 Hello, hello, everyone. This is another episode from cert magic. This time it's not with Siam. It's with me, Wadi Chari. Thank you for coming. And as usual, we start with reminding all of us about the Cloud Foundation Code of Conduct. Simply said, let's respect everyone, respect each other in questions and in chat. So it's basically all about respect and treating each other as we would like to be treated. Cert magic is like my weekly show. It's usually Siam invites a guest. He's, I hope, Siam having a relax or a good time. These things, let's second. My camera was not positioned correctly. OK. So this is the seventh episode. Siam and his guest covered what his certifications, what you need to go for a certification or not, troubleshooting, workload and scheduling, among other things. Today, I'm thinking that maybe we should cover something that is common between the three certifications. First of all, who am I? My name is Wadi Chari. This is my Twitter handle, my LinkedIn handle, and my GitHub rebel. I have two GitHub rebels, one for CKA and one for CKS. I work as an analytics infrastructure support engineer in a large energy company. Before being interested in cloud native, I was basically administering HPC links clusters. Some of them are from the top 500. I'm passionate about configuration management, infrastructure as code, and now I'm very passionate about software as code, as Justin Garrison and Chris Nova debate the need for software as code as in Kubernetes and cluster APIs. I'm advocating for open source automation, infrastructure, containers, and CNCF. I'm leading an AWS Meetup and Docker Meetup in the local region. OK, so my main topic I was going to give today actually was workload and scheduling, and then I found that it's already covered. So what I was thinking, I was thinking of looking at the CKS curriculum, CKAD curriculum, and CKA curriculum, and finding something similar, something that is in common. And there is lots of commonality. You will find out that there is lots of commonality. Before I start going on the certifications and things like this, let's get some news. Let's get some news out. If you want to chat, if you want to ask me questions or anything, please do. Let me check. How can I check this? OK, hi. Yes, I can see Yufi Alam. Oh, so I am. So I'm here. So I mean, come on, man. Take over. OK, so I thought you were relaxing. I mean, come on. Either relax or take over. So we have some guests. So keep them coming. Tell us where you are from. And why you love cloud-native TV. So let's, before that, we go into the main topic. Let's do some news. I would love to do some news. So there was an article. And me and Syam participated in it. OK, we were interviewed with other guests. And this article is for reasons to get companies certified and for reasons not to. So if you are wondering, should you take the certification or shouldn't? Will it affect your salary? Will it affect your job promotions, and meriting grises, and stuff like this? What do I gain from doing certification? This is a good article to read. OK, Scott Carey is the UK group editor for IDG. He just wrote recently another hot article about the failing of Docker, this one. How Docker broken half. If you want to read this, please read the tweets from Solomon Haik to put this into context. Now, other news regarding certification. There is new updates to the CKAD 2021. This will be coming September 28. That means any exam after September 28 will be in the new format. And as you see, the new format looks much simpler. But there are new topics, like understanding ABA debriations. There is admission control. What else did I see? There is the CRDs and understanding authentication authorization and admission control. OK, these are not really scary. Actually, they are very nice. And understanding security context, service account, which we might cover in this episode. OK, talking about authentication authorization and admission control, this reminds me of a good article from our friends at Stack Rocks. They have lots of good white papers. They are very simple and easy to read. One of them is about this new subject that is covered in the CKAD. And this is admission control. What are admission control? Like limit ranges and mutating webhook and validating webhook. So this is a good read. It's only 12 pages. I mean, it's less than 12 pages of you, the cover, and the briefing, and whatever. So this is one from Stack Rocks, Guide Kubernetes Admission Control. I recommend it highly for the new CKAD exam if you would like to learn more about admission controllers. GA, EKS Anywhere, which is a new Kubernetes distribution from AWS. It's open source. You don't have to be an AWS customer. Just became GA. What does that mean? That means, basically, as Justin Garrison would sit, he has a tweet here. And as he would sit, that's a Kubernetes distribution. You can run on Brem. Currently, it uses cluster ABI. And it has certain providers, like lockup provider, kind provider. But the current reduction provider, I believe it's vSphere. But things will come. And it's supported by lots of part of it, like Susie Rancher. So they have support for it and stuff like that. So there is Twitter space. And there is a webcast. So look out for this. And look out for Justin Garrison tweets. Steve, Steve Gaghera, and Michael Forster, and Andy Martin. They just actually were streaming or finished streaming. This is a new webcast targeted towards security. I recommend it highly because it's very diverse in terms of topics. And it's very easy to grab security from these two guys, and especially from Andy Martin, who was the guest today. Another thing about security that could be nice for the CKS, there is this article from Frederick Fernando. It's actually an old article, but I just saw it recently, an introduction to Kubernetes security using Qualco. I'll put the links later on on a tweet or a blog or something. And I'll share it with you. OK, we have no questions. That's good. So cert magic, we will cover the configuration, as we said. Tips for any exam, you need to be ready. And that means practice, practice, practice. You need to get familiar with Kubernetes concepts, with Kubernetes tasks, and with the Kubernetes kubectl cheat sheet. These are the main three categories in the Kubernetes documentation, kubectl.io, that you have to be familiar with. Of course, the kubectl commands and how to optimize your kubectl, that would be nice. But if you cover the concept, the task, and the kubectl cheat sheet, I think you cover 30% to 40% of your exam. OK. Now, there is a nice GitHub rebel from DGA, Cantasios, which is Dimitris, Dimitris Ilyas, Dimitris Ilyas, and Stasios. Sorry, Dimitri. With CKD exercises, we'll try to do some. I haven't checked them yet, actually. But let's help to do some. Now, coming back, so this is the cheat sheet. Make sure that you, and you can see that I highlighted the, this is the first thing you need to do. I don't think you need to do it anymore in the exam. You will see that you have auto completion by default. You might need to do the alias. But on the new exam format, there is lots of things that have been enhanced. OK, config map. That's what we're going to study today, basically the concept of configuration. Why do we need configuration? And why did I select this subject after I found out that SAM has already done the workload and scheduling subject? Two reasons. One reasons. This week have been hectic week. And some of the issues for onboarding users was how do I share data with other services? So I am doing a deployment. I have several bots. And I want to share data among these bots. I need NFS read, write, and many. No, you don't. You can share data using config maps if it's sensitive data. Usually use it as a secret. And when we say secrets, it's not because they are encrypted, but because they have several controls that you can control access to them. So you can allow only access from KubeNet. You can do rolls and roll our backs and stuff like that, which hopefully we can cover a little bit. So this is what we're going to do, config map and secrets and how to manage these from bots and deployments. And we might cover security context if there is time. And I want to show you just an example. If you go here, there should be, if I do config map, yes. So that's what I was saying about the task. You should find the tasks that are relevant to your certification and try to go over them. Most of the time, they're going to a CataCoda scenario, which is actually good. OK. For security context, I will point you also to my friend, Eric Smolling and Matt Jarvis. Think of it as security context. He has also videos coming to this. But this is a sheet sheet for security context. And it's very important for your CKAD exam and CKS exam. OK. I think we are done with the introductions and stuff like this. Any questions? No questions? That's fine. Let's go. OK. So the first thing we need is a cluster. You can use Siebel, or you can use CataCoda, or you can use whatever cluster you want. When it comes to CKAD, it's much more relaxed. But still, make sure that you are in the same cluster, ABI, just in case, as the exam. So now we have 122. So basically, make sure that you are in version 121. This is something that you need to make sure. Just in case, one of the topics for CKAD depreciation is that you need to know about ABI depreciations. Like what? Like pod security policy. It's going to depreciate by 125. So it's still time. However, if there is an ABI that is related to the exam, you might need to be on the right documentation so that you don't make any mistakes when referring to the ABI. How do I know which ABIs are available for me? And how do I know which Kubernetes version is the Kubernetes version that I am using? OK. So basically, I have already the alias. So OK. Yes, I have the alias. So I say get bots. I have bots. Let's delete these bots. OK. I have issue with the auto completion. And this issue is usually because the auto completion is not auto sourced. I'll source it. OK. Delete bots minus all so that we start clean. OK. Now, I want to know the version. So I am version 120, which is this is the client. So that's fine. The client can be one version below or one version higher. So that's fine. It's better to be on the same version as the control plane, the ABI server. However, if you are one version, if the minor is one version lower or higher, that's fine. The server is 121, which is the exam, which is the current exam. How do I know this? If you go to the exam curriculum and you'll find that it's pointing to this version right now. OK. So this is the exam, the My Setup. OK. How many nodes? Now, one thing of the exam that most of the exam covers is explorations, especially the CKA and CKAD. Do you know how to get your bots? Do you know how to get your nodes? Do you know what IB addresses they are using? Do you know which one is highly utilized, or memory-wise, or something like this? Can you explore? Do you know your environment? So K get nodes. I have one node, and it's running version 121. It has been running for the last 15 hours. And it uses the new lingo, control plane, and the old lingo master. And this will be later removed. It will go gradually. OK. Now, what do I need to know? We are talking about ABI. How do I know my ABIs? And why do I need to know my ABIs? OK, ABI resources, oh, sorry, typo. And you'll see basically the ABI resources that are supported by your cluster configuration. OK. So you see the name of the ABI resource. If it has a short name or not, which ABI version? That's the one you put in your manifest. And is it names-based or cluster-scoped? And what kind is it? OK. Now, for the new exam, we said the new exam CKAD will be talking about authentication, authorization, and admission controls. Let's find what resources we have for admission. OK. So by default, if I don't install what we call operators, an operator is basically data definition, which is called CRD, cluster resource definition, and the controller. And they will add more ABI object. They will add more Kubernetes object that looks as first class. They will be able to see them here. But if I don't add by default, I will see that I have mutating webhook configuration and I have validating webhook configuration. So this is how basically if I, most likely, what you will have in the exam, I keep, so most likely what I don't think they will ask you to set up or to configure an admission controller, because this is more like a CKA or CKS topic. OK. But most likely, they will ask you to discover and to find the configuration of an instance of it. So how do you find the, where is my terminal? Yes. So I have to, for example, do I have any running mutating webhooks? So I do K get based mutating webhooks. I have nothing. And check validating webhooks. I have nothing. So validating and mutating webhooks has to do with authorization. OK. So there is authorization, authentication, and basically webhooks. And the mutating webhook, if you want, for example, to enforce a policy, you put it there. So if it's not included in the deployment, it will include some objects or attributes to the deployment. Like, for example, it will add security context or something like this, or it will enforce the number of replicas. And the validating webhook, then it will validate whatever is final output of the deployment is correct. Anyway, we are jumping fast. Let's go to our main topic. And we have two ways to, we can do it. Let's start from the, OK, let's start from Dmitris website. So he says configuration and current exam, it's 18%. Let's see on the other exam, on the new exam. So in the new exam, it's not clear, OK? It's not clear how, but basically define, build, modify container images. That means something also related to how to, the best practices of building a container image, such as using the user directive. And when to use add versus copy, when to use entry point versus command and stuff like that. OK, here, we have in this application environment configuration and security, we have understand config map, create consume secrets, understand service account, understand security account. So it is mixed with the CRD. And I showed you that the CRD is not something that you need to be afraid of. The authentication authorization and mission control, we mentioned the article or the white paper from Stack Rocks. And if I go, there is a very famous, this is from Kubernetes.io. So when you do a QB, ABI request, like you are running a QCtrl, get nodes. So this will send a restful call, will send an ABI request to the ABI server. Yes, the ABI server will do certain tasks. It will check basically, are you authenticated? If you are authenticated, what can you do? If this is done, then it will go to the mutating admission. And the mutating admission will call webhooks. This could be internal in the cluster or it could be external. And they will enforce a certain policy. After this, basically, it will come to the object schema validation. And again, this could be internal to the cluster or external. And if everything is fine, the object will resist an HED and the controller will work on it later. So this is the section of the CRDs. You don't need to be worried about it. Most likely, it will be the exploratory bar. I don't take my word for it, but think about it. What can they ask you about it? Understand and define resource requirements limits and quota. So limit range is an admission control. So maybe you need to set limit range. Or maybe you need to set a quota for the namespace. Let's go. First question. Create a config map named config with values foo, la, la, foo, to, lo, lo. So that should be easy. He wants us to create. So cube control, create. Do I have config map? Yes, I have config map. And always I can use help. So here, help, cube control, create config map. I need to name it. I need to give it a name. And in this case, these are from file. But in the question, it was not from file. It was from a literal. So I can say cube control, create config map, and from literal. So I can create a config map from literal, from a file, and from a directory. From literal is basically key and value. So what the question was asking, asking key equal value, foo equal la, la, la, or whatever. So this is the first literal. And if I have more than one literal, I just keep a bending from literal again. And the second one, foo, to, lo, lo. OK, let's do this. OK, now, this is imperative. And the way forward, if you really want to learn and do this during, in your job later on, you need to do dry run so that this one doesn't actually resist on HCD. And you need to present the yaml output. Exactly one name. We didn't. So what's the mistake? And that's another thing, which is good, actually. If you make mistake, this is good as long as you learn from them. So what's my mistake here? Cube control, create config map. I didn't give it a name. So we need to give it a name. Did he say what name we should use? Create a config map named config, which is really a bad name. OK, so I create a config map named config. OK, now that's D. So you see ABI version of V1. V1 means the ABI core group. So there are other named group, like app. And now the data is full equal to a key value. What kind of object? What kind of Kubernetes object is this? It's a config map. So if I do again my ABI resources, grep config, you can see that there is config map. I can actually use a shorthand, cm. And it is in the core group. So this is another way to, if you are confused about which version the ABI, especially in something that is, you see here, for example, this is V1, beta 1. This has not graduated yet to GA. So this is, so basically it starts with alpha, then beta. Then either it gets deprecated or it gets promoted. So if it's promoted, it becomes GA. It will become like this V1. So there is a life cycle for the ABI. And sometimes the technical detail changes. So this is the first question. Now what I can do? I can resist it in a file. Let's call this file tconfig.yaml, which is a really bad name. What I can do, especially in production, I can use like a prefix or both that tells me what type of object is this. And I actually use t in the exam so that basically I can validate the output while writing to the file in the same time. I want to optimize my time. Time management is a must. OK, there is no use if. Thanks for the insight. Thank you, use it. Keep it coming, guys, folks. Now I don't want to, I will not apply this one. And I will tell you why. So usually you should apply the config map or the secret before you use them in a deployment or a bot or any other object, demon set or whatever. But one thing while you're learning RACC for the exam, try to do things out of order. Try to do things differently. What happens if I change the ABI version to something else? What error will I get? What happens if I do this before that? What error do I get? So basically try to experiment, try to play around. And my camera keeps moving. OK, let's see the other question. Display its values. Yes, show. OK, let's see what his solution. Keep control, create config map. Yes, yes, exactly. Display its value. OK, he wants us to apply it. Let's apply it. So to apply it, you have two choices. You can do create or apply. I love apply because basically it can be partial if it's you are changing something that is already exist. OK, config map created. If I do K get CM, I can see that there are other configurations map before me. One is from me, actually. Let me delete it. OK, delete CM back end config. OK, now if I do K describe CM config, I will see that the configuration map is called config. It's in the namespace default. And this is very important. In the exam, most likely you will not implement things on default. Most likely you need to implement things on a different namespaces. So this command will be wrong in the exam. It's missing the minus n. It's missing the minus n namespace. So make sure that always you have a system that you always put, for example, namespace before, or after your commands or at the end of your commands. If you put it before so that it will be flexible, you can say, for example, apply now minus f again if you have changed the config map. Let's say that you have changed the config map. What was the name of it? Default, apply, yes. So K minus n default, apply minus f CM dash config dot yaml. Yes, and it's configured again. OK, now let's go to the second question. Now what's the difference between config map and secret? I said secret. You have more access control over it. Display its value. You can do kubectl get CM config minus oyaml, or you just can describe. I think describe works better. Create and display config map from a file. Now that's the other case. So he's inserting a key value in a file. So he's inserting foo3 equal lily and another key value into a file, config dot text. If I cat config dot text, you see that he's using the i and i format. So it's equal instead of colon. The key and value are equals instead of colon. Now it's the same thing. If I go back to the command, so it's the same thing, but instead of from literal, this time what we do? This time we do from file. And we don't forget the namespace. OK, if there is a namespace, we don't forget the namespace. And we don't forget the name. The name has to be exactly as the question is asking us. Create and display config map from file. Create the file with whatever. Create and display config map. OK, he doesn't say the name. Config map too. OK, that's very innovative. OK, let's call this too from file. From file, and I have to give it a file. So the file was config dot text from file, unknown flag. Queue control create config map, config map too. And let's use the shortcut this time. Create cm config map to from file. OK. And it actually give me the ML shortcut when you have different values, when you have multi-line. So you have foo3 equal lily, and foo4 equal whatever. And you see the data is clever enough to know that the file is called config dot text. Let's say that the, and he wants you to read it from a file. But when you save it, you call it a different file name. My keys, let's see. He's asking you to, that the file name should be my keys. Yeah, so you can actually put it here. You can say from file, but you change the file inside your YAML. You say, look, I know that I'm reading file called config dot text, but I don't want it config dot text in my manifest. I want it to be my keys. Yes. So, and now if you can see, it's called under data, under the data section, it's called my keys. OK. And now we can apply that. Could be a control minus n, the name space default apply minus f and the name of the manifest. And this is applied. Now if we do k describe cm, control shift v, what was it called? Config map 2. So we have this whatever. So let's jump, because this is really easy. Let's jump to create and display config map from an n file. So basically here he's doing the same thing, key equal value, and then slash n for a new line. And he's putting a comment, then another key equal value, and putting another comment. OK. So config map from m file. So yeah, OK. So this is like he's assuming that the files are not key value, he's assuming that the file represents an environment file, which is the same format as the file. And then basically creating it's the same concept. Create and display config map file, giving the key special. So this is what we did. So from file, and you can change the name of the file. That's what we did. OK. OK. So as you can see, config maps are really easy. What's this one? From a literal, OK. OK, now we want to run a BOD. OK. Now we want to run a BOD. Let's do this one. And we want to associate it. I need to change my seat. This camera doesn't want me, basically. OK, let's run a BOD. So we run a BOD. The BOD using image engine x. We start never and try client. So this will produce a BOD manifest. OK, creation timestamp. It's fine. I have a label as part of the metadata. I'm using container engine x with the name engine x. It's not using any resources. And then it's the NSBOD C cluster first, which is the default restart policy never, which we specified so that we can get a BOD. That's fine. If I run this BOD, is there a way that I can associate it with a config map? Because one, so what are config maps? So config maps are a way to share data. They are centralized on the namespace. So when I do K get cm, I can see the config maps. If I do K get secrets, which act as a config maps, I can see the secret. And the secret here is a secret for the service account. So I have a default service account by default. If I do K get sa, which is a short for service account, I will see by default I have a service account. In other companies' distribution, you might have many. For example, in OpenShift, you have default, build, deploy, and something else. Here, we have one, which we are not, if we are doing our own application, it's not recommended to use the default one. It's recommended to use your own. You create a specific one for the application and you assign it the required minimum permissions, minimum roles, and the role bindings. OK, so this secret, default token, is actually the token for this service account. And it gets created by default when you create a new service account. So if I create a service account, and it's very easy to create a service account, I just say K create service account, myab sa. So K get sa, K get a service account, I have a service account. K get secrets. Guess what? Kubernetes created for me another secret for this new service account. OK, if I say K describe secret, and this secret, I always make this describe. OK, I will see that this is a secret with this name. It's in the default name space. It doesn't have labels. It's good to have labels if you can, but labels, it's good. It has a notation. Basically, the notation shows which service account name is associated with it. And the user ID for this service account. OK, and what type? It is Kubernetes.io service account token. Now the data is basically using seven bind, and there is a token. Now this token is encoded in base 64. So if you really need to use this token, like, for example, authorization bearer or something, you need to decode it. OK, so you decode it using the base 64 minus decomment. And you can see now that this is the secret. It's using algorithm RS256. And then basically, this is the token. OK, now what I want, so now I have secret. I have configuration config maps, and I have a bot. But the bot, I want to use the data inside the config map. How can I do this? There is another command. You can do it by going to the documentation and finding how you define a config, an environment variable, or how you mount the config map as a volume inside the bot. Or you use set, cube control set. If you use cube control set, you can see that you can set environment variable on a bot template. So let's say, cube control set M and see the help. Let me check if there is any questions. Because I'm going, I think, really slow. OK, there is no questions. That's good. OK, so I can see example. I can see set M deployment. All container C1, M equal whatever. This basically remove the environment. Now, I want something like this, cube control set M from secret, my secret deployment app. OK, let's try this one. But before K gets Cm, K get bot. And now I want to bind the bot to the Cm. So cube control set M from, it's not from a secret. It's from config map. And the name is, let's say, config map 2. OK. And where I want to set it in the bot, that's actually, the bot is not immutable. I don't think this would work. But let's try it. Yes. So you see, it gives me an error. Why? Because the bot object is immutable. The only thing you can change in a bot object is the image name or the image tag. So it comes back. It tried to change the bot. But then it said, fail to batch and update to bot template. Bot engine X is invalid. Forbidden. Updates may not change fields other than spec.containers.image. You cannot, yes. So we need the deployment. Let's go back to the run command. And instead of run, let's create deployment. Engine X, depth. Image Engine X, remove the restart never. This should be deploy. Cat deployment. YAML. OK, I have a deployment. Let's apply it. Let's check the bots. OK, I have a deployment that is coming up. Now let's change our environment. So instead of bot deployment, deployment, I can. Deployment, basically, because the way deployment works, I can change it. So what's the deployment is this? This is the Engine X depth. Control copy V was not found. Ah, sorry, this is the bot. So I need the name of the deployment. OK, now if actually, if I edit or describe my deployment, I will see this deploy. So let's see. So this is an easy way. If you don't remember how to define environment inside a container or inside the bot, this is an easy command that will do it for you. And why I like this command? Because basically, it follows the best practices convention for environment variable. So you see that my keys, the environment variable, I used key, my keys, which is a small letter, which is not how you define environment variables. Environment variable should be capital and should be separated by an underscore. So you can see that it created an environment variable. OK, and let's get bots. And if we exec into this bot to double check, and we say dash dash, and the command we want is environment, and we grab minus i for my. And we see that my keys has full dot lily. Let's shell, sorry, this is h, m. OK, so I have my keys equal full dot lily, and I have full four equal lily. Now, this is strange, this one. Let me double check why. LS, catcmconfig2.yaml, my keys, full three equal lily. Here it's OK. Here it's not OK. The other one is OK. So OK, I guess that's how the set works. It needs to be, I think it needs, we need another option. OK, anyway, what the time is, we are 15 minutes to the hour. Please ask your questions if you have any. OK, let's go back. So basically what we have showed, I have showed that I can create, of course, I cannot create a bot. I need to create a deployment. And if I create a deployment, and I want to associate it with the config map, I can do it with using the command kubectl set, OK? Now let's go to the last one, create a config map, another one with values, load this config map as environment variable into an engine export. So it will be the same. However, in this one, you might need to use kubectl explain. And this is another tool that you need to master for the exam and also for production. If you say kubectl explain bot, OK, you'll see that for me to define a bot, I need an ABI version, I need kind, and I need metadata, and then spec and status. Now to define an environment, most likely it is under spec. So I drill down under spec and see under spec, what can I see when it comes to environment variable? So basically I need what? I need, OK, let's do, it's too noisy. Let's do a recursive so that we can see the key straight away. And there is a lot, OK? Maybe this is the wrong example to use spec. So basically this would be spec, OK. So we know this is spec.container, OK? Actually, this is a case where actually going through the document is better, unless you are looking for something that is not, yeah. So you see here, under container, I have arguments. If I want to pass arguments to the container command, or command if I want to override the command that is used in the container, and I have M. And if I use M, I need to name the environment variable where the value, and I give it a value, or I get value from. I can get the value from a config map, and I can say config map key reference, and I have to specify the name of the config map and which key I'm looking inside the config map, which key I'm looking for inside the config map. And there are other things that I can do. I can get the environment variable from a secret. And this, in this case, I use the secret key reference. Or I can do environment from, which is better than M, because this will comply with the environment variable naming. That is, it will be capital letter and words separated by an underscore, OK. So this is one good website. I mean, we didn't cover a lot. But this is one website if you are going to do the CKD. This is exercises for the CKD. And it has been updated like 29 days ago, 27, 21. It is quite up to date, OK. And hopefully that it will get updated with the new exam format, OK. Now, what was the command to list all those options, OK. Yes, so this is Mr. If I can get my cursor, JmRaisha. The command was kubectl explain, OK. kubectl explain. And don't explore it before the exam, as you see now. So basically, OK, let's select something else. Let's select IBI resources. Let's say that in the exam that they are asking you to do something for an IBI resource that is traffic. And you haven't really played with traffic before, OK. So you say kubectl explain. And you put the object, oh, sorry. Yes, you put the object name. Bud deployment, any IBI resource, services, whatever, OK. And it will tell you, OK, in this case, there is not much. There is the kind, version description. And this one doesn't really have an explain. Let's do service. Let's do service. kubectl explain service, OK. And it tells you that basically service, if you need a manifest for service, you need to specify kind. And the kind is service. And the IBI version is v1, OK. And you have to have a metadata. And if you are wondering what kind of metadata I need for a service, you can say service, metadata. And it will tell you what kind of metadata you have. You can have name, you can have name space, your honor reference, resource version, self-link, UID. If you want them without explanation, but you want all of them, you can say recursive, OK. So this will show you all the metadata you can have. You can have annotation. You can have cluster name, creation timestamp. All these are possible metadata fields. But no, I'm not interested in the metadata. I'm interested in the scope, OK. So you can do the, sorry, not scope, spec, OK. The camera is behaving now. So in the spec, I have all of this. But I am interested on time. What are the different service type? And actually, this is like an interview question, OK. People know just cluster IB and no node board. And so cluster type, you have cluster IB. You have, OK, it doesn't say external. OK, you have the load balancer. Yeah, external name. So, yes, OK, OK. Any other question? I mean, the bad news that Sayam is not here. Otherwise, he would have given you a discount already. Do you use AWS, Jay Maraika? Do you use, do you use Public Cloud? Do you use AWS? Let me know if you use AWS, OK. OK. So, I don't know who's going to be delivering the next webcast. But as we said in the beginning, there is something coming up. There is something coming up in October, I guess, OK. So basically, try, so I don't have discounts for CKACKDCKS, but I have AWS vouchers. Connect me and I'll give you a voucher. Yes, we like people that are asking and interacting with us in Cloud Native TV. And you have one $25 voucher. So just connect me, contact me on Twitter or LinkedIn by smoke signals, whatever, OK. And you'll get your voucher. And thank you for asking and thank you for your time here. OK. Now, let's make sure that you register for a KubeCon. And then in KubeCon, there is a security day in the day zero. And there will be captured the flag. So make sure that you register. And it will not be difficult. But it will be very educational, OK. If there is no more questions, let's see. Is there any more questions? What's my Twitter? Yes, let's just second. I write it down. You can see it on. Oh, you don't see it? Just second. OK. OK, it's at. Well, you carry. OK, good. You got it. Thank you. Haman, Tashkota. Thank you, Haman. Heman, Tashkota. Thank you. OK. OK, what else do you need to say regarding? OK, let's go back to the new exam. Debugging and Kubernetes. There is a very nice article about debugging applications in Kubernetes from Kate's learning. It covers most of the case. But how do you do debugging? So basically, first of all, try to fail during your practices. Second, use kube control describe. OK, let's do this. kube control describe. I don't think we have time. And kube control logs for the bot. Yeah, so it's basically kube control get events. kube control describe, kube control get events. From these three, you can really tell what the issue is. But sometimes you will know what the issue is, but you don't know how to resolve it. So this is how you practice, and you try to break things while you practice so that you get accustomed to what issues we have. Let's, OK, I think I need to finish because there might be another show after that. So thank you all for attending. And I hope we learned something today. If you have any questions or if you want to pursue, if you have any questions regarding certifications, regarding Kubernetes, regarding anything that I can answer or I can forward to somebody who can answer, let me know. Thank you very much, and keep watching Cloud Native TV. There is lots of resources, and there is lots of awesome people that are presenting. Hopefully I joined this crowd. Thank you, thank you all. Yes, the capture of the flag will be really nice. OK, thank you. Bye-bye.