 Good morning. Good afternoon. Good evening. Wherever you're hailing from. Welcome to another episode of OpenShift.tv and other show about Windows tools for OpenShift. I'm joined by two of my favorite Red Hatters, Christian Hernandez and Andrew Sullivan. I only said in that order because I did an alphabetical order last time. So boom. So please, I am for short. I work at Red Hat. I'm a CNCF ambassador. I'm on the OpenShift team. Andrew, why don't you go ahead and introduce yourself since, you know, you're Andrew and Cuddly and stuff. So I don't mind being your second favorite behind Christian. That's a worthy fight to lose. Yeah. So I am a technical marketing manager. Same team as Chris. So we are the cloud platforms business units technical marketing team responsible for mostly OpenShift, although there's a little bit of Red Hat virtualization and OpenStack and some various other things mixed in amongst us. But as Chris mentioned at the top right at the start here today, we'll be talking about Microsoft Windows. So this could be interesting. Yes. Yeah. Bunch of Linux guys. Bunch of Linux and, you know, hacker nerds working on Windows. Oh boy, here we go. There we go. What's the worst that can happen? Well, what's funny is the reason we wanted to talk about this is that we get kind of a little insight for everyone, a little insight, a little back behind the scenes news here is that we get statistics from our blogs. Right. So we get statistics coming about every week. I think the report comes out. Yeah. Or at least the report comes to us every week. And Windows tools for OpenShift has been like consistently like number one, number, the top five right since the original one was posted right it keeps hitting the top five and we realize we haven't actually really talked about people using Windows as a client to interface with OpenShift, but that's probably like the bulk of our users, right? The enterprise users, you're either on a Mac or a PC and for most enterprises you're on actually on a Windows host. So a little background there for you is why we're doing this Windows stream. Yeah. And if you're, if you've seen this blog post before, or if you have good eyes on the screen that I'm sharing right now, you can see that I was the sucker who updated it. No, I'm kidding. So my background, I was a customer for a long time. And as a customer and the environments that I worked in, I always use Windows, right? I didn't have a choice. Windows is the only option I had and it was domain joined Windows at that. With all the, all the fun, all the appropriate security lockdowns and everything else, right? Administrator access is forbidden, right? All of those things. So, you know, as Christian mentioned, this post was consistently in the top five after it was two or three years old, I think. Yeah, about two years old, three years old. You know, it came up of, hey, we should really update this. And I looked at it and took the approach of, well, I'm going to assume that most of you, even though you're Linux administrators, even though you're OpenShift administrators are not Windows desktop administrators or not given permissions to be a Windows desktop administrator anyways. So as I was going through updating this, I tried to do it as much as possible. And I think I was successful entirely without needing any sort of administrator privileges on your desktop for any of those steps. Nice. So, yeah, hopefully I was successful. I'm pretty sure I was because it worked on my desktop. Now, that being said, it works. And it's containers. So, yeah, totally. Yeah. So that being said, for this particular live stream, I have commandeered my, my middle child, my oldest daughter's desktop. So this is a Windows 10 desktop. It is not domain joined. So, but you should see, right, if I try to do something that requires admin privileges, it'll still come up, it'll still UAC, you know, it'll still go through the normal. It'll freak out. And the goal here is not that I want to literally go step by step through the blog post and show you what's happening here, but really just to explore what it's like to be an OpenShift administrator that is on a Windows desktop. Yeah. Because there's a lot of administrators find themselves, you know. Yeah. And as always, please feel free to ask questions in the comments. I will trust these guys to keep me honest and all of that. Chris threatened me with a backup Windows desktop in case something happens to this one. Oh yeah. We'll see what happens. I got you. I think it was first right here. Windows. Alright, so first things first. So I, Microsoft, and I don't remember what version it was at some point Microsoft, you know, switch the default console or the default terminal inside of Windows to PowerShell. So anybody who has known me for any length of time, I'm a PowerShell person. I used PowerShell for many, many years. I think it was at one point many years ago. I like to think I was savvy with PowerShell, particularly when it came to doing things like administering VMware environments, doing things like that. So, which you'll notice. Didn't you RTFM? I don't know. He actually W. Didn't you write a book about. Andrew, so Andrew's a little, a little timid, but or a little humble, he actually wrote the book on PowerShell. Actually, he wrote a book talking about interfacing PowerShell with the sphere. A book. He wrote a book, not the book, he wrote a book. I mean, it could be a book. I was a co-author, but still. You know, anytime I have a PowerShell question, you're like the first person I've seen. So you're now, I guess, I don't know. Yeah, that's another one. Definitely. Thank you. And, and I will try and wash those bus tire tracks off my back. Still. Yeah. That's true. I was a co-author of one of the power CLI reference books. I don't remember which one now it's behind me somewhere. Or I guess it's on this side. So, yeah, I am, I'm a PowerShell person. I've used it for many years. Microsoft switched the default over to PowerShell some time ago. So on this particular desktop, I'm running PowerShell seven and I'm running it inside the new Windows terminal, which is a fancy new one that you got on the store. Yeah, nice. I have to say, I really like this, this terminal. It's super fancy. It's super nice. I haven't tried it yet. So I'm curious to get your feedback. I have no complaints about it whatsoever. You can see I can do things like open in Azure Cloud Shell directly from inside of here if I choose to. Wow. That's awesome. You can go back to the. You can go back to the old way. The new hotness that they released, like Scott, someone was talking about it months ago kind of thing is beta. Yeah, and it does the dynamic resizing and all that other stuff. So very much like the Linux terminal terminal, right? If you have something that wraps and then you widen the window, unwrap it and all that other stuff. Yeah, it's nice. Yay. Okay. So, so I have PowerShell seven. FII PowerShell seven is shipped as a MSI or you can install it from the store. Currently the default version of PowerShell is still five dots something. Do note that PowerShell six PowerShell seven do work in Linux as well. So if you happen to be a PowerShell person PowerShell fan you can use PowerShell from inside of Linux inside of a container even. I think I can brew install PowerShell to I'm not sure I forget. Yes. Yeah, you absolutely can. So I also have my internal cluster here that I need to find the link to. Very secure with your DuckDuckGo, I see. So this is literally your... Using Brave, using DuckDuckGo, like DuckDuckGo. Wow. You see it doesn't even let you go to the console. It's a lab.lan URL. So it says, I don't know what this is, I'm going to search instead. Of course. So this is my internal cluster to, and I use for all of my demos and stuff like that. Anybody who's seen me demo anything before has probably seen this cluster. So I'm using this because this will be our example cluster. This will be the one that I'm connecting to and doing actions against throughout. And then the last thing that I need is to go to cloud.redhat.com because I need access to all of our different resources. And you can get one of these accounts for free by heading over there. It says create one now right underneath this block. You just went to cloud.redhat.com. And you can get off and running just like Andrew is. So this is, there was an interesting, so I am a Linux admin, always use Linux for everything, even my desktop. So someone in the chat mentioned something called Cobra. I don't know if you know what that is, Andrew. Is that a Windows thing? Well, apparently it's a, it would be nice if Cobra will support PowerShell completion. Which Cobra? There's a lot of things called Cobra. I don't know. Yeah, I don't know if it's a, well, is that Cobra like the, like, the language guys? Not bad. Not that guy? It looks like, yeah, it might be the language. You're talking about PowerShell and Cobra? Yeah, okay. Oh, okay. That is one thing that I did some, I did a little bit of background research. So I know who SPF 13 is. Before this around whether or not there are PowerShell modules for Kubernetes, et cetera. So, you know, can you get the native PowerShell experience interacting with Kubernetes? And I wasn't able to find anything official. There was a couple of very unofficial, very kind of not complete looking things out there that I didn't want to subject myself nor the world to. Although I'm sure that they would be perfectly functional. So when we look at, even though I'm in the PowerShell terminal here and everything else, when we're looking at the OpenShift command line tools, whether they're OpenShift or Kubernetes command line tools, they are going to be kind of the native compiled, right, they're written in go, et cetera. So unfortunately, what that means is I can't pipeline, if I'm talking, you know, if I'm using PowerShell, I can't pipeline as easily as I would want to. I would have to wrap it. I would have to do like string extraction and all kinds of other stuff like you would in Bash. So, not as fun as I would like, you know, I would love to be able to have objects, you know, PowerShell objects for each one of those Kubernetes things, Kubernetes objects. And being able to pipeline those around would be just phenomenal, but it's not there, at least not that I could find. If anybody knows differently, I would be very, very interested. Yeah, and we'll happily share it out, you know. Yeah. So all I've done here, I went to cloud.redhat.com, I went to the OpenShift page, I clicked on install, I selected a random infrastructure. And really what I'm looking for here is this link, this download command line tools. And I am using Windows, but really what I want is the link address. And the reason I want that is because this is actually a directory that we can browse. Right, so I can come in here and I can look and I can see all of the different tools that are inside of here. Being Windows, of course, I'm going to want to download the Windows zip, which I will go ahead and kick that off now. Yes, go ahead and save. But I can also go up a directory. And I can see all kinds of difference, all of various releases, all other stuff that's going on inside of here. I'm not terribly interested in that at the moment. But rather what we want is all of the other tools. So this is my secret method of finding the quick and easy way to all of our command line tools, all of our other stuff. So you see each one of these projects has a top level directory in here. So for example, if I want ODO, I select the ODO directory, latest. And then we see we have access to all of our downloads. You can of course, so the official way of finding all of these things is to go to the docs. Or at least the official way I use when I use the official way. Go to the docs here. And if we scroll all the way down to, you know, pick whatever one of these I want. So CLI tools. And then ODO, I can go to installing ODO. And you see here it has links to each one of these that I want to do. So if I scroll down to Windows, it says download the latest file and it has a link over to that file. So one thing to note here is that the documentation takes a very safe route of, you know, you see, they're saying create a folder at, you know, see at the root level of your C drive of Go Bin. Again, not everybody has permissions there in addition to which it's not going to be in your path. So they very generically just say add the path variable to your, or the variables into your path and, you know, they don't always provide throw directions. Additionally, I wanted to try and be conscious of things like roaming profiles. So if you want to put it into your, you know, your documents directory or something like that so that it's a part of your roaming profile you can. I would not recommend doing that with code ready containers, however, because it's like two gigabytes in size and your admin team will hate you. But otherwise, yeah, there's nothing wrong with putting them in there. I think the directions that I have in the blog post put it outside. It's still in your profile so that if your admin team has something that goes through and periodically cleans up user profiles, it'll still get wiped that way, but it is not part of the roaming profile. Okay, all of that stage sets. I'll get to these other tools here in just a moment. But the core of what I want to do here is quite simply unzip our file. And seven zip extract here. Did you, did you remember to pay for it? Which one was the one, the one that like you're supposed to pay for it, but like if you didn't, it still worked. You never had to pay for wind zip, I think it was. No, no, I'm talking about like windows like 90. That's what I mean, right, like when zip, the actual. Oh, I think, I think it always gave you a prompt. Hey, you could pay us. You know, you're past your 14 day trial or whatever, but you could continue to use it no matter what. Yeah. I see somebody asking about increasing the browser font spas. So I'm doing that now. I didn't call you out on that. Hopefully it will carry across when we're here. When rars the one I was thinking about. Yeah, did the same. So I've used seven zip for years. I actually, when I install a new windows desktop, I use a tool called nine nights. So it's a pretty simple thing you go through, you select all the things that you want to install, put a checkbox for each one. Click the download, it'll give you an executable and hit it and it downloads and installs everything for you. Look, look at all those wares. And you can wow, you can continually use the same executable and it'll just go through an update each one of the tools. Oh, interesting. Dang. Okay. So like, you're getting hacker hack on easier from manager. Yeah, that's awesome. I am bookmarking that for sure. Because for the longest time I did not have a windows box, but then suddenly I started live streaming and I needed a windows box for certain things. And the first time in ages I have a windows box at my house. So yeah. This would be very helpful. So you can see I downloaded OC it's in the downloads directory I extracted it into its own directory here, and I can of course CD into this directory and I can do the standard dot slash, you know, OC. And it will give me all of the options all the things that I need spread I can do a, you know, follow the standards control you doesn't work in windows. I always forget that. So all of the things that I need I can come here. Log in again. And if we take this guy, another thing that works well with this client is copy and paste works as expected. So you see I can't just copy and paste right I need to do the dot slash OC dot exe. And yes, insecure. So now I can use the again dot slash OC, you know, get node. So it's kind of obnoxious constantly having to provide either an absolute or relative can't talk today path in order to access all of my resources. So instead what we want to do is put it somewhere inside of my folder inside of my particular set of documents. So we look at our user directory, there is a hidden object or a hidden folder for app data. So if you didn't know this is where Windows keeps all kinds of user information relating to all of your difference you know applications programs etc. You can see that we have this local local low and roaming roaming of course being a roaming profile. This is the folder that would be replicated around with roaming desktops or roaming profiles and active directory. Whereas local is not. So quite simply, I'm going to create a new folder inside of here so control shift in is the shortcut for that. We're going to do red hats. No space because I see that most of these others don't have spaces there's one or two but even though it makes me twinge a little bit not having the space in red hat. So from there all I want to do is copy my downloaded file in there. We go here and simply drag it across. So, first of all we can see inside of here it's gone from there I can also go back to my home directory and now I can do OC.exe. It's not in my my environment I'm getting ahead of myself here. So now that it is in a common location get the step I did now that it is in a common location I want to add it to my environment. So there's a couple of different ways of doing that. And if we look at our blog post I documented three of the most common ones. So the first one is adding it quite simply to this PowerShell session. So all I'm doing here so dollar sign a ENV accesses our environment variables colon path is the specific one that I want. I'm going to append to that variable semi colon local app data red hat open shift. So you can see I did not use the same path. So I can also do quite simply things like ENV path to see the current path. You can see that there's a bunch of things inside of there. I can also do local app data and see which particular folder that is referring to. If you do just go like this dollar sign in give you the same kind of output like in a Linux desktop would know. Okay, never mind. I was hopeful. There is a way to enumerate those. I don't remember it off the top of my head. Is it like colon star maybe. I forget someone in chat will probably pop up with it. Yeah. So the PowerShell ISE will will give you a whole list of them. It reads into those and it'll help you do the predictive selecting. I just I don't remember the command off the top of my head to enumerate them. I didn't mean to put you on the spot there. No, no, you're good. So all I'm going to do here is copy my path here into my or append the path that I just added that file to so local app data red hat and append it to my path. So for this PowerShell session right here, I can now do oc.exe and you can see it gives me all the things that I have. So still retains my session and everything. But if I create a new session and you want to have our standards blow it up right oc.exe and it's going to say, no, not there. So that's fine. Right. You can work around that and have basically that command executed every time by adding it to the PowerShell profile. So if you're not familiar with the PowerShell profile, this is kind of like a bash RC right or a ZSH RC or whatever that happens to be. It is a file. Okay. Yep, it is executed. It's sourced every time you open a new PowerShell session. So you can see all I'm doing in this particular command is saying add what I just executed up here as you know to the end of that file. So that every time a new PowerShell session is started, it's there. So that's good and bad. So one it's it's good because well if I'm banging away on the command line. Great. It's bad because if I have a script that is being executed automatically. So I've got a scheduled task or something like that. It's not going to get. It's not going to pull that in. Great. It's only it's only executed when I open a PowerShell session. So if I have, you know, like PowerShell dot exe this dot ps one, that doesn't get read. So the way around that or the most robust way of doing it is to actually add it to your environment variable. So I documented here how to do it programmatically. If you don't want to do it programmatically. I understand blindly executing other people's code. The way to do it is a little bit hokey and it always takes me a while to remember and Windows 10. You would think I would remember this after doing it a bunch of times, but, but no. Yes, I mean, it's like bash right like we tell everyone not to do it, but I ended up doing it anyway. Not supposed to admit that Christian. Yeah. I mean, I never do it. So you saw what I did there. So all I did here was I right clicked on the start menu went to system it pops up this settings menu and then I went to system info, which pops up this particular one. And then this says advanced system settings. It has the little you act icon next to it. It won't actually you act unless you do certain actions in here. So, if I go to this advanced tab. So this is where I could, for example, change the name of my computer rights. If I want to do things like disable the system or store points, etc. This is how I turned on remote desktop. Anyway, so we have this environment variables. You can see by clicking that I can edit my users variables as well as system level variables. So remember system variables will apply to every user across the entire system. User variables are only my user. So I can go in here. I can hit edit and add a new path. And I will use the same path that I use over here. Copy that guy. Copy what you're going to copy what I'm going to copy that guy copy copy that string. There you go. So one thing to note here. This won't actually work as I've copied it because this is a PowerShell environment variable and you can see it's using the old command style. You can simply do substitute that with percent local app data percent. You can validate that that is correct by copying it. Okay, first. And if I do a run and just paste that in there, it'll open up that particular folder. You could also from a command prompt. So if I open old school commands. And again, we'll make it bigger so everybody can read it old school. And if we do an echo on that, it'll echo out to that particular variable. Cool. And I keep trying to hit the Mac OS super up so I can see all of the windows tiled up and that doesn't work very well. Across remote desktop. So I've added into my path I've added my particular environment variable so I hit okay a couple of times here. And we'll exit out of all these two sessions and open up a new one. And now assuming everything went according to plan. We should have our and it didn't. So let's see. I love it when it breaks. Everything goes according to what happens. Did you is this the new log out log back in. I don't think I have to log out and log back in. Close the window. I don't know. I bet it's having to close the window. I bet you're right. I remember this correctly. The power show was blue. That's the other one. The other other one. So if I just bring up. Okay. There we go. That's the one I'm used to seeing. Oh, okay. This is the new windows window thingy. Okay. So if we look at this, this is also power show version 5.1 as opposed to 7.03. And then this is the windows terminal. So I can still just round it out here. I can still open up in this. This is kind of the same. So, but yeah, it did change from blue to black. Cool. I guess black is cooler or something. Not as cool as red, but it's something that's something. All right, there we go. So very much to your point and thank you for the reminder. Christian, I did need to actually close out of the window, which is the Microsoft terminal window. I've been using the other, like had I tried with either of the ones that I just brought up, it would have worked as expected. So Microsoft's terminal, this new fancy thing was what was preventing that from working. So at this point, I can do my O.C. .exe and I can also do tab. Do you need that exe? Yes. At least I think so. Let's check. Oh, no, I don't. Now that it's in the path. Oh, cool. Nice. Even better. Yeah. It's even more native. We'll come back over here. And now if I just paste my O.C. login commands, it just works. Now you're open shifting with windows. So now I have that same O.C. experience across both. It's not bash, which means that you don't have the same text manipulation. Right. I would still need to pipe into like a. And unfortunately, even though this is PowerShell, things like where doesn't don't work. Remember each one of these isn't a object. It's one string. So grepping and stuff like that to find an individual line. You're still in windows. There's probably a workaround for that. If I had to guess, there's got to be like a windows equivalent of that. But I don't know off the top of my head. Got me. So. This is where you have to learn the JSON path. Really well. If you want to grab individual components. Yeah, I wish, you know, I could pipeline into like, you know, where dash object. You know, underscore. Name equals. Now. Andrew is. But it doesn't. It doesn't work because there is no, there is no. Properties associated with each one of those. Right. Got it. So inside of PowerShell. So where that object is basically a select. Right. And inside of the loop. Dollar underscore is referring to the current object to the current iteration. And then this would be a property on that particular object. So going back to the conversation before of, if we had native PowerShell, you know, object extensions for Kubernetes, then this would absolutely be from phenomenal. And we could interact with it in that way. But instead this output is treated as a single string. So, you know, there's some, I see somebody saying fine string is the windows grep. So after this, now that we kind of have these preliminaries set up, which is really more or less creating the folder over here. And then adding that in variable to the path. At this point, it's more or less just going through and downloading all the different tools. Yeah. So now you can just basically pop in ODO. You can pop in Coup CTO. You can pop in pretty much. And then just, you know, you can just go and add it, right? So it's like a one-time setting. Exactly. So from here, right, I'm going to go into my folder here. That I downloaded or that I put this in before. And red hats. And I could just save this inside of here. So one thing I will do is as it downloads, I'm going to rename it to just ODO. Instead of all of those other extensions. kids that talk because I see fortnight folder. Yeah. Yeah, there's, uh, so there's Odeo. Yeah, there's fortnight. There's star stable. There's roadblocks. There's, there's all kinds of stuff. I just want all the old games to work on my new hardware. Use, uh, uh, okay. That's true. So there's Odeo. Um, so here, let's go and grab, you know, helm and do the same thing here. Yeah. So unfortunately the only Windows tool that doesn't work or the only tool that doesn't work in Windows is OpenShift install. I wish I had an answer for that. I wish I had a way to get OpenShift install to work on Windows, to kind of complete all of those requirements, all the things that are needed. Um, but unfortunately I just, I don't. Well, okay. So yeah, it is everything else. Yeah, it is macOS or Linux only. Um, yeah, everything else works as expected. Um, going back to what I was saying before about, uh, code ready containers, just be aware that you see this is a 2.2 gigabyte compressed file. Um, so if you stick that into your roaming profile, your admins will probably be upset with you as well as your login times will take forever, forever. Yeah. Yeah. Um, someone mentioned we need a chocolatey package for Odeo. Um, so I saw some conversation about chocolatey recently and the last I saw was we weren't sure who was creating and maintaining the chocolatey right package. So I don't know if that was created by a third party or if it was created by a Red Hatter who has since forgotten about it. Um, yeah, we should probably figure that out. A great mystery. Well also, I think it's the same with brew, right? Like if you brew install, like OpenShift clients, the brew install installs OpenShift, the OC client version 4.1. So that means whoever originally created it is an ATM. Because we're, because we're on 4.5 soon to be 4.6. 4.6, yeah. Yeah. I think 4.1's deprecated. So, so it's even on Monday. So yeah, unfortunately, and you can see Windows directory only OC.zip. If I go to, you know, Linux. Oh, this is because I'm in clients. Um, if I go up a couple of directories here and I go to, to pill up a couple of directories, the most one directory actually now I've confused myself. I don't know where I'm going. Um, yeah, you're looking for not, not you're not looking for fortnight. Yeah, there we go. Not looking for OC. I'm looking for OCP. And now we have our OpenShift install. You can see we just have OpenShift install and OpenShift client. There is no install for Windows. Cool. So as I was pointing out before, if we switch over to our Red Hat directory here, I will quickly extract this guy twice because it's a tar file and I wasn't paying attention. Just thinking you not have ODO as a Python library. What do you like that was go? Yeah. Yeah. I don't think it's a, I don't think you can do like PIP install ODO. Oh, yeah. No, I don't think so. I cheated and I just opened the cheater cheater pumpkin here. Opened it instead of trying to do it the other way. And I always do a PIP install for globally too. I want to talk about bad habits. Yeah. I'm the only one that's going to use this box. So. Exactly. Exactly. I mean, let's face it. Oh, the other one that we want to grab is KubeCo or KubeControl or however you want to pass. However you prefer to say it today. Yeah, this is how I feel like today. Kubectl, I've heard. Kubectl, QBectl, QBctl, yeah. QBE, someone spelled all things QBEctl. So one thing to note, I don't remember if I don't think that it is included in this. Yeah, this just includes OC. So we basically were expecting folks to go to Kubernetes to download Kubectl. I think I always just Google for it. Kubectl, Windows download. Yeah. So super complex. Let me actually use the menu here and not just randomly browse. Well, you know, I mean, I like watching. That was what you were doing on Tuesday. And you can see there's a bunch of different ones here. Anyways, it's Kube, KubeCutl. It works exactly as expected inside of all of these. The goal here was to show that it's straightforward. It's easy to get all of these tools set up on your Windows desktop without being an administrator and have that same administrator experience with the exception of installation, which does unfortunately require a Linux desktop, although you should be able to use the, now I forgot what it's called. What's the Linux thing in Windows? WSL, that was going to be my question. I forget what it Windows system, subsystem for Linux. I was wondering what the, when you use one for the other, but I guess you would use this method when you don't have an admin, right? Yeah. So to my knowledge, interacting with folks, talking with customers, there's not a lot of enterprises that are allowing WSL. It just doesn't have the same controls. It doesn't have the same ability to lock down that WSL environment the same way that you can the rest of Windows. So it's not common, but you could use that. You can't control it with like group policy or something like that, which is probably why. I guess. I don't know. Yeah. So yeah, I mean, you can control. Patent violation on Windows. I've faced many problems with that before. I think is what this says. Yeah. Yeah. And you can have, if you're an administrator or if you have a separate group policy or user policy for an administrator team, etc., you can always push out all of these tools. You can update their path automatically all using group policy. I mean, these are tools we provide. Red Hat provides these tools for you to use on Windows machine. So you can totally add this to your group install for OpenShift admins or container admins, whatever you want to call them. Gotcha. Okay. Cool. So like if I'm just at home sitting at home, I would probably use WSL or WSL too. On an enterprise, though, I may not have that flexibility of just calling a Linux VM, right? Yeah. You might end up using Hyper-V or a VMware box, maybe something like that. So honestly, and this is something I would be curious about from the audience, which is most of the enterprises I have either worked for or worked with, the data center is strongly isolated from the rest of the environment. So oftentimes it requires you're already either VPNing or otherwise connecting securely into that environment. Or there is no direct connection without a lot of bureaucracy around firewall, exceptions, etc. So many times you end up with a bastion host regardless. And using that as a Linux-based bastion host to run OpenShift install, to run the rest of the commands from for administrative purposes. From a developer perspective, from a user perspective, I think the OC command running from Windows, right? Port 443 access or 6443 accessing the API, you know, pretty straightforward from an exception standpoint. Yeah, it's because I've worked with customers who've had things pretty isolated. And you're right, Andrew, like the financial services. Yeah, they have a bastion box that I'm always jumping through somehow. Or like Citrix, right? Like they'll like open up a Citrix session that connects them to a client that then connects them to the production environment or the development environment. And then there's the other side where it's like a completely disconnected environment where you could go into like a whole another area to interface with it. Even then there's still bastion host to some extent, right? So yeah, I see Paris mentioning DSC, right? There's also PS remoteing and all of that other fun stuff. Again, a lot of that varies based off of the security team, the Windows team and whether or not they're accessible. But it's also an option to do that whole hopping around through the data center or into secure enclaves. Does anyone happen to have an answer for Vinay Vanu here? While I'm using S2I for a Java source code and get with OpenShift and getting this error, then SH user lib exec S2I assemble not found. That's where you're doing that. Yeah. Yeah, because that should be built into the S2I image. Image itself, yeah. Because the assemble is actually part of the S2I process. So what is the source image I'm guessing might be at the issue here? Yeah, the source image, the image you're using for S2I, whatever it is, there's something wrong with it or There's something not configured right with it to get. Yeah, because assemble I think is the second step in S2I. There's like three or four steps S2I and like assemble is like very early on in the process though. I'm just a simple fake Windows administrator. Yeah, I don't know. I mean, I know this probably isn't Windows related, but I'm not a S2I expert either. I feel like I could drop that to Jason Dobies though real quick and see if he can give me an answer. Another guy who has another book. Yes, which I have actually, yeah, although he's offline. So you have Dobies' book but not Andrew's book. Andrew's book is six years old. Someone sent me Dobies' book, by the way. I asked for it and it was sent to me. Andrew, could someone send me your book? Yeah, do you have a box of books? I have a box of books. I wanted Autograph as well. I gave away all the ones I had. Yeah, now that makes sense. When it was published, but they were all given away. Yeah, no, so I have Autograph copy by every author of the DevOps Handbook, I think. Yeah, it's pretty cool. But I would love to have an Autograph copy of an Andrew Sullivan book someday. And Christian Hernandez. Me too. Yeah, one day. One day I'll write a book. Yeah, we all will. One day. One day. So there's no question in chat, but something just popped into my head about using an IDE. Does this either work with, like I say, Visual Studio? Or does it work with or does it circumvent any of that? I don't know how Windows developers or because we've been kind of focusing on the admin aspect of it. So I don't know how this would work. So I'll bring up the ISE, even though it's deprecated. It's there by default on this Windows. But so the modern method is using VS Code and the execution extension to bring your PowerShell session into VS Code. Basically PowerShell ISE was the first version of that or the first iteration of that. Gotcha. Okay, so it does so you can't bring in your PowerShell. Yeah, because I'm a VIM guy. So I'm kind of right. So it works just as you would expect, right? You can see I can paste my code in here and hit the execute button and it logs in and then prints out my results and you do all the same modification, all the same inside of there. Note that this is because it's old. It's PowerShell, come on, PowerShell version table. This is PowerShell version 5.1. So you see I was using PowerShell 7.03 and this other big one back here and this is PowerShell version 5 and it works equally well with both of them. Nice. Let's see. When you create a service account, is that account related to the account in the container or is it just used to give service access permission to the container? So service accounts are for providing gated access to the service itself. And that service could be a container or a series of containers, right? Yeah. So a service account, when you launch, deploy an application on OpenShift, it uses the default service account, right? So there's a few default ones. There's one called default, which is the one that it uses at run, right? The service account that it uses to run the actual container. There's the employer service account that basically it's just the service account that is responsible for deploying your application. And I believe there's the build service account that is responsible to if you're using S2I or just not an S2I to build your application, right? So when you create a service account, it's actually nothing happens other than the service account gets created. If you want your application to run as a service account, you actually need to specify that in your either deployment configuration, your daemon site configuration, what have you. So it just depends, right? So if you're going to give special permissions, usually when you create a service account, you're giving special permissions or you're either restricting or widening the default permissions of the default service account. So depending on what you're using it for, right? So like if I am creating an application that needs to do some admin work, I may have to widen the permissions. I don't want to touch the default one, right? Because that's like a global one. I create a specific service account and attach it to a specific application. Right. So it uses that service account. Yeah, cool. So I remember to look at my sticky note that had the things I wanted to cover. Good for you. So I've been, yeah, I know with only 11 minutes to spare. So, you know, I've been logging in just using an OC login. If you want to use the kube config, you can absolutely do that. And you can do it just like you would expect inside of any of the others. So all I've done here, I connected to my bastion host. So this was the one that was used to provision the cluster. I'm looking at the kube config here. So if I were to do a cat on that, oops, if I could type correctly, I'll get there eventually, right? I can copy all of, basically copy this file out. I don't have scp on this or when it's on this particular host, but I can copy that out and I can provide it into a number of different places. So if I do OC help and I do, or excuse me, OC options, there is this. It'll tell me where the default kube control or kube cuddle or whatever you want to call. There's a kube config, right? So more or less the default location is my home directory. See users, Andrew dot kube. And I can put that even though it says htb cache, I can put the kube config file in there as well. And it will automatically ingest that and automatically use it. So similarly to on Linux, you can put that anywhere you want. So if you wanted to put it in your roaming profile, for example, so that you have those files everywhere you go, you can do that. And then you can put an environment variable that's kube config equals and the path to that particular file. So just like Linux, you can direct it over to anywhere that you want it to go. And then you can do that password list login using the kube config file. Also helpful for, remember, if you're using that kube config file, you're connecting as the system admin. So one of the useful ways of connecting when you might have accidentally locked yourself out of the cluster or removed administrator access in other ways. Yeah. So like, or if you're all off this failing, so like, the all off runs as a pod, right? So there's a, you know, I guess collection of pods. If that is down, you may have to log in using this, the, what we call a certificate method, right? So this authentication, I don't want to say bypasses all off, but it uses a different authentication method, not connected to all off. So, so yeah, so if you're all off this having problems, this is how you would connect. You have a failure domain that involves your all off. Yes. So, and note, as you all were talking there, OCD bug, like connecting to the nodes, all that other stuff still works exactly as expected. Beautiful. So that's awesome. I can still connect in just, just like I need to. You saw me SSH into a host. I didn't install SSH, by the way, SSH comes with the new terminal. Yeah. Nice. Like is it open SSH or I have no work or something. Okay. We don't know. Okay. But it works as compliant. Seems to have all the flags that you need. Yeah. So yeah, I, I don't, I think putty is on this host, but you saw, I didn't use it. I just use SSH. Cool. That's awesome, man. So yeah. The putty, the putty guys must be crossed that they're not, it's not included. SSH is not included in the, well, it's about time. I mean, it's been an open standard forever. So like, come on, right? Like, hey, I'm happy just to have one tabs and two, a resizable interface that behaves appropriately. Right. All right. Yeah. Line wrapping is good stuff. Yeah. Again, you can see, look, it wrapped the way it's supposed to. And as I expand it out here, it fixes itself as it's supposed to. So very nice. I'm, yeah, you know, Microsoft is doing a lot of really interesting things, both in the open source world and with Linux as a whole. Yeah. So I am excited and interested. You know, you all know, I've talked about amongst our team before of, I could feasibly use Windows as my full-time desktop. Yeah. And I have a Microsoft Linux tux here. Yeah. Yeah. The Microsoft booth was giving us back when we had conferences. Yeah. Back when we had conferences, there were Microsoft tuxes to be had. Yeah. No, Microsoft has done a lot to get Linux working on Azure, to get Azure working, you know, better with Linux, and has done an enormous amount of work in the open source world, as well as working with us on getting OpenShift running in Azure. So yeah, like we're super happy to be working with them now, like as equal partners. It's great. Yep. Now we just need to figure out how to get a, you know, this, this Azure cloud shell. I just need an OpenShift cloud shell. Prompt inside it. Yes, that'd be cool. That would be cool. Yeah, that'd be so cool. Where do I put that request in? When you're bored this weekend, Christian, that's, Yeah, that's a project for this weekend. That's great. There you go. Yeah, you don't have anything else to do. All right. Anything else? No more, no more questions. It doesn't look like, I don't think. Just double checking. Haven't seen anything, yeah. Yeah. Last call for questions. Last call. You don't have to go home, but you can stay here. I mean, like, you can watch something else. Actually, you know what? Let's do a raid. You want to do a raid, guys? You can raid. Yeah, you can raid. Let's raid the IBM folks. Yeah, let's see what they're up to. Let me get the interface here. Okay. So we've never done this before, but we're going to raid a channel. And that channel is going to be, if they're still online, IBM developer? They're not online. They're not online. Ah, shoot. Okay. So I'll take requests, but it looks like might have gotten another channel here. Has anyone fit another question? I mean, has anyone faced any challenges when adding a machine to your machine nodes and have they experimented with machine auto scalers? I believe, Christian, you have plenty of experience there, don't you? Yeah. So I'm trying to understand the question. Is it machine config like you're trying to scale vertically? Yeah. So there's, yeah. So there's the machines, right? Or the machine sets that actually, as actually Andrew actually explained it pretty well on Tuesday, how to scale your clusters. So if I wanted to scale my cluster, I just add another machine. And then if, sorry, I scale the machine set, which then adds a machine, which then adds a node. And then there's the machine config operator, which is used to manage the actual node. Andrew kind of went through that a little bit on Tuesday. So if you guys haven't checked out Andrew's operations or admin hour, I just happened to have an AWS cluster up that I'll be using for another demo this afternoon. So we can talk about a little bit. So yeah, so the principle is, so machines are the representation from OpenShift Kubernetes to the underlying infrastructure as a service. So this represents the, or this, sorry, represents the, in this instance, AWS virtual machine that, and how to interact with it. Whereas nodes represent that machine into OpenShift into Kubernetes itself. Right. So one of these is, hey, you are a member of my Kubernetes cluster, right? You're a node in my Kubernetes cluster. I need a schedule workload to you. One of these is, hey, you are a component of my cluster. I need to add or remove as the case may be. So there's two aspects to scaling machines or three aspects. So one, you need to be using an IPI deployment, something with a cloud provider integration so that it understands how to talk to that underlying infrastructure and do things like request new or destroy existing VMs. So the second thing is you need a machine autoscaler. And I'd also, I think it's worth noting that that means that you're using DHCP. We should call that out. Thank you. Thank you for doing that. I really appreciate that. Could you say that one more time? You need DHCP if you're going to do machine autoscaling. There we go. Yeah, thank you. It's an inside joke amongst us because we get asked all the time. If I can do IPI with static IP assignment, no. I just want that out in the universe as much as possible. So the first thing I need is a machine autoscaler. And I define a machine autoscaler for each one of the machine sets in my deployment. So I haven't pre-staged any of this. So I can't, I'm not going to do this because I'm pretty sure it'll fail. But essentially you would want to create a machine autoscaler for each one of these machine sets. And these machine autoscalers you see represents the minimum and maximum number of machines from that machine set that it will manage. So if you wanted it to scale all the way to zero, right, put a zero here. If you wanted to scale to 100, put a 100 here. So the third thing that you need is a cluster autoscaler. And I'm going to completely forget where the cluster autoscaler is at. It is underneath administration, I believe. That's what I thought. Cluster settings. Oh, I don't remember where it's at. A dag nabbit. Cluster autoscaler. We'll go the old school way. There you go. Yeah, go with the CRD. Yeah. All CRDs. So a cluster autoscaler defines the size of the cluster as a whole. So if we look at our cluster right now, we have six machines or three worker machines inside of here. So you would say I want my cluster to be between maybe one and 50 nodes. And what will happen is when a pod is unable to schedule due to an out of resource condition, it will say, okay, I need to scale up. And it will select one of the machine sets that has an available capacity to scale as defined by the machine autoscaler and increase it. And that will result in machine API talking to the underlying infrastructure saying, hey, provision me a new VM. All right, it boots up. It goes through the normal node joining process, et cetera. So where can that go wrong? A couple of different places. So one, if you don't have kind of all three of those things configured, in particular, both a machine autoscaler and a machine or a cluster autoscaler. And E-HTP. Yes, and E-HTP. So it won't trigger that to happen. Two, you need to make sure that you have a machine set or an autoscaler definition that has additional capacity, right? If they're all maxed out, then it says, I can't increase the machines anymore, sorry. So two, it could have issues communicating with the underlying infrastructure. Oftentimes, we see this internally, like my AWS account is linked to our engineering team. Our engineering team, as you would expect, is doing lots and lots and lots and lots of builds, which means that often I get throttled. I'm a low important account. I get it, that makes sense. But it means that it can take, what would normally take three to five minutes to provision a node can sometimes take 15 to 20 minutes because AWS is saying, your low priority, I'm throttling you until an appropriate time. Right. Also quotas is another thing you make it. Yeah, quotas with your underlying infrastructure as a service provider. If you change credentials, something like that, something happens to your credentials, your permission set changes, all of those, you can find those errors. If you go into the, as soon as I find what I'm looking for here, if you go into the machine API project, which it was conveniently pre-selected, and then if you look inside of these pods, there'll be errors inside of here about why it can't talk to that underlying infrastructure. Okay, so here's, okay, Venu Vinay Kumar has responded about his source to image issue. He's trying to build, created a build config, Java source code and URL builder is wild fly, image stream tag of Java eight and step nine and getting issues frustrating me. I can understand why I'm frustrated at you reading it. Not found sub-process. Exadata status 127. Does wild fly include S2I? I don't remember. Yeah, I don't. This is a Jason, this is one of the developers. So I'll tell you what, email me, cshort at redhead.com. I will get you an answer, promise. And just do it like that. Well, yeah, we'll go direct. Yeah, I'll get you an answer. That's the best I can do right now. I'm sorry. Yep. But yeah, none of us are developers unfortunately. None of us right now are developers, neither Chris nor Nermeen or Andrew. All right. Well, but yeah, so thank you all for joining. I really appreciate time, Andrew. Thank you for updating the blog post and doing the video for everybody. So, you know, people can come watch this later if they so need to. And yeah. Yeah. I have to go join a very important KubeCon booth meeting. So likewise. Yeah, I'm on the same call. So I guess I'll see all three of you. Yeah, I'll see you in about 30 seconds. 30 seconds. That's right. Bye, everyone. Bye. Thank you all for joining. We'll see you tomorrow.