►
From YouTube: TGI Kubernetes 182: Karpenter
Description
Join Naadir Jeewa and Marko Bevc of Scale Factory to discuss new Kubernetes cluster autoscheduling solution Karpenter ( https://karpenter.sh/ ).
Episode notes at: https://tgik.io/notes-182
Photo by Ricky Kharawala on Unsplash
A
A
A
Hi,
so
do
you
want
to
introduce
yourself.
B
B
First,
thank
thank
you
for
having
me
my
name
is
marco
belts.
I
work
as
a
head
of
consultancy
at
the
scale
factory.
B
We
are
aws
partners
and
we
work
in
the
aws
space
and
also
tightly
kind
of
with
containers
and
containerized
workloads
where
we
help
our
customers
to
kind
of
you
know
achieve
more
in
their
cloud
workloads
so
yeah.
That's
me,
cool.
A
And
if
you're
not
familiar
with,
who
I
am,
I
I've
been
working
on
kubernetes
cluster
api
for
a
long
while
for
aws
and
full
disclosure
me
and
marco
used
to
work
together,
and
we
will
be
talking
about
carpenter,
because
marco's
presented
that
on
carpenter
a
few
times
so
bringing
on
as
a
subject
matter
expert
and
I'm
currently
an
engineering
lead
for
tanzanite's
grid
at
vmware.
A
Let's
see
who's
around
happy
friday,
all
from
israel
from
home
thanks
happy
friday
to
y
hi,
martin
from
the
netherlands
from
saudi
arabia,
egypt
cool.
So
as
ever
our
first
thing,
oh,
I
should
post
a
link
to
the
notes
we
are.
The
notes
are
going
to
be
at
notes,
one
eight
and
let's
please,
let's
check
out
okay
yep,
that's
the
notes
so
feel
free
to
edit
in
real
time.
So
the
first
thing
we
are
gonna
do
is
our
week
in
review.
A
If
I
can
find
the
correct
things
now,
the
banners
that's
white
one.
So
there
we
go
all
right,
let's
so
first
things
first
in
week
in
review,
so
from
kubernetes,
quite
we've
had
a
couple
of
new
patch
releases.
One
thing
we've
that's
happened
in
the
last
week
is
docker
shim
support's
been
with
me.
I
probably
should
share
my
screen.
Let's
do
that
hold
on
let's
there
we
go.
A
There,
okay,
so
dr
shim
support
has
moved
from
cuba
adm
now.
Some
of
you
might
remember
the
sort
of
semi
controversy
around
this
when
it
was
first
announced
about
a
year
ago.
I
think
that
we
would.
This
was
going
to
happen
in
the
kubernetes
project
and
there
was
a
lot
of
confusion
around
what
that
actually
meant.
A
Yes,
so
don't
panic
is
the
answer,
so
doc
is
not
going
to
go
anywhere.
You
can
still
build
your
containers
using
docker,
and
what
we
mean
by
this
is
the
using
docker
on
its
own,
as
the
container
run
time
for
kubernetes
is
going
to
go
away
and
in
mostly
in
favor
of
using
container
d
actually
for
most
what
this
means
for
most
people,
which
docker
ultimately
uses
anyway.
So
really
nothing
really
changes.
It's
just
we're
just
removing
one
of
the
middle
people.
A
I
guess
in
between
like
container
d
and
kubernetes,
so
don't
worry
still
we're
still
expecting
people
to
use
their
favorite
tooling
to
create
images.
So
just
in
case
you
might
see
that
in
your
panic,
so
well
so
just
notice
in
the
cncf
sandbox
and
we
had
a
new
project
join
and
that's
devfile.io
which
I'd
not
seen
before,
but
I
think
this
is
around.
A
I
don't
know
if
you
okay,
what
was
the
equivalent
back
in
the
docker
days?
What
was
it
there
was
that
method
of
running
you
had
like
a
yaml
file
and
it
would
run
a
bunch
of
docker
containers
and
you
stick
it
in
your
repo
who
remembers
that
I've
totally
forgotten.
A
Jesus
anyway,
it's
it's
a
replacement
for
that
and
also,
I
think,
it's
also
a
bit
from
what
I've
seen
it's
a
bit
like
tilt.dev,
so
which
is
something
we
I've
used
a
lot
until
we're
using
cluster
api.
It
it's
a
mixture
of
actually
using
stala
compost.
That's
right!
Darker
compost,
that's
the
one!
Yes!
So
this
is
kind
of
like
docker
compose
and
the
bit.
I
think
there's
been
a
couple
of
other
similar
sorts
of
projects
as
well.
So
it's
another
one
in
that
space.
So
let's
join
the
cncs
sandbox
people
interested.
A
We
might
do
tg
ak
on
this
might
take
give
it
give
it
a
spin
find
out
what
it's
all
about.
What
I'm
really
familiar
with
is
tilt
which
uses
the
starlark
language,
and
we
use
that
a
lot
in
in
cluster
api
and
but
it
says
compose,
is
very
light
alive.
You
can
push
from
compost
to
ecl
or
aks
yeah.
Thanks
for
that,
I
stand
corrected.
A
Yeah
cool
is
there
and
if
you
haven't
seen-
and
please
don't
all
just
sort
of
start
watching
this
instead,
like
I,
I
know,
like
you-
know,
youtube
short
attention
spans
and
all
them
fickle
viewers.
You
know
it's
not
like.
We've
got
the
sponsorship
spots,
you
know
not
gonna,
do
any
here,
we're
sponsored
by
skillshare
or
brilliant.org,
or
anything
like
that,
so
you
can
stick
around,
but
the
kubernetes
documentaries,
just
out
their
first
part,
was
premiered.
Earlier
today
I
haven't
seen
it
yet.
A
It's
got
a
lot
of
the
founders
from
kubernetes
suggest
everyone
watches
it,
but
not
right.
Now.
Okay,
later
all
right.
So
today
we're
going
to
talk
about
carpenter,
which,
which
has
been
on
the
horizon
for
a
while
now
I've.
I've
certainly
had
some
conversations
with
aws
around
this
previously
talking
about
how
we
might
use
it
in
cluster
api,
but
yeah,
it's
I
think
they
did
a
formal
announcement
at
the
end
was
it
I
think,
possibly.
B
I
think
it
made
it
the
ga
of
the
reinvent,
but
the
first
time
that
kind
of
picked
my
interest
was,
I
think
it
was
kubecon
europe
cubecon
eu,
so
yeah
must
have
been
like
almost
a
year
ago
now.
So
it
was.
A
Yeah
thanks
and
it's
here
where
I
reveal
as
far
as
I'm
concerned
there
for
myself
the
emperor
has
no
clothes,
so
I
I
do
not
run
kubernetes
in
production.
A
My
personally
I
develop
on
the
kubernetes
project
itself,
but
as
far
as
I
don't
use
it
in
production,
much
actually
the
last
couple
of
months
I've
been
doing
design,
stuff
and
other
bits,
so
I
haven't
actually
used
kubernetes
for
ages,
so
this
is
going
to
be
fun,
isn't
it
as
we
play
around
so
I
think
the
way
I'm
going
to
play
this
is
revisit
cluster
with
a
scalar,
basically
as
you're.
Well,
probably,
people
are
sick
of
me
going
on
about
I'm
from
the
cluster
api
space.
A
So
I'm
going
to
redeploy
cluster
autoscaler
with
cluster
api
and
then
we'll
take
a
look
at
that
and
go
through
the
shortcomings
and
then
we'll
switch
over
to
carpenter
on
eks
for
reasons
that
I'll
get
into
later
and
yeah
and
go
through.
Why
did
what
the
difference
are
why
we
might
want
to
support
it?
Support
cluster
api
using
carpenter,
yeah
and
just
get
some
ideas
see
what
that's
about
so
yeah.
Does
that
work
for
you,
marco.
B
Yeah
sounds
good
to
me.
Definitely
definitely
sounds
like
a
good
plan,
I'm
quite
interested
to
kind
of
see
where
that
leads
us
today.
A
Yeah,
thank
you
valid
for
dropping
the
link,
so
there's
a
talk.
The
talk
that
marcus
mentioned
was
from
ellis
tan
and
petit
kudia
from
amazon
in
kubecon
eu
2021
yeah.
It
was
ls
that
I
had
talked
to
previously
about
this
yeah.
So
all
right.
So
if
I
go
to
my
terminal,
so
I
have
spun
up
both
clusters.
I
we'll
just
close:
it's
got
eks
cluster,
which
has
spun
up
with
dks
cattle.
A
In
the
background,
if
I
just
go
back.
A
For
those
who
don't
know
how
class
api
works,
you
class
api
uses
kubernetes
itself
to
deploy
clusters,
so
I
had
kind
kubernetes
in
docker
hi
vlad
hi
ellis
thanks
for
joining
all
right.
So
I
might
throw
you
a
link.
Ls
might
get
you
on.
That's
fine.
A
Yeah
all
right,
so,
yes,
I've
got
a
kind
clusters,
that's
kubernetes
and
docker.
If
it's
like
this
bit
like
using
minikube
in
which
cluster
api
is
running,
I
had
defined
a
cluster
which
is
called
tgik182,
and
I
can
probably
do
this.
One.
A
All
right
there
you
go
so
it's
made
up
of
it's
an
aws
cluster
api
cluster
using
cube
adm
control
plane,
which
is
kind
of
defaults
around
cluster
api.
We
have
a
bunch
of
machines.
A
We
have
a
machine
deployment,
I
think
yeah,
which
has
no
probably
want
to
give
it
some
replicas.
So
machine
deployments
are
like
normal
deployments,
except
we're
scaling
machines
instead
of
let's
just
d1
for
now,
instead
of
pods,
so
we're
just
going
to
create
one
machine.
A
So
that's
doing
its
stuff.
We
have.
A
This
is
the
eks
cluster.
A
A
Yeah
point
I'm
just
taking
off
that
we
can
review
banner
as
well
right
and
we
have
the
this
cluster
and
I
think
I
deployed
a
cni
to
it
earlier
yeah,
so
we're
running
andrea,
oh
it's
in
oh
yeah,
because
we
just
spun
up
the
new
node.
So
that's
two
mix
cool
fine!
A
That's
that
will
settle
down
in
a
minute
right,
so
we
need
to
deploy
cluster
autoscaler
on
this,
so
instructions
have
changed
since
I,
since
I
last
looked
at
this,
which
was
probably
about
18
months
ago,
which
is
kind
of
ironic,
so
I
was
temporarily
a
reviewer
for
this
and.
A
Probably
shouldn't
have
been
yeah,
so
I
was
yeah,
formerly
a
reviewer
for
the
prs
that
were
coming
in
to
the
cluster
with
this
scale
across
the
api
provider
right.
So
I
think
when
this
first
started,
you
had
to
run
two
copies
of
the
cluster
autoscaler
one
in
your
management
cluster,
one
in
your
actual
cluster.
Today
you
only
need
to
do
it
in
the
one
place
and
that's
because
we
can
set
this
setting
so
we're
gonna
actually
run
the
autoscaler
on
in
my
kind
cluster,
on
my
laptop.
A
So
in
production
usage,
you're
gonna
have
one
permanent
management
cluster,
which
is
probably
going
to
be
in
aws,
and
that's
going
to
manage
lots
of
other
clusters
that
create
underneath
it,
and
you
would
just
install
auto
scan
on
that.
I've
not,
and
there
is
a
process
in
which
you
can
move
resources
from
your
local
machine
over
to
a
newly,
create
created
workload,
clustering,
converting
management
cluster.
We're
not
going
to
do
that
today,
because
it's
a
bit
of
a
pain
there
are
tools
to.
There
is
a
see
there
is
a
cluster.
A
A
Basically,
if
I
did
this,
it
would
convert
that
cluster
that
I've
ma
made
into
its
own
self-managed
management
class.
Then
we'd
run
it
all
together,
but
for
the
purposes
of
this
and
to
sort
of
simulate
how
you
would
do
this
for
real
we're
going
to
pretend
that
my
local
docker
based
kubernetes
cluster
is
a
permanent
management
cluster
and
that's
where
you
would
run
one
autoscaler
that
manages
all
of
the
other
clusters.
A
So
hopefully
I
have
got
this
manifest
properly.
So
I
took
the
examples
and
it's
just
going
to
create
clusters
going
namespace
gonna,
stick
a
deployment
in
it
and
we're
gonna
set
the
setting.
That's
needed
a
bunch
of
cluster
role
bindings
that
allow
it
mostly
they
can.
A
Yeah
they
can
watch
the
relevant
cluster
api
resources,
which
are
machine
deployments
and
the
scale
sub
resource
machines
and
machine
sets
so
yeah.
So
that's
pretty
much
it
and
hopefully
that
works,
and
I
haven't
screwed
up
networking
which
I
did
35
minutes
ago.
A
Yeah,
so
I
was
just
going
to
deploy.
I
already
have
that
workload.
So
uvh
has
a
nice
little
demo,
so
I'm
just
going
to
use
it
also.
I
do
these
are
not
permanent
clusters.
So
all
right.
So
let
me
okay.
One
thing
I
need
please
watch
out
and
tell
me
off
if
I'm
getting
up
going
to
the
wrong
context,
because
I've
done
this
like
five
times
already
today,
deploying
things
into
the
wrong
place
right.
A
Okay,
all
right.
A
It
doesn't
matter
like
I
mean
basically
what's
going
to
happen.
Well,
if
we
have
a
look
at
what's
happening
on
that
other
cluster,
if
we
having
a
bad
bad
time,
I
think
it's
yeah
there
we
go
it's
incredibly,
we
can
have
it
look
at
what's
why
it's
in
and
it
should
be
pretty
yeah
yeah.
I'm
I'm
not
convinced
that
the
output
of
this
is
particularly
helpful
today,
but
once
you
do
get
scroll
all
the
way
up
to
the
top,
it's
fairly
obvious.
A
A
B
B
A
Okay,
I
think
right.
Okay,
so
got
that
running
and.
A
Other
next
emperor
has
no
clothes
thing:
I've
not
never
used
classic,
auto
scaler
so
that
that's
fun.
A
B
B
A
A
Yeah,
I
I
don't
know
if
that
counts
as
a
heftier
project.
I
think
that's
more
or
less
just
someone
that
hemtia
did
that
yeah
vlad
goes
auto
scooter,
it
does
have
auto
discovery,
but
it
needs
certain
tags.
Yes,
these
ones.
So
so
on
this
bus
there
I've
got
a
machine
deployment
and
I
had
already
manually
scaled
it
to
one
earlier
right.
A
And
the
way
this
works
is
this:
machine
deployment
is
linked
to
an
aws
machine
template.
So
that's
really
gonna
define.
A
It's
just
it's
one
instance
type,
so
I
think
I
configure
it
as
t3.x
large
much
earlier
yeah,
so
it
can
spit
up
a
number
of
t3x
larges.
A
These
specs
I
forget,
but
I
just
pick
it
because
it
it
sounds
like
it's
not
going
to
crash,
so
I
just
don't
know
we're
using
an
upstream
cis
that
value.
This
is
why
I
use
that
one
or
you
might
be
using
2x
large,
I'm
not
sure.
I
know
it's
not
so
small
that
once
you
deploy
like
cni
and
stuff
that
it
doesn't
just
start
falling
over
right,
so
we're
gonna
add
the
metadata
which
let's
go
back
to
the
docs
okay.
I
need
this
one
annotations.
A
Almost
certainly,
I
think
I've
got
enough
voice
creator
in
my
aws
account
for
about
200,
so
that
should
be
fine.
A
Couldn't
find
template
for
node
group
machine
deployment,
thief
interesting,
you
don't
have
that
in
the.
A
A
A
A
All
right,
it's
still
complaining
about,
couldn't
find
the
template
for
the
node
group,
but
we'll
leave
that
I
don't
know
what
static
autoscaler.go
is
that
maybe
it's
just.
A
A
A
A
A
A
A
A
A
Yeah
colors
we'll
get
to
that
any
additional
providers
in
the
world
yeah,
so
it
as
far
as
I
know,
it's
only
aws.
A
Vlad,
I
always
have
to
relearn
these
things
too.
Everybody
does
took
me
literally
10
15
minutes
figure
out
how
to
get
a
crd
without
auto,
complete
and
just
typing
random
things.
Yeah.
That's
pretty
much.
My
my
everyday.
A
I
don't
there
was
a
twitter
fred
about
this.
Don't
like
I
don't
like
the
cube
ctx
changing
between
chills.
I
believe
a
few
days
ago.
B
A
A
A
I
don't
think
I
needed
to
do
that.
Oh
okay,
so
it's
still.
A
A
A
A
The
question
valid:
are
you
following
the
aws
cluster,
auto
scalia
provider?
No,
I
am
following
the
cluster
api
provider
for
cluster
autoscaler,
which
is
supposed
to
be
infrastructure
agnostic.
It
does
come
with
some
limitations,
it
mean
there's
also.
I
want
to
look
at
carpenter
because
the
us
api
authorizator
doesn't
know
about
things
like
what
instance
type
it
is.
It
doesn't
know
if
it's
doesn't
know
like
if
it's
got
gpus
or
whatever.
A
So
there's
actually
quite
a
lot
of
limitations
about
the
cluster
api
and
provided
for
class,
a
f4
cluster,
auto
scanner,
but
it
is
somewhat
infrastructure
agnostic.
A
So
it's
not
going
to
create
any
auto
scaling
groups
on
its
own.
All
it's
going
to
do
is
change
the
value.
I
think
it's
already
done
it
so.
A
This
controller
plus
the
api
aws
controller,
is
the
thing
that
is
scaling
the
which
is
doing
creating
ect
machines
individually,
doing
it
one
by
one.
So
it
creates
a
new
ec2
instance.
There's
a
whole
bunch
of
things
that
happen
where
it
generates
a
temporary
credentials.
A
For
that
you
know
to
then
join
the
kubernetes
cluster,
there's
a
bunch
of
stuff
that
happens,
but
so
cluster
autoscalers
only
interface
is
a
hook
into
the
workload
cluster
to
be
able
to
monitor,
like
pods,
that
are
waiting
to
be
scheduled,
etc,
and
I
hook
into
the
management
cluster
side
to
be
able
to
scale
machine
deployment
resources.
It
doesn't
need
any
other
credentials
than
that,
so
it
operates
on
its
own.
So
I
don't
have
to
do
anything
with
iem
beyond
what
I've
already
given
to
cluster
api.
A
B
Yep,
I
think
so
so
if
you're
gonna
try
to
scale
it
up
to
something,
that's
not
gonna
fit.
I
think
we're
gonna
end
up
in
an
interesting
situation.
Yeah.
A
B
A
Going
to
see
is
there
a
bunch
of
pods
pending
and
a
bunch
of
them
will
still
be
running
because
it's
not
going
to
get
rid
of
the
old
ones
until
it's
had
a
chance
to
see
these
running,
which
is
never
going
to
do
now,
because
we
can't.
So
if
we
were
to
do
a
describe
on
that.
A
B
A
A
Okay
right,
so,
let's
make
plus
a
little
cisco
for
a
moment,
I'm
interested
in
coming
back
to
it
maybe
later
so.
A
A
I
wouldn't
see
a
situation
where
you
won.
Well,
maybe
right,
I
don't
know,
would
you
run
a
cluster
a
you
might
still
use
cluster
autoscale
on
eks
with
cluster
api,
possibly
yeah.
It
would
work
yeah.
B
B
As
we've
seen
with
the
cluster
auto
scale,
one
of
the
reasons
why
you
probably
want
to
go
with
something
else
rather
than
cluster
autoscaler
is,
is
exactly
the
reason
we
seen.
So,
if
you
know
your
workloads,
don't
always
kind
of
match
the
resources
you
have.
This
is
obviously
one
big
limitation
with
cluster
scale
or
similar
solutions
in
this
space
right.
B
So
it's
not
just
the
cluster
autoscaler,
probably
worth
mentioning
the
reason
why
we
showed
you
the
cluster
autoscaler,
because
this
is
kind
of
let's
call
it
a
de
facto
kind
of
auto
scaling
solution
out
there,
or
at
least
the
solution.
That's
mostly
most
popular
at
this
point,
but
you
know
in
case
you're,
adding
you
know
things
that
don't
fit.
B
It's
also
called
like
a
nodeless,
auto
scaling
and
the
reason
why
it's
called
like
that,
because
it
kind
of
eliminates
the
the
whole
concept
of
node
groups,
so
instead
of
scaling
in
a
way
that
you
have
node
groups
where
you
would
add,
like
identical
workloads,
no
identical
resources
to
it
in
ethical
nodes,
it
literally
works
on
a
different
level,
so
it
eliminated
eliminates
that
concept
and
kind
of
try
to
provision
resources
for
you
outside
of
that
and
then
help
in
then
help
the
scheduler
to
kind
of
efficiently.
B
Add
those
resources
in
your
cluster
based
on
the
workloads
you're
trying
to
schedule,
and
there
are
other
kind
of
kind
of
advantages
as
well.
So
the
speed
is
a
big
advantage
as
well,
so
with
the
cluster
autoscaler
right.
You
need
to
wait
until
you're
in
aws,
auto
scaling
group
figures
out.
Oh,
I
need
to
scale
up
it.
That's
instances
in
so
all
that
kind
of
you
know
procedure
can
take
up
to
like
maybe
like
three
to
five
minutes.
I
guess
depends
on
the
oh
thanks,
dom
yeah.
B
The
note
group
is
a
concept
in
the
eks.
Yes
correct,
but
it's
implemented
with.
You
know
using
autos,
sorry,
auto
scaling
groups
which,
like
I
said
it,
can
take
up
to
like
five
minutes
to
kind
of
provision,
your
resources
based
on
what
you're
requesting
which
region
and
other
bits,
whereas
with
the
you
know,
carpeter,
it's
actually
using
the
direct
api
access
and
it's
using.
B
I
think
it's
a
api
call,
that's
using
its
fleet
create
fleet
and
that
literally
requests
a
fleet
of
resources
for
you
using
the
api
calls
and
they
can
they're,
probably
spun
up
in
this
in
the
quickest
way
possible.
I
would
say
that
you
can
actually
get
those
resources
available
from
aws
and
as
they're
being
provisioned.
B
B
So
it
doesn't
wait
for
resources
to
be
available
before
it
relies
on
scheduler
to
kind
of
figure
out
where
to
go,
but
it
kind
of
pre-predetermines
that
using,
I
think,
it's
actually
marking
parts
using
the
using
the
kind
of
node
node
annotation,
so
it
kind
of
annotates
the
parts
where
they
need
to
go
so
the
whole
thing
kind
of
happens
in
a
time
span
of
usually
about
a
minute.
B
B
So
that's
one
of
the
kind
of
the
problem
spaces
that
is
solving
and
and
the
other
one
is
probably,
for
example,
if
using
things
like
cluster
autoscaler,
you're
also
limited
in
a
way
where
your
nodes
would
be
provisioned
to
so
it
would
automatically
automatically
it
would
just
pick
a
random
region
where
the
you
know,
the
next
node
would
be
kind
of
I
that
too,
whereas,
for
example,
if
you're
using
you
know
like
persistence
volumes
that
might
actually
be
provisioned
in
your
cloud
provider
such
as
aws
in
a
different
region
where
you're
getting
the
nodes
to
right.
B
Sorry
not
region,
easy
yeah,
you
guys
already
have
so
the
the
easy
where
a
carpenter
actually
provisions
the
the
notes
in
exactly
the
same
region
where
you
actually
need
it,
which
is
also
a
big
advantage
there
and,
like
we
mentioned
before
the
nodes
that
you're
getting,
are
actually
the
right
size.
So
with
the
cluster
autoscaler,
you
would
always
end
up
with
the
same
type
of
nodes
that
the
original,
auto
scaling
group
or
the
template
was
used,
whereas
with
carpeter,
it's
actually
using.
I
think
they're
calling
it
like
a
really
fast
kind
of
controller.
B
That
kind
of
it's
using
a
bin
packing
algorithm,
that
kind
of
tries
to
figure
out
and
kind
of
figure
out
which
resources
can
actually
provision
in
order
to
fit
all
the
specific
parts
that
need
to
schedule.
So
it
would
actually
use
the
optimized
instance
size
that
would
satisfy
the
the
need
for
scheduling
your
workloads,
which
is
also
kind
of
cool
as
well.
B
So
obviously
it
will
provision
the
you
know
the
nodes
from
the
list
that
you
provide,
but
at
the
same
time
it
will
pick
the
optimal
one
for
the
specific
specific
need
that
you
have
at
this
point.
So,
for
example,
if
you
need
to
provision
a
single
part,
you
might
end
up
with
a
really
small
instance.
If
you
have
like
a
a
large
amount
of
pots
or
a
huge
one
like
on
the
deer,
show
that's
before
right.
A
Cool
yeah,
just
yeah
thanks
for
that
ellis,
is
saying.
Carpenter
has
a
full
scheduler
implementation.
It's
also
scheduler
is
only
in
the
loop
when
capacity
already
exists.
Okay,
there's
some
questions
about
azure,
yeah,
so
azure
uses
vm
scale
sets
you
kind
of
have
to
do
it
in
azure
as
well,
because
so
there
is
a
difference
in
actually
one
thing
I
like
about
azure,
not
too
big
obvious.
It's
like
you,
can
put
everything
in
the
resource
screen.
A
You
can
also
hit
delete
on
a
resource
group
and
everything
goes
along
with
it,
which
is
really
nice.
When
you
want
to
clean
up,
you
don't
have
to
use
tools
like
aws,
nuke
and
stuff.
Now
there
is,
you
can
kind
of
use
the
resource
tagging
api
to
do
some
of
that
now.
But
one
of
the
limitations
around
resource
groups
in
azure,
however,
is
that
there
is
a
it's
like
some
weird
number
like
you
can
only
have
about
834
resources
in
it
or
something
it's
some
weird
limit.
Anyway,
every
vm
counts
towards
that
limit.
B
A
So,
if
you've
wanted,
if
you
want
to
do
a
large
cluster
in
azure,
you
absolutely
have
to
use
vm
scale
sets
and
from
a
cluster
api
perspective.
That's
implemented
in
using
something
called
a
machine
pool
resource
which
I
don't
think
the
cluster
auto
scaler
quite
yet
supports,
because
there
needs
to
be
additional
information
for
the
cluster
authenticator
to
figure
out
what
what
the
machine
type
is
and
whatever.
So
I
think
today
what
happens?
Is
cluster
autoscaler
on
the
cluster
api
context?
A
Determines
the
size
of
an
instance
by
looking
at
the
machine
deployment
looking
at
the
aws
machine
related
to
the
machine
deployment
going
into
the
workload
cluster,
getting
the
information
from
the
node
and
then
inferring
that
all
of
the
any
node
that
would
be
created
as
an
additional
replica
machine
deployment
would
have
the
same
like
memory
or
cpu
capacity,
but
because
the
machine
pool
can
go
down
to
zero
or
something
like
you
lose
if,
as
soon
as
you've
got
the
option
to
scaling
from
to
zero,
we
lose
all
that
information.
A
So
there
is
a
design
document
in
the
cluster
api
project
to
give
more
information
around
how
that
would
work,
and
then
that
would
allow
asgs
essentially
to
work
with
cluster
api,
but
class
api
based
cluster
auto
scada
today
does
not
use
auto
scanning
groups
or
vm
sets
in
it.
Lets
cluster
api
creates
machines
on
its
own
there's
a
question
from
changuin:
can
the
user
customize
the
node
size
and
type
to
optimize
the
cost.
B
Oh
yeah,
absolutely
as
you
I
mean
we're,
obviously
going
to
see
it
kind
of
more
more
a
little
bit
better
as
we
go
through
the
example,
but
there's
a
concept
of
provisioner
so
which
is
defined
through
the
crd
and
in
the
crd.
You
can
actually
define
a
list
of
instances
that
you
want
to
provision
from,
so
you
can
actually
limit
it
down
to
a
certain
set
of
instances
that
you're
happy
to
have
provisioned
and
obviously,
when
you're
provisioning
workloads
they
need
to
fit
into
that
those
kind
of
instant
sizes.
B
But
yes,
that
that
that's
the
thing
you
can
do.
I
would
just
like
to
go
back
to,
I
believe,
alice
posted
on
on
in
comments
as
well.
That
actually
has
a
full
schedule:
implementation
in
the
source.
B
What
I
what
I
really
like
about
carpet
comparing
to
cluster
autoscaler,
is
it's
completely
decoupled
from
the
from
the
scheduler,
so,
for
example,
if
you're
using
cluster
autoscaler,
you
actually
need
to
use
the
same
version
than
the
kubernetes
version
that
you're
currently
running
it
on,
whereas
with
carpenter,
it's
completely
decoupled.
So
it's
not
really
using
any
of
the
kind
of
dependencies
on
the
scheduler
itself,
which
is
quite
nice,
but
at
the
same
time
it
is
working
quite
closely
together
with
the
scheduler.
B
A
Yeah
yeah,
I
I
didn't
realize
that
was
the
reason
why
the
class
auto
schedule
is
so
tightly
coupled
to
the
kubernetes
version.
It's
certainly
been
a
pain
for
us
in
terms
of
it's
just
yet
another
dependency
that
we
need
to
think
about
when
we're
like
from
a
vendor
perspective
or
from
like
versioning
all
the
components,
it's
yeah
another
one.
We
need
to
take
into
consideration
whenever
kubernetes
gets
spun.
I.
B
Exactly
and
for
example,
I
was
just
looking
at
one
of
the
issues.
I
think
it
was,
I
think,
as
well
known
issue
on
the
I
think
it's
able
that
was
provided
when
you
want
to
scale
down
to
zero.
B
There
are
some
kind
of
rough
edges
around
there
and
there
is
an
issue
opened
and
even
though
it's
gonna
be
merged,
for
example,
the
way
how
the
merging
process
works
it's
going
to
be
merged
in
the
next
version
of
cluster
autoscaler,
which
is
1.24,
and
it's
even
gonna,
made
it
in
1.25
or
something
like
that
to
the
eks,
which
you
know
you
can
imagine
that
the
you
know
the
release
cycle
is
quite
long
if
you're
waiting
for
a
feature
that
will
make
it
to
your
eks
cluster.
So.
A
Yeah
all
right,
I
guess
we'll,
let's
I
guess,
try
and
get
this
going.
I
suppose
so
I've
got.
We
have
that
right.
We
need
to
create
an
iam
well.
A
Apparently,
yep
yeah:
okay,
let's
try
yolo
that.
A
I'm
sure
it's
fine,
but
you
know.
A
A
It's
gonna,
yeah,
we're
gonna,
have
the
fleets
and
the
run
instances
and
terminate
instances
and
stuff.
So
okay,
is
that
it
does
it
always
use
a
is
there?
Is
there
a
case
where
it
might
use
the
run
instance?
Api
instead
of
fleet.
B
I
think
how
it
currently
works,
it
just
provisions
using
crate
fleet.
I
believe,
if,
if
I
remember
correctly
from
the
initial
talk
that
was
posted
before
in
the
comments,
it
was
explained
that
they
were
kind
of
contemplating
between
one
of
another
kind
of
api
call,
basically
they're
literally
the
same
thing,
so
they
just
decided
to
go
defeat,
but
it
it
should
offer
the
same
functionality.
A
B
A
All
right,
oh
no,
I
don't
really
care,
but
I'm
just
I
don't
really
care
about
the
club,
the
rebels,
plus
the
name
right
all
right.
That's
recent!
It's
amazing
badger!
Apparently
I
did
not
choose
that
name.
That's
just
one
randomly
generated
by.
A
A
Okay,
I've
not
used
a
cursed
castle,
but
I
guess
that
does
some.
What
does
that
do.
B
It's
just
gonna
create,
I
am
identity,
mapping,
so
you're
gonna
end
up
with
a
service
account
map
to
a
specific
role.
I
believe
so.
B
A
A
A
B
Yeah,
oh
thanks
a
lot
yeah
there.
There
is
an
example
getting
started.
Example
with
terraform
as
well.
So
there
was
a
question:
if
you
need
to
know
cloud
formation,
there
is
an
example
how
to
get
started
with
terraform
as
well.
So
you
don't
need
to
know
cloud
formation.
B
But
yeah
that's
just
as
we're
going
along
what
we're
creating
now.
It's
literally
the
the
iron
rolls
needed
to
kind
of
provision
the
nodes
as
we're
running
the
controller
yeah.
So.
A
A
Confirmation
templates
a
lot
of
the
same
things
or
you
can
just
run
create,
and
it
just
does
it
for
you
just
love
the
same
thing
except
a
bit
more
stuff
because
we're
managing
the
pcs
as
well
all
right,
so
that
stack
was
created.
We
now
need
to
do
that.
So
is
this,
because
is
this?
I
am.
Is
this
fiddling
around
with.
A
A
Someone's
got
some
time
might
be
worth
creating
finding
an
issue
for
that
one,
oh
yeah,
justin
just
said
they
create.
I
am
wood.
Come
on
modifies
the
aws
off
conflict
map
all
right
yeah,
so
it's
with
aws.
I
am
authenticated,
then
yeah.
That
makes
it.
I
guess
we
can
just
take
a
look
at
that
config
map
after
I've
just
won
this.
Why
don't
we
take
a
look
at
before
and
after
okay?
Where
is
that
config
map.
A
Yeah,
so
for
those
who
don't
know,
eks
uses
a
project
called
the
aws
infanticator,
it's
what's
used
to
have
nodes
join
the
cluster,
it's
also
how
authentication
works
and
what
allows
you
to
authenticate
using
aws
credentials
to
the
kubernetes
cluster
itself,
and
it
was
that
this
was
genuinely
an
old
hefty
project,
in
fact,
which
we
deny
donated
to
the
kubernetes.
A
B
B
A
A
Always
hold
on
we'll
find
out
in
a
minute,
so
we're
have
you
exported
the
cluster
name.
B
B
A
A
B
A
I
got
a
lot
of
output
there's
a
lot
of
so
this
is
just
a
dev
account
to
be
fair,
but
that's
a
load
of
additional
garbage
in
this
dev
account
for
reasons
yeah.
That's
fine!
So
I'll
put
my
screen
back
there
we
go,
so
we
got
that.
That's
that
node!
Well,
blah
blah
blah!
That's
that's
why
we
wanted
the
account
id.
A
Right
and
if
we
were
to.
B
Yeah,
so
the
reason
why
this
is
created
is
when
carpet
is
spinning
up
new
nodes.
They
will
be
spun
up
using
the
carpet
and
no
draw
iron
node
profile
that
will
have
enough
permissions
to
kind
of
join
the
cluster
and
kind
of
map.
The
the
group
in
the
I
am
here
sorry.
A
So
it's
just
something
internal
to
its
provisioner,
or
am
I
gonna,
I'm
gonna
have
to
give
this
to
carpenter
at
some
point,
then.
A
A
Yeah
that
will
make
sense
so
yeah.
So
what
happens
here
is
for
those
who
aren't
familiar
with,
if
I
remember
this
correctly,
you're
plus
one
for
qps1.
A
A
Tired
of
missing
autocomplete
well
basher
will
take
complete.
B
A
Yeah,
so
the
way
this
is
work
is
we
nee.
We
need
a
way
to
make
sure
not
any
old
machine
is
joining
your
kubernetes
cluster,
because
that
could
be
bad.
So
we
spin
up
a
machine
with
an
im
role.
It's
going
to
have
some
credentials
from
the
instance
metadata
service,
then
to
authenticate
the
kubernetes
cluster.
It
does
and
it
doesn't
call
aws
sds,
get
caller
identity,
but
it
creates
a
signed
request.
So
aws
uses
hmac
the
aws
hmac
v4
is
its
signing
mechanism
for
requests.
It
creates
the
site.
A
A
They
have
credentials
valid
for
this.
I
am
role
and
I'm
going
now.
Gonna
look
it
in
my
mapping.
It
then
looks
it
in
the
config
map
and
says
right
if
someone
comes
in
and
they
are
able
to
present
a
sign
request
that
matches
this.
I
am
role,
then
we,
I
will
issue
a
service
account
token,
which
is
a
member
of
these
groups
to
beat
stratege
group
with
this
identity,
and
this
just
happens
to
be
exactly
what
is
required
for
kubler
to
be
able
to
register
itself
against
the
control
plane.
So
that's
how
this
is
working.
A
Right
so
we
got
that
next
bit
is
and
whatever
the
helms
that
I've
not
used
helm
for
like
a
million
years,
so
that's
going
to
be
fun
right.
We
need
to
create
a
so
now.
We
need
to
create
an.
I
am
roll.
I
like
to
now
be
coming
to
the
oidc
bit
bit.
We're
going
to
create
a
service
account
for
use
with
carpenter,
so
competent
itself
needs
permissions
to
create
one
easy
to
run
fleets
and
all
those
api
calls.
So
we
are
now
going
to
do
that
bit.
A
And,
oh
my
god
come
on
there
we
go
copy
paste
and
I
don't
trust
any
of
my
environment
werewolves
anymore.
Well,
aws
account
id
is
pretty
fine,
but
this
one
is
the.
A
A
Oh,
how
do
I
enable
the
okay
I
need
to
enable
do?
I
need
to
turn
on
the
plugin
and
what
how
do
I
turn
on
the
oa
dc
stuff,
enable.
B
B
A
A
Right
we're
in
ireland.
B
Maybe
that's
gonna
cut
it.
There
is
hyphen
having
classed
an
email.
B
I
think
they're
approved
that
you
need
to
provide
as
well.
B
A
A
A
A
A
So
from
people
not
familiar
with
the
oidc
stuff,
so
this
is
kind
of
based
on
bits
which
were
introduced
in
what
kubernetes
121
120.
I
think
so
kubernetes,
because
oidc
has
kind
of
been
used.
In
a
quite
few
places.
There
was
the
support
added
to
make
kubernetes
acting
as
an
oidc
provider,
and
once
you
do
that,
there's
the
assume
role
with
web
identity
federation
api
in
aws,
which
allows
you
to
exchange
oidc
tokens
for
aws
credentials.
A
So,
given
that
kubernetes
can
absolutely
dc
provider,
we
can
make
that
kubernetes
cluster
trusted
for
aws,
and
then
we
can
then
have
the
ability
to
swap
service
account.
Kubernetes
service
account
tokens
for
im
world
credentials,
and
then
there
is
a
web
hook,
which
is
called
that
I
forgot
what
ursa
stands
for
yeah
there's
an
eks
pod
web
hook,
identity
thing
that
can
take
annotations
off
of
service
accounts,
to
exchange
them
for
iem
roles
and
that's
kind
of
what
this
is.
A
A
Okay,
so
we
now
have
this
helm
command
that
we're
gonna
whack
in.
I
guess
that
should
be
the
real
one
says
in
the
one,
with
the
num.
A
B
A
A
B
A
A
So
we
have
that
prime
numbers
think
business
running
how
many
nodes
do
I
have
right
now,
anyway,
I
couldn't
even
check
so
I've
got
two
yeah,
so
I've
got
one
node,
oh
yeah,
so,
going
back
to
what
dom
was
saying,
node
group
is
eks,
specific
yep,
so
yeah,
so
just
machine
deployments
in
cluster
api
node
groups
in
eks,
node
pools
in
cloud
foundry
or
our
old
tansy
kubernetes
grid
integrated
yeah,
where
everyone's
got
similar
concepts
to.
A
Same
so,
we
have
two:
we've
got
the
prime
numbers
and
actually
what
what
I
didn't
even
check,
so
it's
m5
dot
large.
What
is
it
m5
dot?
Large
these
days
I
mean
no
82
instances.
A
B
No,
that's
g,
not
sure
what
the
n
is.
B
A
Of
ram
tv
cpu,
so
we
have
two
of
those
right,
so,
okay,
so
if
I
were
to
edit
that
deployment,
I
guess.
A
Interesting
so
oh
yeah
look,
we
were
gonna
fake
out
there.
A
All
right,
we're
gonna,
pretend
that
this
needs
for
mystery
reasons,
10,
let's
say
10,
that's
obviously
too
much
now.
A
Nothing
super
exciting.
Now
it's
just
saying
it's
reconciling
nodes
work
account
10..
Let's
have
a
look
in
here.
A
B
So,
as
you
deployed
hung
chart
that
actually
created
a
crd
for
us
which
we're
going
to
use
here
and
using
that
you
can
actually
define
things
like
we
mentioned
before,
what
kind
of
instances
you
want
to
provision
which
pages
you're
limiting
to
and
things
like
that,
all
right.
A
It
down
and
then
the
instance
profile
has
got
the
wrong
name
so
without
the
hyphen.
So
we
do
that.
So
here
we
won
the
alpha
five.
It's
good
good
to.
A
It's
that
keeps
the
vmware
accountants
happy.
A
B
A
B
A
Oh,
I've
got
a
lot
there's.
Oh
there's
lots
of
nets.
A
A
All
right,
so,
what's
it
looking
for.
A
Let's
have
a
look
at
this
provisional
resource.
B
B
Yeah,
that's
the
status,
we're
looking
for
okay,
so
it's
being
packed
one
part
for
a
single
note.
A
A
A
Yeah,
so
we
could
see
the
computed
packing
of
one
node
for
one
pod
with
instance.
Types
options
are
three
lights,
so
it's
using
some.
A
I
think
this
information
is,
if
I
remember
correctly,
it's
still
compiled
in
right.
There's
a
table
lookup
table
inside.
B
B
B
A
A
B
Yeah
yeah,
no,
no.
I
think
it
needed
some
time
to
pick
it
up,
but
obviously
there
is
a
pod
that
has
been
bound
to
a
node
that
has
been
provisioned
and
if
you
look
at
the
locks
you're
going
to
see
that
it
picked
up
r4
large,
so
that
was
kind
of
the
optimal
instance
for
the
workload
that
we're
looking
for.
B
B
No,
it.
B
B
A
B
A
B
A
That's
true,
whereas
with
the
fleet
api
you
can
send
in
all
of
them,
and
the
fleet
requests
will
try
and
get
the
best
one
or
the
best
cost
one
for
you
yeah.
You
can
use
easy
to
instant
fleet,
which
gives
you
the
same
outcome
as
ecd1
instance,
but
you
can
specify
multiple
instance
types.
A
A
Oh,
I
forget
his
name,
joe
jojo
someone.
Oh
my
god.
My
memory
is
terrible,
but
go
away
from
cluster
api
for
a
week,
and
this
is
what
happens
yeah.
So
we
have
had
some
conversations
about
doing
that
in
class.
I,
it
would
be
a
migration
because
you
know
with
people
we've
got
one
set
of
iem
permissions
and
they've
been
using
that
forever.
A
A
We
could
enable
cluster
api
provisioner
that
works
on
aws
through
and
carpenter,
wouldn't
need
any
permissions,
and
then
we
could
start
looking
at
how
to
support
vsphere,
for
example,
like
vsphere
would
be
quite
interesting
right
because
in
vsphere
you
can
you
basically
have
a
like
a
slider
like
a
moving
slider
for
the
mountain
memory
or
cpus.
You
can
almost
get
a
sort
of
fargate
type
experience
where
you
can
provision
a
single
node
for
that
single
pod,
which
has
exactly
the
right
sea
view
and
exactly
the
right
memory.
A
B
A
Could
land
on
somebody
else's
replay
or
something
right?
So
we
have
these
cloud
provided
so
we
have.
Are
they?
Let's
have
a
provisioning?
It's
about
the
provisioner
here.
A
B
No,
this
the.
B
A
B
Prepared
for
different
cloud
providers
right
currently,
it
only
supports
aws,
but
should
be
able
to
extend
that
to,
like
you
know,
vmware
or
google
or
azure.
A
A
B
A
Sense,
yeah,
and
I
think
that
some
of
this
is
cleaner
than
yeah
and,
as
we
said
before,
you
know
we're
not
importing
the
kubernetes
code,
so
that
means
we're
not
having
to
immersion
together.
Carlos
says
pod
autopilot
concept.
What's
that
what
do
you
know
what
that
is
pod
autopilot.
A
B
A
Yeah,
I
think
it's
probably
just
to
say
everyone's
clear.
I
had
some
conversation
with
some
users
in
earlier
in
this
week.
There
are
some
limitations
with
carpenter.
At
the
moment
I
mean
it
is
it's
a
fairly
early
stage
project?
So
still
I
mean
it's
ga
from
age
respective,
but
it's
still
an
alpha
api.
There
is
still
only
one
provider,
the
aws
one
but
yeah
just
be
aware,
like
pod
affinity,
pod
anti-affinity
is
not
yet
supported,
so
there
are
some
limitations
there.
B
I
mean
the
one
that
I
kind
of
most
commonly
here
is,
I
think,
currently
the
the
the
node
storage
that
is
provisioned.
It's
all
it's
kind
of
baked
to
20
gig.
Now
so
the
launch
template,
that's
using.
That's
used
it's
actually
having
that
predefined.
Obviously
you
can
get
around
it
by
specifying
a
custom
launch
template,
but
it's
currently
not
supported
in
the
provider
directly.
A
Yeah,
so
that's
interesting
so
once
if
you
once,
you
have
yeah
so
carpenter
will
find
it
difficult
to
schedule
because
it
doesn't
support
affinity
or
anti-infinity.
So
once
you
have
that
yeah
so.
A
Okay,
so
there
are
limitations.
Just
beware:
the
scheduler
is
not
100
complete
well
today,
and
I
think,
maybe
probably
then
this
might
need,
if
it's
not
in
here,
which
probably
might
be
worth
making
that
clear
in
a
documentation
probably
like
what
are
the?
What
are
the
limits?
What
are
the
limitations?
What
does
work,
what
doesn't
work
just
so
it's
clear
to
you
end
users.
I
think,
because
otherwise,
this
just
for
my
own
sort
of
open
source
experience.
You
don't
make
that
clear.
A
Then
people,
people,
if
you
don't
say
what
is
possible
people,
will
try
and
do
things.
Unacceptedly
and
interestingly,
yeah
eks
built
in
core
dns
leverages
the
pod
anti-infinity
rule
yeah.
So
that's
interesting,
so
you
got.
There
are
some
caveats
that
you
need
to
be
aware
of.
B
A
B
A
Also
cool
we've
been
doing.
B
It
for
quite
a
while
now
do
we
quickly
want
to
try
something
really
quickly
like
what
at
least
I
found
really
a
nice
feature
as
well.
So,
okay,
they
do
provide
a
finalizer
on
the
note.
So,
for
example,
if
you
go
to
the
console
and
just
if
you
try
to
delete
the
note,
it's
interesting
that
it's
actually
having
a
finalizer
on
it
and
it's
actually
trying
to
drain
the
note
like
gracefully,
which
is
kind
of
a
nice
feature
as
well.
B
B
A
Didn't
check
that
yeah
I
got
deleted:
okay,
cordon
node,
okay,
yeah
cool,
so
yeah,
so
that's
similar
functionality.
What
we
have
in
cluster
api
as
well
so
in
cluster
api.
If
you
delete
a
machine
then
it
would
start
doing
the
same
sort
of
thing.
I
guess
the
benefit
of
this
is
we
get
that
bin
packing
quite
quickly
as
well?
A
That's
pretty
nice
all
right!
Maybe
we
should
call
it
a
day.
I
think
I've
been
going
for
our
fifth
day.
I
think
that's
a
good!
Let
let
you
go
to
sleep,
and
I
can
also
I
mean
I've.
I've
had
multiple
monster
energies,
so
I'm
pretty,
unfortunately
not
being
able
to
sleep
but
yeah.
If
you've,
let
me
be
a
normal
youtuber
and
say
you
know:
if
you've
enjoyed
the
show,
then
click
click
like
we're,
not
sponsored.
A
We
don't
get
very
new
from
youtube
that
none
of
that
matters
but
yeah
do
click
the
like
button.
If
you
didn't
like
it,
then
leave
a
comment.
Tell
us
what
we
can
improve
and
then
also
hit
the
subscribe
button
and
click
the
little
bell
icon.
So
you
get
notified
every
time
we
do
a
stream.
B
No,
I
have
to
say
I
really
enjoyed
the
session.
Really
thank
you
for
having
me.
It
was
great
fun
kind
of
you
know,
doing
it
from
the
scratch,
and
maybe
you
know,
like
you
said
you,
you
haven't
really
had
an
experience
with
it,
so
it
was
really
nice
to
kind
of
get
across
all
those
bumps
that
you
know.
Maybe
users
would
usually
get
across
if
they
deployed
the
first
time
around
so
yeah
which
good
stuff.
A
All
right,
thank
you
very
much,
marco
for
joining
us
and
thanks
for
everyone
for
tuning
in.
I
think
there
is
a
show
next
week.
Yes,
there
is,
I
forgot
what
this
topic
is,
but
you
will
be
we'll
have
another
one
so
see
you
next
week.
Everyone
goodbye.