Over 1 year down the path on learning Kubernetes and just know I had the chance to watch this awesome presentation! I Wish I had seem it earlier, makes things so simple without diving into many technical details, the way a demo should be!
he said there is no such thing as a node manifest for inventory, but there is node affinity and node taints and tolerations.. 🤔 This is one of the best kubernetes breakdowns I have ever seen.
He’s totally right, node affinity/ taints + tolerations aren’t objects/ kubernetes resource and thus unless you deploy your own Custom resource drivers, there are no manifests with the “kind: Node”. T&T/ Node Affinity are almost like parameters within the manifest or config, allowing one to decide which node your deployments are deployed to etc, his point was Kubernetes is agnostic to the servers it’s built on top of, which is true. Kubernetes is open source and can be deployed on any server, from VMware to the cloud to bare metal. Hope that’s clear :)
Kelsey always makes me want to bust open an IDE and terminal and CONTAINERIZE ALL THE THINGS!!! Every time!!! - Great talk. No... Excellent talk. The Tetris analogy - very fitting - pun intended.
i want to understand the complete flow like below Browser --> API Gateway --> Kubernetes Ingress Load Balancer --> Downstream pods When a request comes to API Gateway how do we call Kubernetes Ingress Load Balancer to serve the request?
Since letsencrypt certificates are invalidated in a relatively short time, what would be the "kubernetes-way" to do a renewal of the certificate, and actually start using the new certificate once it's renewed -- all this without restarting the application, just for the sake of a certificate renewal.
Volume data can be updated on-the-fly, just like files on a mounted filesystem. If you change a secret, such as the lets encrypt cert that kelsey used in his demo, then any pods (containers) that have the secret mounted in a directory will have the contained files updated on-the-fly. So it's automatic, information gets refreshed automatically in the pods almost in real-time, when the secret definition changes in the cluster's central data store. What happens in the container when files change however is a problem for the app developer. That person needs to have some detection mechanism, so that the container can "HUP" nginx, to make it reload the new config/cert. This is typically done using inotify in containers. In short, no need to restart containers if mounted data changes. IIRC the longer version of kelsey's demo shows this in action, where I seem to recall requested a test cert from let's encrypt, showed the browser warning, changed his lets-encrypt plugin config (the extension resource config mentioned in the talk) to point to the production API for lets-encrypt. After a few seconds the new cert was fetched, injected into the containers, an inotify watcher reloaded the nginx config and the browser showed a green padlock icon.
Realised I didn't answer point-blank. Above is a general description of how state changes are propagated to pods and you asked about a special case of that. So the answer is that renewal requires some app to update the cluster with the new cert. This is something his little letsencrypt app (extension resource controller) actually does if I recall correctly (or it might have been the kube-lego variant, the defacto lets-encrypt plugin for kubernetes instead of kelsey's own). It watches for certs that are about to expire renews them when appropriate (ahead of expiration time), updates the cluster secret(s) holding the cert(s) and then the new certs propagate out to the pods as described above. All without having to restart the apps.
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
This is the best introduction to Kubernetes concepts on the internet.
Kelsey is honestly my hero in the tech field man
wow man he knows everything, he's totally plugged in
Over 1 year down the path on learning Kubernetes and just know I had the chance to watch this awesome presentation!
I Wish I had seem it earlier, makes things so simple without diving into many technical details, the way a demo should be!
Watching this after 5 yrs and this talk is still the most interesting one WITH A DEMO on K8S....
Excellent!!! Thanks.
The best informative and practical usage of kubernetes cluster.....
he said there is no such thing as a node manifest for inventory, but there is node affinity and node taints and tolerations.. 🤔
This is one of the best kubernetes breakdowns I have ever seen.
He’s totally right, node affinity/ taints + tolerations aren’t objects/ kubernetes resource and thus unless you deploy your own Custom resource drivers, there are no manifests with the “kind: Node”.
T&T/ Node Affinity are almost like parameters within the manifest or config, allowing one to decide which node your deployments are deployed to etc, his point was Kubernetes is agnostic to the servers it’s built on top of, which is true.
Kubernetes is open source and can be deployed on any server, from VMware to the cloud to bare metal.
Hope that’s clear :)
@@saedf0 I'm aware, but for those who aren't, thanks for reiterating.
The dig at Oracle, LMAO! How true !! Loll
Kelsey is the king
Very informative. I agree this is the best introduction to Kubernetes
Kelsey - Genius presenter!
Great presentation man, Installing SSL on Kubernetes is always challenge for me.
Cool man! Really crisp and clear.. Thanks Kelsey!
Great demos!
Really helpful intro for me, thank you Kelsey!
He didn't miss a beat delivering the talk and getting a tetris. Nice...
Very good presentation!
Awesome!
Great demo. Thanks !
good speaker and tetris player, thumbs up!
SIMPLY effortless! Very informative (y)
This convinced me that I NEVER want to run a production 2016 K8s cluster!
An amazing and very interesting talk.
Kelsey always makes me want to bust open an IDE and terminal and CONTAINERIZE ALL THE THINGS!!! Every time!!! - Great talk. No... Excellent talk. The Tetris analogy - very fitting - pun intended.
That was awesome!
Great guy!
very informative and clear presentation! thanks!
Great Talk
Really nice demo. Thks !
awesome talk !
i want to understand the complete flow like below
Browser --> API Gateway --> Kubernetes Ingress Load Balancer --> Downstream pods
When a request comes to API Gateway how do we call Kubernetes Ingress Load Balancer to serve the request?
awesome talk :)
4:29 with captions...
Wow. Wow. Wow.
wow !
anyone have similar links: talks/presentation about kubernetes.. ?
Zica!
hi
Great talk! Enjoy Utube subtitles : Cooper Nettie's ; a syst admin -> assistant man; and more...
Since letsencrypt certificates are invalidated in a relatively short time, what would be the "kubernetes-way" to do a renewal of the certificate, and actually start using the new certificate once it's renewed -- all this without restarting the application, just for the sake of a certificate renewal.
Volume data can be updated on-the-fly, just like files on a mounted filesystem. If you change a secret, such as the lets encrypt cert that kelsey used in his demo, then any pods (containers) that have the secret mounted in a directory will have the contained files updated on-the-fly. So it's automatic, information gets refreshed automatically in the pods almost in real-time, when the secret definition changes in the cluster's central data store.
What happens in the container when files change however is a problem for the app developer. That person needs to have some detection mechanism, so that the container can "HUP" nginx, to make it reload the new config/cert. This is typically done using inotify in containers. In short, no need to restart containers if mounted data changes.
IIRC the longer version of kelsey's demo shows this in action, where I seem to recall requested a test cert from let's encrypt, showed the browser warning, changed his lets-encrypt plugin config (the extension resource config mentioned in the talk) to point to the production API for lets-encrypt. After a few seconds the new cert was fetched, injected into the containers, an inotify watcher reloaded the nginx config and the browser showed a green padlock icon.
Realised I didn't answer point-blank. Above is a general description of how state changes are propagated to pods and you asked about a special case of that. So the answer is that renewal requires some app to update the cluster with the new cert. This is something his little letsencrypt app (extension resource controller) actually does if I recall correctly (or it might have been the kube-lego variant, the defacto lets-encrypt plugin for kubernetes instead of kelsey's own). It watches for certs that are about to expire renews them when appropriate (ahead of expiration time), updates the cluster secret(s) holding the cert(s) and then the new certs propagate out to the pods as described above. All without having to restart the apps.
And Berger ow man, really need to get my hands dirty and try this out
Thor himself
great talk i wish he stop saying cyst admin :(
DeepMindstorm also, "Liberry". :) Good presentation though.
Awesome!
puppet plz stop posting 360p vids
if kubelets just get to play tetris all day then wire me in and sign me up
Starts a video of Tetris and pretends to play it like a boss
He opened openEmu. He IS actually playing, like a boss ;)
I'm really playing the game. It's all live.
sysadmin != cystadmin.