or
whatever.
There's
some
folks
at
a
company
called
Luke
would
see.
I.
A
Think
I
said
that
correctly,
who
had
built
a
similar
tool
and
some
folks
at
Google
were
also
interested
in
it
as
well,
and
so,
following
up
on
my
book
cloud,
negative
infrastructure,
a
handful
of
us
got
together
and
we
keep
talking
email
to.
Let's
do
sig
cluster
life
cycle,
cluster
API
and
we
kicked
off
an
email,
I,
don't
know
if
we'll
be
able
to
find
it
or
not
somewhere,
and
it's
in
the
Google
group.
A
If
you
want
to
go,
do
the
sick
cluster
life
cycle
history
here
and
we
were
like
hey,
let's
come
together
and
let's,
let's
put
together
an
official
API
for
what
it
infrastructure,
looks
like
an
in
cluster
life
cycle,
Google
Group,
and
we
can
start
to
define
this
as
a
community.
And
then
we
could
start
building
out
common
libraries
that
we
can
use
and
we
have
a
standardized
way
of
shaping
what
our
cluster
should
like.
How
we
would
describe
our
cluster
and
then
we
could.
B
A
Various
controllers
that
read
that
shape
and
then
go
through
and
reconcile
it
for
us,
and
so
that's
cluster
API
in
a
Lodz.
He
actually
got
Cubert
support
for
the
cluster
API
awesome
thanks
for
the
cherry
in
that
Fabien.
So
in
here
I
think
we
can
do
cluster
API
see
what
comes
up
I,
don't
know
if
we'll
be
able
to
find
it,
but
it's
in
here
somewhere.
A
B
A
Gonna
go
back
to
not
dev
cube.
We
want
to
tell
us
here
and
if
you
look,
it
says,
let's
go
back
to
our
article.
We
started
working
on
a
cluster
API
provider,
so
what
that
means
is
I'm
gonna
go
to
my
screen
over
here,
see
doc.
Cam
wait
up
my
dog
cams
not
plugged
in.
Can
you
plug
this
thing
in
see
if
we
can
get
this
to
work.
A
Perfect
Oh,
in
order
to
see
my
M&Ms
that
I'm
eating
okay,
so
we
have
a
standardized
API
shape
and
the
first
thing
we
have
is
we
have
the
cluster
itself
or
like
the
control
planning
components.
So
we
call
this
one
cluster,
and
then
we
have
some
subject:
sub
set
of
things
that
we
call
machines
and
each
machine
can
be
in
a
machine
group
or
it
can
just
be
a
machine
and
basically
behaves
just
like
deployments
in
pods.
I.
Think
it's
a
machine
set
is
what
it's
called
so
anyway.
A
This
would
define
something
like
what
port
is
my
API
server
listening
on
or
you
know
what
flags
are
we
gonna
use
to
configure
our
scheduler?
There
may
be
various
things
that
we
would
configure
here
and
then
maybe
on
this
one
we
have
an
ec2
large,
a
medium,
and
this
one
is
for
whatever
reason
and
running
sent
to
us
instead
of
Ubuntu,
and
we
can
define
what
we
want
our
infrastructure
to
look
like.
A
We
then
would
have
a
controller
that
would
read
this
and
kick
off
a
control
loop,
which
will
kind
of
draw
like
this
and
reconcile
that
against
some
cloud
of
your
choosing
in
this
case,
that
cloud
is
going
to
be
I
Tallis,
so,
in
other
words
need
to
be
able
to
you
use
the
same
standardized
way
of
defining
what
you
want
your
cluster
to
look
like
and
then
they're
gonna
have
some
reconciler
down
here.
That
brings
that
to
life
and
keeps
that
happy
over
time.
A
Okay,
so
that's
what's
going
on
here
with
cluster
API,
so
those
first
like
six
words
that
we
saw
over
here
actually
said
quite
a
bit
about
what
what
going
on
here
so
right
now,
it's
still
a
work
in
progress,
but
we
are
hoping
to
get.
The
kubernetes
community
involved
helped
shape
how
cluster
management
with
Tallis
and
close
to
API
will
look.
So
you
can
look
here.
They
have
cluster
API
provider
and
what's
great
about
this,
is
if
you
go
to
the
cluster
API.
A
This
thing
there's
tools
here
that
will
help
you
bootstrap
a
brand
new
implementation
or
a
brand
new
provider.
So
you
can
come
through.
You
can
read
about
how
we
have
different
CR
DS.
You
can
get
involved.
You
can
see
they're
just
one
for
vSphere.
We
got
one
for
AWS
that
we've
been
working
on
there's
one
for
as
your
this
one
for
digital
ocean
I.
Think
Marco
did
that
one
there's
one
for
GCE
and
the
beauty
of
all
this.
A
A
So
next
we
have
capes
one
point,
twelve
point:
eight,
which
this
is
an
older
version
of
kubernetes,
but
it's
a
newer,
older
version
of
kubernetes,
if
that
makes
sense
we're
on
1.14
now,
but
we
do
still
keep
up
with
some
of
these
releases,
and
this
is
the
eighth
version,
so
we
can
go
here
and
click
on
our
change
log.
We
all
know
I
like
to
read
the
change
log
and
we
can
actually
see
connections
from
pods
to
services
with
zero
endpoints.
Well,
now,
ICMP
reject
immediately.
A
So
that
means
you
won't
be
able
to
ping
them
rather
than
black
hole
and
timeout
I
know
it's
like
Tim
did
that
one
so
yeah
you
can
come
through
and
you
can
see
what
all
has
changed
and
if
you
want
to
keep
running
1.12,
probably
a
good
idea
to
upgrade
to
one
dot
12.7
here.
So
that's
exciting,
good
job
release,
team
for
keeping
kubernetes
happy
and
working
towards
a
better
reality
for
tomorrow.
A
There,
let's
see,
let's
get
some
water
check
out
this
bot
for
some
nifty
Kate
slack
notification,
integration
yay
who
doesn't
love
a
good
bot.
Add
this
add
that
app
that
helps
you
monitor
your
kubernetes
cluster
debug
critical
deployments
and
give
you
recommendations
for
standard
practices.
It's
called
bot
cube.
A
It
does
go
through
and
define
some
of
that
information
I.
Think
the
the
scope
of
work
for
cluster
API
is
the
kubernetes
layer
of
software
and
then
the
infrastructure
that
is
actually
running
that
kubernetes
layer
of
software.
After
all
of
that
is
been
reconciling
as
happy.
Cluster
API
has
no
more
concerns
so
actually
getting
work.
Schedule
and
kubernetes
cluster
is
a
completely
out
of
scope
thing,
but
making
sure
your
cluster
is
happy
in
your
network
is
happy.
We
can
do
that
declarative
immediately
now,
or
at
least
that's
the
goal
of
cluster
api.
A
Hopefully
that
answers
your
question.
Waleed.
Ok,
so
yeah
there's
a
cool,
but
you
can
use
it
to
play
with
kubernetes
from
slack
if
you're
interested
check
it
out.
There
simplify
kubernetes
are
back
in
amazon
eks
with
the
open
source,
polluting
packages,
so
a
little
bit
of
prior
art
here,
the
way
that
eks
works
in
amazon
they
have
their
own
CNI
provider
that
uses
the
VPC
by
default.
A
It's
something
that's
sick,
AWS
and
amazon
have
been
working
on
sega
AWS,
eks
CNI,
let's
see
if
we
can
find
it
support,
Amazon,
yeah
and
I
see
and
I
plugin,
so
yeah.
This
is
the
plug-in
here.
I
think
you
can
actually
go
and
find
the
repo
if
you
want
to
Google
around,
for
it
I,
don't
know
if
I'm
really
gonna
dig
that
deep
for
it.
This
might
be
it
close
to
API
AWS
feature
set
yeah.
So
this
is
talking
about
how
it
uses
the
view
PC,
and
so
it
doesn't
use
a
traditional
CNI
tool.
A
A
If
you
want
to
come
in
here,
you
can
see
how
we
can
get
paluma
installed.
We
can
create
three
IM
roles
with
truss
policy
to
map
to
Amazon's.
Eks
are
back
okay,
so
getting
Amazon
and
I
am
so
Amazon's.
I
am
to
sync
with
kubernetes
is
an
interesting
problem.
That's
been
around
for
a
while.
We
had
tools
like
cute
I
am,
and
then
we
wrote
some
tooling
here
at
have
to
you
to
help
with
this,
and
it
looks
like
Pulu
me
also
is
going
to
concern
itself
with
some
AWS
roles
and
mapping.
A
Those
back
to
kubernetes
are
back,
so
this
is
pretty
cool
if
you're
interested
in
this
and
learning
more
come
check
it
out.
This
is
going
to
be.
This
is
going
to
be
abused
to
anybody
who's
seriously.
Running
considering
running
production,
eks
cluster
in
the
near
future,
I
would
strongly
suggest
you
come
through
and
read
this
and
evaluate
this
tool,
and
maybe
we
can
do
a
TGI
K
on
this
in
the
future.
If
folks
think
that
would
be
a
good
idea.
A
Okay,
we're
almost
done
I
promise
and
then
we're
gonna
start
working
on
Qbert,
okay,
announcing
Liefeld
e
2.3
towards
zero
touch,
no
trust
networks
and
kubernetes.
So
we
got
a
new
linker
d
release
and
it's
just
moving
towards
this
simplicity
model
where
you
just
kind
of
set
it
and
forget
it
and
it
comes
through
and
secures
your
cluster
and
how
to
enter
cluster.
So
you
can
come
read
more
about
it
here
and
you
can
see
how
do
you
install
it?
A
Don't
ever
do
this,
please
don't
curl
pipe
to
bash,
but
you
are
more
than
welcome
to
W,
get
this
file
and
then
open.
It
up
see
what
it
contains
and
if
it
looks
good,
then
you
can
go
ahead
and
run
it,
but
that's
how
you
would
install
link
or
D
on
your
cluster,
which
is
exciting.
So
if
you
want
to
come,
find
out
more,
come
and
check
it
out
here.
A
Alright,
and
on
that
note,
let's
move
over
and
let's
talk
about
Qbert
so
I'll,
do
you
another
branch,
this
one's
just
for
you,
Maddie,
okay,
so
over
the
past,
probably
month
or
so
I've
been
giving
a
lot
of
talks
about
the
different
kernel
set
of
features
that
support
virtualization
and
comparing
those
to
what
we
used
to
create
containers.
So
I've
been
doing
a
lot
of
research
on
how
virtualization
works,
how
the
kernel
does
the
translation
from
kernel
colonel
how
we
create
a
new
synthetic
virtual
kernel
on
top
of
a
hypervisor?
A
A
A
So
again
we
see
this
this
pattern
of
we
go
and
we
declare
something,
and
then
we
have
some
sort
of
reconciler
that
will
read
that
declaration
on
at
the
state
of
the
world,
detect
that
it's
not
running
and
go
and
bring
that
to
life
so
that
it
is
running
and
so
that
we
are
in
a
state
of
reconciliation,
and
this
is
this
is
kubernetes.
This
is
the
core
of
kubernetes.
A
This
is
why
kubernetes
has
been
so
successful
is
because
of
this
pattern,
the
same
one
that
we
saw
let's
go
over
over
here,
where
we
had
various
configurations
and
then
we
came
through
and
we
had
an
event
loop.
That
would
reconcile
that
up
against
something
else.
So
in
this
case,
what
we're
doing
with
Qbert
it's
almost
the
exact
same
thing.
My
diagram
is
gonna.
Look
almost
exactly
the
same.
We
are
defining
a
virtual
machine
this
time-
and
this
is
this-
is
just
llamo
here.
A
So
when
you're,
when
you're
I
draw
these
squares
just
think
to
yourself.
This
is
just
like
several
lines
of
Hamel
and
we're
I'm
gonna.
Look
at
one
of
these
concretely
in
just
a
second
and
then
we
have
here's
our
arrow
again,
and
then
we
have
our
reconciler
or
controller
or
operator.
Depending
on
how
specific
this
bit
is.
A
We
would
call
this
a
different
name
based
on
if
this
is
domain-specific
or
not,
and
this
was
just
run
over
and
over
and
over
again
until
the
end
of
time,
and
that
would
sort
of
do
this
audit
and
reconcile
what
we
actually
wanted
to
be
there.
So
in
this
case,
if
we
define
let's
say
we
wanted
an
Ubuntu
server,
we
wanted
it
to
be
a
small
one,
maybe
it'll
say
50
gigabytes
disk.
Maybe
we
want
four
gigs
of
ram
whatever
and
you
would
go
through
and
you
would
define
all
this
in
your
gamble
here.
A
Don't
see
any
servers
running
in
an
ec2
I,
better
go
create
one
and
that's
what
this
loop
here
would
do,
and
that
would
actually
go
up
against
some
public
cloud
like
easy,
and
if
you
look
on
the
queue
her
at
home
page,
let's
slip
back
over,
you
can
see
it,
you
can
do
it
on
mini
cube.
You
can
run
it
on
Amazon.
You
can
run
it
on
GC
P,
Q
Bert
is
expecting
KVM
I.
Think
it's
KTM
for
now.
Just
had
a
million
dollar
idea
fruits,
but
M&M
sized.
A
Let's
see
well
Manny,
had
a
question:
let's
see
what
Maddy
said,
Maddy
said,
which
V
virtual
machine
VMs
does:
does
it
work
with
firecracker
cow,
two
containers
KTM
all
of
the
above
yeah
I?
Think
KVM
is
it's
gonna,
be
our
winner
here,
the
Maddy
I.
Think.
If
you
look
at
what
Fabien
and
Christian
say,
that's
accurate,
firecracker
and
cata.
Also,
usually
build
up
on
KVM,
so
yeah
if
fabian
is
correct,
I'm
99%
sure
that
firecracker
actually
is
just
to
be
a
VM
implementation.
So
the
factoid
about
KVM,
it's
a
linux
package,
so
you
can.
A
You
can
actually
go
and
install
this
on
a
lynx
like
system
it
supports
virtualization,
which
a
lot
of
folks
don't
realize
about
virtualization
is
that's
dependent
on
your
hardware.
So
if
you
don't
have
hardware
that
supports
virtualization
installing
a
package
like
KTM
on
your
lengths,
computers
effectively,
not
gonna
do
very
much
and
furthermore
kvms
only
available
on
Linux.
A
So
this
was
an
interesting
challenge
for
today
when
it
came
through
and
I
was
running,
my
Mac
OS
X
operating
system
and
I
was
looking
at
how
we
were
gonna
demo
Cubert
and
we'll
talk
a
little
bit
actually
the
kind
of
stuff
into
it
right
now,
and
we
can
talk
about
my
story
of
what
what
I
tried,
what
I
was
able
to
get
were
working
and
what
I
was
not
able
to
get
working
yeah
and
it
looks
like
David,
I'm
gonna
approve
your
comment
here.
It
says
Qbert
uses
KTM,
okay,
so
first
things.
A
First,
don't
use
these.
That's
the
first
thing
you
want
to
tell
yourself
or
actually
you
know
on
Friday.
What's
today,
April
26,
2009
teen,
don't
use.
These
I
was
running
into
some
trouble
earlier.
I
think
they
just
have
to
make
a
small
change
and
they'll
be
back
up
and
running
again,
but
one
of
these
are
pretty
simplified
examples
of
how
we
would
install
Qbert
if
they
didn't
have
a
bug
in
them.
Right
now,.
B
A
Just
our
fun
like
our
foundational
kubernetes
cluster,
so
we
need
a
cluster
to
run
the
software
on
to
create
other
virtual
machines.
So
it's
just
like
the
chicken
and
egg
problem
that
we
solved
with
cluster
API,
where
you
need
to
have
some
infrastructure
in
place.
Aren't
they
one
before
you
can
start
creating
other
infrastructure
as
well
in
Sayid,
says
Christian
in
my
bag
and
Fabien
says
this
button
should
be
working
by
now
again.
Ok,
so
we
already
got
him
fixed,
so
Fabien
awesome.
Let's
actually
try
to
do
one
of
these
so
yeah.
A
We
want
8
gigs
here,
no
tags
port
22,
so
we
can
SSH
into
this
thing
review
and
lunch.
But
the
only
thing
we
want
to
change
is:
if
you
read
the
documentation-
and
this
just
takes
a
while
so
I'm
gonna-
kick
it
off
now,
but
we'll
look
at
the
docs
here
in
a
second,
it
says
you
need
at
least
four
gigs
of
memory.
I'll
go
do
one
better
than
that
and
I'll
go
ahead
and.
A
So
if
we
go
down
here,
there
is
a
Doc's
section
and
it
says
an
easy-to-use
demo,
and
this
is
what
I
want
to
actually
run
through
today.
Is
this
Qbert
demo
here
and
this
goes
through,
and
it
tells
you
how
to
do
it
on
mini
cube,
but
we
also
discovered
and
again
hats
off
to
Fabien
for
helping
me
with
this.
We
also
discovered
we
could
effectively
replace
this
mini
cube
steps
with
a
gke
cluster
and
we
were
able
to
get
libvirt
up
and
running.
So
you
can
see
here.
A
I've
already
got
a
gke
cluster
and
if
I
do
my
oh
so
familiar
kdump
command,
you
can
see
that
it's
just
a
very
primitive
gke
cluster.
It's
got
Prometheus
and
keep
stir
and
the
metric
server
up
and
running
and
cube
DNS,
but
not
we
doesn't
really
have
any
other
namespaces
or
any
proprietary
software
or
anything
on
it.
A
Yet
so
that's
where
we
are
and
what
we
have
going
on
and
then
here
in
Amazon
we
have
go
here
and
you
can
see
that
this
thing
is
initializing
now,
and
this
takes
about
ten
or
fifteen
minutes
to
come
up.
So
that's
why
I
wanted
to
to
get
it
started.
Okay,
so
the
Qbert
demo,
let's
skip
past
this,
and
let's
look
at
creating
virtual
machines,
introductions,
okay.
So
this
is
what
I
wanted
to
show.
Folks
if
you
come
through-
and
you
find
I'll
actually
add
this
to
our
dock
here.
A
Creating
PM's,
Wow,
okay,
you
can
actually
come
in
here
and
you
can
see.
We
have
a
virtual
machine
instance.
So
in
kubernetes
we
can
define
these
things
called
CR,
DS
or
custom
resource
definitions
and
a
CR
D
is
effectively
one
of
these
arbitrary
objects
that
are
important
to
humans
and
the
the
D
part.
The
definition
is
just
the
shape
of
this
object.
What
fields
does
it
have
in
this
case?
We
have
fields
like
domain,
we
have
fields
like
termination,
grace
period
seconds
and
that
just
so
happens
in
this
example
Lucas
at
30.
A
You
can
see
here
we
have
devices
and
memory
and
there's
all
of
these
lovely
configuration
bits
that
we
can
come
in
and
change
and
the
beauty
of
a
CRD
is
that
you
can
make
this
look.
However,
you
want
and
you
can
define
whatever
fields
there
you
want,
and
you
can
have
your
controller
read
those
fields
and
in
the
software
that
reconciles
that
you
can
actually
make
it
respect
these
fields.
A
So
it
just
gives
you
a
framework
for
defining
something
in
kubernetes
in
the
Millat
controller,
to
framework
to
get
that
reconciled
and
to
get
that
running,
and
this
is
a
huge
win
in
kubernetes,
and
this
is
a
relatively
new
feature
of
kubernetes.
That
hasn't
always
been
around,
at
least
not
always
this
in
this
simplified
version.
B
A
Hap
do
says:
if
you
missed
the
notes
URL,
you
can
check
it
out
here.
That's
the
hack
indeed,
and
this
is
how
we
would
effectively
define
a
virtual
machine
instance-
and
you
can
see
it
says
note
a
full
API
reference
it's
available
here
and
you
can
see
today,
I
think
we're
going
to
be
trying
to
run
V
dot,
0
dot
16.1,
but
we
can
go
ahead
and
pick
out
any
version
you
want
so
comes
through
here.
A
You
can
see,
there's
a
type
definition,
and
this
is
the
actual
API,
which
is
just
that
that
yamo
object
we
just
looked
at
you
can
see
that
it's
got
API
group
list
categories
kind.
It
names
based,
singular
name,
keep
scrolling,
Affinity,
bootloader,
cpu,
so
yeah
you
would
be
able
to
come
through
we'd
like
to
find
like
the
amount
of
cores
you
want
for
your
CPU,
for
your
virtual
machine.
So
I
guess
it's
probably
now
a
good
time
to
talk
about.
Why
do
we
even
want
VMs
in
the
first
place?
A
A
The
use
case
is
surprisingly
pretty
simple
and
you've,
probably
even
more
surprisingly,
extremely
common,
which
is,
let's
pretend
you
had
a
monolithic
application
that
was
running
on
a
virtual
machine
and
over
the
past
four
years
you
and
your
team
have
written
you,
maybe
ansible
or
terraform
or
puppet
or
salts,
or
something
that
would
go
and
provision
all
of
your
servers
for
you,
so
that
your
application
would
be
happy
and,
let's
just
pretend
you've
got
it
down
to
a
science.
You
click
on
it.
You
click
on
your
magic,
shell
script
and
poof.
A
You
get
a
VM
running
and
vSphere
somewhere
and
it
starts
to
configure
itself
and
it
installs
all
of
those
goodies
and
all
of
those
packages
and
cats,
all
of
the
right
information
out
to
all
the
files
and
rewrites
some
stuff
in
the
Etsy
directory.
And
it's
just
it's
just
really
awesome,
and
you
know
you
always
get
a
really
happy
server
at
the
end.
And
then
your
application
gets
installed
and
that's
another
10
steps
and
your
application
gets
up
and
running
and
it's
working
fine.
We
poke
a
hole
in
the
firewall
we
can
hit
the
server.
A
A
If
we
had
all
of
that
work
done,
we
could
simply
port
that
work
over
to
a
tool
like
a
Qbert,
and
it
would
just
actually
be
able
to
go
and
create
a
virtual
machine
for
us,
so
that
would
allow
us
to
adopt
kubernetes
get
the
resiliency
of
the
kubernetes
scheduler
to
fix
it.
If
something
ever
goes
wrong
and
we
can
still
keep
our
virtual
machine
as
it
stands
today
now.
A
Over
we
want
to
start
looking
at
pulling
it
apart.
Maybe
container
I
seen
bits
and
pieces
of
it.
We
certainly
can
do
that,
but
if
we
just
need
a
very
quick
light
translation
from
virtual
machine
running
in
my
datacenter
to
virtual
machine
running
in
kubernetes,
and
that's
all
that
our
team
wants
to
do
right
now.
This
is
a
tool
that
can
help
with
that
that
problem,
okay,
so
Syed,
says
I,
remember
something
called
virtual
cubic
is
cube,
very
related,
great
question
and
no
they're,
not
so
the
way
virtual
cubelet
works
virtual
cubelet
effectively.
A
Let's
see
if
I
can't
do
a
demo
really
quick.
So
if
I
come
here
and
I
do
K
run
engine
X
dash
dash
image
engine
X
I
can
do
a
keg
it
yeah,
and
you
can
see
that
this
container
creating
status
is
happening
now,
what's
actually
going
on,
there
is
there's
a
tool.
It's
a
statically
linked,
go
binary
that
we
call
the
cubelet
and
the
cubelet
runs
on
each
of
our
notes
like
if
we
do
k
it
nodes.
A
We
have
three
copies
of
the
same
program
running
on
each
of
these,
and
it's
not
running
as
a
container.
It's
just
running
as
like
a
linux
service
that
system
v
watches
and
what
that's
doing
is
it's
taking
an
instruction
from
the
scheduler
and
the
controller
manager,
and
it's
saying
hey.
One
of
these
servers
needs
to
schedule
this
pod,
so
the
cubelet
on
whichever
server
gets
elected
to
schedule.
The
pod
is
the
thing
that
actually
does
effectively
a
docker
run
for
you
on
each
of
these
computers.
A
A
Do
just
vendor
that
out
to
one
of
these
man
services
in
a
cloud
somewhere
and
the
beauty
of
it
is,
is
you
would
be
able
to
basically
use
the
cloud
service
as
your
workhorses
for
kubernetes,
but
you
still
get
all
the
primitives
in
all
of
the
built
in
logic
and
features
of
kubernetes.
So
that's
what
the
virtual
keyboard
is.
Qbert
is
a
tool
for
managing
virtual
machines
with
kubernetes,
so
big
difference
here
so
yeah.
A
A
A
Okay,
so
let's
get
back
out
of
here
one!
Let's
go
back
here
I'm!
This
is
a
rant.
I
episode,
I,
usually
don't
get
this
ranty
on
TTI
K,
but
I'm,
just
I.
Guess
it's
just
a
rant
I
kind
of
week.
Okay!
So
anyway,
you
can
come
through
and
you
can
see
we
hack
and
set
the
clock.
We
can
do
config
sources,
we
can
do
disk
sources,
DHCP,
there's
a
lot
of
things
that
are
configurable
using
this
API
for
the
cube
root
here.
A
Oh
here's
a
list
over
here
on
the
right-
and
these
are
a
lot
of
things-
that
an
operator
or
a
Systems
Administrator
would
concern
themselves
with
if
we
were
just
running
a
traditional
virtual
machine
and
I.
Think
that's
kind
of
the
point
here
is
we're
starting
to
pull
out
and
create
api's
for
these
things
that
we
may
be
used
to
SSH
into
a
server
for
and
like
do
manually.
We
now
can
declare
and
use
kubernetes
resiliency
primitives
to
reconcile
that
state
for
us.
Fabien
says
nice
explanation
of
the
virtual
cubelet.
Thank
you.
A
That's
why
I
make
the
big
bucks?
Okay,
so
let's
jump
in
well,
he
says
more
ranting
and
digressing
is
good.
Oh
there's
one
thing:
I
can
do
as
a
rant
and
bang
Grisanti
gik.
This
is
like
my
specialty,
okay.
So
anyway,
let's
look
at
this
demo,
really
quick
and
let's
start
running
this-
we're
already
45
minutes
into
the
episode,
so
I
want
to
get
kind
of
busy
here.
So
if
you
see
here,
it
says
Qbert
demo,
so
click
on
that.
How
many
I
mean
I'm,
really
quick,
and
we
can
start
going
through
this
demo.
A
A
Let's
look
at
the
next
thing.
We
do
q
back
to
a
create
namespace,
cube
right.
Add
this
jump
in
our
terminal,
create
namespace
cube
root.
Oh,
it
already
exists.
Okay,
get
in
s!
Let's
do
this:
okay
delete
NS
its
total
terminating.
We
might
cuz
I
deleted
this
two
hours
ago.
I!
Don't
know
why
it's
still
terminating.
Let's
try
this,
let's
start
exploring.
A
So
this
is
gonna,
be
me
kind
of
just
seen
what's
going
on
with
the
cluster
really
quick
and
why
this
namespace
hasn't
terminated
yet
because,
ideally
we're
going
to
just
copy
and
paste
these
commands,
but
I
ran
through
some
of
this
earlier
and
I
deleted
the
namespace
and
usually
that
deletes
pretty
quickly
and
it
deletes
whatever
resources
are
running
in
the
namespaces
well.
But
for
some
reason
it's
been
hanging
here
on
terminating.
A
Okay,
so
what
favio
or
Fabien
is
alluding
to
here
is
this
problem
that
we
call
nested
virtualization
I
here
at
VMware,
we
have
solved
a
lot
of
the
nested
virtualization
concerns
with
a
couple
of
our
tools
and
we're
really
big
advocates
of
getting
this
sort
of
done
correctly
in
a
logical,
meaningful
way
and
taking
advantage
of
optimizing
our
systems
and
as
best
as
we
can
for
nested
virtualization,
all
nested
virtualization.
Is
you
don't
know
what
it
is?
Don't
freak
out?
It's
totally
just
basically
running
a
virtual
machine
in
a
virtual
machine.
A
A
I
would
do
mini
cubes
start
and
I
would
be
able
to
go
down
to
the
bottom
of
my
screen
and
click
on
the
the
VirtualBox
manager
and
see
that
it
actually
just
start
running
a
new
virtual
machine
and
then
I
can
SSH
into
that
machine
using
a
command
like
this
and
then
I
would
be
able
to
actually
see
the
VM.
That's
running
you
all
of
these
wonderful
kubernetes
components
now
with
a
tool
like
Qbert,
it's
kind
of
contradictory,
because
the
whole
point
of
Hubert
is
to
schedule
secondary
virtual
machines.
A
Well,
if
we're
already
running
on
a
virtual
machine,
how
are
we
gonna
run
more
virtual
machines
on
that
virtual
machine?
Virtual
machine
is
officially
losing
all
meaning
to
me
right
now,
but
that's
what
nested
virtualization
does
or
emulating
as
Fabien
called
a.
So
that's
why
that's
a
concern
for
us,
Allen
Davis,
says
NS
might
be
hanging
because
of
a
CR
where
the
finalizar
is
stuck.
I
have
a
feeling
that's
what's
going
on
David,
so
we're
gonna
check
it
out.
A
A
A
Let's
see
what
folks
are
saying
david
says:
namespace
might
be
hanging
because
of
a
CR
with
the
finalizer
John
says:
I've
had
it
work
on
Mac
and
things
like
vert
CLT
console
were
problematic.
That
was
several
months
ago
regarding
conferred
on
Mini,
Kiba
and
Mac,
and
Fabien
says
nice
to
know.
Okay,
so
it
looks
like
we've
had
some
folks
try
it
and
they've
had
some
success
with
it
as
well.
So,
let's
just
you
kv,
get
all
no
resources
found
kv,
get
p.
Oh
no
resources
found
okay,
get
in
s
terminating.
A
A
Okay,
well,
you
know
what
we're
gonna
put
run
it
in
a
different
name:
space.
That's
totally
fine!
So
we'll
we'll
just
call
our
new
name,
space
kV.
For
short,
it's
okay
create
name,
space,
kV
and
then
let's
come
down
here-
and
this
is
a
very
important
command,
so
cubic
tile,
create
config
map,
name
space,
cubes
system,
Qbert
config
from
literal
debug
dot
use
emulation
equals
true.
So
this
is
actually
what's
turning
on
that
nested
virtualization
emulation
that
we
just
talked
about.
A
Okay,
get
all
in
Qbert,
okay,
get
all
in
Qbert
I'm,
pretty
sure
you
ran
this
ya,
know:
resources
found
so
yeah
I,
don't
I,
don't
know
what's
going
on
and
we
can
just
run
it
in
a
different
name
space
and
take
the
easy
way
out
here.
Okay,
so
we
want
this
Runyan
cube
system.
This
looks
good,
let's
go
ahead
and
run
this
up
and
let's
get
rid
of
that.
Bing
already
exists.
A
Q
Bechtel
get
config
mana.
Is
that
what's
going
on?
No,
because
this
is
running
an
in
keep
system?
Okay,
so
let's
queue,
Bechdel
get
config,
Matt,
yeah,
config,
Matt,
namespace
cube
system
and
we
wanted
to
delete.
Was
it
called
Qbert
config
this
one
here?
Okay,
delete
config
config
map,
namespace
cube
system,
the
name
of
our
band,
and
now
we
can
install
this
one.
A
A
Okay,
please
create
the
Qbert
config
in
the
new
space,
namespace
you'll
be
using
it.
Okay,
so
Fabien
says
create
it
in
the
namespace
you'll
be
using
okay,
that's
what
I
thought,
but
we
had
it
in
cube
system.
So
let's
put
this
in
the
kv
namespace.
Thank
you
for
your
help.
Fabien
poof,
okay!
So
now
I
have
cube,
root,
config,
created
and
for
good
measure,
and
let's
go
ahead
and
remove
this
one
I
just
as
good
practice.
We
want
to
keep
things
out
of
keep
system
unless
we
absolutely
need
it.
Our
new
namespaces,
Katie.
A
Okay,
so
folks
were
just
talking
there
a
few
seconds
behind
me
so
I'd
inves
reading
it
out
loud
as
we
go
here.
Okay,
so
we
enabled
emulation,
debug
use
them
when
you
H
nu
equals
true.
So
next
we
want
to
export
our
version
of
cube
for
it
that
we
want
to
use.
So
in
this
case,
I
said
we're
going
to
do
16.1.
So
let's
do
dot
16.1
and.
A
So
yeah,
instead
of
doing
a
Quebec
tile,
apply
we're
actually
just
gonna
look
at
this
first,
so
we
can
sort
of
see
what's
going
on
here
and
talk
a
little
bit
about
it.
So
we'll
W
get
this
and
we're
gonna
cat
out
cube
vert
operator
dot
yeah
mo,
and
we
can
look
at
it
here
as
I
always
say
it
wouldn't
be
a
TGI
K
unless
we
cut
it
out
some
yeah
mo
okay.
A
So
here's
where
we're
starting
cat
kubera
Djamel,
so
we
define
a
namespace
called
Cubert
I,
don't
know
if
that
I,
don't
think
it's
gonna
work,
but
we'll
see
how
this
goes.
Next,
we
define
a
custom
resource
definition,
so
the
D
here
implies
that
were
just
in
the
shape
of
the
object.
A
single
implementation
of
this
object
would
be
a
CR,
a
custom
resource,
but
again
here
we're
just
defining
what
fields
it
has
so
we
define
a
CID.
Then
we
define
a
cluster
role.
A
David
says:
do
the
apply
with
the
new
namespace
you
created?
Got
it
thanks
David,
so
we
create
a
cluster
role,
which
a
cluster
role
is
a
slightly
broader
lease
more
broad,
scoped
auerbach
rule
that
we
can.
We
can
use
to
do
things
like
list
our
nodes
and
various
resources
that
are
at
the
cluster
level
and
not
the
namespace
level
of
kubernetes.
So
that's
what
we're
creating
here.
We
have
a
service
account.
That's
attached
to
that
cluster
role,
we're
defining
a
second
cluster
role.
We
have
a
lot
of
rules
here.
A
Let's
see
we
got
service
accounts,
we
can
get
lists,
watch
create,
update,
delete
patch,
oh
yeah,
weird
is
opening
in
the
world
up
here.
That's
fine,
everything's,
fine,
okay,
let's
scroll
down,
so
this
is
just
defining
all
of
the
different
things
you
can
and
cannot
do
with
this
newly
created
our
back
rule.
As
you
can
see,
it's
quite
lengthy
and
defines
a
lot
of
the
resources
and
what
you
can
and
can't
do
for
them.
A
That's
one
of
the
longest,
our
back
rules
I've
ever
seen
to
be
honest,
and
then
we
have
a
cluster
role
binding,
which
we've
talked
about
this.
A
few
times
a
cholesterol
binding
is
effectively
a
bridge
table
for
all
of
our
relational
database
fans
out
there
that
attaches
the
cluster
role
to
whatever
service
account
or
user.
You
define
for
it,
so
it's
sort
of
what
does
that
mapping,
and
so
you
can
have
different
users
map
to
different
things
and
we
can
have
intricate
complexities
here
with
how
we
do
our
back.
A
Last
but
not
least,
we
have
a
deployment
which
this
is
gonna
actually
contain
the
operator
itself.
So,
let's
see
what
we
got
here.
It's
called
a
vert
operator
scheduler
alpha
local
kubernetes,
it's
critical,
which
is
normal
for
an
operator.
It's
runs,
vert
operator,
port,
8,
4,
4,
3,
set
server,
boss,
Anita
we're
passing
an
operator
image,
and
then
you
can
see
here
we
poke
a
hole
in
the
container
port
and
we
have
a
readiness
probe
which
all
readiness
probe
doodahs
is
just
tell
kubernetes.
A
A
A
Okay,
let's
see
you
name:
Q
Bert,
Q,
Bert,.
A
A
A
A
Yay,
okay,
so
that's
what
we
want.
So
we've
created
everything
we
just
looked
at
our
custom
resource
definition
or
cluster
role.
The
letter
is
getting
clipped
bird
operators
so
on
and
so
forth.
So
now,
if
we
can
do
a
keg
at
all,
namespace
kV,
you
can
see,
we
actually
have
some
resources
running.
So
we
have
the
vert
operator.
We
have
our
name
space
and
we
have
a
replica
set
for
it.
So
Debian
or
fabien
says
ye
of
yeh.
Ok,
ok!
So,
let's
go
back
here
to
and
let's
do
K
apply.
A
A
Cated
CR
g
interesting
anyway,
W
get
poof
download
that
lets
cat.
What
was
the
name
of
that
file?
Qbert
CRE
Amal,
so
let's
cat
out
Cuba
vert
CR
y
Amal.
Oh
this
is
the
world
simple
of
CML
file,
so
you
we
just
defined
cube
root
and
set
it
to
Qbert
and
only
pull
the
image.
If
it's
not
present
was
the
operator
in
air
state.
Let's
just
check
and
see.
A
Name:
Qbert,
f,
Qbert,
CRE
mo
okay.
So
now,
let's
see
if
that
fixed
our
our
operator
once
it
restarts,
we
should
be
able
to
see
I'm
gonna.
A
A
A
Interesting
describe
Pio,
that's
what
I
just
did
running
it
again:
container
image
index
docker
operator
already
present.
So
that's
good
I,
don't
really
see
anything
gauge
wants
me
to
look
at
the
logs.
Look
at
the
logs.
Take
it
Pio
name:
space,
kV,
ok,
k,
logs
namespace
kv
f.
Here
we
go
logging
before
flag
pars.
If
I
had
a
nickel
every
time,
I
got
a
log
in
before
flag
pars
and
go
air
yeah
need
logs
unable
to
retrieve
the
complete
list
of
server
api
sub
resources.
A
A
A
A
A
A
A
A
A
In
fact,
let's
just
do
take
it
all
Oh
namespaces
see
what
we
have
up
and
running
okay.
So
it's
already
installed
okay,
so
this
is
cool.
So
the
AWS
image
that
we
we
installed
through
the
AWS
installer
here
comes
pre-loaded,
with
everything
ready
to
go,
but
just
in
case
that
wasn't
the
case,
we
would
have
been
able
to
come
in
and
run
these
commands
and
effectively
get
us
to
where
we
want
to
go.
The
next
thing
we
want
to
do
is
you
want
to
install
vert
cuddle,
which
I'm
assuming
this
is
already
also
installed.
A
Let's
see,
we
have
a
vert
wet,
but
I
don't
think
we
have
a
vert
CTL
No,
okay.
So
let's
do
this
command
and
this
is
gonna
install
the
command
line
tool,
vert
CTL,
which
is
what
we're
gonna
use
to
interact
with
our
operator
and
our
CRS
and
stuff
with
do
you
do
so?
We
are
installing
that
and
we
wanted
to
mod
it
and
drop
it
off
in
our
path.
A
Let's
do
this
mod
+
X
vert
cuddle
and
move
a
vert
cuddle
to
user
local
ben
burtt,
CTL,
okay,
sudo
Bingbing,
okay,
so
at
least
now,
oh,
it
says
somebody
was
saying
to
use
this
verts
ETL
here.
A
A
A
A
So
then,
let's
do
our
download
command.
Oh,
this
is
taking
much
longer.
Okay,
my
chat
is
blowing
up.
Let's
see
you
has
moved
the
file
to
been
a
vert
cuddle
was
in
your
local
directory.
Anatole
is
overwritten
by
the
W
get
you
did
I'm
sure
the
curl
command
over
in
the
existing
file
and
moved
it
to
use
your
local
pen.
Oh
nice,
catch
Fabien,
yep,
okay!
A
So
let's
trim
on
this
mod
+,
X,
vert
cuddle
and
we'll
move
vertical
into
our
path:
user,
local
been
vert,
CTL,
BAM,
okay,
so
now
we
should
be
able
to
run
vert
CTL,
yay,
okay,
next
up
in
our
documentation
here,
invert,
sleet
CTL
and
here's
where
we're
actually
going
to
create
a
virtual
machine.
This
is
said
this
is
the
moment.
We've
all
been
waiting
for.
So
let's
take
a
gander
at
this
yeah
mol
here.
A
A
So
we
here
we
have
this
lovely
virtual
machine
CR
that
we're
about
to
upload
to
our
kubernetes
server
here
and
if
you
remember
earlier,
when
we
did
this,
we
talked
about
how
we
were
gonna,
be
defining
the
VM
and
it
was
just
gonna,
be
little
bits
of
the
animal.
Well,
that's
concretely
what
we're
exactly
looking
at
right
now,
which
is
we're
defining
the
VM
called
virtual
machine
and
here's
a
mammal
okay.
A
So
we
tell
it
it's
a
small
to
test
V
and
we
defined
some
disks
looks
like
we
tell
it
how
we
want
64
Meg's
of
memory.
We
can
define
network
information
volume.
Information
looks
like
we
have
some
configuration.you
bits
down
here.
For
all
intents
and
purposes,
I
think
this
is
this
is
a
fine
starting
point.
I,
don't
see
anything
wrong
here,
I
mean
we
are
running
a
third-party
software
today.
To
begin
with,
so
there's
some
inherent
danger
there,
but
for
there
our
demo
I
think
it's
safe
to
go
ahead
and
just
go
ahead
and
apply.
A
A
A
Vert
cuddle
start
test,
vm
vm,
test
vm
was
scheduled
to
start,
and
then
we
can
do
get
vm
eyes
a
virtual
machine
instance,
okay.
So
this
is
again.
This
is
where
we
get
into
the
same
pattern
of
like
see
ours
and
how
they
relate
to
see
our
DS.
A
vm
declares
the
virtual
machine
spec
and
then
you
can
have
one
or
more
instances
of
that
spec
and
that's
the
difference
between
a
vm
I
and
a
vm
here.
A
A
Okay-
and
you
can
see
here-
it's
a
single
concrete
implementation
of
that
spec
that
we
looked
at
earlier
so
now.
My
question
here
is:
I,
am
NOT
a
huge
KVM
user?
What's
the
best
way
to
inspect
or
gain
access
to
this
virtual
machine?
If
folks
know
how
we
would,
we
would
look
and
see
what's
what's
running
in
k,
vm,
you
can
also
have
running
in
your
spec
set
to
true
as
well
correct.
You
can
also
have
running
in
your
SPECT,
yeah
I.
A
Think
what
gage
is
saying
you
can
flip
the
bit
from
running
to
true
and
it'll
automatically.
Do
that
start
test
VM
command
here
that
we
had
to
manually
type
in
which
is
handy
to
know,
and
it
says
accessing
VMs.
This
is
what
I
was
just
asking
about:
vertical
can
solve,
consult,
SVM,
okay,
so
burnt
cuddle
is
actually
a
pretty
handy
tool.
I
like
it
vert
cuddle
console
test
VM.
A
So
it's
actually
connected
connected
to
the
test
game
console
via
escape
sequences
that
log
into
serious
using
default
password
go
comes.
Go
you
see
what
Oh
for
root
test,
VM,
login,
so
I
think
we
do
you
see.
Russ
password
is
go,
Cubs
go
so
I
guess
now
would
be
a
bad
time
to
mention
that
I'm
from
st.
Louis.
That's
why
I
went
to
high
school.
Go
cards
incorrect,
login!
That's
what
I
get
from
being
a
Cardinals
fan
test.
Vm,
let's
see
CEI
RR
OS
go
Cardinals
go
yeah.
A
A
Busy
box
multi
call
binary,
eise
is
free,
oh,
it
doesn't
have
a
human
readable,
so
we
can
do
free,
em,
very
small
amount
of
memory.
What
else
do
folks
want
to
see?
Here's
our
thing,
here's
top
8%
of
our
CPU.
We
have
a
very
small
buffer
up
here,
99%
idle
this.
This
computer
is
effectively
doing
nothing.
This
is
a
very
happy
virtual
machine,
so
we
can
get
out
of
this
and
we
can
exit
and
what's
cool
is
wait
there
we
go
if
I
come
here
and
I
do
a
DF
age.
You
can
see.
A
We
have
much
more
resources
available
to
us
so
that
we
were
able
to
demonstrate.
We
were
actually
running
an
emergent
machine
there.
So
that's
pretty
rad
KBM
working,
really
nice
vert
cuddle
bean.
A
really
nice
wrapper
that
allows
us
to
take
advantage
of
some
of
the
features
of
kvam
and
we
get
to
do
all
of
that
declaratively
in
kubernetes
with
Qbert
here
and
then
here
are
some
next
steps
on
setting
up
mini
cube
and
so
on
and
so
forth.
Now
we're
getting
close
to
the
end
of
the
episode
here.
A
So
does
anybody
have
any
questions
or
do
they
want
to
see
anything
else
or
have
I,
given
folks
a
pretty
good
idea
of
what's
going
on
with
Qbert
and
how
everything
is
going
to
be
working?
If
I
have
everything
set
up,
if
you
want
to
run
it
go
for
it,
if
not
I'm
happy
to
just
tinker
around
at
it,
maybe
we
can
run
dirt
cuddle
and
see
if
there's
any
other
commands
that
look
exciting.
A
A
A
A
There
we
go
I,
don't
know
why
it
always
takes
two
times.
So
what
specifically,
do
you
want
to
see
about?
The
network
here
looks
like
we
have
one
Ethernet
interface
configured.
Let's
see
what
operating
system
is
this
you
name
eh,
so
it's
Linux,
Ubuntu,
so
I
bet
we
can
cat
Etsy
Oh.
What
is
it
network
interfaces.
A
Configured
loopback
and
the
world
simple
as
etho
setup
in
the
world,
very,
very
primitive
networking
here,
let's
see
what
folks
are
saying
in
chat
says
well,
without
any
additional
networks
defines
you
can
attach
the
VM
to
the
pod
Network,
oh
okay,
so
that's
really
handy
to
know
so
we
can
actually
create
the
virtual
machine
on
the
pod
Network
so
that
we
would
be
able
to
interface
arbitrary
pod
without
a
VM.
So
let's
say
maybe
this
is
running
in
a
database
and
we
want
to
be
able
to
access
that
database.
A
We
would
be
able
to
use
Hubert
to
get
this
on
the
same
network
as
our
pods
and
we
have
various
pods
in
kubernetes
all
happily
running
in
the
same
network
and
live
migration.
Is
there
an
equivalent
for
an
HPA
for
VMs
to
auto
scale
them
in
life
creation?
Fabien,
says
not
to
forget
about
live
migration
indeed,
yeah
Fabien.
Can
you
give
us
any
more
pointers
on
how
Qbert
would
handle
a
live
system,
migration
or
mutating?
The
existing
system,
like
if
I
wanted
to
say,
add
more.
Let's
actually
try
this
right.
A
A
Okay,
so
we
want
to
save
this
command,
so
we
have
18
Meg's
of
disk
space
here
and
we
have
30
Meg's
mounted
in
route,
so
we
can
just
remember
30
Meg's,
here,
okay,
so,
let's
eggs,
you
got
to
do
this
control
character
again,
okay,
so
it's
exit
here.
Let's
queue
bechtel
and
edit
VM
I
test
VM
name,
space,
cube,
vert,
I,.
A
A
A
Editor,
let's
change
editor
here.
Editor
is
equal
to
bull,
sees
nano
since
the
Emacs
probably
isn't
installed
on
here.
Okay,
let's
come
down
here
just
to
64
Meg's
change
this
to
oh,
is
this
still.
This
is
still
VI.
Oh
my
god.
I
hate
this
thing.
Okay,
anyway,
let's
see
quit
rate.
That's
all
I
know
how
to
do
in
venom
is
quite.
Can
we
see
what
you're
seeing
Oh
duh
thanks
for
pointing
that
out,
if
sheesh
I
didn't
realize,
we
were
still
on
my
face
here.
A
A
A
A
A
So,
let's
see
where
is
he
max
use
your
bene
max?
Let's
try
this.
Does
it
ed
attorney,
be
in
all
caps,
I
think
it
does.
Doesn't
it.
A
A
I
guess
it's
not
gonna!
Let
me,
let's
turn
you
back
to
64
and
see
what
happens.
I'm
curious
about
this
live
migration.
Now,
okay,
yeah
Qbert,
Tess
VM
is
invalid.
Oh,
we
would
have
to
give
it
a
different
name.
Okay,
that's
fine!
Anyway!
Let's
see
if
Fabien
has
me
thing:
okay,
yes,
yeah!
So
Fabien
drop,
something
in
the
chat.
Let's
just
pull
this
up
and
see
what
we
can
find.
Okay,
so,
oh
good!
It's
documentation
on
live
migration
here,
enabling
the
live
migration
support.
A
So
you
go
to
new,
define
it's
config
map.
You
initiate
live
migration
virtual
machine
instance,
migration,
migration
status
reporting,
okay,
so
it
looks
like
there's.
This
whole
live
migration
system.
That
Qbert
allows
you
to
do
where
you
would
be
able
to
live
migrate,
a
virtual
machine
in
the
exact
same
way
in
a
declarative
way
using
the
operator
and
declaring
what
you
want
as
well,
and
we
can
jump
more
into
that.
A
Maybe
in
a
second
episode
a
little
bit
later,
we're
already
an
hour
and
a
half
into
our
episode,
so
I'm
gonna
start
to
wrap
it
up.
You
folks
have
any
other
questions
or
anything
else.
They
want
to
see
while
they
got
me
here
and
we
have
this
pulled
up
and
we
can
access
it
and
take
a
look.
I'm
curious
of
what
Verte
cuddle
can
also
do
looks
like
we
have
image
upload.
We
can
restart,
we
can
stop.
If
we
had
VNC
installed,
we
could
beam
see
into
it.
A
John
Griffith
says
ASCII
cinema
screencast
for
anybody
interested
I'll,
allow
it
I'm,
not
gonna
click
on
it,
though
David
X
Johnson,
says
interesting.
References
to
virtual
machine
replica
set,
making
it
possible
to
set
the
number
of
replica
sets
to
scale
so
yeah
Kubrick
gives
you
a
ton
of
higher
level
primitives
like
having
a
virtual
machine
replica
set,
so
you
can
actually
define
a
set
of
virtual
machines.
It
allows
you
to
do
all
that
in
a
declarative
way.
So,
overall
we
got
it
running
in
Amazon.
A
At
the
beginning,
the
episode
I
suggested
not
to
click
on
cute
on
these,
but
they
were
able
to
actually
fix
this
like
within
the
past
hour,
even
so
hats
off
to
our
friends
at
Qbert
hats
off
to
Fabien.
Here
for
all
of
his
help,
helping
me
today
and
getting
us
up
and
running,
and
thanks
again
for
joining
us
on
TV,
I
K
I,
guess
everybody
have
a
good
weekend
thanks
for
joining
I'll,
give
folks
another
minute
or
two
here
to
say
goodbye
and
I'll
have
like
a
sip
of
beer
but
yeah.
A
If
you
want
to
drop
in
and
say
bye,
if
there's
anything
else,
you
want
to
see.
Let
me
know
and
hit
that
subscribe
button
right
here.
Oh
John
says
that
ASCII
cinema,
that
he
shared
is
a
reference
to
the
live
migration.
Okay,
somebody
want
to
take
the
the
power
of
adding
that
to
the
documentation
for
us,
for
the
hack,
MD
Fabien
says,
maybe
also
worth
mentioning
the
common
templates,
which
provides
definitions
for
common
guests
Windows
and
Linux
a--'s
okay.
A
So
we
can
kind
of
do
like
what
we
do
with
volume
templates,
where
we
can
sort
of
define
a
template
that
we
can
easily
exchange
information
into
and
out
of
that,
make
up
commonly
used
virtual
machines
for
us
that
we
could
use.
So
maybe
we
wanted
to
find
like
we
want
to
have
a
large
server,
but
we
want
to
sometimes
change
the
operating
system.
We
could
use
templates
for
that
I'm
Alan
Fraser.
Do
you
have
a
link
for
the
Hangout
after
tea
gik?
We
can
get
one
I.
Follow
me
on
Twitter
I'll.
A
Add
a
I'll
retweet
Nicholas's
tweet
at
all.
That
has
the
the
Hangout
information
Allen,
it's
just
twitter.com,
slash
Chris
Nova,
but
other
than
that
I
think
everybody.
Thank
you
so
much
for
joining
I
love,
doing
tea,
gik,
I,
love
hanging
out
with
we'll
see
everybody
next
week.
I
think
we're
gonna
have
one
of
my
good,
climbing
friends
who
works
here
at
VMware,
I
named
Josh
gonna
be
doing
his
first
tee
gik,
so
make
sure
to
give
him.
A
Excuse
me
a
warm
TJ,
okay,
welcome,
let's
see
mine,
says
thanks
and
have
a
good
weekend
and
enjoy
working
from
home.
Absolutely
things
well
done
to
get
through
all
the
issues,
thanks,
Fabien,
probably
to
help
you
really
helped
save
the
day
today
and
yeah.
This
has
been
t
gik
on
Qbert.
Hopefully
folks
learned
a
lot
and
got
an
idea
of
how
we
can
schedule
one
or
more
virtual
machines
in
a
very
flexible
way,
using
Qbert
and
KVM.
So
Allen
says
many
things
have
a
great
weekend
thanks
everyone,
it's
been
a
pleasure.
I
will
see.