---
title: 'Laravel on Kubernetes: Into Production | Rawkode Live'
source: 'https://youtube.com/watch?v=rw5bAjur79k'
video_id: 'rw5bAjur79k'
date: 2026-06-17
duration_sec: 0
---

# Laravel on Kubernetes: Into Production | Rawkode Live

> Source: [Laravel on Kubernetes: Into Production | Rawkode Live](https://youtube.com/watch?v=rw5bAjur79k)

## Summary

This episode of Rawkode Live, hosted by Rawkode with guest Alex Burris, dives into deploying a Laravel application on Kubernetes with production-grade features. They cover database migrations, queue workers, scheduled tasks, secrets management, and rolling updates, using a simple example application to demonstrate each concept.

### Key Points

- **Guest Introduction** [01:37] — Alex introduces himself as a lead developer at ShopBlox, an e-commerce platform using Laravel, and explains they will cover topics not yet addressed in previous episodes.
- **Example Application Overview** [02:52] — The example application includes jobs, email sending, queue tasks, scheduled tasks, and asset compilation, designed to test infrastructure components.
- **Deploying MariaDB** [12:00] — They deploy MariaDB on Kubernetes using a simple Deployment and Service, setting environment variables for the database user and password.
- **ConfigMaps and Secrets** [35:13] — They create a ConfigMap for environment variables and a Secret for the app key, explaining the difference and best practices for secrets management.
- **Database Migrations with Init Containers** [61:25] — They use an init container to run `php artisan migrate --force` before the main application starts, ensuring migrations run once per deployment.
- **Scheduled Tasks with CronJob** [70:40] — They create a CronJob to run `php artisan schedule:run` every minute, replacing traditional cron for Laravel's scheduler.
- **Queue Workers Deployment** [75:00] — They deploy queue workers as a separate Deployment running `php artisan queue:work`, allowing independent scaling and resource management.
- **Rolling Updates** [84:05] — They demonstrate a rolling update by changing the image tag and applying the deployment, showing how Kubernetes handles zero-downtime updates.

## Transcript

you
[Music]
my
hey hello and welcome to today's episode
of rockwood live i am your host rock
hood
today we're diving back into our laravel
on kubernetes journey
and i am joined by a previous guest
friend
and budding conference joiner beer
drinker
alex burris hey how are you i'm good
thank you
i'm all right actually i'm doing quite
well i'm excited to
come back to my my lanravel stuff here
and and see what we're doing
like um we've done
well sorry i i think i've done five or
six episodes on this now you joined us
for one of those
and you reached out and said there's
still a few things that we haven't
covered yet do you want to give us
well first just a little introduction
about yourself and then we'll talk about
what we want to try and cover today
yeah sure so um i'm alex i am a
lead developer at a e-commerce platform
in the uk called shopblox
um we use laravel um a lot
and we're working towards moving into
kubernetes and docker alongside some of
our previous infrastructure
stuff using council um and that's
basically why i reached out because
some of the previous streams have
some topics which model operation or
haven't been covered yet so hopefully we
can cover those today
and anything else today soon i've got a
full list of um
a full list of stuff to cover on the
post and they're here so
we'll see where we get to in it but
there's quite a few things in there
we'll certainly try and cross
a few of them off and i'm always more
than happy to schedule
more of these if we want in the future
and i really want to make sure that we
cover
everything that teams like yours need to
get their laravel application running on
kubernetes successfully so we'll do our
best
um all right why don't we talk a little
bit about what you're prepared so we're
not using like a real production grade
application today right you've put
something together that is going to be
is it close to that is it going to use
the components that are missing last
time
give us a little flavor on that yeah so
what i've created is
not something anybody would ever use in
production it's got two main points
one of them creates some jobs and one of
them
is a um sends an email the email that
says hello world
like it's very minimalist but it adds
things to the queue
um it has some scheduled tasks in the
background
it does some um
it has some assets which can be compiled
and uh
just things like that which every team
will have none of them will be as basic
as this
but if you get the infrastructure down
to run a scheduled task
it doesn't matter what the task is if
you've got uh stuff in the background to
run
queues it doesn't matter what the queue
job is so we've just got some simple
code here
all right sweet let me just pull up the
the repository so it's on github.com
username alexbevers laravel dash example
dash project
um i already have this client
here um we have a live share configured
so i should see yep there's your name
there so we're now in a position where
we can try to address some of those
concerns and that we're missing do you
want to just quickly
run through that list you've got and
then we'll try and decide what is best
to kick things off with
yeah so um one of the things that's
probably best to start with i guess is
migrations
literally every application i can ever
think of requires migrations to run
and you've touched this briefly in the
past sharing well not sure about seeing
how it would be done and i think the
example still had
like abc as like the
um into the uh into the worker
so that's that's probably the main one
there's um
the two big things beyond that i guess
is queued jobs and
scheduled jobs so on a normal server you
would run
supervisor and you'd have several
different workers
scheduled to run in the background to
run a specific command called
artisan um key work
obviously it isn't going to be exactly
the same as that in kubernetes so
the but it'll be similar i assume and
then there's also scheduled tasks which
normally you'd use a current job for
on your server that's i believe
um there's like a scheduled tasks built
into kubernetes so i assume that's how
we've managed that as well
but those are the three main things i'd
say which
most applications would make use of at
some point
um beyond that there's i've got things
like
um managing your secrets um so we've got
uv
stuff how that could be released and
using config map that's
less likely to be an issue because you
can just inject it in the docker file
and sorry in your docker image um
then there's also things like asset
deployment which you've covered in the
past so that's less of an issue
all right yeah there there's a fair
amount there let's let's just see what
we can get through it and then if we
need to schedule more time we will
definitely
do that and tick it all um i think
because you've gone through the effort
to produce this application
what we're trying to do is i'll just try
and send as many pull requests as i can
to it
during this episode as we kind of work
through this together
and anything else we'll just try and
make this the default example for
kubernetes on marvel or laravel on
kubernetes actually
all right so let's see
database migrations first then let's see
what you've got in place for actually
running this on kubernetes in fact i
i don't have any kubernetes right now
hold on let me start docker
uh okay so we do have a docker compose
fail
uh that is a default one that comes with
laravel i've not touched that whatsoever
that's a development environment only i
think
something new that came with global fact
i sent a pull request to the laravel
project
three or four years ago with a docker
file and they said sorry we don't want
to support docker
just there you go just throw that out
there i'm not better
just saying now they now have like a
first-party
product called vapor which is to
deploy onto aws lambda and so i assume
that's pushed much more
on the um getting docker working because
they now make money from it so
all right well i'm just clicking the
magic reset
kubernetes because i can't remember the
last thing i was doing but that's to be
fair so that's now reset and we'll
wait for that to become healthy let's
see
the docker compose file that is not
anything i've touched on i've not done
anything
for development all i've done is create
two docker files which are inside
resources ops
docker um i've got two in there i've got
an
nginx one and one fpm one
um those are the files which i've
started okay well i mean this
this won't work by default unless we use
sale
um
[Music]
i don't actually see a docker file here
am i being silly
um so inside it's inside of the vendor
um so when you do computer install
you'll get a
vendor file uh a vendor folder which has
laravel sale in there and that has
different
times you can specify which one and it
will compile it based on that
all right let's the half composer
i don't uh all right
um i don't believe that you would
require a large sale for this that would
just be for development environment only
um you're right i'm going to get
sidetracked there i was going to start
putting together a development
environment for this and to be honest
i think that's what you can come up with
yeah i i
i don't think it's important i'm just
going to create a docker file we just
want an image with this application in
it
that's that's fine i'm going to use
if you've done it it creates a docker
file which will
build and pm in the nginx image
separately
where are those resources ops
yeah is this based on prior art from the
other episodes
exactly a copy of the previous streams
all right okay good so we talked about
i separated them out into two separate
rather than having the
make file specify individual targets
i've made it so that
they are just two separate two separate
jobs because the overlap was very
minimal
so i think that's a good or bad idea but
all right and you've already added make
target that this is already
my favorite episode ever because you've
done all the work okay
let's build these then so i'll just
make sure i've got the target names
we'll do build let's build fpm
first and then we'll do build engine x
okay so that's going to give us our two
images which
you know for anyone that's watching go
watch the previous episodes we'll add
the links into the description
afterwards
it walks you through the entire process
we're going to assume
that we're starting from the point where
you've already built your fpm nginx
images and pushed them to some container
registry and we're going to try and get
this working on kubernetes with
all the bells and whistles that we've
omitted previously
um are you going to be doing this on
kubernetes locally i assume are you
going to be doing this on
a production cloud environment
i'm just going to use docker for mac
unless you feel there's a reason we
would need to have an
alternative cluster but i don't think
the only thing that i would say
purely because i don't know much about
it locally is external load balancers
and how those sort of things work
but that can be covered in a far later
episode anyway
yeah i have i have done previous
episodes on ingress and advancing on
kubernetes
that aren't they're not larval specific
and i don't think they have to be
[Music]
um
that's that'll be all right i mean we
can talk a little bit about how the
the services and the angers work
together but i don't think
um i i don't need a cloud environment to
kind of show that off
yeah i don't think there's anything else
that i could think of that is massively
different
from development or local environment
all right well it looks like we do have
a little bit of time to kill while this
builds maybe i should have kicked that
off
previously however if anyone watching
has any questions that they want us to
address feel free to drop that in the
comments
or drop me a tweet
at raw code so
let me try and understand the migration
path here so we're going to be using the
artisan command
which i don't think is ever important in
here we went through this previously
yeah
which has to run a db migrate is that
correct php migraines
so does that i i need a database
deployed to my kubernetes cluster then
right
uh yes i've not touched anything to do
that yet all right
sweet finally something i can do okay um
that
i've tested this locally with mysql
shouldn't make any difference because
it's all
using the orm but yeah all right what
database do you want
uh let's go manually well movie dvd 10
or whatever
all right so i'm assuming you don't
really need me to go through
the production deployment mechanisms for
murray db we're happy just to use
something that's
mariadb on kubernetes right yeah yeah
but personally for me i avoid running
any databases myself anyway i'd just
rather use managed services
save so much effort and um
but some people i guess will be running
images
well for anyone that is going hey i
wanna know how to do it under production
just use helm go and use the you're
gonna use work from other people there's
a helm chart says the artifact hub let's
talk about that actually so
artifact hub this is from the cncf it
hosts all of the
cncf project artifacts go figure helm is
one of those
where we can just say hey give me
mariadb we could filter it on helm
charts if we wanted
we click this and everything you need to
know to get a
pretty production grade deployment or
maybe is going to be here you can use
helm
you tweak the values based on whatever
you need and you deploy it
um probably what i would recommend
however for today
i'm not going to do that just because i
just want something quick
what i am going to do is check the
[Music]
environment bars that i need i know i
need to set the mysql root password
maybe a user movement database
i also want to make sure i got the
version right so it looks like running
10 is okay
and if i just search for my
sql password
these are the variables that i have
available to configure this image
and i'm going to drop these n so we're
just going to say environment
i'll get some space let's do
uh mysql
i'm pretty sure there's a random root
not get too fancy today
[Music]
okay let's set a user and uh we'll set a
value of
laravel and we'll set the password
laravel um
horse no we don't need the host uh
database yeah
uh we'll just call it laravel was that
standard is that what you would do in
your application would you tweak it more
than that
um so i would personally name the
database something relevant but
obviously this
is yeah i think this is relevant except
is yeah fine all right okay cool
and happily that is also the default
that we have in the inv
file oh is it uh
yeah the name and password for different
but
that's easy to change all right okay
uh let's deploy this oh no we need to
expose this okay so
uh one of the things we want to do is
when we apply this deployment to
kubernetes it's going to create the pods
that run mario db followers
we're going to by default the replicas
will be one but we'll make that a bit
more explicit so we're going to run one
of these
however what we want to do is
make sure we can have service discovery
around
this pod which could be pods so that we
can use dns to actually speak to it
so i'm going to add a service
of ready b
uh the selector has to match what we
have above
so you can see app mirror db matches the
same labels we applied to the deployment
uh we don't need the target port because
this is a pretty simple setup we're just
going to say
port 306 so that should be
oh yeah good those are built as well
which is handy
so let's deploy uh was it resources
ops uh kubernetes murray do we
let's check my cluster
oh there we go too many clusters
and we should be able to run get pods
oh we have an error i broke it um
because i never set a random root
password and i never said root password
yeah that's the one i want it just means
that
i won't actually know the root password
which i think is good so value
what do you do then you go into the
secrets to extract it
or well we already have this user with
this database configured
so we're making sure that that's the
root password right yeah
yeah it's just the root password
we can just apply that over the top
we'll run a get pods watch
we can already see that we have one
mirror db running the error one is now
terminating
and that is good all right database
do we require anything else
um what's the q processing
first of all why do we use them for the
queue
so the queue can just by default use
mysql
um you can use redis you can use
um like wrap mq and all that sort of
stuff but by default you can just make
it one
using the database so i'm just going to
assume that that's the
essential way of doing it um okay
uh and this deployment that we have here
uh let's see
uh replicas one label
that is complaining because i am not
setting the resources required
and so it's telling me that i could have
stray pods i think
oh no let's see
resource limits yeah okay so
there we go so we can minimize that to a
single line yeah my
my editor is just like you put and you
know in production you don't want to
deploy things without resource damage
you don't want them to just start
consuming
all the cpu and memory across your
cluster so you would say
constrain nest is something that i
consider to be safe
is that a container or is that uh
noodle yeah per container so i mean if
we look at this as an example right you
know we've got engine x here which
really requires nothing um so we can say
that the limits on this
uh cpu
now completes only going to get me so
far say 500
mm nginx probably isn't going to require
too much uh as
i'm going to kill whether it wants
no memory limit i did that very limited
is it memorize it memory
you're correct cool thanks man
so we can set that there and then fpm is
probably going to require more so i
think what we'll do just
for the for fun let's just actually set
these really
low and we'll see them crash we'll try
and boost them if we need
we'll see what happens let's apply
this so we're just going to apply our
deployment i don't
oh what have i got wrong
uh hard to pick at the editor here it
seems to be complaining
okay my limits can't be unmarshaled
quantities must match the regular
expression
uh okay so it doesn't want mib i think
it just wants a m
you thought it might be on two places of
course i do
thanks okay
now we can run get pods
kind of expect that to fail well we've
got an image pull policy problem
and you've got this set to always this
is a local cluster
and so we actually want this to be never
because the image doesn't exist on a
remote repository a remote registry
okay so we can just apply that over the
top
and so what the way image pro policy
works
is that you know uh it actually seems
quite healthy with those
figures so we'll leave it for now but i
do expect that to crash before the end
of the episode
when we tried winning anything yeah yeah
so
you had the image pulls policy to always
and there are times and places where you
want to use always definitely
however when you have an image like this
that
let's talk about how this is resolved by
kubernetes first when you do not provide
a host for the registry
this assumes that your image is
this
it assumes that you're an official image
on the docker registry this is a
hangover from when
docker was pretty much the de facto
container runtime
and that it assumed you were always
going to pull from the docker hub
and that doesn't exist so when you have
an image pull policy that's always in
your cluster the controllers are going
to reach out and try to get the latest
hash
or for that image it doesn't exist it
fails and it exits
so for local images what you actually
need to do is the image pro policy never
and just make sure it's available on the
host
and it's running and it's happy however
our application probably isn't going to
work first we haven't done those
database migrations that we actually
want to be doing and secondly it doesn't
know where mariadb is yeah but if you
try and access it you should
i assume get error pages using in the
lava lava page yeah i i would assume so
for sure
so let's port forward is this port 80
no yeah yeah okay
yeah it is okay uh so we'll make that
available in port 8080 locally
and we'll browse to there
all right well our first problem is that
we need somewhere to store our logs
and we're getting a permission denied on
that
let's take a look at what's going on
so i'm going to jump inside of this part
i hope we've got access to bash
oh it's an alpine one not mine okay so
we have access to that
i didn't look in the dock for fail where
well i think
yeah that's their application uh no
that's missing most of it
that's this is engine xl right are you
in the engineering oh sorry for your
knee
yeah how's this deployed
oh the names are quite for both uh
yeah i didn't know whether or not
calling something just like fpm was a
good idea so i went
okay here is our application we are
actually the root user so that
um directory failure here storage logs
i'm assuming storage doesn't exist
oh it doesn't um no storage exists by
default
ah well the engine x is running as www
data they're inter
oh sorry dm php fpm
uh let's see ah of course right
uh so obviously it's a good idea to
run containers there's root uh well
there is a little bit of juggling that
has to be done with fail system
permissions
so let's let's see the best way to
handle
this is to provide
temporary or ephemeral storage for
things like that where we can control
the volume that we want to make
available
so let's do uh
okay so we can add a volume to our spec
and let's call this logs
i think it's a name logs
and we want a empty dir
i don't think that needs any
configuration size limit medium me up we
can just
oh i can't remember when in doubt look
at that kubernetes empty there
um please seem to remember about empty
div if there's anything that does wipe
it out as well
is that correct or is that well yeah
we're just using it for cache okay it's
not
it's empty object so for logs and cache
yeah i'm totally okay with that plus to
be honest we're actually going to remove
your logging to not be to a file and
we're going to move that to standard out
so that's maybe something we could do
first however
let's let's try and do it this way so we
can show it working
um and then we'll we'll change it up a
little bit
so we now have this volume available so
empty
just means create an empty volume
ephemeral when a container or pod dies
get rid of it that's it now we want to
provide logging for our fpm
so we're going to come in here and we're
going to see if we have not volume
devices it's volume mounts
um we're going to have logs
uh we want a mount path of w
html storage
logs and we don't need any other flags
now this name here just has to match
what we have here which
does mount it to this location
there is a way to configure
the emptor um permissions via the
security context
let's see if we can pull that out our
fingers
so we can set um let's see if i can find
this
[Music]
all right well let's try that in a
second let's see what we have first
because tomorrow i can't remember we can
sit
in fact maybe it depends on the version
of kubernetes i've got
and it's i'm probably revealing too much
now
that it isn't entirely useful to the
people watching but the security context
has changed a lot with the recent
version of kubernetes which is 120
which i actually think i'm running uh
version yeah
well client and 119 there okay so we
might be okay
we'll apply first and then i'll walk
through the all those things that are
going through my head
uh so let's get pods and alex keep me
honest here if there's anything i say
that is gibberish just ask me to
elaborate on it because sometimes i can
be bad for that
sweet okay well if anyone watching is
like
i have no idea what the hell this madman
is talking about just
comment and i will explain it i promise
yeah i've got that doctrine
open as well so if any comments um ask
questions
i just need this container name
i'm going to change that next time i
deploy this just to be fpm so it's easy
for me to use the command line
so we have storage yeah when logs are
still owned by root
so we still need to fix that
now they'll be owned by ever the user of
the processes
so we could just change the security
context of that
and do
run as
id www data oh no i'm not inside that
anymore
82 is that id always going to be the
same
or yeah it's built into your image so
next time you do the build would it be
82 still
no that'll be set by the fpm right that
i would not expect that to change uh
right you should be safe
um i don't think you can do this the
reason why is that this security context
runs on
the the node essentially is configured
as
part of the name species are set up so
uh you will need to use the numeric id
let's try and i'm going to rename this
actually let's do that so we're going to
just call
that's the image where's the name there
we go let's just call this fpm so it's
easier for me to get enough
and we'll call this one nginx
okay now we can apply
make sure it's running and we're gonna
exec it entered this
or ftm and ash
and you can see when i type id i am now
ww data
if i run ps everything is www this is a
much
saner configuration and i'm hoping the
empty dare
all right okay so we need to fix that
and if you don't have the empty
developer would that not
just make it work because
will create that folder if they need it
hey
so you're okay but
yeah yeah you're you're actually correct
um maybe i'm over complicating this a
little bit
but also how come how come the files are
still in by root
is that because when we built the image
it was running as groups
yes um because
do the do those files not need to be
owned by wwe data as well so that
fbm can process them no they're readable
by anyone
uh something else i would normally do as
well is enable read-only file system
so you know i actually don't want you to
be able to write to anything which is
why the empty dart's important because
that will be somewhere we can write to
yeah i just wish i could remember the
file system thing that i want here
so we're going to look it up
so kubernetes security context
and there is an fsu's fs group is that
it
where's that password
yeah why is that not all completing for
me so this might just be the version of
kubernetes i've got
it doesn't have this flag anymore um
let's just put it in and see what
oh happens really yelling at me isn't it
unknown okay yeah that must have been
removed then
so let's see kubernetes
empty their user permissions
there is a way fs group
damn it
surely if they remove that they want to
put like a deprecation flag to tell you
what anyone's called
no
but it's definitely fs group which is
good because i knew that's what it was i
just
don't know how to handle i mean we could
use it in a container i'd like to try
and avoid that of course uh
in fact am i doing it in the wrong place
that's what it is
so this is the security context for the
pod i bet you if i
yeah there we go
um that should create
so do we want the user to be
on um
on the spec not on the pod or not
uh it depends what user we have inside
the engine x
so let's let's take a look at that
and take a look at our password file
which is our source of users
yeah engine externs is 101 and we don't
have access to
www data here at least i mean i
don't see yeah no
data is a fpm yeah
let's try this um
just out of curiosity more than anything
there so
because you'll use the 82 for the fs
group
but that would be applying it to the
engine next one as well
yep there's no empty dirt there so ah
right so any applies if there's enough
to do it
well maybe well yeah there we go
so if you haven't on the nginx one as
well
you wouldn't be able to specify the fs
script for each individual container
ipod there would you because they have
different ids
no for that i'd then be using an
internet container that has a
root user that changes the permission
on the empty there which would be reused
across the inner containers
we can we can cover that if we think
that it's important
um but let's just try and let's try and
get this working first and then we can
maybe do some cleanup
so you can see here we've got our uh
grip right access to here and in fact
that empty door just came with explicit
permissions for anybody anyway so we
actually didn't need to do that but i
think it's
that configuration parameter hopefully
is useful for others if you're looking
at a similar situation
let's put forward
so
8080 so we should be able to write the
logs
and now it's complaining that we've got
some configuration missions so this is
going to be that dot env file that you
mentioned right
uh yes it is okay so now we need a
contact map
so um let's create
config map dot yaml
spec this out this is our light of l
config map
um
okay
so there is a secret value in here i'm
not that fussed about it being secret
because i'm just going to delete the key
and play account probably i'm never
going to use that mail thingy again
so i'm just not going to be too fussed
about
exposing them yeah you could you could
just um after the
after this um screenshot you can just
click the refresh button and
watch out it will be used right nice
okay so
we we really just want this env fail to
be exposed
as environment variables and a conflict
map is our
ideal way to do that now some of this
isn't actually
some of this i would bake into my image
i'm not going to get
dogmatic about that right now and we can
talk about that uh
once i've got it working but like you
know the app name
isn't something i'm going to want to
change per environment
conflict maps to me should only ever
change variants
for environmental things everything else
should be baked into the image so the
app name
yeah i would probably put it in a docker
image somewhere
yeah there is something built into
laravel already
as well which is um
you can sort of cache the uh what they
call config
so um which is their.emv files and other
things that
are used for the application they can
all get cached and there's a command to
do that so
it doesn't actually read anything from
the environment however that would
require it to be
then stored within the actual image
itself but
not so i guess that's
a decision that you can make i'm sure
there's some
yeah we'll talk about that uh in a
moment i'm sure i could like
regex i'm i'm kind of looking at it
going i'll just be quicker to type it
because i bet me going i could just
reject all this
so what we want to do is
all you want to do is just change the
equals to a column answer yeah
why is that not letting me register oh
does my vs code them not support that
time for trusty command on um
you know you know what's going to happen
or just come on death
yeah let's just do it this way so
change equals paracolon space
go
and then and then okay so now we need to
yeah that needs to be a string billion's
not supported
now we want our host so this is going to
be the service name that we've provided
which i believe is mariadb we can run
get
services
yep so we have our database available at
that name
on that port that's our database our
username is laravel and our password as
laravel
and this would be a secret let's get it
working without and then clean it up
don't let me forget that yeah
broadcast driver i don't know what that
means i don't know what that means i
don't think we don't use it
so you can ignore all of those ones we
didn't care about that the session
driver actually
um that wouldn't we're not using
sessions in this bitcoin you can know
that
um in production i would normally change
that to uh redis or database
do we need the aws access stuff no
that's just because you can buy with the
file system
plugins you can upload straight to s3 by
um
by default so that's all guys
how come it's complaining about numbers
like 25 25
i thought yeah we'll support introducing
that
it does uh
what's it saying
i think the config map just expects a
string to be honest
yeah like everything strings
we're not running memcached we're not
running red
no all right i think
that will be enough so let's apply that
now
and then update our deployment to use it
so this is really easy um
what needs to is it nginx or is it fpm
both
um fpm would be what requires it because
it's the php for every
process that's running yes okay so env
from fun effect map ref
uh
the name of the conflict map oh what did
they call it laravel
yep yep
uh does that just like basically
export inside of the image before it
deploys it
yes it will take all of these keys and
make them environment variables which is
how larval works i don't even need to
change anything
so let's reapply our deployment
so that would behave basically the exact
same way as
if you'd baked it into the image before
you deployed it at all
i guess it would just be a linux
environment
all right let's see how far we are now
the application key might not like that
i'm not sure okay
all right let's check our logs
yeah now that's one of the things i was
going to complain about next right is we
actually don't want to log to a fail in
any container environment
that is generally a full power and you
want to log the standard
out so first let's look at the logs
and then change that
so our problem is
it's trying to write to something then
we have a read-only fail system
what's it trying to write to
um oh it caches your views
so framework views is like um
it's a cash thing because it comes with
something called blade
which is a template language like twig
that sort of style of um
that sort of style thing so it tries to
write those two
problems yes and if everything is always
but that's just this framework folder
right yeah
yeah assume that all of those have been
trying to do it into sessions cache
they're not testing these as you when
you want tests and also views
okay so that's all empty so what i'm
going to do is empty there that too
i want to try and keep this as a
read-only file system for as long as
possible before i admit defeat
so we'll bring in this cache and we're
going to mount that
so would you normally have like a
attempter sort of thing that could be
written to for
say if somebody was to upload a file
that needed processing before getting
moved on to like s3 would you have like
attempter
configured which is wrapped up and only
that
yes so i would definitely use the
volumes key up here to provide something
that was ephemeral now i would use an
empty dirt definitely for
like a local kubernetes environment and
some production environments
i may like if i need to guarantee that
file exists after a pod restart i'd
probably use like a
persistent volume or a host path
depending on how my cluster is
configured but
i would use a volume of some kind for
anything that needs right access
the reason being is like you know most
attacks especially against
uh php based content management systems
is generally through
some really contrived and illegal upload
that executes an arbitrary script and
then rewrites over your code
and you could just you know just one
read-only file system argument
just stops all that as long as you don't
mind going through the process
uh of making sure you could write to
your logs in your cache
which i'm going to try and do now so
let's try uh redeploy
let's get our pods oh and let's change
the login to standard out like we don't
want to log to file anyway we want to be
able to use the logs command
so how do i configure that with laravel
um
change the env to sdd err
[Music]
so what am i changing change stuck there
to std
er
is that correct okay
yeah yeah that'll do it
um there's also actually a standard out
right
yeah that just send it straight to
something okay let's do that
uh let's reapply
and make sure i'm in the position that i
kind of want to be in so uh
yeah that's the conflict map i need to
deploy
and then i'll need to delete the pod to
get that new configuration
so now i should be able to run logs
against this
and i have the fpm logs you know if you
hit the
uh browser you should see something
locked i think because i don't think
we've fixed the error that we have
before did we
uh i hope so uh let me run the port
forward from another location
we can keep our logs up oh it's going to
split my terminal but i think that's
just going to make it more confusing
all right so there is our logs
well something's logging perhaps
configuration is obviously not quite as
simple as that
i'm assuming that we're still going to
have something in that
storage logs
yep
this is cat so
what field
on car and valley
um i'm i don't go to create logger
standard out is not defined just oh so
i trusted you so you're an option
okay now
if you open up the code in conflicts
like i would expect it to be
dev standard though like that um
let's google that's what it's here for
right so log
to standard
and there's another option which we can
just use error log which will put it in
the
fpm log by default and that should put
it into the standard
log first
all right what we have already should
work
no that won't work because um
it's being passed through to monologue
the um php
body library
let's see
okay fpm
yeah we're gonna have to add the service
so i don't have to keep doing that but
let's do it more time for now
all right let's go back in
uh fpm
[Music]
storage logs cat lock
did that field to set up please provide
a valid cache path
uh unable to create configured bloggers
is this because of the empty dev but you
create a framework i think it expects
for the cache form to exist you might
need to create multiple empty first
i don't think it might not create that
folder okay
i'm also worried about this logo yeah no
that's definitely an issue
um so unable to create complete logo
would to me
i'll leave that as an exercise for
another day set up logging um rather
than
if you drink it up to syslog you just
try that one last
uh one last thing because i should put
it straight through as well would it not
no syslog may look for syslog in the
container which won't exist
oh okay all right let's ignore it
um
and let's do
cash and we're going to need sessions
and again i don't really want to spend
too much time fighting on things that
aren't that important so i can always
just disable that if this doesn't work
is there anything else required in the
framework directory
um views views
i think there's one called testing as
well with measurement i don't know what
testing
is
do i have them here uh storage
framework cache sessions testing tools
right okay
i mean i haven't just expected to create
them if they're not there
i find that i i do as well but that's
all i can
and okay modifier deployment
oh yeah i've got to actually add them
so we need testing
sessions fears
all right take 16.
well we're not going to get any logs
okay so
let's just fix the port forward
right that's progress we're not getting
a white screen anymore
so let's see what we are
fpm ash storage logs
cat log so now it's complaining
oh yeah so it doesn't like my i just put
a random string there what's that
supposed to be
um there's some sound commands hpr sound
key colon generate
um if you just run that inside of the
fpm container
that should um
key colon generate
it's trying to write it to env um i'll
create one locally and just send it here
can i not just print it out yeah
sure there we go okay okay cool nice
i hate it when tools are fighting
against me rather than
doing my bedding right okay
um um and i've never seen it with
basically
well maybe that's just a helper
all right uh let's just apply the whole
directory for a bit of quickness
make sure our pods rotate
oh i only changed the config map so i
need to delete my pods myself
and now we can report forward again
and finally i'm really hoping we see a
database migration letter here
oh our application the reason why you're
getting that works because we're not
requiring any databases
at the moment but that is proving that
the asset compilation works as well
because
that's using um terawin to get the data
there
all right it's production now i'll see
you there thanks
um so that's actually covered one of the
things on the list anyway though that's
the
secrets and environment stuff there is
some
thing on my list which has happened a
few times whilst you've been doing that
which
i assume it's not the right way of doing
it you've just been deleting pods
to get it to basically redeploy
um probably a better way doing it than
that i assume
unfortunately not so that the problem is
is that
when you modify a conflict map it gets
updated in real time
pretty much within your deployment um
so like the files will just be synced if
there's a fail mount i think the
environment variables
i think they still update in real time i
can confirm but i'm not 100 confident
your application is really expected to
notice those changes and reload
uh but most applications don't and one
of the ways to get around it
is to include the sha of the conflict
map
as an annotation on your deployment
which forces a reload every time
you modify the config map it's a bit
hacky
and there are some controllers that can
also run inside the cluster that monitor
for changes in the contact map and
rotate your pods for you
so there's a few ways to do it but
honestly for like this kind of
environment
the lean is the right way to do it
however something you said that we
tackled that we haven't was secrets
um i wouldn't put a secret in this file
so let's fix that let's take out this
app key
and let's create a secret channel
i know and this is really gonna it's
gonna feel weird
because
i'm solving one problem in a very
similar way to the conflict map anyway
and i'll try and do my best to explain
why this is
uh more why this is better
so
so this is a secret
i am storing this as ammo and my
repository right now so it is no more
secret than a config map
granted however you're very you're
unlikely to apply your
secrets to your cluster in this way um
you may be using vol
or some other kms system to provide
these as
and to get these into your cluster but
you want them to be a secret inside of
your cluster because they have different
r back
rules compared to a config map right as
generally config maps have
loose airbag most people can have access
to them
they're also consumable from within the
pods you want to be able to lock
that down and you want to be able to
lock the pods down as well so that
nobody can execute into it and just grab
the secret
um so well from a very
naive perspective and look at it and i
use the wrong word from a very
well from this example it doesn't seem
like we're improving the security at all
just by using the secrets
you are as long as you get them into the
environment correctly
the other thing i want to kind of cover
is that uh well first
little fail um there's two keys on a
secret
string data and data and and
actually expects your data to be base64
encoded
so if i do base64 paste this
in and grab this
in fact that's not going to work because
of the new line
so let me just copy that properly
and we should actually have done like
echo dash
and which means no new line right
yeah and then base 64 and this will get
its agile value
so both of these are correct so when i
apply
and in fact let's just change this so
we'll call this string key instead of
that key
i can't remember if the kubernetes
control plane will allow me to have data
and string data but we're going to push
our look and see what happens
so yeah it doesn't care
cool now we should actually see that
both these values are the same
um so we'll grab our ladder bell dash oh
yamaha
i think it's built secret
and if we look at the data fields yeah
you see we actually get the same value
here
so string data is a helper that when you
apply something to the cluster
it knows that you haven't base64 encoded
it yet and it will base64 encode it for
you
regardless you get the same value at the
other end so string data
a helper good in some environments uh
data base64 encoded not a secret
but again you wouldn't apply secrets
typically in this fashion
for production use cases you would use
like sops fry mozilla
uh sealed secrets are my personal
favorite the capitan
project um so these all handle it
slightly differently
um sops and sealed secrets will use well
in fact they all they'll do the same way
they'll encrypt stuff but the way that
you interact with the tool is slightly
different
um i don't know if there's gonna be like
a quick thingy here
no because we don't have a kubernetes
specific thing it doesn't matter
so sops allows you to encrypt it and
store the encrypted file within get
which means you can apply it you just
have to remember your continuous
integration pipeline to
to decrypt it before you do the the
apply and there are some things that can
run in a cluster to try and make that
easier and more secure
but it's a really good way of doing it
sealed secrets does the same
it stores a private key inside of your
kubernetes cluster
you can use the sealed secrets command
line to reach out encrypt a value
and you get a text-based secret like
this
with obviously an encrypted string which
is still secret
and then finally there's the capitan
project which
does secret management it hooks up to
all the kmscs and vault
so if you're already deploying to a
cloud provider with a kms this is
honestly this is just the best way to do
it and you can define them in your ammo
and they'll be
they'll be encrypted for you and only
decryptable and a cluster that has
access to that kms so you can use cloud
provider i am rules
i'm not going to say any more about it
because secrets would be deviating us
down a path
of a lot of time and i don't want to
take up too much of your time
and in fact we only have like 25 minutes
left so
let's see did that all make sense that
wasn't too much waffle
something kind of um with ansible where
you use that scoreboard
but that would have you'd have the
encrypted locally sorting gate and then
when you're trying to apply it
and try and deploy that you use you
provide your volt key which
is just the battery if you type in it
deployment time and decrypt it and send
the values over
something to kind of similar to what
sounds like um
and no surprises we pass our secret
through
in exactly the same way there are finer
grade controls you can mount in specific
keys
and make them optional change the names
within the container
there's a bunch of stuff you can do okay
um
let's make sure we haven't broken
anything
let's apply that whole directory
here's our new pod
port forward
and we should still see right okay
uh i can't believe we started off saying
let's run database migrations we're like
a fair chunk of our way through this we
haven't done it yet so let's actually
run these migrations now
so kubernetes expects us to leverage
something called an init container
and now if we go to our container
definition
here and we can just say edit containers
and we can provide it a name we'll call
this database
migrations and it takes pretty much that
same spec
that you're using um for in fact it is
the same spec for your containers
you're just trying to overwrite the
behavior in a way that makes sense for
you to run certain commands so
you know here i'm going to say run fpm
and the thing i want to change
is that i need access to
well i want to run a different command i
want to run
php and then i'm going to provide some
arcs
the arcs are going to be artisan
db is that right yeah just just migrate
just migrate so just php our design
migrate
yeah and then you'll also need to do um
double dash
false i think because it will by default
for a warning sign you're running this
in a production environment all right
let's just do it i'm feeling it an entry
point because it
that needs to enter at the bottom
kubernetes doesn't call it an entry
point so in kubernetes use same language
so it's command and args
whereas docker yes they would call it
what i mean is um for the file path of
where you're running php
from uh do you know because
every time i've exec into that container
you've put me into the working door
which seems to be the correct location
okay if i might just set up properly
that is pure coincidence
yeah and your docker file let me just
because you haven't done it for nginx
but you have done it for um for fpm
so yeah that's yeah yeah okay yeah you
would want that in your
next one as well uh now i forgot to set
the image pull policy to never which is
why that's failing
so let's top that up
so you'd only have it never in because
you're doing this locally if i was doing
this on a production you get rid of all
of the nethers and
the actual path of the image would be
private.com yeah you always include the
container registry
i like to run my own registry within my
clusters the caches the images i
generally use a pool policy
if you know if it's not available if
it's not present on
on the machine i don't do an always pull
generally because i do
i don't use ephemeral tags like
lyricists and such that you know i would
use a proper
um content
all right let's see why this is failing
i'm assuming that the migrate command is
trying to rate to a fail
probably and that my we're going to have
to sacrifice my read-only fail system
but
let's i don't believe it does write any
files
all right so we want the logs for the
database migrations
we're getting connection refused okay
so did you
create i didn't give it the environment
variables
so we need this to be copied
to here
let's reapply
and see what we got
it worked
you don't seem convinced uh
i typically check the database to make
sure my breaking work
all right so let's scrap this let's just
see
database migrations
um yep there we go no okay
is there an endpoint in your laravel
application that will allow us to
consume that database at all yep so
i've created a few endpoints one of them
is called create dash
posts and that will create just five um
by posting the various
create slash post or dashboard
all right like so uh yep
i know that's a little difficult to read
but so that should have done it
i didn't give any up or don't we thought
i'd be in white that's right kind of
get posts that is a geckos oh no no
sorry um now if you go to slash posts
there you go but yeah yeah
great awesome so migrations is working
yeah really simple i mean any containers
they are the best way to handle this
thing of course there are caveats i'm
not going to say go and add this to all
applications immediately
they need to be an important you have to
be able to run them these will
like in fact let's show that when i
scale this up to five
those migrations are going to run on
every deployment every time i kill a pod
so you really need to make sure
that they don't collide
there's locking you know you're going to
potentially have two running very close
to each other and they have to be out
important
so i'm assuming with the orm that
laravel is using that you get all that
for free
most orms do provide something like that
so you should be good
i'm not sure about issues so because
they are quite
good on like um
the whole like high availability side of
things so i'd assume that that's
important
i would assume your migrate commander
does a lot on the entire database
and in fact we could probably trigger
that by you know
deleting the database spinning it back
up empty running a migrate and trying to
hit
create posts at the same time or get
posted at the same time we'd probably
see it wait for a while before it got
access to the table again oh the
database
okay what's next on your list what we've
got uh 20 minutes
so q jobs is probably the big one huge
schedule address
all right so kubernetes exposes a
primitive
called jobs and which are just like
crunch ups
uh i don't think i'm going to be able to
oh i do
i love this plugin so
we have you know just like all other
kubernetes manifest really simple
specification
and we can specify this is the time to
second
time to live seconds after finished who
knows where that is to have help
uh late time job is finished execution
yeah whatever okay
we specify the container and we specify
the command now
you'll also want to be able to tweak
awareness runs
and i'm using the wrong object
crown job
i'm going to show my own ignorance i've
never been able to remember how this
works now
kubernetes i spent a lot of my time in
documentation
there we go there is a thing called cron
jobs yeah i just couldn't remember what
this
was because i've seen like online but
all right some things just refer to v1
and some things referred to like
something documented.b1 yeah
um i'm not sure why that yelled at me
then maybe it's because the spec was
wrong
or maybe never maybe that's not been
promoted yet actually
so yeah okay
um it's not crown jobs haven't had a v1
yet but jobs have so
there we go let's just copy the whole
thing and modify it or
to do our bidding so we'll call this
ladderville i'm just going to keep
calling everything maribel
we can use regular cron cell syntax to
specify the job
um i don't know how to generate that
most of the time
yeah crowdmaker i think this is the one
i use
let's just say run every five minutes
uh why wouldn't you just do um style
i have because you wanted to run every
minute
at the crown helper in the laravel
um then inside and inside of the
console kernel determines what jobs
inside of there should run
and what frequency so you would run this
every minute
okay so i guess i don't understand i've
never built a laravel application so
let's try and cover a few basic
questions then
um now is the queue processor
a long-running process that should be
deployed as an employment or
is it actually a cron job that runs
regularly uh sorry so it depends
are we dealing with a huge job here
where we're dealing with the scheduled
tasks because there's two things that
need covering anyway
uh okay so i'm assuming the schedule
tasks the chrome job right
yes okay so you can give it to the star
star star star star
just straight up every minute and then
all you do is you have like the migrate
command you have one entry point which
is just
a schedule call on run
yeah schedule call on run um once you've
done that
every minute it just deals with itself
based on your hp
okay so we call this scheduled
uses the same fbm image what command are
we running
um schedule call on run
is that all uh let me just check if
there's some forces
all right let's apply it so
air jobs and then like all the other
kubernetes resources we type get jobs oh
not a crown job
i called it a job yeah here we go
and we can wait uh let's within a minute
we should see a pod get scheduled
which will spin up run that command shut
that down and then that'll look every
minute doing the same thing
and by pure coincidence we're about to
hit quarter past
and i've got a job in there but every
five minutes sends an email
so we should see you know just
pure for instance on that but
[Music]
so oh it crashed
i don't know is it trying to rate her
fail
um it will be won't it i don't think it
should write
uh all right let's see unless it ends up
maybe it writes like a cache file thing
oh no could not open input failed
schedule run what have i got wrong
oh you can give it a second
we actually had a few comments there as
well which we were too busy focused on
that so
uh frank and nate both commented that we
missed the artisan
thank you uh
so that's that archive it i don't know
if i applied that because
i i got really confused when you
disappeared and then realized the
software crashed so
yes these things reconnect and stuff
so it says unchanged
there we go so we this is now completing
every minute
we've had two of them since the crash
obviously this one failed
um so do we not want that to kill itself
off immediately
as soon as it's got the exit and there's
no need for a time to life on that is
that because
it's never going to reuse the same
command again
we'll leave it for now i don't think
it's terribly important
um will they clean themselves up once
the ttl gets hit i guess
yeah did that just crash again oh that's
that's just a broken one so i can just
delete that
because would that not mean that every
minute a new pod is created and that
isn't being cleared out
so eventually we're just running out of
memories
no these ones are gone they're completed
so they don't take up any resources
anymore
so okay so that seems okay
uh i guess if we wait another two
minutes we should see
the email come in here yeah
at 20 past um but you said there was one
other type of job so let's try and
handle that one then
yeah so this is the more um
i guess complicated one um what you can
have
in laravel is um huge jobs so you can
queue it up using both different queue
drivers
with ses and you can play database redis
rather mq all those sort of things
um but the way of using that is the same
so it doesn't make any difference to us
um what we want to do there is have a
command that's running
longer it's a long running process in
the background that
um runs the rsan q colon work
and that's all that we require
um but then it gets a bit more
complicated than that you can have
different named queues and have
different number of workers per cues and
things like that i guess
yeah that's just going to be a new
deployment for me i mean long-running
process means it's a deployment i want
to be able to scale up and down
depending on how many workers i want
as well as tweaking the parameters so
you know we could
i mean we probably would just copy this
uh and call it q
worker
and we're not going to need the nginx so
we can remove that
do we do you think we'll need logs cache
test i'm going to affect you know i'm
just going to keep it i don't want to
i think we'd need it all because the
framework would still hate those well
maybe not like views and stuff but
all right so we update our labels to be
q worker
worker and then we just modify the
command
we don't need our init container at all
and here we're just going to say
oh we don't specify the command we're
using the unbuilt one
so here we just say php again
we specify the args and we're going to
run sorry what was the command artisan
artisan and then q column work
cola yeah
and then you need to pass so that will
work by default
that will run the what's called uh all
the three queues in marbella named and
the default is just called default
but what you can do is you can then pass
through double dash queue equals
and give it a conceptual string of
different queues so you can
just default that and that from the
default one um so if you have different
higher my priority queues you can make
the high priority queue have ten workers
low priority you have
two workers yeah and that's
that exact reason is why i would use its
own deployment
for each of the different queue
semantics i've got so that i can really
define the quality of service and how
quickly i need to process
and how many workers and how many
replicas not all cues i would imagine
at least in applications i've written in
the past would be considered equal
and i'd want to be able to tweak that it
may seem like oh i'll just add a new pod
a new container to my main pod but
i don't think that would be necessarily
the right way to handle that
let's apply
where are we
cute workers right we now have five
queue markers can we
do we can we confirm that yes we can so
in the groups if you go to slash q
jobs it will should send three emails
oh first of all if we check the email
provider we should have an email from
the cron dropping there now
[Music]
jobs it should send
three more emails up here we go
we have our keyworkers easy peasy
um so there's something that you can
because php isn't really designed for
long running at least it was never
initially designed for long-running jobs
um it's kind of basically a sort of
hacky way of doing it
the key workers there at the moment and
so you can sometimes get remember the
issues with that
so reliable does provide something
called max jobs which is another flag in
your past which means that you'll kill
off that
that worker sends like an exit signal to
it after
x number of jobs if you were to do that
with
the container would that spin up a new
one which is what you'd expect
or would that then start like a whole
cascade of issues
yeah what i would use is the resource
limits here you know i've already
defined how much how many resources i'm
happy for these queue workers to consume
so like kubernetes is going to restart
it when it
when it starts to break these limits
anyway so you wouldn't really need to
hook into the laravel aspect there i
would just rely on the container
scheduling
to go hey i don't really want you
consuming 14 giga ram so i'm going to
restart you know
okay that's cool so that's his job
and what's the 500m that wasn't really
covered earlier i guess
it wasn't you so a single cpu is broken
down into 1000 units
and i think they're called millicourse
so you can say this is essentially me
saying that half a core
this this process is restricted to half
a core on the host machine
does that does that translate to roughly
like every one and two instructions
like so if there's two pods on there
both given half a core
they will like sort of alternate who can
get access
or is what is that just like no so it
depends on how many cores are available
on the machine
so like uh i'm not sure if i'm gonna be
able to get that information from
kubernetes here
in fact uh let's see how permissive our
thing is so
containers don't necessarily obscure the
view of the proc file system
and so typically you can just pop in
here
and you'll still see the actual host
information so you can see here i've got
eight processors which means
if i set this to
4000 m
and scale this we've got it set on five
yeah we won't see all five of those
scheduled we should see that fail
so
yeah there we go we we have pending
queue workers
and if i describe one of those it'll
tell me
that the resources aren't available and
sufficient cpu
okay right so not it's not like
um how it allocates it so well it's
because we're using a limit right
i mean i could have said uh
requests which means i kind of want this
but it's not a hard request you know if
it's available give me it
and whereas a limit is like it's
actually going to set aside
half a quart for that process and it's
going to set aside 50 mega ram for that
process
and it won't allow me to schedule so
there's still contention
for any pods are running on the machine
they're still competing for resources
depending on the instructions they're
sending
but the scheduler is going to go i know
at some point this is going to have
4 000 millicourse of cpu and i'm not
going to schedule anything that tries to
go beyond that
whereas if i leave this as requests we
should see
that it just i think it will actually
schedule most of them
because they're not using that menu at
that time
oh no ash okay so the schedule is gonna
say no as well all right
so but yeah the request is kind of
giving the scheduler a hint of what you
need
the limits means restart the process if
it ever goes beyond it
and then the scheduler will do its best
to make sure you get scheduled on the
nodes where it's not going to have too
much contention for those resources
okay yeah that makes sense okay that is
actually too bad everything apart from
one thing on my list
pretty much so what did we not cover
um release cycle so how would you might
go about doing a natural like
full-on release not necessarily with
like ci and stuff but you build a new
image it needs to be deployed
do you go in with cube ctl delete the
pubs
how would you want to make that last i
think no i mean it'll handle it for you
so let's assume
and we can do this in two minutes
so uh yeah let's use our q worker right
um so firstly let's just remove these
limits um
so we can get all five and let's change
the image let's say
instead of you know normally we would
change the tag here to be v
54 or whatever right but what if i just
want to say deploy
engine x so the way that this works
is if i just deploy this and run this
really quickly
is it oh container errors
let's just take off all this stuff that
we don't need the security context is
why that's failing uh
and the command won't exist but there's
a whole lot of why that was failing
so uh
that's what i get for trying to do it
too quickly right okay that's
pretty generic so let's reapply that and
then run this
but what we're going to see is that and
it's
it's fast so it's difficult right but we
actually spun up
two new ones before shutting down the
first one then we spun up a third and
then we started scheduling two more
after that and then it starts
terminating
so on top of a deployment object you
actually have the ability to specify
the the strategy
and then we can have a type and a ruling
update
rolling update which allows us to
specify a search
or a max of unavailable so the
deployment already knows how to do
safe deploys with new images you have to
tell it to do the rolling update which
is
actually happens by default and you get
a max surge of
one i think um you can also use
percentages
so you could say that i want 25 of my
pods to be unavailable that means that
it will sacrifice let's assume sorry
lots of information
let's assume i have 10 pods running if i
have a max unavailable 25
it's going to be able to shut down 25 of
those pods which is
two if it was 50 it would shut down five
and then it would spin up new ones
if we go with a surge approach what we
say is i have 10
with a max surge of 50 i'll actually
schedule up to 15
and then once five are healthy shut down
five and then spin up more
okay so in combination
will you use one or the other you can
only use one another so you can
let's let's double check right because
i've been wrong a few times a day anyway
but
oh it doesn't care okay i guess you can
use them both together i thought you
could only pick one so yeah here i could
say
i i always need at least 75
to be running and i don't mind
scheduling over provisioning by 50
and then the scheduler will work it all
out for you you don't need to worry
about it too much
okay okay so in terms of
um when when you do a release you'd
normally have
a um your deployment process your ci or
whatever would
tag a new version of the image and then
would you
do like a cube apply a cube ctl apply
and that would then start pulling in the
new images for you it's definitely how
i would start my you know my continuous
integration deployment server would
just reply over the top with that new
tag
or sha whatever i'm using and let
kubernetes head up from there and then
eventually you can start to look at
things like
you know get ops continuous deployment
from within the cluster
and get a little bit more sophisticated
doing progressive rollouts making sure
that
you know the metrics don't change for
the first 10 minutes at 10
traffic and then scaling up we could do
a couple of more episodes than that i'm
not going to be able to do it justice
in like 10 seconds but yeah yeah you
could definitely start with a cube
control apply
and then take it from there okay that's
something all right
i think so yeah we covered it a lot so
what i'll suggest is i hope people find
this useful leave comments for anything
that you want us to tackle in a future
episode i'm sure alex would be happy to
join me
alex and i'll have our own conversations
and work out what else we can do in the
future we definitely
already got an idea above which you'll
probably hate me for so we'll cover that
outside of the screen all right well
thank you for joining me alex it was an
absolute pleasure i had fun doing that
i'll see you for the next one
goodbye everyone cheers
[Music]
you