 Yeah, yeah How about now folks can you hear us anything anything there we go? I can I can hear it now All right, awesome. Yeah, I can see the sound bumping. Yeah, so right there we go. Cool Now that we go now the zoom is back. We can read well. We could retell all our jokes. Yeah So good morning. Good afternoon. Good evening. I think that's what you get up scotty the galaxy Sorry about that like Christian was away. He came back We were a little few seconds behind and like everything glitched for me for a second And then we just jumped in and it didn't look like zoom stuck with us there so apologies for that so Christian Hernandez is here. I'm Chris short host of the most Christian Hernandez the the get-ups guide to the galaxy captain here I'll be your captain on this journey. Yeah, as we were saying so So, yeah, I'm doing so in case you guys didn't hear Chris asked how I was doing doing well excited about a few things right so excited about Cubecon coming up right? Yes, so, you know, I'll be there in person and Yeah, yeah, well, I'm you know, I'll be It's still quite a drive people don't understand how large Calif well Yeah, this is the country gets bigger the further west you go. Yes Exactly. Yeah, because I was talking to someone about like, oh, yeah, like my daughter went to New York You know for the afternoon and I was like, wait a minute. We're in Boston. It was like, well, yeah, technically you can take a train Yeah, it's like yeah here here in LA, you know, you can drive for two hours and still be in LA So, yeah, you know, I'm a local Yeah, but But the drive to downtown is gonna be a big drive for me, but I'm still excited. I'll be there. It's a hybrid event So excited about that excited about the get ops con Yeah, right where I should I should probably start sharing my screen here because I do have I'm trying to do the sully thing of Topic topical sure which talk about what's your CPU up to you got something running in the background there I might let's let's see here. I think it might be Is it probably zoom? It's probably zoom. It might be also chrome because you know how chrome likes to oh, yeah Yeah, maybe that'll be better here. Let's check it out. See here CPU is x org. So well, that's probably zone. Yeah, that's probably has probably zoom doing things here, but yeah So here I'm also excited About a get ups con I mentioned it last stream here. It is says a day zero event Right. So October 12th Which is I think a Tuesday. There's two days zero events, which is crazy. I think I think I think they're calling it like pre-event Pre-event or something like that because it's not days are any more because there's two days. You're rose. There's two days. Oh, yeah, zero and zero and double zero and so This is October 12th, which is Tuesday. You have Planet time register if you can't make it live. It's a hybrid event. So you can do it virtually and just to kind of the quick shout out for for me, I have a I have a keynote talk. So if you do see me in person You know, I'll be talking about some cool stuff. I'm talking about actually pipeline is pipeline as code, right? Which is something we kind of talk touched a little bit about about tecton Maybe in a future episode after I do the you know after cube con I'll I'll touch on it But if you want to get a sneak peek of a pipeline as code and how it Interacts, you know, how in get ops, right? How how it'll you know fits in in in the get ops methodology, right? You know tune in right either virtually or if you're there You'll feel free to say hi. So I'll be there. I Should be there and less other than less something happens, right? Yeah, Chris should be there, right? We should we should when it actually I I am somehow doing three-day zero things on the same day So yeah, this should be interesting for me. That's a lot of running Yeah, because I have other stuff to do on days or events and I'm like, you know, it's like I'm not to wear my jogging shoes It's run all over the convention center. Yeah, you know, I didn't think about that. But yeah, I could probably bring them Probably be chillier ish. Maybe in San Diego or Los Angeles. Sorry. I don't know. It's been it's been warm So I don't okay nevermind Yeah, it's it's been kind of warm as of late. So but October it should be a little cooler But still warm for those literally in a month. Yeah, I'm flying out. Yeah So there we go. So get up scon make it if you can I'll be there in person. So if you can't be there virtually still open Another thing I kind of wanted to bring up there's kind of this cool tool actually I think you sent this to me Yeah, no, this is definitely one. I recommend it to you This is and this like so for those of you don't know We're actually Chris and I are actually in the same team Technically, right? They did some reorg but like we ended up on the same team anyway Under different managers, but you know, we were in constant communication and he and Chris is always sending me things And even though I don't respond Chris. I do take a look at them. I know you This one I really really like right so this is Octopilot from daily motion, right? So a lot of cool stuff coming out from from companies that are actually doing something like into it Right, I can do it obviously has Argo City And daily motion has something called octopilot, right? And so octopilot is Helps you in your get-offs workflows. So by managing your pull requests, right? Which sounds a little crazy at first, but yeah, yeah So it's essentially about it. You're like, oh, this makes sense. Yeah, this makes sense and often it actually offers a Great, it's a great use case. It solves a very very great use case so essentially what what this does is it manages your your PRs and your You know, all of your workflows, yeah approvals all of that via a Via CLI or an API right in in in most cases Right and it aims to be like a Swiss Army knife, right to propagate changes. So the idea of being You know this example here, right? He's you know, you you pass a token obviously and the repo information But you said hey updates is YAML with this With this information right you can use white queue as well We're saying, you know basically regex saying hey, yeah, you know take this stuff updated like so and for the workflow I'm trying to think of it like a great use case is like image updates Yeah, right like you're doing those need to happen behind the scenes. Yeah, exactly. So like update You know you do an update your CI it happens. Cool. You have a new image build. Okay. Well, like how do you propagate that out? that Argo cuz like, you know essentially Argo acts on a repo well in you know, you need to make a PR and manage that and how do you do that automatically? There is a autopilot that has that right and it has being able to essentially manage your get workflows You know in a get-ups friendly way, so I think this is really cool I'm oh, this is one of the neat ones that I was like. Oh, I got this Christian. Yeah. Yeah, this is this is great It could actually Support for manipulating encrypted files as well, which I thought was really really cool like a really really cool So kudos to the guys daily motion Who one came up with this and to who open source? This is great a great tool So I'm pretty sure you dropped it in the chat already, but yes, I think When you're Something that can help you when you're when you're automating some of the stuff, right some of the Some of the things like okay. Well, you know Argo CD Acts on a particular branch or a particular get repo, you know, what happens until then right because that's the tail end That's the easy part right Argo City is just applying those manifests Well, how do I get into there and this is a tool that can help you to do that as well? um And oh, which is pretty, you know, which is it's pretty cool because I actually see this here the yq tool They actually just like pull in the actual yq Source code right so they could Yeah, yq is to uh yaml as jq is to json. Yeah Which I like I like to post that you do it on twitter you're Jason on isn't human you like json is not human readable. I'm like, thank you someone said it Someone responded back with that tweet. It's like, how could you say something so bold yet so Yeah, exactly. Yeah, it's like, oh my gosh Yeah, which is it's just which is like i'm a yq guy right i've always been But you know, json isn't meant to be made human readable, but And it's not it's definitely not right But some people it's amazing how many people are like well, I can read it It was also amazing how many people were like well compared to like 20 year old thing. It's way better. I'm like, yes Yeah, yeah, and be better better and still be Not great. You know, yeah, exactly. Yeah, yeah, like, you know, um writing a bike Is better than walking it'll get you there faster, but it's not Not a speed train, right for example, right, exactly Just said I could read xml. It doesn't make it human readable. Oh, yeah. Yeah, exactly I can read xml. It doesn't make it great So, uh, so octopilot great great stuff. So, um I like I like some of these things that you sent me chris. So keep keep sending them. I I have a back. I have a backlog. So so I just got to octopilot. So there we go. So there you have it Cool. So today's topic, right? So today's topic. Um talking about Opuship get ops version 1.2, right? So 1.2 actually released. I want to say Mike like a month ago or a couple months ago Maybe even more like eight weeks ago. Um, okay released, right? Um, and I kind of want to go over some of the things the updates we made that You know, I This may seem a little late because 1.3 is actually on the horizon But like but but as you know chris, I we had guests. We had other topics to cover or we only have an hour. So it's Um, but we're finally here. So I kind of want to go over Uh, some of the things that we came out with with Opuship 1.2 um Opuship 1.2 came out with version argo version 2.0 Right. So that was like a major thing that we had there like in a major release of argo Um And so I want to go over here We're gonna break the zoom window with what I'm doing right now what I'm trying to make a more readable for y'all Yeah, it's just try to make it and I'll make this a little bigger too and I'll actually How do I um Command or control plus plus depending upon the device There we go. I'll send you the chest. So I'm actually going to go over Um, the release notes, right because the release notes is the best way. Um I'll let you say for this information, right? So, um So, uh, so support matrix, right? Um For 1.2, obviously argo cd is ga. We're still tech preview for with some of the stuff like application set um Stuff like cam is still in tech preview to get off service, which is like the um the service that Manages cam right because cam is the the cli but the actual service that manages cam Um, it's still in tech preview. Uh, we haven't talked about cam much Touched on it a little bit Because like there's a lot of stuff still in the air With cam maybe I'll invite bows to come on and in demo cam a little bit more Go a little deeper. Uh, so it's tech preview, right? So meaning that it's not 100 supported, right? It's the best effort sort of thing Not fully baked. Yeah works not fully baked. I use application set that should be I don't know when that'll be ga, but that's you know, the acm guys are using application sets in production. So, yeah So, uh, some of the new features, right? So, uh, one of the One of the things That happens when you install the operator, you know, um, the opus should get ops operator is that it deploys a default argo cd instance So like when you install the operator like you get like a An opinionated deployment of argo cd So if you do not want that you can actually set this environment variable in your subscription And it'll uh disable that so essentially it'll just add the crds, but it just won't deploy a Argo cd instance And so you've set that value to true Um, you know, it'll uh It'll prevent that that opus should get ops namespace to be deployed A little caveat with that though is if you install an argo cd instance in an opus should get ops namespace It causes a little weirdness. Oh, so it yeah, I would kind of expect Yeah, so like if you're gonna disable the default argo cd instance do not Name your namespace opus should get ops. So but everything else is is cool, right? So, um Then you can then deploy your own um Instance right of our go of argo cd in your own way. So, um Another good cool feature here is the, um Requests and limits are now configured for argo cd workloads meaning that Um before there was no, um limits Oh Or quotas it for for the actual, uh, installation of opus should get ops, right? So like it was able to consume The entire cluster resources. Yeah, if you wanted to, right? Yeah So we We um, we figured out and capped it. Yeah. Yeah, we capped it, right? So like all the all the components of opus should get ops now has uh limits Onto it and the actual namespace opus should get ops namespace has a resource quota set to it. Um this caused a little bit of Unforseen consequences. There was a lot of people who actually were deploying stuff inside of opus should get ops namespace, um Which we never intended Right, but we never actually told people not to do it But like we we assume people right wouldn't we wouldn't do it. Yeah. Well, we kind of have that running Well, with at least you and I do Um that running thing of if it starts with the open shift dash don't mess with it like don't mess with it Yeah, don't put stuff. Yeah. So that's a really good rule of thumb. I think probably soli says that a lot um Is that uh If it starts with open shift the namespace starts with open shift don't put anything in it. So um, so don't put anything in it That's just you know, stuff like this happens, right? So, um So that so then that's that's that's it, right? Um It actually also this caused the issues when you're upgrading from version 1.1 to 1.2 Which uh, which is another section um Which i'll go i'll go over in a little bit. So and then our go cd authentication is now automated with red hat sso We we did this the other um The other stream right last uh last time stream A couple weeks ago, um, you know before it was a manual manual process, but now you just put, uh, you know this Spec sso provider equals key cloak and then it automatically automatically sets everything up for you. Um, yeah, so that's So that's really cool. So then you can use open shifts authentication to slog can so, um Before there was no support for route sharding um So for those of you who use open shift And you don't know you can actually do route sharding. So, um You know, you can have multiple routers and depending on the application you can send it to a different router. Um, Our argo cd didn't know how to handle that. So we added the actual, um The ability to do route sharding right so saying hey You know when your your routes a match, you know, like everything in kubernetes. It's a key value pair Right. So for this argo cd You know put it on these labels Send it over here so, um And this here This is probably my favorite update Um for open shift get ops Oh, um, yeah, and which is which is part of the the demo I'm gonna do right so, um So now the open shift get ops operator will automatically grant permissions Depending on the labels. So that let me explain what used to happen, right? So, um There was a cluster resource. There's a cluster Argo cd, right, which is open shift get ops, which we talked about a little bit about earlier um And it comes with like I think the ability to only read resources but not apply it. So then you were um, it was It was on the operator to like, you know, you know, um Not the actual big old operator, but you know person operator It was up to the admin. I guess I should say it was up to the admin to set up those RBAC rules, right? Like what can argo cd do? um You know, I have an opinion on that right like if you have argo cd managing your cluster It needs cluster admin, but a lot of people don't like that. But um You know, it's you know least uh, what is it the the rule of these permissions? Yeah. Yeah, at least privilege um So now you can actually what you can do is you can label your Uh your namespace Um with this, uh, is it a label annotation? It's a label. So you can label your namespace with saying, hey um Let this uh argo cd instance manage me So So then argo cd will then do um the operator will then put the proper permissions in order for argo cd to manage that namespace So you can kind of have um this kind of cool situation where um You could deploy argo cd right with this least privilege and then um Annotate, sorry, label the namespaces where You want control so you have um So you can say hey, I installed argo cd or a cool. I want it to manage uh namespace one two three And then it'll automatically manage those namespaces for you without you having to do anything else And it won't touch any other namespace. So that's um This is cool, especially for If you're doing something like um What we call namespace scoped argo cd meaning that There's no uh, there's no cluster argo cd, but there's like an argo cd for my specific namespace And I create another namespace and I want that argo cd to manage that namespace Um, I just label it and I don't have to do anything else. Um, so this is really cool And I'll I'll show this in a minute. Um How this works out because it's actually really really cool. So um some of the things that were fixed the um For let us see we'll get stuck in out of sync status. Oh, yeah, so this um There's a this is your issue. I don't I don't know if you want to link this first but if you if you put the um The link in the chat people can take a look at that but um Like if a user created an additional instance of argo cd managed by the default instance Some things will just get out of sync, right? Even though it's it's synced up some of the um, some of the things will will uh Will end up in out of sync status. So do they they fix that, right? So, uh, some of the unknown issues, right? Um So, uh, when you delete an instance, right the um, the managed by label Um are not removed, right? So like So basically when you deploy an argo cd instance, and then you delete it that annotate that label still stays in place to Any namespace that it's managed by so that um, so you just kind of just take a note of that, right? Like if you're deleting names, uh, if you're dealing at argo cd instance, you may want to go back to those namespaces and remove that label But we know that That's getting uh, that's getting charquet. We'll lead there we go. It's it's late over there by him or early depending on how you look at it Depending how you look at it. It's very very very late or extremely early. So it depends whether you're late to bed or early to rise. Um So this is what I was talking about before the resource quota has been enabled um so, um when you upgrade from, uh Open ship get ops from version one dot one to one dot two um some of the applications Was getting um killed, right? Because yeah, so, um and then it actually Spun up it would I you know, there was a ton of replication controllers that would spin up because It would spin up and it would get um killed. It would spin up and get um killed or spit up and get um killed. Um Uh, so the the the transition from one dot one to one dot two wasn't 100 clean. So that was uh, it was a uh, Known issue. So uh, which is why we, um Say one don't deploy anything and open ship get ops, right? So that's that's one thing He's done and and to um Always test your upgrades, right? Don't just like automatically upgrade from one version to another for any operator, right? That's not just Um, oh, I mean, yeah, make sure you got that dev environment. Yeah. Yeah exactly Uh, not to say that even if you're an ops person, right? Like you should have a way to test those Yeah, wait to test those those operator uppers 100 percent. Um, and because like in this instance we made a mistake, right? Like Hey the The resource quota we applied Made us Not be able to upgrade, right? So like you're just stuck in this weird There's like many versions and like state of replication. Yeah, state of limbo. It's always always um always bad. So um So, yeah, so that's kind of just kind of the lowdown on the one dot two release um So let's talk about uh this um This update here my favorite update, right? So let's go back to managing right managed by so um, we'll go to a use case here So I'll push a cluster, right? I'll uh um I'll update it here. So I do I'm gonna log in as a non admin, right because this Effects non admins come on. Here we go. You can do it. I believe I believe that the cluster get cold. We don't know The cluster running. I know you better catch it. You better click Is your cluster running? I don't know. You better catch it. I think it's running. It's to go here. Um, let's see Yeah, it's there. Uh, let's just reopen it sometimes Yeah, it doesn't like it. Oh, oh, so braided silver went through the uh home killing experience Yeah, that home killing thing is it it it happened to customers too. That's all that was it was a It was a fun upgrade experience while you'd ask what a single node cluster do for like environment upgrades testing and Um, I mean, I maybe yeah If if the single node cluster is big enough right to run the yeah If the cluster is big enough and then if it's a close enough representation of production Yes, like you shouldn't have this pristine single node cluster to test an upgrade for it, right? Like you have Like your argo pipelines You know installing operators or whatever it is that you have in prod You should have in that single node cluster too. So that's gonna be A lot of stuff you have to think about. So yeah I mean if you really want to make sure operators don't break your environment kind of thing But yeah, yeah, the test like v1 versus v1.1 It might work Yeah, that's true. While he does say close enough to production is becoming impossible with time for on-prem. Oh, yeah, that's it's yeah Yeah, I hear you. Um Yeah, it's you know, there's trade-offs and you got to decide on those for sure Three node clusters single node cluster. However, you want to test just just test it, you know Yeah, please sugar on top Uh, well, I thought it was a cookie issue, but I don't think it It's not a cookie. You call your wife Maybe it is broke. Come on Well, I mean it I wanted to show the ui, but Now my cluster is running fine, which is weird because uh So I see a street thing Yeah, look at that It's open up chrome and see if it works in chrome sometimes it'll work in chrome The where's the is that it? Yeah, it is. Okay I'm working on another window here So Brandon Silver says I think to test if you are at risk for bugs from the upgrade impact in your workloads You should be able to verify that by replicating on single node cluster I'll tell you if you'll hit a it'll tell you if you'll hit the bug But you won't see a realistic replication of what would happen in production if it happened Yeah, like you won't know the impact You just know thing happened with operator And yeah, I think not necessarily the the you know after effect. That's a very good point So it actually works on chrome. So I'll just bring that over here. Okay All right. So here I am developer right as you see here. Maybe just a little bigger Thank you Developer so I'm not I'm not an admin right so here I'm going to go over like how to create a a namespace scoped argo CD So for For this here. I actually have Get operator. This is this is the admin view operators Right. I have the open ship get ops operator installed right so it installs all the crv's Um, so that's just I do that as an admin but now as as a developer. Um, I'm able to Create my own argo CD instance that manages my own namespace, right? So, um, let me copy login command here Um, I won't do a sully This is a temper and show my show my key to the world. Uh, that's kind of funny That is that is funny if you guys can watch that episode. That's great. Um, I don't I don't care about the stoking because This cluster shortly. This is why this is why I do temporary clusters like same. Yeah Everything gets blown away after my demos nowadays. Yeah All right. Cool. So if I do we'll see who am I? I'm developer right We'll see get projects No resource found right so in the ui you can add a create a project here. Let's call this What is this demo or test? actually, uh See give me a good name for us here. Um, get ops wonder test wonder test I don't know what wonder test. I like wonder test All right, uh, let's create that. Um, so once I create that I can it's deploying my own version of Of argo cd for my name space here. I think you can do it um The best way I found of doing it is actually Plus Yeah, a little plus button and importing the yaml. So let's let's um Let me do a cat of argo cd Of this yaml. All right. Um Right. So some of the things, um I probably should Take out Move this to wonder test. There we go. Um You know some of the things You know, um application set, right? I'm going to play with application set Um, you know, some of the things I don't really care about is grafana, right or anything like that. Um, H.A. I don't care about so, uh, but some of the things here resource customizations. Um, So I'll probably do an entire episode of just resource customizations. Um And, uh This here, you know, like if I am going to do sealed secrets There's a there's a bug with sealed secrets about it'll never it Seals the seal secret operator doesn't return A proper health check like every resource, right? I think it returns like an empty string or something um So I kind of just say hey if there's an empty string that means it's good Um Basically ignoring the health And then routes for open shift since I like to keep Um, my routes agnostic meaning that I keep my my host Field empty, uh, okay, and let the route create the route So, um, so instead of it not being out of sync I will just say hey just ignore this difference, right like basically don't track this Ignore differences is great right for For things like operators where like it has its own controller doing things that it auto fills, right? So And then The health checks are also great. I'll do an entire episode about resource customization is a great topic. Um, cool Do things like resource exclusion, right? Um, so kind of just this is kind of like a standard Argo CD deployment How do I Create down at the bottom Yeah, uh, no actually I think um, I think there's I'm trying to find the um Uh, Argos cd operator one thing that you guys can help us out with 100 percent Is uh, here we go I'll put this in the chat for you chris. Cool is documentation Oh, yeah, always need to help with documentation folks like it doesn't matter what the project is The project is need to help Wait, you're sharing your screen as paused. I don't want to pause what Is that about can you see my screen? Yeah I don't know if it's doing anything though. All right. I'm gonna close the tab. Can you see that? No No, okay. How do I unpause it? Says you're sharing Start and stop again turn it off turn it back on There we go. Is that better? No, well, I just figured out. Okay. Oh, there we go. There's a all right. How's that? Great. All right There's I was looking through the settings and like I'm like, where is it like there's a big button that says resume I missed the big button. All right. Yeah, no, it's funny. Someone sent me an email And they have like red text and like that was an action item And I didn't like I completely glossed over it because I thought it was like part of an image or something Yeah, I was like, okay. I completely missed that one. Sorry completely missed the big one So I put that in the chat Chris so you can share but yeah, that is the Apparently didn't want to go to restrain. So let me put it over there. Yeah So by the way, you know, people always ask, well, how do you get this configuration? It's like You know what you're completely right. Some some of our documentation is lacking Especially with Argo CD. So if you are a really good technical writer and Want to contribute to open source? You are Golden I'll tell you that right now a lot. Yeah, very welcome. Um So here so I can create are a technical writer that wants to contribute to open source I haven't seen the list amount of work that you could do that's rather endless amount of work There is there's countless projects that need help that I know of. Yeah, exactly. So, um So, uh, here, let's go to uh, I'm really in the developer Let's go to Deployments Come on You're in wonder test Yes, I'm in wonder test. Okay employment There it is. There it is. Okay All right, so then see but it says deployments. Clearly. I see why you type that. Yeah Okay, it's deployment. Okay, and then um, so this here um You know, it deploys an application. That's Argo CD, right? So if I go see get a pods Uh, oh wait, I'm not uh oc project What is it wonder test There we go Um, that's running if I say oc get Argo CD, right? I can list my Argo CD instance, which is hello get ops Right. Um, and I do oc get Uh get pods and I'll sorry get secrets And then the secret here is I think it's I think it's this one So we'll see get secrets this guy Yeah, so, um So here usually you have to base 64 decode it Not if you're using oc, right? So this is pretty cool. If you do oc extract Oh, yeah secret Hello get ops cluster And then uh, I think it's dash dash two The dash right there it is. Um So there you go this whole This'll do that base 64 decoding for you so which I think is pretty cool. Uh, where's Fancy if I do oc get routes Wonder test Got a love wonder test He needed something I needed something two words came to mind Well, we used to do, um Back uh if for the for for those of you've been watching, um Rehat streaming, which it used to be called openshift tv When we first started right we started we started doing like star wars character But like you run out of names so quick right like by the by the third stream you run out of names All right, so this is um Argo CD that is to my specific namespace. So if I go let's try to deploy something here. Let's do Um This is something simple Does the argo community use tags like First time issue Help verify technical details things like that. It should. Yeah, like a good first issue, right? Yeah. It's one of those things Let's do the blue. The blue is asking Yeah, if they if they don't they should Yeah, um So let's deploy here So new application, um Oh wait, so I have so this is like one one of the things that I do and I think it's it's good. Uh, good practice, right? I keep I do oc get pods I keep my get ops controller and where I'm deploying to in different namespaces And so, um, oh, yeah, yeah Yeah, so if I do an oc a new Oh, no, it's a new project can be clear this oc new project. Uh, they'll call this um empty squad squad I don't know This is the squad. All right. So now we have this this this application here. Um, do I do a namespace on this here? route no Overlays, I like you when you go to your notes. Yeah, and then pin this here. Um Makes it easier to navigate so I do have a namespace. I don't want namespace. So what what I changed this earlier Uh, Is it this one? This one has a namespace So by by the way, um, this is a the reason why you never put the namespace in In the in the yaml manifest, right? You always put it in the customize Braum controller because now now you get the situation like me where I can't find something that has no namespace in it. Um Um I thought I put this here hold on overlays base I did put namespace. Okay Uh, all right screw it. Do you want to do a find? I can show you all a trick real quick Find space dot name. Um, I know seriously you can do it. You Hit dot hit period on your keyboard. Oh dot like this. Yeah. Yeah And then you should uh, this is a setup a web editor. Yeah, you can use the find function Ah, what is that control uh, control f? Well, it's a it's a looking glass over there on your screen, but yeah, where is it? Left hand side second one down Oh, this guy yeah, okay. See you can search the repo there Oh I didn't say it was gonna be easy I'm just saying hey, that's what helped Actually, let's uh, let's do this. So I'm gonna kill two birds with one stone here. All right. Here we go Let's go back here. All right. So I have uh this repo here This is a private repo. Um, okay Meaning you can't see it. Um And I think this one I do not put I did put namespace All right, let's uh, let's go back here I'm gonna Say screw it All right. O.C. Delete project. Sorry chris. We're not gonna use that. Let's we're not gonna use squat We're gonna use bgd next time chris. All right So project bgd, right? So in let's um And let's deploy we're gonna deploy the blue guy Cool, uh, so let's take this All right. So now, um, we create a new app. I'm gonna call this uh You know bgd now blue project default uh, let's do manual Whatever that means uh repository url this guy and then The path is kind of easy there we go Okay, blue right cluster this guy and namespace bgd, right? Well, we should have created so I Created this namespace. I own this argocd instance and its namespace. I own the bgd namespace as well But when I click create, um You can do a project. Oh, that helps Right, it'll be create. Um status is I get an error, right? Because um I can't manage that That namespace Right from from this from my namespace here, right? So The new version of get ops Um, I can label my namespace With the managed managed by managed by oh nice. Yeah, and so, um Where source namespace is the namespace of the argocd instance is deployed So I can do something like oh see Oh see edit namespace of bgd Right, and then we put uh is a label right now notation label I it's always There this should be I don't think we have a consensus of like when something's a label versus when something's a um Yeah, we'll see get Where'd you put our go? I put it in wonder test. That's right wonder. Oh, jeez. Well, I already forgot the name. Yeah, me too I was like, oh god better names Yeah I didn't put it in open ship. Yeah. So what what are names? So I say Argo cd managed by wonder. So I'm saying my namespace is managed by this argo cd instance here. Yeah That's making the association here cannot pass Oh, I think I need to do that as uh You have to Do it as a namespace No, I can't uh, oh see User developer cannot list namespaces in api group Let's see. Oh, see edit project. I think I can do it that way I think this is the the open shift way of doing it Either that I could just do it as as admin. Um, what's the Please edit the Field is immutable. What? What try updating the namespace Oh, okay, so it actually wants you to do it. Yeah in my face Okay, but you just did this Yeah Wonder test I think I may have to do this as an admin. Oh, yeah, I was about. Yeah, okay Okay, what I can do is I can do oc um Would oc delete Wait, that won't work. No because you can't If you can't edit it, you can't Well, I wonder as a as a regular user. Can I create a namespace? If you should Let's see. Let's try it right Create a new one Yeah, I think I have to go through the project. We'll see. No, delete it delete it. It's deleted Can I do See what I hate right? Okay, so let's do this oc Create namespace dry run equals client dash o yaml bgd bgd.yaml So I created the yaml. Okay, and then it's metadata labels, right? Yeah, we don't know we'll try it Uh wonder tests. All right, let's see if this works. We'll see create dash f Create oh, I can't believe I didn't catch that Yeah, I didn't uh, yeah, no you That's weird. What did you did you do something weird to the yeah, I think I think yeah, I think I broke it, but let's I'm gonna do it as I'm pretty sure I broke this. Yeah But we y'all love it christian break and stuff Me drop and stuff. There we go. Uh We'll see. I'll see get Uh, oh wait, we'll see So this is another uh, this is an admin command by the way here. Uh, what I'm gonna do So I oc uh create Oh oc adm New project And then you can do uh admin equals a developer and then bgd And I should be able to see oc project dgd. Yeah, I'm already on project oc project It's more either oc get pods. There's no pods there. Okay, uh oc and I'll apply Okay, cool So now if I do oc get project bgd dash ol yaml, I should see There we go. All right Okay Back to our regular schedule program Now I added the label. I don't know what I did wrong. I'll I I got nothing When when when I look back I'll see that's what I did and then I'll mention in the next stream. So tune in for the next stream Yeah, um, so that label is there Right and then now Now I I would have to Refresh Yeah, come on, let's go. There it is It's doing something something's going on How do I terminate? Okay, so it's already managed by Get refreshed again. Yeah, sometimes this takes a little while to If you do a control shift or maybe that maybe something cash on your browser. Oh, maybe yeah Let's do something. Okay Uh, let's take a look at my other configuration Uh, because I do have this working here This is my CICD demo, which I'll go over in another stream, but um This is Yeah, managed by okay, so I do have that label managed by Then I have Do I do anything else? These are other applications. So it would have to be under my tenants Here I go CD Oh, um, yeah, I think I missed something. Hold on. Oh, okay Yeah, I needed to create a cluster role. Um Yeah, all right, uh Although I thought that should have been created automatically automatically. Let's go OC um Oh wait, I have to go now. I'm an admin OC get cluster role binding cluster role binding And then grep argo I wish I had to operate a controller. Okay Okay, so that's that controller. Um Uh, what do you call it? Well, uh wonder wonder wonder test Yeah, so this uh, did we find a bug? So what does this work? I do this declaratively and it works, but like when I do it manually it doesn't interesting. Um Well, wonder if you declare it, of course it works. Yeah Interesting, okay I'm not sure if that's by design or not Yeah, so let's let's just copy it's just copy this right for the sake of demo. That should have worked, but I will I'll check with the engineers. They always they love hearing from me. Um Um, our back so I was doing this thing while I've warmed. Yeah, exactly Um, uh, see here, uh, we don't need those annotations. Uh, we'll call this uh wonder Right because we're going to be your prefix for everything now. Yeah argo cd We don't need this, uh annotations uh wonder And it's okay. So this is the part I need to know. Uh, we'll see Get uh service account. Oops Oh project Wonder test And I am looking for argo cd application controller This guy here So I was doing this thing live once Uh Oops, oh see get uh, no, I already know what it is. It's Wonder test Okay, so cluster role cluster role binding we'll see apply See if this makes it work great creative. Okay Okay, there goes nothing There goes nothing All right, it's hard refresh Try to sync it Yeah, what it's This is the problem see See this is the problem of having end of day shows nothing goes right this week Nothing goes nothing is going right this week on our end of day shows. So right Yeah, it's uh, huh interesting what because it's weird because um Because it does work quote unquote. I wonder what I did wrong Because now it's just a matter of Like figuring out Yeah, the steps I didn't apply The one yeah, one of the yeah, one of the things one of the things about get ops is like you do it once and you forget about it Because it's in a repo. Um, because I do have a working working demo here So tenants so argo cd So roll back So I did the ar back Right. Oh no, this is for something else. Uh, oh boy Our back. There we go. This is on the next episode of get ops guy to the galaxy. So I did that Okay Yes, yeah on the next episode. Well next episode we're talking about this directory structure that I created We'll talk about the directory structures, but uh, see the production. Yeah, it's a managed by so I got that We can go along. It doesn't matter man tenants If you do well, maybe I should just deploy this demo so I can just show you. Um Maybe it's wonder test that's what's doing that No, we picked the wrong name. We picked wonder test There's something there's something hard coded in open shifts that says wonder is for Yeah, exactly what you Have a funny have a funny story about that. Um, we used to um This is our running solaris back in in you know, um We would collect and delete Uh core dump files, right? Yeah. Yeah, totally normal thing to have to do. Yeah so, but like so we hired like this development team Uh to develop like some point of sale thing And they have like folders In their application, right like so they did a get clone and one of their folders if their application is called the core right I see nothing good coming So like the web website went down website went down. I was like, well, what well like, why do the website? Why is this directory keep getting deleted? That's like, oh because we collect You know, we collect things that start with core, right? So like if you do like core dash something, it'll Anyway, so that's oh my god. So by the way, so you're joking about the wonder test so like Crazy things have happened, right? That's amazing. That is amazing Uh to do a roll binding. Uh, oh, this is interesting. Um, I got nothing on my mind. I did our back Did our back twice now? at least It's a nice way to start did Yeah, but like now I'm just doing what the operator should be doing right Our back to because and now what I'm doing is I'm just getting admin access um To that mean space, right? Yeah So the user Yeah, but like I'm I'm already admin welcome dev. That's what you have in here Yeah, wonder test. Yeah No, it should be uh Bgd right in this case. Yeah bgd. That's right. Sorry Uh, we don't need this annotations, right? um Right, but I'm already admin. So like this will I mean, I'm just doing this because I'm just trying everything, right? Yeah We're like this I named it wrong, but I mean well when dev. Yeah, sure But I'm already admin on there. So like this, you know, that shouldn't You can look at the operator logs and see why it's not Yeah, let's do that. Let's go to admin Uh oc get uh oc pro project Open shift get ops Let's do oc get pods oc logs Of the application controller Uh, this gives me nothing Okay Custom resource definition ignores that is Yeah, just kind of this allocation just kind of go kind of see go level things here Arbor's class is sort of thing. Yeah Nothing of value. Uh Let's try this guy. I forget which uh get ops Maybe it's get ops I forget which one they they log this under Listening on 8080. Thank you Okay Okay, well, I'll try the oh, maybe it's you know, the repo server the repo server I should do another episode of what each one of these components does that that would be cool. Yeah Yeah, this is just same thing. Yeah, same thing and then The repo server get ops server That's the one I just did. Yeah So, yeah, and then the The repo server is actually The controller that, um communicates with the get repo right Maybe there's something there. Oh, there could be something broken and off there. Maybe I don't know if it's private. You said it was private, right? Uh, no, no, okay Not this one. Uh Yeah, nothing nothing standing out and it's just regular It's as if It's as if it did nothing, which right, which is which is what we're experiencing right So that that it didn't do what it what it said it was gonna do um So that's strange. Okay, cool. Well, at least, um We have a recorded And I could just say tell the engineers. Oh, hey By the way By the way, this is this happened. Tell me why Yeah So, uh, all right, so we will uh So I'll move on to the next thing I wanted to to talk about Okay, which which isn't um, which I'll actually I'm not going to use this one. I'm actually going to go back to the admin. We'll see get routes And then use my, um Rebo server There we go. This is my, um My argocd My cluster argocd server. So let's go to oc get secrets This should be relatively quick. Um, we'll see A secret Of my cluster To If I can spell to equal dash I can do this, you know, the last stream of the week, man. It's always That's a good point. It is a There we go. All right. So this is um Let me close this uh and close this crash and burn stuff. Um So I have this private repo Right. So like if you want if you want, um, if you want to do Chris if you want to verify this for me You can send that to everyone you should get a a four 404 Right. Yeah, like here, right? I'm not logged in Here I get the uh, this is not the repo you're looking for. Um Sort of thing is I promise Yeah, but it is there because it's private, right? And so this I have a private repo And there's a few ways to do this. Um One is When you set up your configurations, so here if you go to your settings And you go to uh repositories There's a few ways you can do this, right? So you can connect using hdps Right and just give the url and give your username and password And that'll work Right. Um, it even works for private Meaning like a hosted git github, right? If you have like a hosted github server You just put in your tls secret there and it'll use that. Um, this won't work for me because I have two factor authentication So that won't work for me. Um, so I have to do using ssh, right? So um Okay, so if I do ssh here Um, I just put that By the way dot git actually matters if you're using Git lab, right? So there's actually amazing when it doesn't and does yeah, so um So in git lab You have to put the dot git because it does a uh a 302 And argocd doesn't handle those like it'll say A re can access repo, right? So when in doubt put the put the dot git Oops, that's in the wrong place. It's right here repository url and I'll do this here uh private private Bgd And this here I will I absolutely will not do a sully. I'll I'll do this off screen. Thank you Because this is this is my private, uh, your private ssh key. So the the one that you're yeah, you're not supposed to show anyone um And this here I will cry if it gets out so Oh, yeah Like you know why like I don't Share my screen too often, right? Yeah All right, there we go. Um, so once you add, you know, uh the git repo And you do a uh, did I clear my screen here? Yes, I did. Okay. I could put this back up here. Um, It'll have successful, right? So when you see this that means it's successfully connected Really cool, you know, it's so then you can actually go here and um, You know, we'll have private bgd default sync policy manual right depository And then uh, let's just deploy the blue actually is to bgd Right in the cluster, right and let's say vgd, right and you create it Um, you know, I should say out of sync pretty soon. Yeah, right and when I sync it it'll actually go um Go and sync that right Look at that. It's syncing. It's in progress, right? So you can do it with ssh in your private repo, right? um If you don't want to do it ssh And you want but you also don't want to do a username and password. You can actually do it with tokens um So the way that looks here is Let's go back to the repo in this The repositories let's actually delete this Right, yeah delete it and then If I refresh here It'll go unknown state, right? Because I can't you know, I can't it doesn't let me connect to that repo There's no connection to that repo. So it gets a little more just like the rest of us Just like the rest of us. Yeah, exactly. Uh, so here another way of doing this if you go into your settings and you go into uh Where is it? They move it. I feel like manage access second one down access Yeah, should the password No, it's uh, it's actually I think it's actually in my settings over here. Oh, is it? Oh, yeah it is. Um developer settings And uh tokens right so here again off screen i'm gonna generate a token Thank you You could have I mean you could do it on screen and burn it. I mean it doesn't really matter. Oh, true. Yeah. Yeah, true Let's do this. Uh, let's call this argo Um, which I think this is pretty cool. Sorry You can actually set expiration dates now in your tokens and get out before these three forever. Yeah, no and like you would Yeah, anyways, yeah, you would forget that you had this token Yeah, yeah All of a sudden he can still do stuff in your repo. Yeah, exactly Um, and give it permission so I can probably use someone will tag me later Hit me up on twitter or email or whatever. Yeah, whatever the least restrictive is I haven't found it yet. I just basically do all all I'll just do the full control of private repositories because I haven't found a combination that works yet But if you can get it like a read only or a clone only Setting just let me know right and then I'll generate token here off screen Hey, we'll uh copy that My coffee buffer copy, okay, and then uh, cool So now I have a token here. Awesome. Um, and then here you can do Uh, same thing right so go to repositories HTTPS right so you just do an HTTP username It just you can put whatever username you want as long as it's not clear It's not it's not it so it's expecting anything not empty string So you can do like not used right you can do whatever you want, right? You can You know, uh, you know foo you can do a barf, right? Oh, it's uh yogurt whatever, right? Um Uh, the mask. Yeah, this is not actually I'll we'll mess around. I'll just put not use Right and the password is your token, right? So just put your token as the password and then you're the repo Um, how do I go back? Back back back back back. I'm going to burn the token anyway. So the matter This token will not exist. All right, so you just put in, uh Uh This repository URL and then uh connect And unable to the repository authentication required, but I already did that Did I put the right token in Do you need the doc yet? Oh, maybe or do you need your username in there? No, I did this as not used last time Huh, okay Let's go to the docs because I actually um our go CD because the docs Connect repo using sbs antocredentials Access token, okay, because you use the name you might ask talking following instructions to get the Then connect repository using any non empty string as username and access token value as the password Unless I am hold on let me look at my copy buffer Oh, I messed up the token Well Yeah Let me recreate this token No one can see it thankfully I understand I delete this token generate the token You token oh, I had a space and I copied that Oh That'll do it. Okay. That'll do it. All right. Let's let's go back All right. Let's see here. Let's see if Connect come on. There we go. There we go So that was the issue. I had a space in my when I copied the token always something Oh, this is something so here it is actually using so you do a non non empty string for username as it says in the docs And your token as the password and I think this is probably what most people want to do I like using ssh, but for some reason some Some organizations don't allow that forget not sure why whatever Um, but you can use your token. So here, um Uh, see what I do to do a refresh. Should this work? Oh, actually, uh This might not work. What's the error The error is probably it's looking for a repo that doesn't exist. Yeah, it still thinks it's using ssh So let's create a new app Vgd green Yeah, there you go manual Whatever manual is Cluster URL namespace USB gd Green There we go. So it's out of sync. That means I can connect to the the repo Objects yeah, so that's a way to connect to your private repos is uh one through ssh right through the Adding the private key username and password, right? So you can upload that if you don't want to upload username and password You can use a token. Um, you just use the same mechanism as username and password you will um Put non-empty string as username and the password you just put the token in making sure you don't copy the space When you copy your token That's an important that's an important thing. Don't don't do what I did but minor detail Minor detail, but but uh, but I failed because so that way you guys don't fail. It's right. So there you go you use me as uh As an example of uh, don't fail. So Uh, that's it, right? I guess, uh, two out of three ain't bad, right? No, that's not good. I think we got we got two out of three demos done. Um And if you were in baseball, you'd be doing amazing right now. That's right, right? I'm batting seven fifties or what would that be? 600 is not a matter. Six hundred six. Yeah, 600. Yeah Six six seven. Yeah Six six seven or whatever it is. That's uh, yeah, that's like I'd be in the majors Leagues, I'd be major league. Yeah Next level major league playing. Yeah. Yeah. All right. Awesome. Cool. Thank you christian. Thank you everybody for tuning in Yeah, thank you everyone. Appreciate it and uh, we hope That you appreciate this uh Series of demonstrations as always catch up with us by subscribing to the streaming calendar You can always talk to us on discord if you're got a question or anything Feel free to ping me uh short at redhat.com and I can get an answer for you and uh, I'm also on twitter at chris short Yep, i'm christian h814 on twitter or uh christian at redhat.com. Right. I actually got that email Good for you christian christian at redhat.com. I will which probably makes me like stay here forever, right because Now you're stuck. Yeah, now i'm stuck because I got the cool email. I got my first name. So um I Yeah, I never want to give this up. So uh, go ahead uh hit us up. Um, discord is probably the best place Um, uh, yeah catch us on there and yeah, thank you everyone for watching. Yeah, awesome. Stay safe out there folks. Thank you Cheers