 Hey everybody, good afternoon. This is Duffy Cooley coming at you with this week in cloud native episode 3 I'm glad you're here, and I'm really excited about this next episode So Let's dig into it see what's happening this week If you're here on the chat go ahead and say hello I'd love to I'd love to you know see it here Every week as we're going through this process So I'd love to know that you're here the only way I know that's happening is if you're in the chat So if you're here check in Love to see folks showing up here Alright, the next thing I have for you today is this page Which is kind of our weekly thing where we're going to keep I'm keeping notes on On stuff that is exciting that happens during the week or during the last two weeks In cloud native space and if there's anything that you would like me to cover You can always just go to hackMD.io Slash at TWICN this week in cloud native and put it in a note for me And I'll read it to you live on screen and that's my plan for every week So if that's so if you see anything that's interesting You could either just shout out to me on Twitter or you can put it in the hackMD notes And I will cover it every week in this episode For this week's update Wanted to talk about what's coming Let's see here We have one of the changes that I saw on YouTube which I was pretty excited about was this one here where we have Playlists and there are playlists for every show and so if you want if you missed your episode with Siam or with Maddie or Leo Leonardo or any of these other folks You can go ahead and just either subscribe directly to that playlist or you can go back and watch what watch the Episode that happened while you were away, but each of the channels seems to have their own playlist associated there and that's pretty exciting So there's new content every day of the week This week Tim banks was hosting Sydney Miller One of the just incredibly awesome people in tech and this is talking about Sydney's journey into tech and how She's helping others kind of along that same path Sydney works at Equinix metal and it was really a I think it's a pretty good episode that happened earlier today Check that one out cloud native Latinx with Leonardo Mario all about the community will have best guests from various Latin American countries showing challenges opportunities and Value in building a community in Latin America. Come check it out CNCF face-off is kind of a game show hosted by Maddie and if you're interested in you know, kind of participating in that it should be super fun and Matt Stratton will be hosting it if you want to be a part of it You can actually just follow this link and it will take you to a form Where you can pick your team what you want to what you want that team to be called all that good stuff and And then participate in the show and so I think that'll really be fun Like I said, Siam's doing certs magic all about the different certified Kubernetes Certifications we have spotlight live with Dan pop. We have LGTM with raw code He just did one on Prometheus was really fun kind of giving from idea to commit on that hundred days with a nice unease and Cognitive classroom with cat Costco. I think she just did a Thanos I remember correctly and then fields tested with Kassel in so definitely check those shows out They're happening right here on cloud native TV feel please subscribe to this show if you I mean to this channel on twitch You should see a subscribe button down around there somewhere and go ahead and click that button get notified Whenever we're online, they'll always be something interesting happening In the Kubernetes space one of the exciting announcements is that this early bird pricing which is about $650 off of the onsite pricing and $200 off the standard pricing is ending July 4th So if you want to get that pricing get it done now You can save a bunch of money Either as a corporate or an individual you can save, you know, not quite as much money But you can definitely save a bunch of money. So definitely check that one out So July 5th the sale ends July 5th So definitely want to make that happen one of the other commits I saw happen in the Kubernetes community this week, which I thought was pretty exciting to me Anyway was the QBADM now runs as not root And this is part of a cap, but let's take a look at the commit. It's kind of an exciting commit So this is actually The cap right here So a bunch of work by Vinay And what this represents is a change in the way that we operate the static pod manifests and other things run by QBADM In such a way that they are significantly more secure They're running as not root all of the capabilities have been dropped other than the ones that are necessary for that application to run And if you're interested in this work or you want to kind of read through what's happened or what the changes are Definitely check these issues out I Was thinking about for our playtime. I would kind of explore rootless QBADM, but I don't think I'm I don't think I quite have the right setup for that today So I'm probably going to explore something else in that space, but maybe not that But maybe on the next episode if I have a little bit more time to set up I might set that one up because I'm actually kind of interested in seeing how that's going like it should be a really fun one So rootless QBADM that means like your control plane your scheduler your Cube proxy all of those components running rootless and as a user that is not root And that way if for some if by some chance somebody were to exploit one of those control plane components Inside of your cluster. They wouldn't be able to actually take over the cluster, which is actually pretty cool Hey, we got people check it in. Let's see who these folks are You got some omie Hello, good to see you. What was kind doing when running QBADM before? Ah It in kind project actually in my in my playtime. I'm going to show that but the way that kind was doing it was Leveraging Just regular QBADM inside of a root container so kind in itself Under no circumstances is to be considered like secure, right because like you're running privileged containers on your host That have that have significant privilege Otherwise, we wouldn't be able to like stand up containers and that sort of stuff now There is some change Happening inside of the kind project that would enable rootless mode in fact I've seen one of the heroes of rootless one of the heroes no pun intended of rootless mode In the project working on just exactly that like a hero has been working on implementing rootless Rootless kind so that'll be kind of exciting and I imagine this work kind of overlaps or at least relates but I haven't looked at it too closely yet Pretty exciting stuff But yeah later on I'm gonna actually show like pulling the commit that is Interview and then showing how to build that commit and then showing how to Run that commit in kind so we'll we'll take a look at how it's working in just a minute One of the podcast this week was Kubernetes podcast 152 with Craig box talking about SRE for everyone else If you haven't checked out the Kubernetes podcast is probably worth checking out It's a pretty decent podcast. They've always got some really good stuff happening inside of that space and then also The recent TGIK TGIK 158 was hosted by Nadir and Jason did a deed Tiberus Who are good friends of mine who I worked with at core OS or sorry ad hefty Oh, and they did a whole episode on cluster API with tinkerbell So if you're interested in tinkerbell or cluster API or how you mash these words together Definitely check out that episode. It's TGIK 158 Now one of the things I wanted to share with you is that a lot of the information that I get for the news every week I get from here right and doesn't have to get more information from you all as well but what I get what what I normally get my news from is things like Cube Weekly, which is a newsletter put together by my fellow ambassadors and They gather things like headlines what's happening inside of the you know The CNCF programs that are coming this week. We got a great question by Emily Fox talking about the security tag working on a serverless security paper, which will be a really interesting one We have some technical papers Handling off an EKS clusters running HA proxy Kubernetes ingress controller outside of your Kubernetes cluster how to build a helm plug-in in minutes and Avoiding Kubernetes cluster outages with synthetic monitoring. I haven't looked at that one yet That looks pretty interesting But there's a bunch of different really great articles including this one Which I also thought about playing with how to monitor Kubernetes costs with lens IDE if you haven't heard about the lens IDE It's another open source IDE for Kubernetes And it's actually pretty cool So Justin reminding us all that if you're going to be at the participant at the contributor summit or you're going to Come to Los Angeles to be a part of KubeCon and you want to go to Disneyland as part of that trip You should definitely join all of us together going to Disneyland and we called it QB You call it QB land we did this back in San Diego before the pandemic and it was really a lot of fun But definitely, you know, if that's something that's interesting to you check that out He's got a form to add yourself And there's no discounts or anything but like it's a great way of like, you know Hanging out with folks in the community in a place that is totally unrelated to Kubernetes And then we have the s s the editorial articles Here's one that I pulled out which was a Craig Craig box talking to Steve McGee talking about SRE for everyone else I thought that was a really good one another article on CKA and CKAD certification Get ups for RabbitMQ with Alexis Richardson. I mean, that's a really interesting one RabbitMQ and get ups. I'm surprised by that. I guess we'll see how that goes It'd be kind of a fun one to play through and then Alex Ellis wrote a book on Golang and Alex is Incredibly transparent about things that are happening. And so if you're curious about how that goes like what he went through to write that book and How that's actually working for working in this space or not? Definitely check that out like I think it'd be a good read if that's the if that's something you're interested in all right upcoming cloud native live improving the Kubernetes experiencing eliminating toil and Tribal knowledge with Billy Kleeck with Billy Kleeck at Digital Ocean and then on-demand Lemonar again talking about lens and that sort of stuff by Maratis pretty neat stuff Kubernetes CVE's I'm not sure that everybody knows about this Group but if you don't know about this group and this is a space that you're interested in you should know about this group This is just one of the many Kubernetes groups that are out there. This one is Kubernetes security announce and Every time there's a CVE or some other interesting thing that's being fixed inside of Kubernetes related to security You're going to see an announcement here that gives an overview of what it is what the advisory is about And and typically there may be and there may be some discussion related to that particular issue Inside of the mailing list as well So if you want to be a part of the part of this mailing list all you got to do is click on that link the security announce group and Click join group and then you'll be able to you can kind of pick how often you get spammed It can be on every notification. It can be a digest. It's up to you how you do it But definitely a good one to watch out for if security inside of Kubernetes is something that you're That's on your mind one of the other things from the Community I saw is this CNCF end user community providing insights into Kubernetes cluster management with technology radar And so this is a pretty good article talking about like how folks are managing their Kubernetes clusters and what tooling and stuff and This is a pretty interesting one. And it's one of the first things I've seen come out of the user group around, you know, the CNCF user group Group so I think that's a pretty good one So definitely check that out if you're interested and then it's playtime So today for playtime my plan was to set up an environment from scratch and find an issue that has not yet been merged something super simple and and then show how to build that commit and Then test that commit according to what the issuers describes and And kind of work through that kind of end-to-end right so that was that was my goal for today kind of help you get your environment set up Work through like what it looks like to actually test a commit and show that the commit changes What it says it's going to change and that was my goal and I figure we can do that in about 45 minutes But let's see what we can accomplish So The commit I picked actually is like I said it was going for something really super simple. Oh, not this one That's not a super simple one. There we go. So this is an open issue and And it looks like this person had found a you know a leftover word alpha in a command a cuba dm help command and Went ahead and put in the fix basically to remove the word alpha from the cuba dm help command And what I want to show is how to actually get I mean first I kind of want to work through the UI here a little bit So we can actually understand like where this commit is in time or where other commits are in time I want to show you that stuff and then I'm going to show you how to set up an environment in which we can actually test That this commit changes what it expected to change and this is a super super simple example But I think it'll give you the tools to test a more complex example if you choose to do so yourself So first thing I wanted to show you was like this page here So if you if you have a commit that's been committed like this one here, it's been merged, right? Then what you can do is you can actually click on the commit link down here Which is a commit hash and now you're looking at the actual commit that is represented inside of the code base and one of the questions that people frequently ask is Where in time is this commit? Right is this commit? I mean it's clearly been merged to master But is it also part of a branch or a tag or anything else like that and the reason I'm taking you to this page right if you look at the commit you can actually see What branches and tags it is associated with right so right as a moment? it's on master and There are there's no branch, but it is associated with the tag v1 22 Dash beta zero which means I think it's a top of tree right now We could go look but if you're ever wondering like whether a commit if you've narrowed the problem that you have down to a single commit and you want to see if that commit is part of a particular release or Or has made it or has been make port back ported or any of those things This is the way that you find that out right you can find the commit that you're looking at Click on the commit itself and then look down here in this description And it will tell you exactly where it is in time So this has been committed to master and because it's been committed to master. It's also been committed to this tag so Let's take another one Let's see close Actually, you know what the probably easier to go with the actual commits right so Let's take a look at this one So this commit is a fix to fix affinity node node port timeout and if we look at the actual Commit, we can see that it's actually just in master. Let's scroll down. Let's go like way down So here is another page that we've committed and we can see that this oh man I guess there's so many commits that happen like so frequently and so on and so on in such an automated way It's kind of hard to find one that is like, you know Historically relevant. Let's see if I can figure out a way to do this Well, oh, I have an idea. Okay, so if we go to Kubernetes and we go to command committee and Actually, let's go to committee. We'll do blame Two years ago. Here we go So this commit was committed on 2019 and we can see down here below that we see a different output Instead of showing us just the just the top of tree branch or the top of tree Tag, we can also see that this commit was part of every tag from v1 18 alpha 2 All the way to current right and if we click on between we can see this commit Resides in each of the tagged versions from 118 alpha 2 all the way to one 22 dot zero beta zero So this is a way of determining whether you're commit the one you're looking at the one that has the source of all of your frustration Has actually been made it made it into a release or not, right? Okay, that's what I wanted to show you on the On the GitHub UI Next up we're going to build this and we're going to test and see if it works And so I kind of want to so that'll involve setting up a build environment We're going to leverage kind for a lot of the build environment and we're going to go ahead and build QBDM with this commit And I'm going to show you that I'm going to show you the before and after right all right, so let's check this out First thing I want to show you our two tools that I use a lot, right? The first tool I use a lot is a tool called deer in and what deer in does Let's go on back here real quick deer in is a tool that lets you set environment variables here in This is a tool that lets you set environment variables when you move into a directory So and you're not in the directory the environment variables are empty But when you move into it all of the environment variables that you have specified inside of your dot and varsity are Loaded into your environment Now this is super handy for different coding environments that you might be working in so let's like let's just kind of Do an example of why this is so handy here. So I'm going to do deer in edit dot Well, no not my home directory here. So make dear Twicken Twicken This week in about native The DM Edit dot and this creates a deer in file, but there's nothing in there right now So the next tool I want to introduce you to is one that we're going to use to go ahead and populate the configuration inside of here We're going to use a tool called gimme dash go. So let's take a look at that one real quick gimme And there's lots of ways to do this. This is just the way that I've been using For this and I kind of like it because it actually It's pretty frequently updated and pretty well maintained because it's part of the solution stack at Travis CI And so I'm actually pretty pretty convinced that it will be around for a while And then it's pretty reasonably tested right so gimme go is a bash script that sets the environment variables it will go and fetch a version of go for you and Set environment variables such that it will leverage that fetched version of go Entirely within the the directory you've created or inside of your system somewhere So if you're going to use go in any kind of like containerized environment, this is a really great tool But also even locally right like we understand that like clearly go Changes versions faster than many of the distribution package managers and stuff keep up with and so It can sometimes be difficult to like determine which one you want to use like Python has something like this That's called like pip m or something like that Ruby has Another one is very similar right but basically a way of leveraging a particular version of git Associating with that particular version of git with a particular directory and then making it so that that is now your go development Environment in which you're going to do all of your work So in our case I already have gimme installed and if you want to go ahead and install it So I'm going to go ahead and grab it from the a you are repo. I'm going to drop that batch script right up my system I'm going to do gimme stable Ford greater than And what this will do is it'll just pop all of those environment variables right into this right into my environment That I'm that I'm here. I'm so I'm going to edit this Edit dot These are environment variables that it set it unset goose and unset go arch and then it went ahead and set export go root And that's where the that's that's where the version of go that is stable currently has been put and then it added it to my path Before everything else making sure that that version of go would be leveraged and then Gave me and then it exported a bunch of environment variables inside of this space right so let's take a look at that one and Let's go one 16 and So it's setting go root and setting go it's setting our path and this is basically just what it loaded in there Right. Okay. So next thing I want to do is I want to edit this And I'm going to go ahead and set my go pass equals When I set my go pass to pwd, which basically means that oh, you know what I probably want to actually make a go dear a go director here Darren edit dot a There we go. So now we're all loaded up here, right? We got our go path. We've got our go root We've got all of the other things that we need. Let's go ahead and Check something out here. So what we'll do is we'll do go get Sigs dot k8.io slash kind and by default kind will actually grab the latest release And it'll build it right here in our directory. So let's check it out Go on and getting all of the dependencies And if we move into go bin There's our kind So this is just Has as complex as it needs to be to build kind. It's pretty pretty handy. All right. So now we've got our kind environment Or we've got our kind binary. Let's make sure that that kind of binary is in our paths So we'll do our nvrc again And what i'm doing here, and i'm just adding the go pass binary directory or bin directory into Before our regular paths and that way any bins that are in there are going to get loaded up, right? So let's go ahead and exit And if I do drem allow And then if I do which kind We can see that that's the version of kind that we're using pretty darn cool. All right Next up what we're going to do is we're going to check out The kubernetes code base and we're going to look at that commit We're probably going to use like Some some github cli commands or we could not but I think I think I want to show you the github cli commands Because they really make your life a lot easier when working through this kind of stuff Let me actually just make this a little bit bigger too because I think maybe that's a little too small It's like we have a question. I want to jump over here and see what the question is Once in dremf and another in gimme m. Yeah, I know it looks it does seem like a duplicate So I wonder if there's like a catch in the fact that like maybe it's trying to determine In fact that is it an environment manager or maybe it doesn't know that or something does seem kind of like a duplicate I'm not setting go root twice. I'm setting go paths and go root And it's only setting go root one the one time. So if I do echo go root Setting it to that and if I look at the I mean, it is setting it. Sorry, you're right. It is setting it twice, but it's setting it to the same value Right. It's setting it Which is weird, I agree Because we aren't setting it here and then it's also setting I guess it's like maybe that was meant to be commented out Because it's kind of catching both Or maybe this is actually because this is gimme m And we're not referencing gimme m by anywhere This is just telling us where we got the environment variables. Yeah, I think that's it. It's only setting it once It's only setting go root here Now if we had I don't know if we had like eval Dot gimme we had eval eval that path that it would actually make it real, right? But we're not doing that We're actually kind of highlighting where that content came from So we got that set up Let's jump in let's jump in a little further here and play with this stuff. So We've got a go environment. Now the next thing I do personally Uh, is I actually go ahead and check out what go go 111 mods off Because I kind of want it to be under my source tree Um, and I think that might just be the way that I do it I'm not sure that everybody does it that way, but let me show you what that looks like We'll get k8.io and it is And you have to when you're going to check out the kubernetes source code You have to use like the um the k8.io moniker like a lot of times if you're going to do something like this You would normally do like go get like github.com slash username slash project um And although you can do that with go get in kubernetes Is it messes it up because a lot of the paths inside of the code base require that Uh, that that they are importing from k8.io slash kubernetes blah And so if you don't have that path If you don't have the checkout in that path Then things get really weird and woogie and they don't work terribly well. And so When you're going through this you definitely want to make sure that you check out The kubernetes code base with go get k8.io slash kubernetes or your environment will not work in the way that you expect It will be quite painful So we can see that this checked out And it's going to complain about no go files because this is an automatic build that will be kind of nuts Can you imagine you do go get kubernetes and it just builds the world that would be a lot of that would be a lot of work So that doesn't happen there it works out okay for kind right but like for kubernetes now So it's moved it into go source k it's dot kubernetes. So if we move into that But here's the source code for kubernetes right and if I do get version or get remote dash v See that my current upstream is the hdps version of upstream in In github and now I want to add my fork to this right so i'm going to do gh for uh repo fork And it says I already have a fork. Do you want me to add that remote? Yes So now i'm sitting on my own fork and origin is upstream cube right so if I I can still check out tag I can still check out the latest release all of that stuff But right now i'm sitting on my fork of kubernetes Now the first thing we're going to do in our test is we're going to see the break We're going to see the thing that we're going to fix right so let's go ahead and do kind build node image Name it's called image and kind will automatically detect what the source is Uh where where where your source is checked out and then it will build based on what it sees here Right, so i'm going to go ahead and build top of tree and hope it works Um Otherwise I might have to back out and do actually you know what this is probably a bad idea. Let's do this Let's do kind Let's do get check out b1 currently the top is 122 is zero beta zero So let's check out alpha three And then we'll do we'll build it from here kind build node image Image equals 22 zero Alpha three So then the kind project is going to go ahead and build based on my code on my on my um source code it's going to go ahead and build this And included as part of that build will be a number of different things You can't actually tell it where it is. Yeah, one of the questions was Can you tell kind to use where the source code is by any chance? It's set up using your go path and the answer is absolutely. Yes. In fact while that's building I'm going to go ahead and bring up another window and show you that right? So if I do kind Build node image Help right now it by default it kind of auto detects it But if you know where it is then you can just specify dash dash cube root and give it a pass I'll wait for that guy to build a little bit My pleasure While we're waiting for this to build let's go back and look at that change that we actually I did introduce one other command It was the github CLI and I wanted to kind of talk to talk to that guy real quick. So that's on cli.github.com It's very handy like you can actually do things like pull a particular pull request You can Do all kinds of fun stuff like that, right? Basically, so it's a pretty cool tool for this sort of stuff It gives you it follows a pretty well described github flow And so some of the stuff I've been playing with In my dev environment really it works into my flow pretty well While we're building things. Let's take a look at what's happening on the system. So things are chugging along Take a minute to get everything built. I now are building a docker image Now a lot of these steps that make this seem like it's going to take a really long time Um We'll take longer the first time and then those images will be cached, right? And so you don't have to actually go through that like initial cost over and over again The subsequent build we do of kubernetes will be faster than than than what we're seeing here This is my new laptop from from from my work and stuff. It's actually pretty cool What it's doing. It's a t14s. So it's got an amd laptop. It's gonna amd chip in it horizon pro horizon 7 pro so that means it's got 16 cores which is very exciting and I found one with 32 gig of memory in it Uh, it's pretty solid little think pad. I'm actually really happy with it. The one that I had before this was a um X1 carbon and it kind of suffered a little bit Sometimes in like in in doing work because I think most of my biggest problems were related to the video card Like the video card itself was actually kind of slow And so because it was still the intel chip and so even all wired up correctly and everything It still couldn't really cut something like the stream that we're doing here Like it wouldn't be able it just wouldn't have enough resources to like Uh to make the video stuff work With this with the amd chip you get a radion built in so it's very similar to like that intel video card Um, but it's using uh, it's using radion stuff. So it's actually pretty significantly faster Comparatively, so I've not had nearly the same problems with this as I had with the old one Pretty exciting stuff. I should have built before the show Taking us a while here This tool that i'm looking at here is called a b pi top There it goes now. We're getting somewhere And what b pi top does is it gives me a really I think really beautiful view of what's happening on the system Right, I can see the processes that are running and how much and how much is being used by each process I can see my map of my cpu utilization. I can see map of my memory Graph I want to see it simpler more complex I can see disk i o and my network came and my network upload and download So pretty cool stuff it is it's uh Yeah, we're big I i'm building i'm building basically the top of tree for kind right now and then i'm gonna pull a commit from Upstream and then go ahead and build that commit and show that the change that that commit represents has been changed um Yeah, I didn't put anything in the notes for what I was going to do today But I should probably put that in there. That's a very good call out. Thank you very much. Good to see you Russ It's 16 threads um See what it's like eight is it eight core 16 threads At proxy So eight cores and each with two threads. So pretty fast I'm kind of digging it. It's working out really well for me Got it really inexpensively on ebay too So we're almost done with our build here No problem at all. I'm glad you're here And so there's all of our binaries that we're building the api server controller manager scheduler proxy and this is the one We care about today kubate m and the reason we care about that one So specifically is because we want to make sure that the change that we're making to kubate m shows up as a change in the system Well, you can see it is Busy time now. We're like 97 cpu and I could actually kind of tell video wise. I'm still suffering a little bit I wonder how it looks all to look how it looks to you all. I mean, this is a a fully Saturated cpu at this point. I hope I'm still I still I hope I'm still here It seems like I am Almost done with the build a pi 4 I mean, yes, I think I think that you can leverage kind We're going if as long as you can put kind there then you can use kind to build your your source code, right? Um, and I'm pretty sure although like I mean, maybe we should just go look because I'm actually kind of curious about that myself, so Kind arm an arm 53. What is that about kind? six Survey says Closed why is it closed? Did it get worked? So there are people who have used it to build kind Hey, there we go Kind of head should just work on arm 64, but we need verification. We have a report of it working here on apple silicon Yeah, so 11 1 and 11 should just work so I would say give it a try great question This is the question i'm responding to with this work for pi 4 or would you would you recommend cross compiling? And uh, I think it would work So pretty cool I've not tried it but I don't actually have uh, I don't have a I don't have a pie to play with But I think I think that with a lot of folks like moving toward the um apple silicon max and stuff There are going to be more people playing with this stuff And so I would expect that it would continue to work. Yeah, my pleasure All right come on to the end of our build. It looks like CPUs are beginning to cool We're going to make one more build like this with this change in it Um, but first I want to kind of like evaluate the change to look at it Get it into our code base and then we'll validate that the change is there All right There we go. Okay, so now if I do kind create cluster Image equals I guess I could have named it something easier to type And what we've done here is we basically just leverage kind As a kind of a build environment for everything where I don't I'm not building anything by my hand I'm just actually just leveraging kind to do the build itself And then I can go ahead and verify that the change is there or not As a reminder of the change that we're talking about here, let's go ahead and bounce back here and look at this change This is the here we go So this is a change to cube 8m and it's updating the cube 8m help message to get rid of the alpha search line, right, so if I Docker exec in here and do cube 8m help Where is the bug it specifically cube 8m alpha help ah That's where it is cube 8m Sure, I'm not catching it. Where is the bug? cube 8m officers generate csr The following command. Oh generate csr. So it's probably the generate csr command. So Oh, that's deep Generate Found it. All right So here like we can tell it's not an alpha command, right? It's cube 8m out certs cube 8m certs generate csr And then the help output Is the word alpha and so this is the thing that the person opened the issue to fix And so now we're going to go ahead and check that code out Make sure it changes the thing that we want to change and then build again and show that it works And using this technique you could actually test much more complicated things But it just seems like a pretty good way a pretty good flow for testing things that you know in your environment So let's go ahead and check this out. So The next thing we're going to do is we're going to do gh dr I'm going to grab the pull request I don't remember the pull request number though So the pull request was oh, it's already been merged. It just actually just got merged One oh three two four nine So while we were on the show this PR got merged That's all right. One's all right So now we're on the update cube 8m help message and we'll do get check out b1220 Alpha three, which is the one that we were on before and we'll do get b one two zero plus three We have a pretty name for it And then what I want to do is I want to merge from that branch that I had here the update cube 8m help message right so Get if Oh, there's a bunch changes there. So get check out This is the commit in specific that I want to change right? So if I do get show This is the only commit in there here. So now we're going to do get check out back to our Our source code that we checked out before and then I'm going to do It Now what's interesting is what's happening is that I have all of these commits in this huge library of commits on my system Because I have checked out that Pull request I can now put the commit from that pull request Anywhere in time anywhere on any branch that is local in my environment So what I've done is I've gone ahead and pulled that commit And put it on top of the branch that we built our original kind node image on right? So now if I do get log I can see Here is the commit that was made right to correct the example of cubadium help And this was the commit for the tag That defined it or it was basically where the tag was defined v 1220 alpha 3 is sitting at this particular tag And so now I have enough to go ahead and build again and prove that my change shows right So if I do get show You can see the change there it is it's in my code base And so my next step would be to build again And then show the change that we showed before right, so I'll do kind build node image Image equals fixed Actually, let's go ahead and use the pr for that. Why not right cubadium? Fix I shouldn't take quite as long to build all of this actually. I think I just did I just added a branch name So likely that reset the the cache But if you didn't actually Actually know I added a commit so it's a new cache And so it will it has to rebuild from scratch But it won't hopefully not take as long. Oh, there we go Sinking sources in our build container still there Running the build command, let's go ahead and look at the look at things work again like we saw before And then there's one more thing. I wanted to show you which I think will also help but it'll be just a second Well, we get those things to the I top So the next thing I wanted to show you after this is all over is how to run tests Kind of inside of the same kind of build environment Which are pretty cool So if you're going to use kind as a build environment One of the questions that sometimes people have is if I'm going to leverage that as a kind of build environment How do I run tests against? The code that I'm working with Kind of like at build time or before build time like can I do unit tests and that sort of stuff? Like where is the code checked out and can I still do unit tests? And I'll show you a couple of different ways to do that, but we're going to go ahead and let this build We can see already that this build is way faster than the other build was right Because we already have our build container and our build container is kind of in a fixed It's associated with a particular Period of time for the kubernetes code base and so as long as we're still within that same time We don't have to build another build container We can leverage that same build container that was already built right with that particular version of go With those particular sets of tools All of those things remain consistent between our two builds So we didn't have to like generate a new build container that would create that stuff But we are building all the binaries with our change and at the moment We're building all of it right because we're testing all of cube With cube adm with cube kettle with the api server controller manager schedule or all that stuff right? And so because we're doing that We're getting a pretty complete view of whether this change actually messed anything up For any other component within this distributed system or whether it's actually Or whether it's literally just a change in docs and we can look from the code That it is just a change in docs right? We don't need to actually build all all of the world for this But as an example what i'm walking you through here is kind of showing you what it looks like to build All of the world for this and then use that new environment to prove that your change works So say you were making a change to like I don't know You're making a change to that rootless Configuration that we talked about before and the way that you did it is you had to add a particular security context capability for You know sysnet bind or something inside of the api server How would you verify that the fit that the change you made to the manifest for the static pod manifest Was was was correct? Like how could you how could you verify that and that's this is definitely one way to go about making that sort of a change Another example of a change like this was I remember there was a bug in ipvs and somebody patched that bug and they were showing and I was working with Um, and I was showing how to verify that so if you wanted to kind of dig more into like that use case Uh, I wrote it up as a blog In fact, all of the thing i'm covering here is written up as a blog using kind to test a pr for communities And so this was actually showing how to leverage DRM for gimme and this whole environment to go ahead and do the source of testing that we're doing here Live inside of this environment and exactly why to change and how to check out the code How to check out the branch and how to verify that the thing Works and this is all right here the same thing i'm actually covering in my doc is all Right here, and so i'm going to actually go ahead and put this into this document And that will describe what we've made what we've done today So this we're pretty close to done We're at the top of the hour So i'm going to shut it down here as soon as this build is done and we show that it works I'm going to go ahead and end the episode. So thank you both for Signing in I hope there are other folks out there if you're out there and want to say hello say hello Can be a wave good to see you all And I look forward to doing this again in two weeks And we'll do more kind of tips like this and kind of explore different things like this Going forward QADM fixes my image name All right, no no dimmages built Yeah, for me, I mean like when I if i'm doing any development for the control plane or any of that do you mean like Do you mean the code base itself? Like if you're going to modify the controller manager or modify The api server that kind of stuff or did you mean something else? I'm curious about your question I create Image equals So the debug test cycle so if you're if you can actually you know This is a pretty quick loop for for building again and again if you're making changes to code and you want to prove that it works um Alternatively what you could do is actually um I have seen examples of folks leveraging Other tools and in fact, there's a great example of this in cluster api Of leveraging other tools to do kind of a faster break loop fix Model um for how this works But in this particular test if you know what you're changing and you want to actually, you know You've made a password unit test and you're ready to actually like validate that your change works This is one way to go And because it's QADM you can actually modify quite a lot about this you can turn on debug you can turn on lots of different stuff So let's talk or let's Jump in here medium fixed control plane bash medium certs csr Interate csr and now we see there is no more alpha So the change absolutely did make the change that he was expecting and It looks good That is our episode for today But yeah, I mean that's a good point and maybe what we should do is what i'll do next is i'll actually Kind of show how that might work if you were going to make a change to something like that Thank you both have a wonderful time and i'll see you next time See you next see in two weeks. I hope you all have a wonderful time