Office Hours for October 16

It’s time for office hours, our last one before KubeCon + Cloud Native Con! Office Hours is a program where we stick panelists on a youtube stream and have them answer as many of your kubernetes questions as possible! All expertise levels are welcome:

Subscribe below for the reminder:

Feel free to use this thread to post questions, I’ll be posting the show notes here afterward as well!

1 Like

Just a reminder that we’re going on in about an hour from this post, this will be our last office hours before KubeCon + CloudNativeCon so get in your questions for the month, see you soon!

Going live in ~5 minutes, hope to see you soon!


We’re trying a new format, thanks to Aaron Layfield for attempting to keep notes while we talked fast, we’re organizing the links around each question. We’re always looking for volunteers to help out so let us know if you’re interested in helping, or just show up. :smiley:

This post is in wiki format so if you want to listen in and add timestamps that would be swell


name: Asim
question: i am using mikeghen/kubernetes-gcs-sftp image to run sftp service but i have a requirement to authenticate users via ssh keys, and i have around 30+ users how can i manage users and their ssh keys

name: Alex
question: Hi all. On a running cluster. How do i determine the CNI in use?

name: theaaronstrong
question: Looking at learning and studying for the CKA. Any recommended books?

name: yctn
question: Anyone using K8S on bare metal? i notice K8S is hugely made for cloud providers. cause i had some issues with metallb? anyone using metallb in production?

name: Jorik
question: Is there a way to access control plane Prometheus metrics between different managed environments? I’m able to retrieve apiserver metrics easily, but unable to reach the scheduler, etcd & controller manager

name: Alexander
question: Hello from Germany!
Custer-api is doing a good job of managing a fleet of k8s clusters.
At the same time, kata containers or mirantis vertlet are great on running VMs instead of containers/pods.
Storage layer may be solved by glusterfs or rook.
Is there a project to join some of those to manage multiple k8s clusters hosted in VMs on top of another bare metal k8s cluster?

name: Akshit Jain
question: I have a cassandra service over Dcos currently running in production. I am planning to migrate to kubernetes. Is there any community driven reliable Cassandra-kubernetes operator?

name: Tiwari
question: Hi Team,
Kind of an open ended question for the experts.
With istio/linkerd being all the rage nowadays, when do you feel introducing service meshes make sense for your K8s setup? A lot of companies are moving towards these technologies aggressively, but what would be your ideal parameters/scale when you might consider using service meshes ? TIA.

name: LinAnt
question: Any way to access a Deployments/Jobs/Stateful sets annotations from a container?
I am only able to get the annotations from the pod spec through env vars.

A. Not meant to be propergated down. Aren’t mean to be consumed by pods, just decorator information. You could write something for it, but no native support.

name: pmcgrath
question: Anyone using gardener for provisioning/managing clusters ? Looked at rancher and had issues, looked at cluster-api but a little too early at this time

No answer: Please feel free to add a response with your feedback on this one.

name: Amine
question: Anyone got tips for people wanting to start contributing to kubernetes projects?

A. Contribution guidelines. Pick a sig, poke around and take a look at PRs/Issues and just dive in.

Kubernetes YouTube channel has a playlist for contributor workshop. Codebase tours as well:

name: meausus
question: my question is; how soon after starting to use kubernetes have you started or required implementing add-ons (except for the CNI which is required)? curious to know when you need to extend k8s

A. When you understand what’s going on with the core DS, understanding k8 and state inside of Kubernetes. When you have value/requirements for it, then it’s a good time to consider add-ons to make life easier. Helm for example, but take it slow, do it when ready.

name: Dimitrije M
question: Hey guys, wanted to get your thoughts on serverless on K8s? We currently use AWS lambdas and I had the thought to get more utilization out of our cluster by running lambdas inside our cluster. There’s a project called kubeless, just wanted to get your thoughts on this approach?

name: fc
question: i have bene looking for a restic backup operator ( mostly to backup volumes content ) that can play nicely with a gitops solution ( like flux ) … stash, velero they did not fit the description. any other idea ?

name: Venkat Nagappan
question: CNI question: So I have a kubeadm initialized v1.16 cluster running with Flannel as the overlay network. Is it possible to switch to Calico/Weave network on the live cluster without having to rebuild the cluster. I don’t care about the pods/deployments I deployed. With all other cluster components running, can this be achieved? Thanks

A. Clear out IPTables (Not Recommended), but possible. Better off starting over or rolling reboot (Blow away nodes 1 by 1).

name: Akshit Jain
question: How stable is Kubernetes for stateful applications? How much support is there for database applications

name: rjohn
question: Question 1: We have a requirement to run elastic-search on K8s. Was planning to deploy using statefulset and local persistent volume(no persistent storage solution yet). Is it a recommended setup? We use kubeadm based cluster on vms (VMware)

name: Akshit Jain
question: Question 2: Does someone use cilium without kube-proxy? Any feedback on this?

A. Yes, works very well. Used in production.

name: Dimitrej
question: 1 more question if that’s alright. I’ve recently learned about mixins, specifically the kubernetes-mixin & prometheus-operator. I’m wondering how everyone is deploying these with helm? Should I have a script to build my mixins, create my templates and deploy with helm or is there a different approach?

A. Play with the helm chart.

name: bogdan
question: Hello from Berlin. question: What are the services that you would NEVER keep in kubernetes (for safety and disaster protection point of view) ? I mean, for the moment, I use EKS in AWS and for the databases I use RDS. But what other services do you recommend to be outside of k8s for easy recovery ?

A. Anything holding long running connections, or with significant overhead you could offset to the cloud provider.

name: DanP
question: What are some ways people are doing end to end encryption within the cluster itself? Is it just using a service mesh like Istio? or do you have somthing within the cluster like cert-manager issuing certificates to applications?

name: Venkat
For those who are scared of (writing) yaml (not me), is there any frontend that generates the yaml for them?
There is dry-run like kubectl create deploy nginx --image nginx --dry-run -o yaml > /tmp/nginx.yaml. But they want to use a form or a gui thing like kickstart-gui to generate kickstart files. Thanks.

name: Augustin
question: what’s your approach to develop microservices locally, scpecifically when your microservices depends on others? scaffold? helm + minikube?

Other Links

Congrats to our Winners

We always give away shirts as part of a raffle, Aaron Layfield, Alexander, pmcgrath, omicronian, nick-, Augustin, and Venktat.