 It checks out. Did you bring snacks? No. Oh, shit. Amateurs. Are we recording? Let's go. Autobots roll out. So welcome everyone to Dungeons & Deployments, leveling up in Kubernetes. We'll introduce ourselves how this talk is going to work. Since this is the novice track, we're up here to try and teach some basics. We're not going to go too deep. This is going to be one-to-one level patterns. But we are literally going to try and play the game while we're up here. We've got dice. We've got pens and paper. We've got character sheets. Emphasis on try. We're going to be breaking the fourth wall a lot to give explanations, but everything else, we're going to keep focused inside the table, inside the game, sort of like you're watching a sitcom that won't be funny. Nice. Think of us like informative performance art, basically. Laughter is fine. Growning is expected. The talk is silly. Lots of bad jokes. We'll be having fun. Maybe you will, too. We'll see. You're trapped in here with us, though, so. So let's get started. Welcome, everyone. I realize it's been 147 weeks of scheduling mishaps, but we're finally able to play again tonight. Woo! Want everybody to introduce themselves, because we may have forgotten who we all are. I'm Noah. I'm your DM for the evening. OK. In the context of this game, the DM is going to be like the API server. All the requests for interactions, all the understanding of actions that happen, all the requests for information, that's all going to go through me. Just like it would for a cluster that has requests to go through the API server. And just like a real API server, I have a storage method. And if you ask for help, I will also look it up and give it back to you. Moving on. All right. Hi, everyone. My name is Aira. I'm a tiefling brave cleric, also known as the healer, of the party standing my team back up again. And so I want you to think about a player like me being like the CI CD system in this super very realistic version of Judges and Dragons now playing with each other. And obviously disguised as a cube contorker. Thanks, folks, for putting us in last minute. CI CD services, let's use Argo as an example. Concern themselves with application help inside the classes that they're pointing at. They're making sure that they're always running optimal versions by keeping patches and builds up to date. I'm the sucker. I mean, I'm the healer. That has to always put my team back together, whether I like it or not. And in this game, I hate this trick so much, that may occasionally require a mesh bandage. Good God. They pulled this off the wait list. Yeah. They did. Hello, everybody. My name is Kat, but my character's name is Tav. I'm playing a half-elf warlock. And my patron saint are the users who are fickle and unpredictable and very demanding. You can think of me as a warlock as an application load generator. My job is to make things a little bit harder for you sometimes. I'm going to blow stuff up. Things might fall over. But ultimately, it's a good thing. You're going to learn from the mistakes and mishaps that happen when I blow something up. OK. I'm Seth. My character's name is Jovam, spelled JVM. I am something familiar to many people that work in the enterprise. I am a monolithic Java app. But I just want to be containerized. So I'm a half-orc rogue. I'm not dexterous. I'm not athletic. Nothing like that. But I just want to better myself in the search for the holy grawl. Oh. Boo. Big boo. So we do have some players missing tonight. Unfortunately, the load balancer couldn't make it. So we have no one to tank for our applications. OPA didn't show up tonight. So we don't have a paladin enforcing rules and being super stodgy about all the policies. Yeager didn't make it. So we don't have the person who's normally the ranger and the hunter playing for things. And chaos testing didn't show up. So the murder hobo barbarian will be randomly killing things. They will not be here as well. This adventure is just a taste into the world of Cloud Native. We couldn't possibly cover all of the major players projects and parts of the ecosystem. As an example of how many things are really there, a couple of us have thrown around the idea of doing a, hey, let's do an intro to every single CNCF project as a day zero event. And by giving every project three minutes, it is an eight hour marathon. Not even joking, I wish I was. So let's recap our last couple of sessions. Last time, almost the entire party was taken down by DNS. RIPs. Luckily our healer survived to apply patches to everyone. The guild has sent you on a mission to retrieve the magical bucket of secrets. It is an eternal artifact which grants access to locked doors and hidden information so that you could keep it away from evildoers. It was last tracked to a mazel in the orange lich of Cascadia, who was the last person attuned to it. However, when you arrived and confronted the dark wizard, it had already been stolen by a rainbow-plumed wear goose. Dun, dun, dun. The goose was just intriguing enough to be taken in by the wizard, but was not suspicious enough to be watched closely by the wizard. Rookie move, rookie move. Made off of the bucket. So if the goose gets the bucket into the wrong hands, then other dark wizards could use its secrets to terraform the entire countryside. Dun, dun, dun. So in the game, a magic item can only be attuned to one person. Only one person can use that thing. And in the same vein, any buckets or other storage that are attached to your cluster as persistent volumes or PVCs can only be accessed through a persistent volume claim. Usually by only one pod at a time, there are situations where that's untrue, but we're going to keep it simple. So just like the magic item is part of the game world, the volume is within the scope of the cluster, whereas the attunement is scoped to a particular pod. OK? Also, in this example, is the contents of the bucket. Now me, the D&D player that I am, I forgot to introduce myself. I'm Natalie, by the way. That doesn't matter. In the context of a real D&D game, I, a cleric, would absolutely want to inspect or very likely taste what's in the bucket. My line is chaotic goods. So I'm out there licking it all, all the things. And it's human and cleric nature. But we're in the cloud native novice track. So if you keep sensitive data in your buckets and they're attached to the cluster, do not be surprised if, do not be surprised that you're somehow compromised cluster. That suddenly means that bad guys have access to that sensitive data in the bucket. The lesson here is that you should never keep the keys to the cluster accessible from inside the cluster. OK? OK. OK. So picking back up with our story today. Because you don't have your ranger, you were escorted by a ranger who'd been appointed by the guild, Sir David, who has been tracking the where-goos for you. Oh, god. Strap everybody. As you've been working with Sir David, he has been regaling you with lessons of the natural paths upon which you have traveled. Things like, now this particular mushroom only grows on this one tree. You all came to this talk voluntarily. You did. You all came here. Anyway, you all gave him plus one to your nature roles for having sat through all of that. It was sick. And all of you, too, you all gave plus one to your nature roles. Yes. So he has tracked the goose. As you have followed the goose along the trail. So I know that's a rolling update, right? That's a rolling update. That's just good. Get out. Sir David has led you to a clearing whereupon you see someone familiar, someone you have seen before. It is Dominus, the warlock. You've encountered him three or four times before, once at a shack by the seaside, once in a small shanty town. And here he is again. And he says, hey, how you doing? I'm Dominus. We met before. What can we do for you guys? Are you following us? Have you seen a goose around here? Oh, yeah, I saw a goose. Yeah, it came through here, flew down the path. Flew down? Yeah. Yeah, that's how it goes. Goose flying? What, you don't believe me? OK, and you said it went down the path, this path here? Yeah, right down here. OK. Hidden that way. Just hidden that way. Hidden that way. Did this goose have a bucket? Hold on, let me think. You know, yeah, the goose did have a bucket. I start walking away. OK. Yeah. Cool, thanks, man. Thanks. And I'm here wondering, would the goose have it around its neck or on its wing? Like, how is it carrying the bucket? In its beak? Oh, yeah, done. How big is this goose and how big is the bucket? Is the bucket. Yeah, exactly. So what we didn't explain just now is that Dominus shows up every time there is a wooden house. Showed up in the shanty town. He showed up in the seaside shack. And Dominus, who is a warlock, has a whole set of daemons off in the back. He is a daemon set. And a daemon set is a Kubernetes construct that will run on every single node in a cluster, as long as that node meets the defined criteria, like being a particular instance type, or in this case, being flagged with, must have a wooden house. I know, did you get worse from here? Keep going. So you find your way following along this path. And you come upon a man kneeling upon a stone foundation. He's been there so long, he appears to have sunk it into the foundation. His hair is long. He looks disheveled, decrepit, desperate. And as you approach, he says, hi, guys. I'm Neil. Will you please take a map? Please take one from me. Please, I'm begging you, take a map. Yeah, man, what's wrong with the map? No, I need to give out the maps. It's my piss. I feel terrible, I take a map. You take a map? OK. The map is, I mean, it's a map. It's a map. It's a big beat up. Is the map cursed or like haunted or something? It hasn't been updated in a while, I can tell. It's an older map. It still works, but it's definitely out of date. So the CNTF trail map documents a journey that may have been taken by enterprises that want to move into a more cloud-native ecosystem. An artifact from a time when you could still list all the CNTF projects on the same page, and it didn't look like an eye chart. But it's still useful these days, but yeah, it hasn't been updated in a little while. So you take the map, and you see the map leads you along, shows where you've been, and it shows that there is a beanstalk at the end, which eventually you come upon the beanstalk. As you approach, Sir David is again regaling you with various facts, but now this rare flower only appears within the moon of, and he just goes on and on and on. He just keeps going. And then he points up and says, hey, by the way, you can see goose droppings up there. They're like a quarter of a mile up in the air. You have no idea how he sees them. That doesn't. She hasn't got a contact. I don't have my contacts on yet. Can't see anything. That's legitimately true, by the way. So there is a beanstalk with obviously goose droppings and rare flowers on the ground. What are you going to do? How stable does this beanstalk look? I mean, it looks climbable. I mean, what if I bit it? Did that, like, bit it when it moved? Yeah, yeah, yeah, we just, like, gnaw it down. I gnaw it on the beanstalk. You get bean juice in your mouth. OK, I will climb the beanstalk for a quarter mile into the sky. It goes all the way up into the clouds. You're climbing for a while. As you start climbing, Sir David bids you a do and wanders off into the forest. OK, well, good riddance. So you're climbing for a while. You're hundreds of feet in the air. And the beans start getting a little bit slippery. Why don't you all go ahead and make deck saves? The DC is only 10. 9. Loll 14. OK. 1. OK, you fall on your face. You are fine. Give me your character sheet. You all watch as the JVM plummets to the ground in Wiley Coyote fashion. Moments later, as you are saying, hmm, what are we going to do about that? One of the beans opens up. And Jovam is inside. It takes a minute to stand back up. But he does so. And he's back there. I'll say it took a heap of work. It took a heap of work. Oh! Oh! Oh! Oh! Oh! Oh! Oh! Oh! Oh! Oh! OK. You've been redeployed. OK, so I failed the deck save. One of the features of a deployment is to ensure that components, pods, are always filling the desired state. And that includes restarting failed pods. So I'm back. So in doing so, you realize that this is now treacherous. And you remember that I don't remember which one of you. One of you has the goggles of Prometheus. Oh, yeah. Oh, yeah. So by using Prometheus to monitor important metrics and alert manager to push out messages based on the thresholds that you set, you do not need to inspect all of your deployments anymore. You don't have to keep an eye on them actively. You can let an alert manager do that for you. And get you a sweet pair of pit vipers. And with that alerting, you are able to successfully climb the beanstalk up into the fluffy white clouds. Shout out to pit vipers. This dog is not sponsored by pit vipers. This dog is not been sponsored by pit vipers. This dog's sponsored by Mountain Dew, if anything. You get to the top. And you find yourself on top of the clouds. They are spongy, downright elastic. What do you do when you get to the top of the clouds? I would like to treat them like a trampoline. I'm going to bounce and bounce and bounce and bounce. OK. Let me see your sheet. What's your passive perception? Oh, hmm. Yeah. OK, why don't you give me a roll? Give me a dectra roller. Well. OK. So as she is bouncing around on the clouds, you two look over and see her. Again, in a very cartoonish manner, look down, realize there is nothing below her, and then suddenly plummet to the ground, destroying the rare flowers that are at the bottom of the beanstalk. Sir David is unhappy with you. OK. This is Mary and Joseph people. All right. A lot of people make bad assumptions about the availability of cloud resources. I mean, it's just someone else's huge mega-available computer, right? So yes, cloud. The cloud is expansive. They're expansive, and they are typically elastic, growing and shrinking to fill your needs. But they are not infinite, and they are subject to the same failures as any other system. In this case, that means gravity is stupid. Yeah, Warlock, you are stupid. And also, it's bad for the environment, and it's bad for your wallet. You, the plural company's view. You want to kind of probably protect both of those. And definitely Sir David wants to protect those lovely plants that the stupid Warlock just destroyed. Can you rise me, though? Awesome. What's in it for me? A hug? You get redeployed. Me, guys. And also, your coin purse is a little bit lighter now, because that took resources. Well, that's a scam. Yeah, ain't it? However, while you're up here, you see there is only one place that the goose could have possibly gone. There is a castle in the middle of the cloud, something that you all know to be the domain of cloud giants. As you walk up, the main entrance is sealed shut. But you notice there is a side entrance that is open, waiting for you. You walk up to the side entrance, and the port color slams shut in front of you. Ahead of you, you see a basin, strange basin, filled with all sorts of cubes, cubes of all sorts of colors, shapes, sizes, and materials. One of them is 27 smaller colored cubes with a little bowler hat on it. You all have a passive perception above 10. Yeah. So you notice there is a large placard and three square indentations on the wall. It looks like this, lots of imprints of text over and above each other. And then you remember that you have the ability to read similar magic writings if you have the magic yamulet. Tearing up my own sheet, I can't handle it. I can't handle this. And it's a yamulet, because yamulet was way too hard to say repeatedly. Do you want to just leave? Kind of. Can you just quit? It's a pretty sweet potato. Oh, my god. That was made by my friend, Laura Santa Maria. So thank you to Laura for crocheting me a yamulet on short notice. Never saying it again after this talk. Oh, yeah. So as you put on the yamulet, you were able to see that there are additional indentations inside those three indentations, bits of text, and they line up with text that now appears on some of the cubes that are floating around in the basin. As you align them, and you realize pretty easily, oh, this one's going to go here. I played this. I'm not a child. You are able to find the cubes C, T, and L. I'm so sorry. That's gross. So the primary tool for many to interface with the Kubernetes cluster is kubectl, kubctl, kubectl, or kubectl. We all know it's kubectl. It's kubectl. kubectl. I don't know about that one. However, it's pronounced with proper authentication. It allows you to inspect and edit any of the objects in a cluster you have appropriate permissions for, kubectl. So as you look at the kubectl with the magic yamulet, it doesn't get any better the second time around. No, this gets more painful the longer we go on, actually. The indentations seem to recess a bit, and some magical tech starts to appear if my. There we go. There we go. Ah. Everyone, with me, one, two, three. Gross. Ah. God. And if any of you are able to read this language that was not meant for mortalize, then you can translate it into its essential meaning, which is speak, friend, and enter. Yes, we plagiarize. We use jokes. Come on, we're DMs. We don't write our own stuff. It's public domain now, isn't it? It's probably public domain. Yeah, it's public domain. So anyway. Oh, oops. Yeah, you skip in my exposition, man. So an ingress is one of the primary ways to define network access in Kubernetes. Ooh, there goes my speaker notes, allowing you to reach the inside of your application from the outside of your application, letting the internet touch your stuff. It does this through a series of rules that describe the access pathways and point to your Kubernetes services. And that's what we have here. So once you've made it through the gated ingress, you find a surface entrance. Oh. I'm going to hyperventilate. The surfaces of this entrance hallway are all well-carved, sculpted, and engraved. It's hard to tell what it's made of, though. It doesn't feel quite like stone. Strange. At first glance, everything here appears to be frozen in its current state. It's pristine, except for some goose droppings, you notice, heading off down the hallway. And you can hear some commotion coming from down the hall. We go down the hallway. We got to check out this goose poop, see what the kerfuffle is down there. We're running. We're moving fast. As you get there, you come upon a courtyard filled with what appears to be some sort of sculptor's workshop or factory. Inside, there are small, blue and white cobalts running everywhere. We'll call them cobalts. Are we out? Later, y'all. Wait, wait, there's more. There's more session. No, I'm never doing this with you again. That's fair. They're carrying all sorts of miscellaneous stone and ingots and all sorts of things all over to various parts of the workshop. Can I eat one? I mean, you have to get there first. As you step further into the workshop, you see a woman in a cage wearing a purple suit jacket just kind of dancing in the cage, kind of abusing herself. She's vibing, she's chilling. Purple, nice choice. Can I roll for a vibe check? Go ahead. 18. 12. Critical failure on the vibes. You don't feel it, but to you two, it just says, aw, yeah. And when she sees you, she waves you over. She says, hi, everybody, I'm Laverne. Hi, Laverne. I tried really hard to come up with an accent and failed. Laverne explains that she has been captured and she is here looking for her sister, Barbie. Like, one person's gonna get this joke. It's not us. Yeah, it ain't no idea what he's talking about. He sure says that it's funny. Just as we ensure you the rest of this is funny. So she explains that there are within her grasp a series of ingots. One might call them workloads that could be distributed among the workshop. And if you were to put them in the right places, which you can tell because there are statues and their faces match the images on the workloads. Okay. Told you they keep getting worse. Okay. That you could... Ah! Ah! Ah! Ah! Thank you. Thank you. Thank you. Thank you. All right, seven minutes, let's go. That was so silly. Depotting. I love it. I love it, okay. So if you were to match the images on the workloads to the correct statues that you could not only open her cage, but you could open the door up ahead, which apparently leads up and you can tell has goose prints in front of it. Okay, so I take one and I go put it in the thing. Okay, you take one of the workloads from her hands. The moment you do, like a record scratch, all the cobalates stop, turn at you, roll initiative. Yes, we're gonna do this Seven minutes left. Nine. Nine. No, six. The cobalates go first. I'm swinging the amulet around my head. Okay, the cobalates mob you and try to take the workloads out of your hands. You're gonna need to roll a contested athletics roll. Oh. Oh boy. You ready for this? Oh, Jesus. Nine. The cobalates got an 18. Oh yeah, I got another six. That is a six, yeah, done. Okay, they rip the workloads out of your hand. They're looking dignity. And then they walk over and stick them in a slot and then go back to what they were doing. Laverne says, oh yeah, I might've forgot to mention. You gotta label the workloads no cobalts or they will just take it right out of your hands. Well, you can just hold that. You could have let her do that. Do you not want out of this? I mean, I do, but I've been here a while. She doesn't. She was like vibing in there. She's good. She has a little chisel thing. Okay. So she'll hand you a chisel and a workload and allow you to do that. Okay, fine. We were labeling workloads. Okay. I don't really care about this lady. She clearly doesn't want out of there, but I do want through that door. Okay. You label the workloads. You are very easily able to find that the faces do in fact match up to statues. And with the three of you placing the handful of workloads in the right places, the door swings open. Going to the door. Okay, we go through the door. The cage opens and Laverne goes, thank you for the, you're already gone. We're gone. Five minute warning. Awesome. She's got us too. Thank you. As the door swings open, you see a man with a push broom and a sack come out, look around, realize there's nothing for him to clean up. And the cloud custodian goes back to where he was going to be going. Oh. Ha ha ha ha ha. Yep. Yeah. Once you get up to the top of the stairs, you find an upstairs area. It is mostly devoid of features, stretching and branching in various directions. Many of these hallways and services look exactly the same. It's difficult to tell one from another if you don't know them by name, but you do see the infamous goose trail up ahead. As you follow it, you pass a shrine to the God of Answers at CD. But you cannot commune with it because you do not have the Holy Certificate. Tragic. Ha ha ha ha. Horrible. Told you they were bad. Just past the shrine, you find a set of open doors, leads to an opulent bedroom. You can only surmise that this would be the home of one of the infamous cloud giants. You hear footsteps. You've heard tales of their magnificence, of their pinnacles of physical perfection, that they are the masters of magical arts, everything you aspire to be. I'm squealing wiggly. Equally parts, feared, on, and respected. They come in and you prepare yourself. Instead, you see this guy. He looks like a children's drawing. We're not artists. Clearly. And he introduces himself. He says, oh, hello there. That's the accent you went with. That's the one we're going for. That's the one we're going for. Hello there. I am Sir Russ, the Cloud Lord. I'm up here making sure it rains. What, it's important. You don't look impressed. Trust me, it's really important. What can I do for you? I don't get visitors up here very often. We are looking for a goose. With a bucket. A colorful goose with a bucket. It's been pooping every week. It's just like, really, we need to get the goose in a modium. It's a lot of poop. His cartoon eyes narrow. And he says, oh, the goose. It made its way through here. But it made off with my Holy Certificate so that I could commune with that CD. Now I can no longer. If you would retrieve it for me, I will show you where and I would surely shower you with riches. Riches. This Holy Certificate sounds like a key value that you need. It does. Just checking. I'm interested in riches. Two minutes till the end of this pain. As he points out the window, he shows you over there, you can see another harbor in the shadow of Mount Geat over in the Duchy of Devops. No, you did not call it the Duchy of Devops. You did not say that. I did. And that is where we will end because it leads you onto your next mission. Further on, the Wild Goose Chase. We have to give a lot of thanks to Heroforge for letting me make those awesome figurines in the beginning. Those were super cool. And to Unsplash for allowing me to pull in tons of pictures, most of which were from the Palace of Versailles. Go figure. Laura Sanamaria for knitting the amulet or crocheting the amulet on the flight here. Yeah. We also want to thank the tech industry for the amount of trauma that has allowed us to make such terrible jokes. And also thanks to all of you for coming and attending such a silly, silly talk. It was actually super fun to work on this. Huge shout out to Noah. Exactly. Massage out to Noah. This was pulled to Noah's weight list and he took this on and just ran with it. And yeah. And big ups to whoever decided to pull this off of the weight list. Yeah. Yeah. Thanks everyone. I don't really think we have a lot of time for questions and I think the only question would probably be why, but if you have questions, we'll be really around. If you really like this talk, please scan the QR code and leave us feedback. And if you didn't like the talk, the doors are back there. Yeah. Don't tell anybody you hated it. We're out. Thanks everybody. Thanks everybody.