# Office Hours January 2021 ## EU Edition ### Panelists Rachel Leekin, Chris Carty, Dan POP Papandrea, Saiyam Pathak --- Person: Mostafa Elmenbawy (https://kubernetes.slack.com/archives/C6RFQ3T5H/p1609991530274100?thread_ts=1607960423.257700&cid=C6RFQ3T5H) Question: What is recommended for on premise production cluster spanning multiple hosts? Answer: - https://metallb.universe.tf/ - https://medium.com/faun/configuring-ha-kubernetes-cluster-on-bare-metal-servers-with-kubeadm-1-2-1e79f0f7857b - https://youtu.be/7rqvRwfZHF4 - https://metal.equinix.com/developers/docs/kubernetes/ - https://kube-vip.io/ - https://tinkerbell.org/ - https://github.com/tinkerbell/cluster-api-provider-tink --- Person: Dinesh Shanmugam Question:I performed manual certificate renewal on my k8s master using the kubectl alpha renew all which did update all the certificates. Post that I did a restart of my kubelet service but looks like my cluster went down. I am able to see my pods using kubectl get pods, but I am not able to schedule any new pods. I checked on the k8s API server - docker container logs and I see the following issue: ``` E0118 07:30:45.697275 1 authentication.go:104] Unable to authenticate the request due to an error: [x509: certificate signed by unknown authority, x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")] (edited) ``` - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1610962804008000 Any suggestions ? Answer: Check systemd config files. Check individual components to confirm certs have propagated down to other services (scheduler, kubelet, etc) --- Person: Achu Abebe Question: Those of you who are CKA, would you please share some tips about the certificate? How important it is, etc.. - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611151600026100 Answer: - https://github.com/walidshaari/Kubernetes-Certified-Administrator - https://youtu.be/jZOs8Oips7Q --- Person: Pavel Malinov Question: What is your options and thoughts on CKS ? - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611151697030500 Answer: - https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist - https://miro.medium.com/max/1200/1*pKkK2mm8WZ7MiBj9C70awg.png --- Person: vivek kumar sahu Question: How to run GUI applications inside running containers (Docker) ?? I am getting this error. - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611151767033600 Answer: --- Person: Mostafa Elmenbawy Question: What is the best practice to setup k8s on premise for a HA cluster of 4-8 nodes? - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611151807035700 Answer: - https://cluster-api.sigs.k8s.io/user/quick-start.html --- Person: mindrunner Question: Well, here a bomb from a newbie: Anyone have an oprem k8s install? and use Consul as a Service Mesh, What do you use as a LoadBalancer? (I can get ips from my network) I am reading up on using MetalLB in l2 mode - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611151943039300 Answer: --- Person: Long Question: is the recommended CRI for future going to be containerd or cri-o ? - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611152123042900 Answer: --- Person: Pavel Malinov Question: What do you think about the Elastic license ?Does moves like can affect kubernetes future ? - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611152713055100 Answer: - https://www.elastic.co/blog/why-license-change-AWS - https://drewdevault.com/2021/01/19/Elasticsearch-does-not-belong-to-Elastic.html --- Person: mindrunner Question: I'm sorry I didn't get the name of the Engineer with a lot OPA experience. What is your workflow with OPA? Pre validation of YAMLs before the can get submitted to the API server? Continuous auditing of existing workloads How do we get the JSON submitted by our workloads to OPA for validation? (I'm just reading up on OPA) in prep for CKS, but this looks like a necessity for Enterpirse k8s - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611152775056300 Answer: - https://play.openpolicyagent.org/ - https://www.youtube.com/watch?v=ejH4EzmL7e0 - https://github.com/open-policy-agent/gatekeeper-library - --- Person: vivek kumar sahu Question: I am sophomore. Learning Docker & K8's. Can you name some beginners projects using these tools. - https://kubernetes.slack.com/archives/C6RFQ3T5H/p1611152892059500 Answer: - https://github.com/yogendra/apidemo - https://github.com/microservices-demo/microservices-demo - https://github.com/GoogleCloudPlatform/microservices-demo - https://www.edx.org/course/introduction-to-kubernetes - https://github.com/InAnimaTe/docker-steamcmd-play - https://github.com/kubernetes-up-and-running/kuard - https://www.katacoda.com/ - https://github.com/spring-petclinic/spring-petclinic-microservices - https://github.com/stefanprodan/podinfo - https://kind.sigs.k8s.io/ - https://minikube.sigs.k8s.io/docs/start/ --- Person: Andrei Question: What do you think about the following PR? https://github.com/kubernetes/kubernetes/pull/96594 Let's review this 3 line PR together online : ) Answer: --- Person: Question: Answer: # Appendix ### Intro Script Welcome everyone to today’s Kubernetes Office Hours, where we answer your user questions live on the air with our esteemed panel of experts. You can find us in [#office-hours] on slack, and check the topic for the URL for the information. - Before we begin let’s start by introducing ourselves: (Give each panelist about a minute) - Before we start here are the ground rules: - This is a Kubernetes event so the Code of Conduct is in effect, please be excellent to each other. - This is a judgement-free zone, everyone had to start from somewhere so please help out your buddy by having a supportive environment in the channel. - While we will do our best to answer your questions the panel doesn’t have access to your cluster, so live debugging is off topic, but we will do our best to get you moving down the next step. - Panelists, you’re encouraged to expand on answers with your experiences and pro-tips. - Audience, you can help by pasting in URLs to official docs, blogs, or anything that might be relevant to the topic at hand. - Post your questions on [discuss.kubernetes.io]. - You can also help us out by tweeting, spreading the word, and paying it forward. - This panel is made entirely of volunteers, if you want to rotate in please let us know, we love to have new people rotate in and help out. ### Contest The hack.md notes document will have a list of who has asked questions, roll a dice to see who won the shirts. On occasion if someone from the audience has been helpful feel free to give them a shirt as well, we want to reward people for helping others. Note: Multi-sided dice not included. ### Outro (Note, the companies will change over time depending on the hosts) - Thanks to the following companies for supporting the community with developer volunteers: Carta, Civo, Equinix Metal, Giant Swarm, Microsoft, Red Hat, Spectrm, Phase 2, Sysdig, Weaveworks, Utility Warehouse, VMware and special thanks to CNCF for sponsoring the t-shirt giveaway. And lastly, feel free to hang out in [#office-hours] afterwards, if the other channels are too busy for you and you’re looking for a friendly home, you’re more than welcome to pull up a chair and hang out.