 So I'm going to get started pretty quick and My name is Diane Mueller and I am is the sound okay with this as I'm holding it close enough to my face Yes, so I'm Diane Mueller. I'm the director of community development for the cloud platform BU Which doesn't mean anything to hardly anybody, but I'm also the community development person point person for okD Which will get explained what that is how many of you were in the okD working group meeting the other day? Good, and how many of you just came from the fedora coro s workshop? Good. All right, so Everything we're gonna talk about today is very near and dear to my heart because it it's talking about collaboration between Two communities that I love the open-shift community and the fedora community and the okD for and fedora coro s Have been working very very closely today So I'm gonna give a big shout out to a lot of people Benjamin Gilbert Who isn't here at here? so hi Benjamin if you're watching the recording and Ben Breard and A ton of other people who have been doing a lot of work to make this happen. We're really lucky to have Christian Glombeck here with us today who is the lead Along with Vadim who's going to do the demo after he gets it booted up So I'm not gonna take credit for anything today except maybe making them do some slides that make some sense to me So I'm gonna do this so it's really been a very big collaboration to get to this Point here. So today we're gonna talk a little bit about what okD for is how it came about There's been a long illustrious sometimes not so happy history with open-shift origin and moving over to okD And we had we kind of dropped the ball with three after 311 And so I'll apologize for that on behalf of everybody, but now we're getting ready to roll out 4.0 or 4.x, which you'll probably be right now is 4.3 4.4 already because it's okay. We did the master but the things changed pretty quickly But we're really very and as you can tell I'm very excited about this because I've waited a long time to get all of these Ducks in a row so to speak so we're gonna talk a little through all of that we're gonna talk a little bit about Fedora CoreOS and then we're gonna make Vadim come up and do a demo of So that you realize it's not all smoke and mirrors it actually works There is a preview and we'll talk a little bit about the preview how to do stuff how to get the preview how to do And give feedback to us and the road ahead and then I'll pitch one more time the okD working group So what is okD? So you probably how many of you remember the early days when it was OpenShift origin? All right, we've been around Then we had a little bit of a thing with marketing and legal and we had to change the name due to some legal marketing stuff and We when we pivoted from being a Ruby on Rails, MongoDB Platform as a service to being a Kubernetes based platform We renamed it to okD, which I jokingly refer to as okDian Because they gave up trying to find another name, but as you know the K We can't use the word Kubernetes in the name of anything. That's why you get pks okD Eks and all the other ones. So okD is what we stuck on and this distribution is Slightly different than OCP because OCP and we'll talk a little bit about that runs on well coroS and we run on Fedora coroS. So hence the relationship between the two families and so This is what marketing. Let's us talk about it is the origin community distribution of Kubernetes that powers Red Hat OpenShift and it's the same code base as What we run on online dedicated OCP Arrow Red Hat No, Azure Red Hat OpenShift. I think that's what that acronym stands for. So it's really it's all the same code base But there was a real the real difference is the Fedora. That's under the hood So when you look at an architectural diagram for OpenShift, you'll see we talk about OpenShift v4 move to a very operator centric deployment and the services So it's all the automation is using operators. So how many of you are familiar with the operator framework? Good, so we won't go into that. So we are really using that coroS operator pattern to power The 4.0 version of OpenShift and hence okD4 as well But the difference really is again Fedora coroS And that makes it something that is much more community-based. It's much more open-source. There is no requirement to use rel or rel coroS and Hopefully we can do a few other operating systems there as well. So I'm not going to steal too much more thunder I'm gonna pass off. You get that. Does it work? Yes? Can you hear me? All right, perfect. I'll take the clicker So, yeah, what is Fedora coroS? What's the difference between ocp and okD in that sense? So Fedora coroS is the base OS for okD right now for okD on Fedora coroS. It'll be the first version. We're open to actually Doing more supporting more base OSes in the future. We have this process in the working group for that Subworking group. So anybody interested in a community interested can actually create their own Subworking group to support more OSes. Right now we start off with Fedora coroS because it makes the most sense for us as Retat because we want to really test out our stuff the OpenShift code base On on the Fedora kernel on the Fedora packages get early feedback that way. So what is Fedora coroS? It's a new Fedora edition It's a purpose-built OS for running containerized workloads at scale we've taken a lot of the philosophy of Container Linux by coroS and All the learnings we've taken from the atomic host project and we sort of put it together into something new even better Which is Fedora coroS So we we are based on RPMOS tree and ignition. Those are two very important technologies we We use to do this So the mission statement is an automatically updating minimal monolithic container focused operating system Designed for clusters, but also operable standalone optimized for Kubernetes, but also great without it and The different what what's rel coroS then what what's the difference? So rel coroS is an implementation detail a component of OpenShift OCP the product you don't get it standalone. It's just in there and you don't really Touch it at all because we have this great New thing the operators that sort of puts our cluster on autopilot And you don't even notice the the operating system because it gets updated through the cluster And we're yeah, I think we're incredibly proud proud of that because it's just it's an awesome concept So rel coroS Updates along with OpenShift. It's one life cycle bound together. It's not not a different. Yeah, you can't really Split it out of that So and it's based on the rel package set. So it's a RPM OS tree composed under the hood made out of rel packages Fedora coroS on the other side is Made out of the Fedora packages So the build system and tooling is essentially the same between the two But Fedora coroS is also intended as a standalone OS Which redhead CoroS rel coroS is a little bit more about the philosophy behind that We wanted an immutable infrastructure Just to yeah sandbox everything make it make it really secure So the customizations are done at the in the provisioning provisioning really early on and Yeah, there's no concept of Changing configuration you just Re-provision the node essentially We have some it's semi immutable so we can actually change some some of the files But usually you would just reboot that and we use ignition for our Well, the the first boot the first boot configuration We use ignition for that that we don't use cloud in it that may be a name known to you We use ignition instead declared to declaratively Configure the state of our machines It's aimed at containerized workloads, so the software doesn't run directly on the host. It's it's in a container And So we can really slim slim the base down for example, we don't have Python in Fedora coroS And I think that's a great Yeah, that was a great effort and we did it. It's Python. It's snake-free Yeah, snake-free Fedora you can of course run it in a container So yeah OS versions are an implementation detail we sort of have this OS tree commit one representing one state of the one compose of the operating system, then you update to another compose and That gets done automatically as well So Vadim are we ready for the demo already? Let's do the switcheroo here So hi, my name is Vadim Rukovsky. I work on lots of things and open shifts and one of them is okd if you're familiar with OCP for you might have seen those pages a few times and Well, kitty 4 is not much different from OCP except for a few replacement things which are In fact branding if you notice on the upper left You can use custom distribution names for that And another important thing is that we run on top of the DoroCroS and these are the things reported by our cubelit the name of the OS image and One of the freshest kernels we got Now since it's based on OCP for 4 you will see that the cryo version and cubelit versions of 117 117.1 in fact and these are the main differences from basically OCP for we can also apply since Okd 4 does not really require a pull secret from Red Hat. You can Download it without setting any pull secret. That means you won't be sending a telemetry results as in OCP 4 and You won't be able to access Red Hat operators there. So once you go to Operator hub you would only see the community Operators available here That means we can also apply additional changes specifically to Okd for instance in our installations we default to SDN called OVN because that would effectively would become The standard for OCP Now it's in tech preview phase, but in order to experiment and let people Get freshest things we default to it. You can of course change it switch it back to OpenShift SDN and some more things There are a few more interesting ideas we could play with for instance C Groups v2 support The last thing remaining For the Okd is a patched Kubelet and we can ship that in our machine US contents enable C Groups v2 and That would be I think the last remaining piece Before it ends upstream and we can play with it already right now. I built it still running so I cannot show you the game but The idea for the Okd 4 is basically the very same as an OCP. It's based on operators and Every time and the operators control everything so You cannot change most of the parts of the installation yourself you have to pass it through the operators CR and If the operator doesn't allow you to do that Then it would be reverted so Unfortunately due to the poor conference by 5 we cannot show you the game But we wrote a game where you shoot ducks and every duck represents a pod deployment or Damon said So every time you shoot it the Cluster operators try to bring them back and the idea is that you have to shoot as many ducks as possible before the cluster crashes Because it's running right on top of it and we found quite a lot of bugs on using that game We also later found out that it's in fact a multiplayer game because we're all shooting parts in one single cluster So the mobile phones you have the better and It's very easy to tap with your fingers Hopefully we could be able to play with it. We just have to wait a little bit more. So let's hit with the questions Does ok to use syncative and Syncative from The rocker as things The answer is no to both, but it's a bit more complex So the official OCP installations they use a thing we call the Cincinnati which is Making a graph for users which versions can they upgrade from and upgrade to so we don't have that in ok to Because we use a more simplified version called truly controller at this point of preview. We don't test We don't test upgrades yet Once we're ready, we will start testing and that means in your clusters you would see That you are able to upgrade from one nightly to the other On the cluster level itself. We don't use to cut you. In fact, we'd have to disable it. Otherwise We would be bound to fedora careers updates and just to add to that zinc hati is the update agent That fedora careers usually uses to play updates Yeah, we disabled that because we have a different updating mechanism in the cluster use case shared with OCP and for Cincinnati technically it would be It would work together. We just don't have a dedicated Just you make it sound very easy Let me let me review the question. So if you have your own builder for the machine who has content You and your own registry to store images and your own Cincinnati like system, which is literally an engine serving JSON specific format You would get your own okd like thing. You just cannot call a degree. You have to come up with a better name But other than that, yes, it's totally independent from the rest because you would be effectively mutating the release payload and That would be yours and you can store it anywhere. Yes true Next question from LinkedIn The question was if we disable the telemetry and how to set it up. We don't disable the fedora finger But we do disable the Senkati service. So the machine doesn't still pings back to fedora saying I'm a fedora machine and it But it doesn't update using Senkati. The problem is that we would like to have this to be more specific So that it's not just an average fedora careers machine We want to say that it's a part of okd forecluster. We just need a better name and and found how to both privately and securely report that and How the fedora would benefit from knowing that there's a pure cloud for the request machines And these are part of the cluster and managed by okd. It's a bug. We need to fix it Other questions We will we will get to the Contributing part in a bit. So all just yeah, that's on the slope once we switch back from the demo We'll get we'll get to the part of how we want to enable community contributions and Working together with with the community and it right at external Well, I do have slides for it, so well we can do we can do the questions now and just Okay Well, I would say let's let's Do the rest of the questions now there were a few more So we are essentially reusing that oh Yeah, there is the the So we in in OpenShift we have the UPI and IPI Installation paths, which is user provided infrastructure and installer provision So what we've done in the past in OpenShift is usually one web version of OpenShift gets There'd be the UPI first and the next version will support IPI fully automated installs And we're essentially although we've right now forked the installer. It is the same code base So we the gate the goal is to support all the platforms that are supported in OpenShift in OCP in OKD as well so and Eventually we want to lead a be an upstream for OpenShift and Have even more platforms enabled or have the platforms enabled with OKD first right now We're not there yet. We're in the preview phase, but yeah, it's the same code base It's but we you get both UPI and IPR IPI installs for OKD The base OS for all the containers right now We we use for most of the operator. Oh, okay What is the base OS for all the containers we use in the platform like the operators and everything that sort of runs as a Container in the cluster and we use mostly UPI base images at the moment And I think that's not going to change in the foreseeable future. So that's exactly the same That is used in OCP as well There's some containers that are rail based that we sort of replace with CentOS containers right now We'll do that with Fedora containers in the long run, but that's only very few containers that are that differ in in that way So UPI containers right now I can connect So where do we get the packages from since we're using a rail base? Do we ship a rail specific things which are not supposed to since they're not part of UPI we don't ship them We replace them with fake images at this point. It's like four or five of them I think it's mostly metal cube So what we do instead we ask metal cube Community to make CentOS based or anything which is free to redistribute Replace them and promote it into our namespace. So the Okidibits from for instance OpenStack They get and they are built from free from community project RDO while the OCP is using the official Red Hat Images so some images may diverge, but they are supposed to be tracking the very same a level of coaches rebuilt using different ways File a bug if if there you find something we should not redistribute or you don't have a license to Reuse that's a bug in Okidibit. We will drop that image and make you come up with a better one Any more questions at this point? I think the demo looks looks ready No, it's not gonna live Yeah I'm not sure Any more questions as soon as possible is there Time-based release date No, not yet, but we have high hopes that it's all the things will merge into four five. Let's say The problem is that the problem is ignition three is back and in order to make Arcos catch up we need a lot of things As a coordinated efforts, we need them all merged. So for some time, we'll definitely be living with a Forked installer and the fork at MCO at minimum. Hopefully won't work more things But other than that, that's how that's how it goes Do we have do we have a tool to scan vulnerabilities? That's outside of the scope of the OQD for project, but If I remember correctly some scanning has been added in for three That's basically we follow OCP for on that if they add a tool We will automatically get it if you want us to add some new operator Which would be useful for the community. For instance, there is an idea to automatically embed OpenShift.acme as a deployment so that people could get Let's encrypt certificates on their routes. OCP 4 cannot do that. OQD 4 would love to do that As for scanning vulnerabilities, I don't think we have a story about that So there would be a compliance operator. I'm not sure if I like the name in my OQD cluster, but we'll see Can't rename it in the community friend or something like that There will be a compliance operator and was it right that that'll be on the operator hub at some point That will do this the vulnerability Vulnerability scanning for you that was to answer that question It's not there. It's a work in progress. So there will be one operator sometime later All right next point on the agenda Try the OQD for preview as we've mentioned we're in the OQD for preview stage right now and you can go to OQD.io Click on downloads and you'll get redirected to To page that tells you exactly what you have to do to install OQD at this moment That is the OQD repository on Github and that repository It's also our bug tracker. So anything any any bugs any feature requests you have or you find File an issue or a pull well, you can't really pull requests on that one. There's no code in that repository But file an issue on there and we will triage it Give it to the right team internally in OpenShift to To fix the bug So yeah, give feedback on that repository. You'll yeah, and you'll get in There's a getting started guide how how to install your OQD for preview cluster at this And and if you have feedback on our getting set it started guide Just log an issue and we will update it or make a pull request and we will do it We really would like would like your feedback on what's missing Exactly and then you'll hopefully be able to contribute through the OQD working group and your work will be part of one of the releases This is our release page You'll that that's all the CI builds built in our prowl CI system and you can pick any of those Preferably try a green one that makes more sense. I think So yeah Let's take a look ahead. What's what's coming next? So we have the OQD roadmap We agreed on that with the community a few months ago, and we've actually There were three three phases phase zero was the MVP and actually that was Done with our first preview release a little while back. So we're in phase one right now and that is just Enabling No, sorry, that's a first stable to creating the first stable version of OQD we're in that phase right now phase one and In phase two, that's actually gonna be more interesting for the community. That'll be after the GA release. We really want to use the OQD working group as a as a point of contact with With with the OpenShift organization, so External people can actually contribute to OpenShift. That's always been a problem with the origin 3.x Releases because that was essentially repackaging and anything that got fixed there never really naturally Made it down trickled down into the product. So we as RAT had really wanted to make OQD an upstream To to enable that and facilitate those contributions because they'll be fixed on the Fedora base or in the OpenShift code base And it'll naturally become part of the product That's a yeah the feedback cycle. We really want to introduce here So the roadmap is where it's a work in progress, of course phase two will be Revisited when once we reach that phase because it's right now. It's just a sort of catch all after GA So we want to add projects like OpenShift Acme To OQD that really make sense for the community and we want to in general use OQD then for technology incubation in collaboration with our community Because in the long run OQD is supposed to become a super set of functionality of OCP So we'll have sort of the new stuff landing in OQD first and then once it's really vetted and Proven to work and you know useful. It'll become part of the product OCP and Yeah, the OQD working group is sort of where we all gather Every two weeks we have a a working group meeting to discuss the progress we've made the problems we've encountered and Also get get feedback from the community from people that have tested it Yeah, I always think I'm talking loud enough. They're bi-weekly meetings. There is a Google group And the bottom there if you sign up you'll get announcements and if you go to the next page We use in the repo itself We use the projects process to add Issues into the engineering side of things and we also have and it is the next one the agenda one Yeah, this is the one I was thinking about if you have a topic like the compliance operator And you're ready to talk to us. Just let us know and we'll add you to the agenda Everything in the first column is how to get into the meetings and that and we also have if you can't make our time Which is 9 a.m. Pacific or 1700 UTC we record everything so And that's up on the OpenShift Commons Playlist and YouTube and I try and get them up there a timely fashion along with the slides but Really the meetings are open to anybody and we are really looking for more external Contribution especially from end users who are testing on different configurations Vadim had a great Saying the other day that okd slogan should be choose your own adventure So we can only test so much you're gonna use different DNS different storages different You know different configurations and stacks when you do this and we need We are sort of a party of a small party of engineers and people who love okd And we need your help. So we would love it if you can continue to contribute the open Engineering This is a strange little clicker. I think that might be the last slide to last slide So, yeah, we have the the second part we have is the engineering. This is the community part and the second one is the Oh, no, this is the Yeah, I think the link is wrong though for this one Well, we have a second board which is the engineering one We sort of all the bugs and issues that are open are on this on this Kanban it's yeah, it's It should be github.com slash rx slash open shift slash projects slash one It's the first project in in the open shift organization the only Kanban project in there issues Six years at Red Hat, I've never had t-shirts printed so For this group, I'm gonna get t-shirts done Somewhere and we'll just both figure out how to get them to you But we really need as much help as we can get you tested and out the door Yeah, we're close we're getting there Yeah, it's just a couple of end-to-end tests that I haven't actually made it into the product, but we're We're building up a master. So we have to make them work for us as well. So, um, yeah Well, yeah, it's it's the master Right the great thing is we are sharing the exact same code base right now We've only forked the install and the machine config operator, but we're actively working on re-merging those That may take some more time, but yeah, I'm very confident we can get there And well this quarter or next one. Oh, well, yeah I Mentioned before we have this process in the working group to create sub working groups And if there's any any community interested even outside of fedora communities like centos or Susie or even Debbie and they would be Well, yeah, we would sort of give them a way to to build their own operating system with our tools based on their packaging and packages and then sort of Give them a way to to run open shift on their operating system. So Right now. Well, we use RPM OS tree and ignition. So Susie and Santos are obviously the best candidates to do that Because it'll be rather easy for them Debbie and maybe a little bit more work But we definitely want to support those efforts as well and have as many base operating systems for for those Okd clusters in the longer run Again as as ratat it makes most sense for us to do it on Fedora ourselves and you know put that out there So that's what we're working on right now. But yeah in the longer run I think the Santos community will probably want want something running on Santos Susie might want that too and Debbie and people might want that as well So yeah, sometimes Well things move very fast in Fedora and we don't we aren't always aware of everything that's changing for example last week We had a bug when the the container runtime used by potman in Fedora Was switched from run C to C run and that just created a bug for us And we you know it took us a while to figure it that out Vadim actually figured that out As as always he's just he looks at a bug and the bug goes away So Yeah, things like that do introduce problems sometimes Also, we're reverting back to using C groups V1 at the moment because as what he mentioned It's not the cluster code is not yet ready to to facilitate that But yeah, and I do think That won't be a huge issue for us And we will always be able to configure it in a way that you know that makes it work again So I don't see that as a huge problem Sure. Well, yeah, we're doing the Fedora one Our roadmap is is really Fedora core OS is going to be what we're we're pushing to so You know, that's that's key but we do a lot of people ran origin on CentOS a lot and So there was a lot of questions about that So I wanted to make sure we went on the record that we would support them doing it But it's the them that has to come to the table to do it They have to pride provide the the hours the man and woman power And that's great point of collaboration that would be wonderful to do so we can get that up there on List to talk about and get done and I didn't post a date for the next one, but it's probably in two weeks from now On a Tuesday morning, so I'll send out that so if anybody hasn't joined the Google group yet do so today and So they'll you'll get the announcements there But you can always go to that community page and look up and I'll update it shortly once we all check our Travel schedules and see when the next one next time we can all get together But that's that's really what we did you have an issue template I don't know we don't have it yet But there will be an issue template on the in the okd repository So the okd repository in the open shift organization on github is the place for you to file bugs and everything and we'll triage it and open bugzillas internally and You know refer that those bugs to the to the respective team To get it fixed so yeah anything technical issues ok the okd repository on github