 Good morning. Good afternoon. Good evening and welcome to another episode of Red Hat Enterprise Linux or not Oh my gosh, Red Hat Advanced Cluster Management Presents. Can you tell I work on a few shows on this channel? Sorry Scott, how are you doing today, sir? Fantastic. I'm good with however you want to introduce us Chris. We're just excited to be on your show A pleasure being part of your experience in the live stream here No, thank you It's almost to the point of the year that we call not summer here in Austin We have almost you know, we have summer and not summer So this is like you kind of get a chance to open your windows just briefly Get a breath of fresh air and that sort of thing. I know you guys get a bit more of a seasonal thing We have five seasons here. We have you know, the normal winter spring summer fall and construction season. Oh nice Yeah, I thought it was going to be like extended winter or no. No, no. No, it's there's only a Brief bit of time you can actually do like real like foundation lane in the summertime here. That makes sense So I am joined as you can see by a full cadre of the senior leadership here at Rackham as we like to call it advanced cluster management I'm going to do just a brief round of intros just so we can get through that I don't know where everybody lines up on the left and right But I've got Jeff Brent who's the product management director based down there in south Florida You can see the glimmer of sunshine and clouds on his face I have our VP IBM fellow the man who leads automation and management. That's Dave Lindquist Right there. I've got the senior director and lead for engineering across Rackham. That's Kevin Myers You guys both based down there in Raleigh. And then I've got Josh Packer our senior lead architect based in Toronto As you can see he's got the open cluster management shirt on Which is awesome. And I don't think Michael elder needs any introduction I think he's been on the show a few times and many of you would recall That one time when his house was actually on fire and he was In the midst of demonstrating dr scenarios with acm, which was awesome Not on fire, but he walks on right off pretty hardcore We'll say the demo was on fire, but yeah, you're you're smoke alarms Definitely So I think what we want to do craze is kind of you know, we embarked on your show a year ago This is our 10th episode. I am thrilled that you've kept inviting us back. Thank you New features and new functions We're coming off of ansible fest. We've got a 2004 release coming up We've been very active in the upstream and a lot of push on our cnc proposal There's also kind of this whole market. What's what's happening in the automation and management space And that's why I kind of wanted to hang out and bring Dave in today who really leads a lot of that tone And then sets the plan of the agenda for what we're going to do So I'm going to turn it into Dave's hands here to kind of give us the lay of the land and what he sees as as recommend this space today Thanks Scott and thank you chris for inviting us to the show The fun discussion on seasons earlier. I think we have almost all the seasons covered here between florida, texas to carolina's and canada We have quite a bit of coverage And the weather is getting nice here, that's for sure Advanced cluster management hybrid cloud We've been In this space for a few years now We've had the advanced cluster management capabilities available as a red hat offering since late last year third quarter, I think is when we introduced two of Red hat advanced cluster management for kubernetes What we have seen through the years And it just keeps heating up is as customers accelerate their adoption of cloud In particular their investments in hybrid cloud. We see a continued almost accelerating focus how to manage How to automate these environments how to secure these environments how to enterprises do this at scale And that's really what we're all about. That's what we're investing in is how to how to Allow customers enable customers to bring open shift in their kubernetes To their enterprises for production workloads Across hybrid environments across multi cloud environments with the management they need the automation they need in the security And the security they need for the for their businesses We put a lot of focus cluster lifecycle easing the support of clusters for their full lifecycle on applications How to manage applications and the complexity of applications deployed across clusters within clusters and all the dependencies that that creates governance risk and compliance How to really lock down with consistency The configurations support the various compliance activities that are required for different businesses regulatory requirements So that's been an acute focus of ours particularly around policy and opening up the policies and integrating with many of the security systems that are available for containers and kubernetes And it's our ability. How do you get a view of all Of the environment of your hybrid cloud? How do you define your hybrid cloud? How do you Deploy it how do you update upgrade it? Where are your clusters? Where are they deployed managed environments or self managed environments by the cost by the customer? As well as any alerting and events in the health of the environment that's been deployed So that's that's been the core investment. We've had Scott and chris It's the adoption has been outstanding the growth of the adoption has been outstanding The reception we're getting from the industry on the open source as well as partners coming coming into the ecosystem have all been great with that, why don't I Shift over a little bit to some of the demand we're seeing and the growth we're seeing and opportunities to Jeff Brent Yeah, absolutely. I think he hit the nail on the head their day when we talked about scale And scale and particularly to the container management journey A lot of our customers are doing from modernizing applications be more efficient. We've we've we've really Have learned a lot through the pandemic and agility and being able to meet the customer needs change new business models Adjust very quickly our platform from a management perspective is all about scale Being able to do that one cluster to two clusters of three clusters to You know hundreds of clusters in fact one of the really exciting things We've been doing on a scale front is supporting our telco customers And the scale that they require for rolling out their 5g efforts So we we've got a lot of scale and a lot of some a lot of the things that we I'm very proud of and I know that we do from a from an organizational perspective as we look at the market Our market is a lot like us our own development organization We have a group of components and and capabilities as Dave just listed there Broken those down into pillars and then further in the squads and those squads are really delivering at scale A a kubernetes based application bundled and delivered as an operator running on top of open shift And we've taken advantage and of the opportunity to eat our own cooking And to really take a look at how we as an organization innovate and are able to deliver at that scale We have a tremendous Scale issue within our own development organization for testing our platform on really anything Everywhere that ocp supports an open shift in our in our support for the star ks that we call them Eks aks iks gke those out there So we've got to spin up a lot of clusters We've got to make those clusters available to our development teams for their their own development efforts Getting them those clusters consistently being able to roll out configuration through get-offs That's exactly what our customers are trying to do on a daily basis. Whether that's core banking application Or fleet management for our logistics customers or even the roll out of 5g and and the virtualized ramp infrastructure So we're we're taking and embracing our market and our customers Requirements and really applying those to our own engineering effort and kevin is very much Involved in the thick of that exercise for us Absolutely, and I think it's an exciting opportunity Um as we think about some of the concepts around operate first Now being maybe you talk about eating your own cooking but being your own first customer and almost Allowing the team internally to understand what it's like to try and use the tool on a day to day basis gives you a really unique perspective that You know as we expand more and more the types of things that we're making available on console.redhat.com and cloud.redhat.com The opportunity behind the scenes to use acm to manage and scale Really bring a lot of insight into the day-to-day experience and how we can make things easier for our end customers I remember some of the topics we've delivered just on that point kevin We talked we started talking about cluster pools. I want to say I'm like November of last year And we we sort of set the seed we planted the seed. I'm sorry. I'm using a different metaphor. Maybe I would we were starting to acquire the ingredients the recipe To begin eating the cooking and yeah, it's it's matured over that time We started to see developer, you know, the dev tooling adoption of using the cluster pool Establishing the pool of machines that could take up and that's exactly what our developers are using today Stamping out and claiming those clusters. I mean josh, you have a Routine I think it's like monday of every week you stamp out a new hub It proliferates the you know through get-ups. It proliferates the Managed clusters the applications the policy definitions that are defined around that Exactly before you even get out of bed and put on your slippers like that's already happening automatically So it's just kind of fun like jeff was reminiscing about the past year and day was talking You know through the story how we got to this point, but kevin you're you're embrace of that concept of those concepts and Really educating us in terms of how we do operate first how we bring these tools into our hands as the way to really solve it you've seen You know building in sub-mariner Bringing additional engineering and staffing around that capability as we expand The pillar of multi-cluster networking and you've seen Opportunities glower in that space and beyond to bring more in-house and how we do that upstream and how we deliver that downstream But it's pretty you also hear your points of view on how we continue to grow in that space Yeah, well, I think there's a tremendous opportunity at Both with sub-mariner specifically and as we think about things like service mash and you know anytime we're able to bring an ability to Start to control the interaction between application elements that becomes an exciting opportunity for us Especially at scale especially multi-cluster multi-cloud We we are talking to more and more customers that begin to have You know, I mean it's it's taken a while But I think as the kubernetes Deployments have matured the complexity of the types of applications that are people trying to manage there have matured as well And so their need for us to bring more to the table that allows them to manage at scale And do that in a way kind of like uh, josh does Every day do that in an automatic way so that um, you know when Capacity is not being utilized. It's put to sleep One it's needed whether that's a time of day or that's based on you know load balancing capacity our ability to bring that up Integrated in seamlessly into the application and make it available. It's been really powerful It it's also I mean just Apparently it's been a huge part of Us trying to figure out how to control cost as we try to think about like the number of different Places where we want to run our tests to make sure that things are rock solid on every platform Um, you know when we first started out, it's like I'm going to spin up these clusters I'm going to leave them there and off run some tests later today Our ability to use cluster pooling to you know arrest that capacity But very quickly bring it back up when we need it has been tremendous Tremendous cost saver for us As we've expanded the number of places where we try to run OpenShift clusters. So it's been it's been great for us internally to work on Utilizing our own technology to make sure that we're being as efficient as possible But also ensuring that you know our developers and our qe engineers don't need to wait around while we manifest new environments Building that in the ci into the whole DevOps routine Yeah from from soup to from soup to nuts as we Yeah, instead of saying it's the perfect storm. It's like the perfect way We'll use the surfing metaphor instead is that you know, we're building a product that's all about managing hundreds and thousands of clusters and so You know, it makes sense to use that product in our day-to-day living as well as we as we do it Jeff early on you were alluding to some of the different consumption models. Of course, we have Rackham We also have OpenShift plus. We also have capabilities that we're working Components and delivering and integrating with the individual offerings Um What can you elaborate for the For the audience on the different yeah, absolutely a lot of consuming these capabilities Yeah, exactly. We've well we've we've um as we've we've discussed There's a lot of applications for this and and really it is a multi cluster world. That's the the theme and with red hat OpenShift platform plus, you know putting together all those capabilities in the one box including Advanced cluster management advanced cluster security your registry with quay Along with OpenShift is the foundational platform that is Basically the package that all of our enterprise customers need in order to be able to provide this true hybrid cloud experience across the on premises and the managed cloud world and That's one one way that we provide the the acm capabilities to the market The other way is obviously you can get acm straight straight it from from the skew if you already have some of those existing parts Or a specialized need, but I think one of the things that's really exciting for us as an organization Is how we've spent the last I'd say quarter or so Breaking down and modularizing the acm capabilities And so it's a more composable type of platform with a foundational element that's going to be included into cloud dot red hats back in for being able to provide multi cluster capability multi cluster registry to the api set that's consistently used by serverless and our OpenShift data foundation team and And service mesh all those components that need To have a cluster registry and be able to provide a point of view of of their services on the hybrid cloud platform We're making that capability available inside the ocp box So they they have that consistent type of delivery and experience and that's also something that we're really aggressively exploring for the overall cloud dot red hat Dot com management experience is being able to provide that that there as well That gives you a nice layered approach. It helps us. We call it a little bit of acm light So it's just a foundational elements and then you can easily snap on top The rest of acm for the broader use cases and and really fill out the box that way What's been neat to Jeff just to dovetail it You know, our name is red hat advanced cluster management for kubernetes So we've been we've been marching to that to that drumbeat You know building things into the products like the imported management of those clusters Being able to pull cluster health metrics. That's a new one that we're bringing out in 2.4 Coming up in a few weeks. That's a great feature that illustrates to the users that We have to have this fleet point of view. You know, I can't just only Worry about one cluster here and one cluster there. I have to have star ks monitor so we've listened to Customers you listen to accounts and we said, yeah, we can pull Cluster health metrics off those clusters and we can bring that in and I think that starts to illustrate sort of our problem statement Josh, I'm going to tee you up here because I know you've been working a lot on storage and business continuity How do we manage those workloads that have? Business critical application and pv data, you know, those aren't just running on one cloud or not just running on one platform We need to get into that spot where we can manage those across cloud across platform Across distribution and that's always been part of our our central theme here Things that we need to do we pull in ansible if we need to we make that you know We do the automation across different platforms or we just pull in the metrics like I just explained We can bring those off of the star ks and start to bring those into the fleet view Josh, can you bring me up to speed on what you've been working on in the storage space and some of the tools in that area? Absolutely, so let's take over the screen So we're not just looking at us anymore Although and I promise this is the only slide that I brought to the brought to the stream today And then we'll be playing with live systems going forward But the backup and restore is a little hard to show in the short time frame that we have but so there's ACM is getting involved in collaborating in the storage spaces now And so one of those is around our dr scenario, which is the main point of this slide here And so up until this point you could still recover acm There was a get ops scenario that would allow you to do that It was actually you know not to do a plug But there's a video one of our customers demoed it at summit this year where they had data to ACM is running in different data centers And they are able to move their workload From the management of their workload from one acm hub to the other At a moment's notice as needed for dr And so building on that and working with feedback that they had on that process We were bringing a full backup and restore capability that can kind of be run in two different modes One is the get ops scenario where get is still your system of truth So everything that's applied out into your fleet is still in git And that gets applied on the left and the right in data center one and data center two as you see in the slide But we also have it for those day zero that maybe haven't quite got into the get ops yet And have been using our ui which creates all the resources for you and allows you you know Through a few clicks be able to provision be able to Import be able to deploy applications and create policies We have a backup that is able to capture all those resources that are part of acm proper and through a Or an external store because you always want that external store when the data center Disappears god forbid to be able to push it into the other one and you can restore then you can restore all of those bits So you can do it with a get ops flow in which case those get those bits are repetitive But if you you know, you haven't quite got your journey going or you're in a hybrid model Where you got some stuff in git and some not we're able to take all those bits back them up and restore them And then the key part which was you know a bit of the pain point when When we were doing this in 2.3 was the reconnecting of those managed clusters That's now an automated affair. And so if you have two clusters, they'll automatically reconnect you have 10 clusters 100 clusters Technically a thousand clusters as well Assuming they're all up Will be the hub is going to reach out and reinitiate those connections and connect them back To that management hub and I guess the other key point to stress in all of this backup This is just for that single pane of glass management plane The workloads themselves both when you're using us or you're using the open shift git ops for applications As well as the policies that are applied all of that keeps running on the managed clusters Even if the management plane is experiencing and outing So if your production teams are well technically your development team is making commits to change the versions of their software And then urging that through your pipelines into the production repos All those clusters in the fleet They're still going to service those apps based on the instructions you've given Even while you're doing that failover of the hub. So from a business continuity perspective, you know The applications stay up trying helping you meet your SLO But we also offer a quick way to get that management plane and once it comes back up on the other in the other data center It just reconciles all of the changes that are there and again brings you back to that one pane of glass So that's the backup and restore side of things that we're bringing to the table at 2.4 The other one is more of a building block unit and we're kind of excited to see how our Our customers and the users Decide to what they decide to do with it and we've got some examples of things we do with it as well And that's vol sync, which was previously known as scribe. And so this is a community. It's out there in the community It's an open source project that acm is now bundling and supporting as part of our offering And what that does is get down into the nitty gritty of storage We've in the past when we've come here and talked we always talk about Dynamic apps and being able to move them around we everybody who's watched the stream knows That acm is able to put it onto one cluster two clusters ten clusters and present that pretty topology view that gives you the Gives you that single single pane of glass easy Description of those resources and show you where the problems are well now We're bringing in vol sync which allows us to also start to create replications for those pvcs And so, you know, if you're doing data centric database work, you're still going to deploy just using the standard approach the Amongo database with a three replica set across your clusters and acm placement rules are going to help you do that But when you have things like Repositories that you maybe want to put on the edge or you have file based systems or different types of You know, you're storing objects from your custom application on a pvc Vol sync is a way to replicate one to one or replicate one to many to your external clusters So let's take a quick look at that now Hopefully the screen is still there. So some of the folks on it. Is it big enough or do I need to zoom a little more? All right, they say it's visible. So that's all goodness So we'll hop over here to our application list and we'll visit docu wiki I figured it was time for a a new demo app Since we're usually playing with pac-man and others though we will visit that a little later And so this app we've got it deployed to two clusters We can see there's a physical volume claim And so what i'm going to do is i'm going to launch out the root for the first page and we see here that no topics exist So i'm just going to do a quick edit put something like Josh here And i'm going to save that and we'll actually come back to see this complete because replication is replication It doesn't happen instantaneous right now. It's set on a five minute sync So every five minutes the data gets backed up and so it has some live implications So it could be used for things like this wiki where we You enter it in one space and then you want to replicate it out to a bunch of other servers in different geographical locations as well It's got an opportunity here for migration as well So if you want to move an app from one location to the other The vol sync is able to take that pvc replicate it and then you can clean it up And you only need two resources to do this which is also part of the beauty of it And those are you have a destination resource and a source resource that you define So we'll click over here to the other one and we'll just do a quick refresh And you hopefully you guys see the fact that it did there So we know that there's nothing there right now But we'll come back to this in a little bit and we'll see that it hopefully I remember to come back here But we see that it replica that the replication has taken place But I guess the point is is this is one of those building blocks and so we've got a bunch of examples the doc The docu wiki being one of but we have my sql There's a few other database ones that you can we can replicate the pvc stores And so we're kind of interested to see what customers are going to use it as well as expanding this into Other options for our dr strategy. And so that's one of the one of the new pieces here Yeah, just just to add there. It's uh, it certainly is one of those building blocks and people might be asking themselves, you know How does this relate to open shift data foundation? And it would the way I like to describe it, you know There's a lot of different use cases for these building blocks and to bring back that cooking analogy, right in the acm box You have flour, sugar and and and eggs, right? You can bake your own cake What we're going after working with the odft is they're going to give you the cake, right? It's going to be more of a push button experience and allow for you to do a full dr scenario Leveraging their advanced capabilities and and open shift data foundation. We we felt as important that you had this generic uh heterogeneous volume replication for any type of use cases that that fall into uh different things that josh has already described Absolutely This is a point where like you josh had you said the feedback helps direct the roadmap. That's a thousand percent true I mean we listened to the to the community and they said well, we we want you to bake in these tools I don't want to have to go fishing for business continuity elsewhere And the get-ups model that you've described and many of our customers are using is fantastic It's got similar characteristics of recovery that you'd expect in these kind of scenarios But a lot of organizations aren't there yet And they need that traditional model and sort of that that checkbox that says yeah, I have my dr covered And I'm seeing something like this because it's it's exactly what we want to be doing from p.m In engineering is taking that feedback Designing this and executing on it delivering market ways that customers find immediate value on it exactly, I also think it's a important example of where we We are often opinionated about some of the pieces that we put in or the things that we decide to snap in And how someone might use it but making sure that there's a level of extensibility so Customers that need to can extend on top of what we've already done Or decide that you know, there's another option that works for them But we've architected it in a way that allows them to snap in another alternative I think it's an important way that we go about building this right so we I think on an ongoing basis We try and get feedback for Where do people want the hook points so that they can Make a different decision if they want to But you know, there's a lot of customers obviously that they want to know red hats opinion on What we think is the right way to go about doing some of these pieces and where that's the case, right? We're gonna we're both going to snap it in and give you some examples out of the box about You know how in our own development We're using these pieces or where other where we've talked to other customers We've you know already have out of the box policies or other things to To operate in a way that we think will will be You know easy for other people to adopt Did that with Ansible last year? Yeah, that was you know, yeah, I mean, I think that's a place actually where we will continue right to figure out ways to integrate more tightly with Ansible and find where Customers want to build automation into hybrid cloud applications for sure And I'm going to use that as my segue to the next section Which is Ansible integration and the Ansible portfolio. So Ansible Fest just went by it was this past week The ACM was there. We were demoing as some of our integrations into more of our pillars We see all the pillars actually listed over here. So way back in the day. I actually When I heard we were doing this I went looking but I couldn't find what I was looking for some screen shots From like way back in the 2.0 Just so I could put the title screen up the uh, what it looked like back then and what it looks like now But I I couldn't dig one up. I guess I needed to look a little deeper into my Google drive But anyways, um, we started with application That was our first foray But we've now expanded that into our cluster lifecycle pillars as well as our governance risk and compliance pillars And so as you can see ansible is slowly growing to all parts and that's because automation is key I mean, we talk all the time about fleet management. We talk about git being a system of truth But really there's pieces that need to glue to get glue that all together in a coherent way and a repeatable way That's what ansible automation is for us There's also the fact that as much as I wish everything in the world was kube There is a whole portion outside the cluster that you still need to interact with And ansible is a key integration point for that Mainly because there is a huge library of tooling that exists integrate with load balancers even you know server control planes You name it in a data center power systems You name it in the data center somebody's written an ansible job or playbook for it And if they haven't three steps later, you've got one and and that's kind of the key point And and that'll come up a couple times as I'm walking through some of the ansible pieces here And we've demoed these in degrees of detail on previous Switch or twitch streams, but we're going to touch on them again So we'll start first in the cluster life cycle space And so here what we've done is we've introduced the ability to put the pre and the post hook That's very similar to the integration we had in the application space We've got this new tab here on the left for automation Where you're actually able to create the template of what ansible you want to use And if you remember back and we'll just create a test one here You pick a credential if you remember back to when we did this in the application space You had to paste in a name of like a secret that you wanted You had to paste in the name of a job that you were after in the previous release That is all taken care of and automated now So I picked a credential which is defining a tower that I want to use an automate an ansible automation platform tower And then that is automatically we reach out with that Can you talk just a little bit so here you're adding the job you're talking about tower What is tower what tower here ansible automation tower is the centralized point for ansible playbooks and automation So most customers run one maybe two or three of these in the environment And so this is the core store almost for all of that Automation that you would use in your business or you depending on where your tower is maybe the line of business and so this may have things that We have demo jobs, but we have jobs such as an f5 publish Which is going to control the load balancer or we have a root 55 53 record Which is doing dns modifications for deployments and the ones i'm going to use in my demonstration is these service now tickets or playbooks that they're going to create tickets for us and again A critical point right because that central automation hub ultimately provides you a method of Bridging into the container world. Absolutely. You're a traditional rel admin. You're a traditional dev ops engineer you might be using ansible already in your continuous delivery pipelines or an operational pipelines right for run books or other activities And here what you're able to do is bridge out to that existing ecosystem of non-container workload And make it easier to bring in containerized workload and still leverage all of the existing automation behind it exactly and so we've we've Accessing this being able to set it up. We're trying to make it easier and easier You know, there's no cutting back and forth between the uis to figure out what you want to do All of that is in there So you can pick one two three four as many of these as you want if you're familiar with ansible You'll know you can supply additional variables that go with it And then you can do that for both our pre job and our post job And we support it and install the upgrade space You go through and you save that and then that becomes available for any cluster you want to provision So if we're over in the cluster space and we wanted to create a cluster We've got all of our provisioned cloud and on-premise providers are the same as they were before With the addition of we have the new on-prem technology that's based on us. It's called centrally managed here But it's based on our assisted installer technology that we use which is more of a Allows you to create a more of a upi style flow Because you've asked and we've heard and we've we've taken that feedback And so it gives us that gives you that ability to build a more custom deployment methodology It also is very well versed for or well suited for edge and single node cluster deployments as well So here i'm just going to choose aws pick a credential. This is all stuff we've seen before So i'm not going to spend too much time here. I'm just going to give it a name The points I want to get to here is we have access to some new things like cluster sets, which is a new grouping Concept that we're introducing so you can join your clusters to a cluster set and instead of granting your user access to Individual clusters you can grant them access so a line of business can be granted access to a cluster set Say it's development for front end and all clusters in that cluster space would then become available And you can set the the degree of availability. So when you're assigning them to that cluster set They could be view or they could be admin etc But the point I wanted to get here was actually to hop down because most of this is already seen But we have our new interfaces for proxy that we make available So that if you're running behind firewalls that are needed to get to the internet or to specific repositories That can that's configurable here as well as automation. This is the piece where we just defined that test But where we'd be able to define Or pick say the aws service now and so We're running low on time. So i'm not going to go deep deep into this just to say over if we need to Okay, and so Might just be here into the evening and you can see I skip. Yeah As I was telling scott. I could talk and talk and talk on this stuff But so this will go off and so this specific job says uh-oh something went wrong But there it started working for us Um is going to go off It's going to do the pre-hook and so we see we have this new sort of install bars. So you get an idea picture of where you're at It's going to reach out. We'll get the log in a minute It's reaching out to that tower that michael mentioned and then it's going to Instantiate a service now ticket and that's going to wait and it's going to wait for someone to go out and actually approve That said ticket. So that's something we've been asked about a bunch before, you know how do we inject service now or how do we inject a A system of record where we need an approval, you know ansible is one of the key ways that we can do that You can also use this for more just push type of activities as well So you could just push a service now ticket instead of requiring an approval you could Push a slack notification the sky's kind of the limit There are thousands thousands of playbooks out there of things you could do both in your cluster as well as in your data center And integrations as well and if it doesn't exist you build your own even for something like the service now In you know, I've been using the service now example for a while to create a ticket It was two extra lines at the playbook to add a To add a check for The approval so that it would wait on the ticket until it was approved before it went through And so you can see here now We've jumped into the logs and so you can you know, you launch out It'll take you to the tower instance and you can see them Yep, I think the powerful thing about this right is if you are a team Providing clusters to developers or qe or others and you're trying to create a more self-service experience Now this integration with ansible Gives you a method that you can still leverage your existing approval methodologies record keeping methodologies, etc Whereas everything around that approval that manual approval Is completely automated right even after you click approve The rest of that life cycle is going to create the cluster The policies that you defined are automatically going to get delivered Any backup restore policies are automatically going to get deployed And so you still got that self-service experience for the developer for the qe engineer whomever But it's tying it in automatically to the rest of your organizational processes All the things off cluster all the infrastructure bits Dave you've been part of this journey with the ansible Story coming along. I know this is part of your purview and your domain I mean does this give you chills? You got to oversee as jeff calls it the celebrity wedding You got to see this come together across all of the pillars But to really galvanize that message to the enterprise in terms of what they said they needed Now now it's here now we've delivered it. It's g a across all the pillars You know scott has been great to see this come together a lot of the leadership from josh and michael and how this these pieces came together between ansible and acm and an open shift All the points they're making Just resonates so much with the customer base. I can't tell you how many customers have been asking us to slow down Show us how did this just work in the context of managing the cluster deploying a workload into a cluster How did the integration with all the processes the it processes that organizations typically have from ticketing systems to networking systems to storage systems to security systems often different parts of the organization now we can seamlessly integrate the cloud native container Kubernetes world with All the existing it the networking storage Security etc and ticketing systems the it processes, which is just it's fantastic. It really helps accelerate the journey that customers are on and and modernizing their applications and then delivering these in production environments and scaling it across their business I'm the value time the value Time to value brings up a question I had um or comment for for michael michael you've been a leader in the kubernetes space for many years as well as in the manage management space and in the communities We're seeing how these communities come together in automation with ansible and acm Opa with gatekeeper the get-up space From your perspective, what's the excitement going on in the core open cluster management space more some of this headed? Sure, so it's a great question ultimately Everyone on this call is already aware of this so just to kind of share it For the audience One of the key things that this team has been focused on is not just delivering Awesome neat capabilities that make it easier to manage clusters, but actually establishing a community around that technology so All of the code with the exception of one component Has been open sourced under github.com slash open cluster management And that is all of the code that largely has originated from red hat and prior to that ibm and ibm research And what we've been in the process of doing through literally the last year more than that even is taking the parts of the code that are maybe less centric to to an open shift or red hat ecosystem and putting those into a cncf project proposal Known as open cluster management. So josh has been kind enough to bring the the site up. This is open dash cluster dash management dot i o And ultimately this cncf project is currently in the evaluation phase It will be evaluated by the cncf Steering committee and our goal is to have it approved as at least a sandbox level project So that not just an open shift centric view of the world, but a kubernetes and community centric view of the world Other vendors can come in and contribute and drive consistency in this space We've actually been hosting community meetings for open cluster management that happen every other thursday And that's going back most of this year. I think maybe our first one might have fallen into december of last year And that open community meeting is also on youtube. You can go back and watch all the history of the conversation We've had contributors and interested stakeholders from companies like and financial group Who are using and deploying the open cluster management community project today? There's conversations with adoption from ollie cloud as well And then students and other interested parties in the industry But this is something I think is exciting because it's about trying to simplify How consumers leverage the open hybrid cloud right and doing it in a way that is not tied into a singular cloud ecosystem So if you haven't had a chance to catch some of the community meetings to try it out yourself if you're not a red hat open shift or a a red hat uh user per se This hopefully I think still delivers lots of value We hope that you'll see the value that we built into the open shift platform In a way that's very consistent across every cloud provider But ultimately anyone can come in and pick this up You can contribute pull requests You can look at what we're talking about in the community in terms of features and roadmap But really our goal here is to drive a multi-vendor Vibrant ecosystem around this set of concepts Nice and we've seen that I mean Some of the questions coming up in the kubernetes slack are Interesting as folks get involved with workload and placement and they're looking for features around You know gpu right like how much how smart can we get with workload placement even down to the level of Capacity that's available on the cluster and is it available even down to the the cpu metric or even even more into the gpu So those types of upstream community engagement and activities They're awesome. I appreciate josh your leadership michael as an as an upstream contributor and You know part of the steering of what we're doing in the cncp proposal has been amazing to just watch that community come together so hard So hard and not enough kudos are spread around the to the team that's engaged there But it's the right approach and being part of red hat and seeing That vendor neutral approach has been very fun and very exciting kudos Yeah, no, it's definitely a cutting edge and it's where it's where all the neat stuff is well not all the neat stuff But a lot of the neat stuff is happening Especially as scott mentioned in the placement rule and the fleet management space It's uh, so we invite you to come out. There's free swag too if you come to the meetings So, uh, you know come come check us out All right Just to make sure it doesn't get lost everything the only part that hasn't undergone open source has to do with the license and the search database component But everything else that's shown even if it's not part of the cncp community project proposal is still open source Is still available. So everyone Even things everything that josh is shown here Is available land upstream repose you can go you can take a look you can file bugs You can submit pull requests. You can help submit enhancements, but um, what's in the cncp proposal is something that we think applies to every vendor Uh, and ultimately we want to see that, you know drive the community, but I want to reinforce that there's nothing here that is not open source Absolutely, and yep, we do everything in the open It's the red hat way Which is awesome. It's and that's been a lot of fun in the journey Um, okay I'm going to segue a little off ansible here for just a second and take a talking point that's got made and turned it into reality And so he had mentioned around Uh, the star ks or the xks. I've heard it referred to lately. It's a new new new label for me But uh, I've always been a star ks person But we have the j uh the aks and the eks clusters that I've got imported here plus we do gke Uh iks we do all the managed open shift got to put an open shift plug in there The rosa and the aro as well But i'm going to launch out the grafana. So this is part of the thanos package that acm ships with And i'm in the overall cluster health, which uh talks about a bunch of the clusters here But we can see so i've got my aks cluster if you were on the 2.3 release You might not have seen that but now in 2.4 We bring that to you as well. So you've got the aks and you've got the eks Cluster stashed in here. I think I scrolled by it And then you can individually look into them as well We come with some preceded dashboards, but you can choose additional ones as well. So we have the aks cluster As well as the eks cluster and this works on the gcp as well So all the flavors of kubernetes that we've talked about in previous streams that we bring to the table that you're able to manage from a policy an application point of view a An execute point of view. Well, now we've got the monitoring and metrics there as well And so just you know filling in all those pieces to give you that full story that single pane of glass across all of our supported kubernetes targets Yep Great overview. It was absolutely driven by customer demand And it was it was apparent right you want to be able to provide the fleet view. Okay, great Go do that we have to live up to the monitor of kubernetes So I like being able to do that like it'll approve That that we're listening and taking the feedback and iterating on it for each release Absolutely, and so actually we were talking through it. I will show the screen once more just to show it But we had so this was the ticket that was created from my My original provision request you can then go in go through the approval But we're going to keep moving because I got lots of other stuff to lots of other cool things to show in this In this space It came up there. Josh. So was around the georeplication you know And you might have even gone over this quickly, but you're you you had two clusters. I don't know where they were located I and One was local. Maybe one was an east and west but Everything is out there except for the vmware So vmware is in my data center or equivalent to my data center open stack usually in your data center But all of these are all over the place and you can look at the regional. So this one's us east But my gcp. I think it is. Yes. These are ones I provision in europe Uh, I don't I don't pay the bill. So I put them where I where they need to be to look nice But uh, so these have the europe west and so this again as you're targeting policies targeting workloads anything that's a label can be turned into a grouping of Of workload that you apply to your fleet And so, you know, we can provision in all these spaces. We can manage them latencies obviously can be a problem, but But under normal circumstances we design for the fact that you know, we may have some delays here and there But you know on a daily basis. I manage my European as well as we have some asian pacific clusters as well not in this this specific hub But in other ones and we're able to do it Thank you. Uh, feel free to pivot. I was just making sure we covered that life. No, absolutely And you know, you we have the options here. You can see I I've uh, I've been a little tardy here Although I will maintain. I'm sure it came out in the last three days But I from this screen I can bulk upgrade all of these clusters. We see they have the upgrade available You can select the individuals. This has sort of been part and parcel for a couple of releases But you can go to the upgrade and you know, you get the list and you can make choices Especially if you have different versions and you're also able to you know, this is automatically updated Just like any other update system as the new release comes out that day acm gets the new level But you can also self-curate these values If you want to control what goes where and the time frames associated with it So I'm going to go back to ansible for a minute I'm not going to go into big detail because there's still lots of other places to look But I just want to show that, you know, the integration there still remains Uh, oh, it's often running and having problems. I guess it's a great demonstration that you know, when there is a problem We bubbled that up to the top But so in our application space, we still have that pre and that post capability I suspect this is actually because the systems all went to sleep And so when it went to try and do stuff in the middle of the night Because systems were going offline the placement rule will say uh-oh systems are off. I got to move But I put all my systems asleep and so uh for pacman at least so those went away It is kind of funny though now that I mentioned that I have two pacman apps one that we just looked at which is ansible and one that is deployed by an Argo application set here the segue to uh to Sorry, the pre-hook job delier that's in the pacman app It's not because clusters went to sleep. It's snow Now, for instance Goes down after a couple of hours without being pinged Exactly. So to save money. I use the development service now is Instead of a production A key point is that even though in this case The pre-hook blocked it all of the existing workload continue to run happily That the job didn't actually if you poke any one of the deployments, right for the audience To recognize that the deployments that are actually underneath clusters one and two below Are still green and healthy. They're still running on cluster We're just reflecting that the ansible job Hiccup did exactly and it's not in common That's part of the point of automation is that you can always re-run it if you need to right like that's that's not It didn't generate an outage because of that Yep, exactly and and again it actually it illustrates that that that is the whole point though of this topology as well Is to be able to zero in right away as to what the problem is and well It's pretty obvious that my ansible job had an issue in this specific case but What I was segue to because it rung or it reminded me of that with clusters going to sleep Was that my other pac-man app, which is actually deployed via an argo application set and this will be my segue But it actually was originally on an aws instance But because all of my cloud instances go to sleep at night the placement rule went Oh, uh, all of the clusters are down, but i'm supposed to keep one copy of this running Oh, the only cluster left is the vm work cluster. So i'm going to move it there Which is where it's where it's found its new humble abode and uh, if we click in we see we get it's again a similar looking design no There isn't ansible integration in this space at that point at this point, but you've got it's the argo integration you can You can take you to the argo instance where it's running It's running on that target on that This one is on the hub actually So this is the open shift get ops that was deployed by the hub and then we have the other one that michael mentioned Let's see here So we're also able to and we've changed it around a little bit. It used to say get here We've got this discovered. So these are actually instances of argo applications that have been deployed by A remote argo on my fleet. So it had nothing to do with the hub There was argo running on each of my managed clusters And we distributed the argo application resource to all of those managed clusters, which then caused ngnx to be deployed acm without having any pre knowledge of that Detects it also detected it all came from exactly the same source which is get branch and path And so grouped them together to say look, you know This app's been put onto all seven of these clusters Which is why you see the terms remote discovery in there But if we look at it from a visualization point of oh, this one's going to give me trouble Nothing like the demo guides to show their face. Let me try that I was going to say just knowing about the discovery capability. That's yes That's that's awesome. So what it should show you is the you would get the same topology And you can click into those and view the pods as well as the logs that go with it We do display that or usually display that When it's not giving you a a hiccup as it is in this and so I'll use that segue then for well I said I have get ops everywhere Well, I used a configuration here in my policy in grc And so in my policy in grc I've got things like eccd encryption that we all attack I talk always talk about So that's making sure all of my open shift clusters have their eccd encrypted I've usually run that in enforce I switched it to inform into precision to new cluster just so that we could see the The error and that it actually does, you know, we do detect problems So one of my new clusters that I provisioned which automatically otherwise if it was enforced would have got it It's telling me, you know, there's a problem. I need to go out and do that We have the installation of open shift get ops, which I mentioned, which is argo So this is pushing the argo out to all of my clusters. I see michael has got a drop take care And I've also got acs, which we'll talk a little bit about we have an acs integration As well as an enhancement to these policies themselves You can now create policies that have that have templated values and that's something new for us It used to be you defined a very Precanned set of yaml and that was all that the policy was going to be able to check for Well, now you can dynamically inject using a policy template things like names that you read off of a config map or a managed cluster Or even in a special case you can use it to deliver secrets securely from the host hub acm to your remote clusters and so in the example here We have the red hat acs install. This has activation of acs, which is advanced cluster security by red hat It also has delivery of what they call it a nip bundle, which is three secrets And so if we look inside of this and no, we're not going to be showing our secrets thankfully That has happened I could believe it on a on a live stream But that's kind of part of the core piece here is is that fact that we aren't sharing the secrets instead We've got let me see if I can drag this over a little bit We're able to build these query type of analogies inside of what is otherwise a secret So if you look the kind is a secret it's got the name and the namespace that it wants to create But the values themselves they reference a secret that is stored securely that I'm not going to show On the hub in a namespace and it's able to take those and securely deliver them to my remote clusters And so this is a great. I'm getting started. I need a demo I haven't yet figured out if I want to go all in and reprogram everything for bolt with sidecars or use external secrets or use or or my Security stands won't allow for sealed secrets, which would put it into git You know, this is a great starter where the secret only exists on the hub. You can maintain and manage those Secrets in a secure store that is mandated by your it department and for a delivery mechanism We have a secure way where acm is able to put those into a namespace on a remote cluster where it needs to go And never do you have to commit any of that to get like so I can commit the policy to get And have it as part of my infrastructure and system is record system of record But I don't have to commit any port any form even an encrypted form of that secret into it And so it's very powerful as well for acs. We're standing up a And we call it an operator but a resource that represents the agent And that agent needs to have a unique name to register back If you think back to what I just said fixed yaml meant that every agent would have the phone the same name Well, what this templating allows you to do is here we have hub, which means it's querying some data off the hub side But you have it on the client side as well So I'm able to look up the name of my managed cluster Use that in my resource that I'm stamping that initiates acs So when I hop over to acs and it registers out, which I had the screen up here And we go to health Oops, we go to clusters It's able to give the unique name of the cluster back for each and every registration that otherwise, you know You have to write some really fancy Customized expression that you store in git that you may or may not be able to debug now We've got a very simple template. It does the look up It applies the correct name for the cluster and acs is happy to register back and and hook up So and and that's kind of then segues into the beauty of acm and our placements and our labels Any cluster I import any cluster I provision either through the full provisioning process or I pull out of a pool As soon as it's registered into acm and its labels become available I could have something like placement for which is what I'm using where the vendor equals open shift All of our imports all of our provisionings all auto detect that it was an open shift And so they will all get the acs client deployed to them same thing because this is my demo cluster They all get the open shift get ops operator deployed to them as well But so the the power of the whole life cycle from you know from that very very initial point where you bring it under management Going forward can be a completely automated procedure and our placement allows you to do configuration application security compliance, you know monitoring the the whole gamut is covered in in that one sense and so, you know If anything I want to summarize, you know what we've accomplished in the In the year, it's it's really that we've we've really filled in that whole picture You know, there used to be little gaps here little gaps there and that's why a lot of this was you know We've gone from ocp only to start ks for metrics or we now have ansible in all three of the main pillars that you You know you use where it makes sense to have automation is that you know a year later having you know Been at this we've we've really filled in the picture and it's come a long way as far as you know What we have is for the fleet management across all of the pillars of concern that we expect our users to be to be after And so I will touch on one thing just because it was a talking point And I love to prove there there is I wanted to show the ansible quickly that we've integrated here as well So for something like I created this Policy here. That's non-compliant. You see we have the automation which matches up with the automation tab And jeff you want to jump in while i'm doing this? Yeah, I mean you're you're Flying through all these advance measures that we've just put in for for 2.4 And and that's because we have a little bit of time But you know what I heard there josh more than anything else Coming from the business side is the first thing you do Is you install a cm And we hear an open shift customer or an open shift platform plus customer Install a cm is the first thing you do after you stand up your first cluster I'm gonna help you roll out a cs that'll help you roll out the get-off strategy That'll help you roll out all the configuration policy and new clusters on top of that as well as from We've been dealing with a lot of customers that are that are migrating from three x to four That's the first thing you should do on those migration scenarios Stand up your first four cluster put a cm on it bring those clusters that are three x under at least observability Use cluster lifecycle to create new clusters create consistency of your configuration between the two You have the templating thing that went through real fast both hub and on the policy side It's it's really the the game changer one of the things that we hear a lot that we want to combat is Well, I don't have a multi cluster problem. Yeah, and I only have a few clusters and that is That is absolutely wrong. You don't want to look for use a florida analogy You don't want to look for the bucket to bail water after the boat's taken Take it on the water, right? You want to have everything prepared and start with ship ready and and put a multi cluster world under governance And that'll accelerate your your cloud and your container adoption journey. Sorry. No Absolutely, and so, you know, we've got Ansible everywhere and I guess to jeff's point And I'm sure we haven't actually done this in a in one of these streams in a while You know when I start day one in an open shift cluster I end up here if I go to operator and I go to operator hub And it loads It's canada. We're far away You see the second pitch the second card that we got up here is advanced cluster management You click on this you click install you get the next page and you go from there I'm running dev so it doesn't pop up in the same way and within eight minutes. You're running acm You've got an acm console that you can hit you plug in some cloud credentials You plug in a v sphere credential you plug in an open stack credential You can number one you can start importing things or number two you start provisioning you grow your fleet Especially when it's on prem minute It doesn't have the same cost associations, but even if you're in the cloud We've got single node open shift that you can deploy you want to keep it down You can do three node master or three node master worker clusters There's a whole bunch of different ways to slice and dice, you know, how you expand your fleet, but This is it dare there from day one is the best way to do it. Josh is like a kid in a candy shop I I absolutely have learned so much. Thank you. Thank you. John. I'm gonna kick it over to Dave to bring us home This has been such an awesome session Josh, what can we say? Awesome, um Chris Scott Thank you for hosting us Scott. Thank you for emceeing us through this Um, it's been a pleasure to rejoin the live stream here, chris I know everybody on the team. You can tell the passion the energy enthusiasm coming through the team Uh, it's a hot space As jeff said shift left bring your management security right to the forefront with your deployments. Those are the most successful Um Customers that we see that we work with day in day out. Community is growing rapidly. The integration points are growing rapidly The adoption has been outstanding the reception in the in the field with with users has been has has been outstanding and we didn't even shift into a lot of the Next wave of things from event driven architectures to the edge space Um a lot coming even in the area of the eye. So thank you very much. Thank you Get a chance to touch on cloud services and scale of the moon and beyond. We'll do it on a future one. Chris. Thank you so much We always enjoy this show. Thank you. No, thanks for coming on. Thank you. Really appreciate it. Yes. Thanks for having us Y'all stay safe. We've got five more five more streams to give you chris Okay Cheers guys, y'all be good. Thank you. They say about their folks