 Good morning. Good afternoon. Good evening. Wherever you're hailing from welcome to another episode of ask an open shift admin I am Chris short Executive producer host at the most whatever you want to call me. I am the thing that runs the open shift TV Product project whatever you want to call it It is an awesome thing and I am joined by the wonderful Andrew Sullivan and Andrew, what are we talking about today, buddy? I feel like there's some cool things coming out Wonderful Andrew Sullivan. I Apparently, I forgot to put your check in the mail there. Yeah, no, you you are quite wonderful So I can tell it's been one of those days when you like as you're introducing yourself You're you're pausing and doing an um, like you're just it's been one of those days. It's a Wednesday, right? It like It's been a week. Let's just put it like that Hey, it's I was on PTO last week So apologies for anybody who is expecting a live stream last week last Wednesday at this time I was on PTO enjoying some some relaxation some time before Which you fully deserve. Yeah, thank you. But yeah, it was my kids. So we do year-round school here I'm just I'm just outside of Raleigh North Carolina, so we do year-round school. So my kids basically had the week of like the last week of June and then the first half of last week off, right? And that was when they rolled between grades. So my oldest is now in eighth grade and It's also I never understood the whole Year-round school thing in Raleigh. So yeah, anyways, it's a little different. I like the year-round, but so yeah And then they're back in the classroom, which is super weird. You and I were talking about this before we started, right? Yeah, like this is the first time I've been in an empty house for a stream and 18 months like Before we started screaming. Wow So yeah, no kidding Yeah, like Wasn't it wasn't a phone call between you and Chris like Started all this nonsense like at the beginning of the the now times. I guess yeah, we were we were talking about You know, how do we in the time of you know, everything being canceled This was last March. Yeah March. It was right as everything was being canceled and all of that You know, how can we continue to connect with folks? How can we and my thought was you know, if we're not gonna do conferences How do we offer people the ability to have that same sort of experience of I'm gonna walk into a booth I'm gonna find somebody and I have a question. I want to ask and those questions, you know As you and I both we've worked hundreds of booths for you know, probably thousands of hours at this point Yeah, those questions can be anything from I have the support case. Can you help me with the support case to? Like what does this mean? How does this work or what's your opinion on this? Or hey, did you hear that your competitor did this right? And so how do we offer that same experience? And it just so happened that my son was asking about he wanted to be a youtuber and a twitch streamer at the time and that I brought it up with With our manager right with Chris and and he he ran with it and it turned into what you all have done today. Yeah So I was I was just talking to Langdon about it, right like look at how far we've come kind of thing It was it was pretty pretty awesome to like look back. I wish I would have done a better job of like documenting some of those historical things Right because there have been some like step-ups, right? Like we have what we call graduated shows now and yeah, you know the whole nine yards like Like this would have made a great like story or some and at some point we will have a how do we do things here? On OpenShift TV, but that's not the point of this show. Yeah, and I you know me I've advocated for that for that show of yeah, you know the behind the scenes a day in the life of Chris Short Which is not I need to get like a drone or something just floating over my head at all times All right, so I know we've kind of a dilly-dallyed and and small talked here for a couple of minutes So circling back around to your original question So I'm one I'm doing great and two as the title of the show indicates We are talking about OpenShift 4.8. Yeah, and specifically because this is the ask an OpenShift admin Livestream that means that we are going to be focused on sort of the administrator centric or things that are relevant for administrators Mm-hmm. So got to talk to our ops folks y'all. Yeah, and So it's funny because you're just the dev with the OpenShift cluster credentials, right? Which might be a little scary, yeah so originally This show was scheduled to be after the 4.8 G day So late. Yeah, so so very late in the process They found an issue which caused them to delay out the 4.8 G 4.8 GA Yeah, so we're pressing ahead. You'll see I'm gonna show a cluster in a few minutes It says 4.8.0. It doesn't say RC or anything like that Anybody can go and get those bits and you can look at it, but it is not officially GA yet So So I know let me flash the yeah We what we're talking about is in the future even though it might only be a couple weeks away Yeah, so I went and the reason why I'm saying this is because you know Two weeks ago. We had the what's new in 4.8 Livestream right where product management went through into all of this And that's kind of the basis for this show You know a week after that so last week we had all of the PR go out So if you were looking at redhead.com or OpenShift.com right or Whatever the news release thing that we have is Yeah, so You saw all of the announcements we've had a bunch of social media about it and all this other stuff So it's I would understand if you thought that it was already generally available. It is not But it will be very very soon Yes, so we understand your confusion we understand You know There there is a lot of content that is out there about 4.8 and it's not out yet We get that. Yep, and there will be more. Yeah, so yes as we as we go to GA You will see a huge number of blog posts drop over a very short period of time talking about individual features and capabilities and lots of other stuff inside of there, so It's turns from what was going to be like a two-week thing into well several weeks longer than that But just be aware not GA yet will be GA soon. Sorry for the confusion. Yep Okay, first question to George. Okay, I Want to configure Thanos? object store config and receivers is That possible on ocp-48? Yes. Yes, it is. I think it's possible right now in a 4.7. Is it front? Yeah Yeah, so and an ACM will automatically do that as well if you enable So if you enable the user project or user namespace user application monitoring, I'm trying to think of the right word here That'll automatically deploy. Yeah, so that'll automatically deploy all of the Thanos Components so that it can query both instances of Prometheus So if you aren't aware in the default configuration, right when you install out of the box open shift It has the kind of core system Prometheus, right? So there's a Prometheus instance that scrapes and collects and displays back all of the metrics and all the information about Open shift itself But it doesn't deploy and you cannot use that Prometheus for user workload monitoring for your applications So there's a config file and operator you go in and you say turn it on It'll deploy a whole second instance of Prometheus and then configure Thanos and all those things so that you can query across both of Those at the same time user workload monitoring. Yes. Thank you. Yes. Whoever said that. Thank you. Sorry So, yeah, just yeah, yes, it's possible You can also deploy and if you're using ACM ACM will aggregate all of that information up as well using Thanos So that way you can query across all of those instances and you can deploy it manually of course we talked about that in the Monitoring episode which was Episodes ago. Yeah, something like that. I'll dig up the link and it'll definitely be in the Show notes. Yes, we're not familiar with this show Go ahead. Yeah, let's see find the right. Where's the right window? You are the right window Yes, that's the right window So speaking of which just just to show you an example. This is openshift.com slash blog You'll see that after every episode that we do so the following Friday morning We will publish a blog post that has a link to the stream as well as We go through and we cover all of the things that we talked about with links directly to those So, you know here, this is the authentication authorization show right? Hey Did you know you can assign permissions before the user can exist? And you click that link and it jumps to precisely where we're talking about that So keep an eye on Openshift.com slash blog for all of those you can also as a little cheap They all get lumped into this open shift TV category So if you look at that category at that tag up here, nice, you can see all of those blog posts I'll put it not realize that Alex had a whole tag for us. Yeah, so I'll put a link to that in the chat But yeah, you can see all of these you can see it's mostly mine, but there's a few others in there Here's a one of Christians get ops guy to the galaxies So here's the one that you and Chris Morgan did on the launch of open Yeah, yeah So yeah, a little cheat if you're looking for all the blog posts that come out of these these live streams Nice So I need to make that the blog landing point as opposed to but anyways So Kind of moving on with our you know in tradition for this show So the ask an open shift admin office hour is an office hour show What that means is that we are here to answer your questions This is meant to be quite literally and ask us anything type of show So whatever it is that is top of your mind You are more than welcome to ask us in chat and we will address that to the best of our ability and that may mean That's today right now right here. We'll say well, we think it's this but we're not sure or sometimes we've also outright said I don't know You will have to get you on that one And yeah, we will chase down those answers and we'll put them either in the blog post or we'll have a follow-up We'll talk about it in a follow-up episode as well. So Doesn't matter what's on your minds. Feel free to ask away in the chat Whatever platform you're watching on it gets rebroadcast to all of the others. So we'll be sure to pick that up And we're happy to answer that In the absence of those questions or in addition to those questions We also have a topic that we like to talk about right I said before today. We're talking about 4.8 And I also have It's not really a segment or anything like that I also like to talk about at the beginning of each episode kind of the things that are top of mind for me So things that have come up in the last week or two right however long it's been since the last stream that I see as either reoccurring issues potential issues or information right things that are pertinent to you all as Open-shift administrators So with that in mind The first one of those that I want to talk about Let me find my cheat sheet here. Oh Open-shift on arm Yeah, so I am so stoked for this. Yeah, so if we look right here open-shift on arm developer preview So absolutely today you can go to and actually I'll bring it up We can go to cloud.redhat.com slash open-shift We can click on create cluster here and Down at the bottom. We have this AWS arm So if you have arm-based workloads arm-based applications, you want to start trying those out and AWS There you go. We deploy a fully arm-based open-shift cluster. So that makes the architecture can't wait until this is like GA across the board, right like There's so much stuff you can do with arm that it's just possible because of arms like low energy footprint low, you know resource utilization that kind of thing and it's just an Amazing platform and like I love arm more than probably any other Processor architecture out there. I know that sounds like a weird thing to love but I am a nerd at heart. So yeah when I think it was Cloudflare, they had a rack of their Intel servers and a rack of New arm-based servers that they were testing out and they put one of those like power meters in line for the rack And it was like a third of the power being consumed. Yeah, but twice the compute power I think is what they said. It's like, this is insane Yeah, it's um, you know as somebody who uses and you know an M1 Mac everyday, you know M1 my driver. Yeah shockingly fast at everything it does. Yeah So before anybody asks, so this is specifically, you know arm on Amazon, right? It is not raspberry pi. It is yeah, you're not gonna be able to apple silicon, right? Yeah, it's it's not gonna run on an M1 It's not gonna run on an arm arm arm is or not arm pies because that arm architecture is Actually different than the Graviton or Graviton Also doesn't have enough resources even that yeah, even the largest for the biggest pie for with PCIe on it Whatever you want to do still not strong enough to run SCD So yeah, it's it has been asked about and inquired about many times internally But no unfortunately or fortunately depending on your perspective. No no open shift on raspberry pi today Today now So yeah, definitely interesting if you are running those are more clothes if you're interested in the low energy I think they're also slightly cheaper instances inside. They are way cheaper. Yeah, okay. I don't keep up with AWS pricing I just I have an engineering account. So it just I use AWS and I don't know You are one of those lucky few I guess You have what we call cloud privilege Yeah, yeah, I very much so that's when I used to work for a storage vendor and people would ask me I'd go visit customers. Oh, how much does it cost for you know model X? Well, I don't know. It's all free to me. I just put in a request and it shows up So, yeah, I definitely have that that issue Anyways, so moving on so open shift on arm definitely a thing check out the blog post They walk you through how to get started how to use all of that stuff Including down here at the bottom you see List of known issues check out the read me and the open shift on arm issue tracker So it is tech preview or dev preview. I don't remember which But either one means that it is not supported today But that doesn't mean that you can't open issues and stuff like that So you see we have this if I click on that it goes to OCP on arm You can absolutely open issues inside of here if you have problems And engineering its best best effort type thing, right? They'll do their best to help But it is not an officially supported offering, right? So the next thing that I wanted to talk about oh, we actually already kind of touched on this by showing you this interface So I very rarely go to cloud.redhead.com. Just like the base level Yeah, you and I were talking about this. We normally like have multiple layers of depth that we dive into first. Yeah, so If you haven't been here in a while like I hadn't it's been redesigned a little bit and specifically if we go into the open shift tab here There's a lot of really cool stuff that's happening One of my favorites here is this downloads tab So now I can click, you know, basically in one link I have You know quick links to all of the downloads. So here's the oc interface. There's odio Here's open shift install Right direct links to all of those things as well as your pulse secret down here So I find this much easier, you know, previously you'd have to go to clusters and then you'd have to go to create cluster And then you'd have to go to like, oh, I want to deploy to Rev and now I want to do ipi and oh here now finally I can get the installer So clicking on that downloads link much much easier The other thing that I really like is this releases tab This in my opinion is amazing Right, it tells you precisely what are the available releases right now And what their life cycle stage is So I can see right now open shift 4.5.41 is the current release. It is currently under maintenance support Um note to that one 4.8 goes ga 4.5 will go into end of life. It will no longer be supported So I find this to be, you know, really helpful for helping me gauge. What's the current release? Which one should I be on? So here this one is that one's all five four five forty one But you see here how we have multiple releases depending on which stage it's in So stable any us are the same candidate, which remember candidate is not a supported channel candidate is at 4.6.39 fastest 4.6.38 So on and so forth So check out cloud.redhat.com slash open shift you haven't recently You can see all kinds of stuff inside of here New features and functions go check it out. Yep. If you haven't Yeah, yeah, I don't have this is my developer account I don't have anything associated with it but if you haven't seen all the subscription information here and chris our team has a Monthly meeting with the ux team and they showed us some of this stuff around Making it easier to see both individual and your aggregated subscription consumption all through this interface so Yeah, very very cool stuff that they're doing inside of here Yeah, it's they they are ux and ui team are making a very conscious effort to Make this better, right? Like they check with us before they release features, right? Like that is something I've never experienced at a company before. I think it's wonderful that we do that Yeah Yeah, and And to their credit they they take everything that we say very seriously and like I give them every Like no, Andrew's full of crap. Andrew doesn't know what he's talking about. You shouldn't listen to Andrew and they do take us very seriously. So I appreciate that Like we are users of the products As well. So it's good that they get our input Um, so while I'm on the subject here of releases So you you'll see out here that 4.5.41 is the current 4.5 release If you have updated to 4.5.41 You may have noticed that there is not an update path to 4.6 So essentially they found an issue with coro s versioning That made it incompatible So when so you see 4.6.38 So if you're on the fast channel 4.6.38 is an eligible update target and then later on It'll either be late this week or early next week 4.6.38 will move into stable And then you'll have a stable update path which comes basically a week to two weeks Hopefully before 4.8 goes ga and 4.5 is out of support so if you're Up, you know keeping your 4.5 cluster right at the edge of those 4.5 updates. Um, just be aware that there's going to be a A relatively short window Where you'll need to update from 4.5 to 4.6 to keep fully within that support guideline Um, let's see. Oh, what's next on my list? Oh, this is a fun one Uh, so I I don't know why I was doing this. I was searching for something inside of Access.redhat.com inside the kcs and I found this one And this one is super exciting to me. Uh, yeah, the title alone is like super exciting. Please share the link Yeah, so I just posted it into uh, the twitch chat so This kcs article effectively consolidates as the name implies A whole bunch of other kcs articles into one place. So It is what I've been needing my whole life Yeah Like oh you're having trouble, you know My upi installation isn't going the way that I want it to I don't know what's happening and like here Here's an entire You know article about it all the different things you can check and look at and test and You know here you're having trouble with you know Open shift SDN. Okay. What are some things that I need to figure out inside of open shift SDN? So, yeah, uh, wow, okay I don't know. I don't know how we promote this one better inside of the kcs system, but This kcs is is pretty awesome. It's dope. Yeah, I need that So I'm logging in to get it say mark that one now. Yeah for some reason Some of my extensions just went away all of a sudden. That's really weird. Um, you didn't need those. Yeah, apparently not The bookmarking one's still there. So that's what matters the most Yeah, redhead docs save All right, uh, so That's all I've got for this week. Um Yeah for the the top of mind. So let's move on to 4.8 As I said, um, a couple of times now 4.8 is not yet GA again You would be forgiven for thinking otherwise with all of the noise we've made about it But it will be GA very very soon. Um, all things Assuming all things continue to go well right So the first thing that I want to talk about here is Well, actually there's a couple of precursor things. So one remember we did a stream on open shift 4.8 Just a couple of weeks ago. Uh, so I'm going to go to youtube.com and I want to go to and not the base youtube YouTube.com and I want to go to Our age open shift is the channel name. Yeah Or username, I should there we go So if you go to videos and then if you go to, uh, Uploads and you go to past live streams It's a simple way to see all of the stuff that we have here on, uh Open Shift TV Yeah, and if we look back Somewhere inside of here authentication authorization Real workstation Maybe it was two weeks ago. It must have been because I was on pto last week. Cell search. Yep. Here. Here's the what's new There it is. Yeah, so yeah, here's our what's new stream. I'll paste that into the chat here just Drops drop the link to the whole what's new web page earlier. So yeah Um, so yeah, we we talked about a lot of this already You know, maybe in slightly less detail with the product management team As well as at that link that chris just posted we have all of the slides So you can see the slide share that has all of those etc That slide deck has over 2500 views so far last I checked so it has useful information there apparently So One of the first things that I wanted to talk about in the 4.8 release is that Coro s is now based on rel 8.4 Okay So a little known fact so first of all This page is open to the world So this is the ci system that Open Shift uses so you can come to this release status page And you can see Kind of the status of all of the different releases and what's going on with them and Like you see here's all the rcs right here's all the 4.7s and so on and so forth And I can click on one of these so here's 4.8 And I can see All of the different information about it This one's going to be relatively quiet because it's not substantially different from rc3 And right I can get Just a ton of information about what's going on inside of each one of these releases And this this is updated nightly with every one of the nightly releases. So if you are aren't familiar anybody can go to cloud.redact.com you can use the Pre-release access inside of there you can get access you can see there's already 4.9 That's being pushed into the nightlies So the reason why I brought this one up is If we scroll all the way down here, you can see underneath components red hat enterlies enterprise linux coro s and then it gives you this version string I don't know what happens if I click on that. Oh nothing. I get a Bad page strange resolve Maybe on the vpm. I'm guessing that's an internal site Yeah, it must be oh, it's a privilege in the url. That's why So this release string or this name is meaningful So if we break it out the first two characters here So this 4 8 represents open shift 4.8 the next two characters Are the the version of a rel that it is based on So 8.4 And then the last string which you can probably see is a date string And you might rightly guess is the time that this was built from So a couple of interesting things here So let's go back to like 4.7. We'll go with 4 7 18 as soon as I click and This one doesn't have a coro s update associated with it 4 7 17 And we're gonna throw this in chat. It's the warning message that appears at the top of the page The site is part of the open shift continuous delivery pipeline Neither the builds linked here nor the upgrade paths tested are officially supported. So go pull down stuff from here and expect support Yes, this is informational like so you can get context around things that are happening So here we see with 4.7. We see it's based on 8.3 and we can see the build date that happened here I can't click There we go. So and then we have the build date of uh, june 3rd there So rel 8.4. So updated kernel updated drivers I know there was a at least one account team that reached out to me about hey, this network adapter driver It's available until rel 8 4 or 8.4. I can get it added in earlier. We want it in 4.6 Well, no not easily But hey, guess what it's there now. Yeah, um, so one thing to note I I have heard rumor that 4.7 May rebase to rel 8.4 at some point in its future So just be aware if you happen to see this 4 7.84 in the future That means that it's rebased to rel 8 4 nice. So Be aware and yeah, and so that's important because remember it's the e us releases that will stay so open to 4.6 is an e us So it will stay within the rel which I think is rel 8 to u.s release channel So it wouldn't rebase as it goes forward because the other releases the non u.s releases will keep up with what rel is doing So i'm not going to go into all of the different changes that have happened in rel 8 4 and there's a lot of Now, yeah So there's a huge change log that's associated with that you can go and check out All of the rel stuff and the rel core os stuff that's related to that At a minimum be sure to check out the kernel version Make sure that you're not going to encounter any issues there as well as if you're running an open shift on bare metal You may have some important driver changes that are happening there too. Yes and a little nudge for insights here if you are using insights And you install a new version It will look for the new problems that you might have so that That's a little nudge to just turn on insights because maybe that kernel version Doesn't quite work with your db or something crazy like that right like who knows so Always good to have that oversight and they're getting better and better about that all of the time and a little bit of uh good news here in Is it two weeks three weeks? We will have the insights folks here on the stream. Yeah, so we'll talk about all things Yeah, because insights for open shift is relatively new and I think it's as a consequence. It's relatively unknown. So It is not new to the rel and like ansible worlds. I mean, I remember talking about insights when I was on the ansible team, so it's Grown since I first touched it a lot. Yes very much so I mean they have Insights for rev now insights for open shift, you know rel has been two years two years at least now So, yeah We'll we'll get john spinks on And we'll have a good time talking about open shift or insights for open shift and all of the cool stuff that that outputs Yeah, a question here about the compliance operator. Will it get any love and for 8.z? specifically the oc plugin which makes it much more straightforward to read the reports That I don't know about. Yeah, I don't know the answer to that either uh, because keep in mind the operators are kind of built outside of the normal like release process So we would have to actually talk to the p.m. That is Yeah, the compliance operator So our hope nine If there is something Because I I'm not sure what you're referring to with the reports there right If you can send us an email Andrew dot solo net red hat com with like details of what you're looking for there Then we will hunt it down. Yeah, happy to hunt that down Bring in the product manager for that and then we can get good a good answer for you for that But yeah off the top of my head. I I don't know the answer. Yeah, I don't either. I wish I did Because compliance operator it while it being a little new is near and dear to my heart Likewise We'd like to make that easier for folks. So yeah, our hope nine, please email and we'll figure it out. Yeah Uh, so the next thing I wanted to talk about is something that came up And where's where's that link? I'm gonna So open shift com slash what's new So if we go to the slides here I'm looking to use the speaker deck. I'm glad we have it So if we jump ahead here So one of the early things that we talked about was sandbox containers. Yes and sandbox containers spawned A surprisingly large number of conversations internally Yeah, um, and especially with confusion about sandbox containers, which are based off of kata containers and open shift virtualization And we talked about if if if this isn't surprising to you because you do watch open shift tv Religiously, we talked about this on monday on the open shift common stream, but it's good that we're talking about it now here as well Yeah, and I don't know enough to go in depth probably, you know, anywhere near as much as what uh, what they did on monday So if you are curious about far more than what andrew's getting ready to say definitely check out that stream on monday I'm grabbing link right now. Thank you. Uh, so the core thing that I want to communicate here, uh, and basically say is sandbox containers, which is kata containers and open shift virtualization are Fundamentally the same but very different. So what do I mean by that? So sandbox containers uses a hypervisor kvm to provide isolation between container instances So it's effectively creating a very small virtual machine that is running Uh, the the linux kernel and then running the container on top of that So it provides that strong isolation strong kernel level separation between containers It requires a physical server right bare metal server with the virtualization Extensions available right all that other stuff basically until vt or vt vt whatever Um, but you you need to have the hardware virtualization extensions available. Yeah Open shift virtualization Is more like It's a real real. It's a full virtual machine Right. So I am just like I would uh with you know, virtual machine manager or lib verts on my rel host Or with red hat virtualization, right? I'm going to go in and I'm going to use qmu To instantiate an entire linux or windows based virtual machine inside of there It has a whole operating system, you know, all of the things that go alongside of it A sandbox container is basically just a kernel for running, you know an isolated kernel for running that container Open shift virtualization is a full virtual machine. They both require physical servers bare metal. They both require right virtualization extensions all that other stuff So very different use cases One is increased container isolation. The other one is virtual machine hosting So hopefully that will eliminate some of the confusion Please don't be afraid to Yes, thank you for posting that link. Adele, which if you have good eyes, you can see is the p.m. Down here so Adele can go into great amounts of detail if you have questions if there's still confusion, please don't hesitate to reach out Either here in the stream chat you can reach out via email andrew.solovan at redhead.com And we'll we'll be sure to address that And I am hoping to have an entire show talking about this at some point in the future because it's pretty cool technology And there's definitely some interesting use cases associated with it. Let's see go back to my cheat sheet here So api graduations This was a fun slide. I'm gonna switch over should be in here so api graduations vertical pod autoscaler is one that folks have been asking about for I don't know like five releases it's so vertical pod autoscaler is The inverse of horizontal pod pod autoscaler So the vertical pod autoscaler The vertical one is harder than yeah, and this is why it's now So if if you're not familiar horizontal pod autoscaler basically says, you know, there's uh, I have six pods that are running that you know, they're all the same say it's an apache pod and When they reach 80% utilization deploy some more instances of it, right? You've got a service or a load balancer in front of it. It's automatically sending traffic all of those things vertical pod autoscaler is take the running instances And change them so that they go from, you know, maybe one cpu or a thousand millicores and two gigabytes of memory to 2000 millicores and two gigabytes of memory And so it will adjust the size of those pods according to the observations that it makes So rather than increasing the quantity So what does this actually look like? Yeah, let's see here. Good question. Here we go So this is the the the pre g a documentation. I won't share the link to this Even though you can easily guess it if you can It does have a very um, it does have a password protection Um, but as soon as 4.8 goes g a this will become fully available and it should look exactly like this Uh, so like many things in open shift it is deployed and managed as an operator So let's see. Here's my 4.8 cluster I'll I'll take a slight detour here and notice, um, if you haven't seen 4.8 before They've added in some convenience features like you're getting started. It's a brand new cluster So here's some things that you need to do to get started with your cluster Here's a link to the documentation and that goes to the uh day two configuration stuff So they've they've added a bunch of new stuff in in the GUI to make this make life just easier So if we go to operators and operator hub and we do Search for vertical we have this vertical pod autoscaler And I can hit install here And I'll just go with the defaults And we hit install Interesting that the graphic is missing Oh, that is weird. Is that your browser doing that? Uh, it could be it could be I don't know I don't know where those graphics even come from. I think they're I thought they were part of the I think they're embedded in the csv Yeah So I thought Show us what we know Anyway, so that's going through and doing its thing we'll move that over So I've installed the vertical pod autoscaler operator What we'll end up with is a couple of crds So let me change My screen share Changing swishing the guns I know I'm gonna share a region of the screen um You like to live dangerously Only on occasion I'm just gonna figure out how to change the size of it There we go The problem with doing this is it covers up the clock. So I have a harder time seeing well, that's my job When we're approaching time You got 19 minutes, but we do we don't have anything unknown today. So you can go over if you want bonus Andrew time you know There we go And using a mouse is hard sometimes Using my hands is hard sometimes All right, so Let's switch back over here So our vertical pod autoscaler is now installed and the reason why I fiddled with the screen there is that I can easily bring this up So oc get node So we're connected to our Cluster here, which is running kubernetes 1.21 Which means that we're running an open shift 4.8 So literally just as you saw before I went to The the mirror I just pulled down the 4.8 binary And deployed using that to remember that even though this says 4.8.0 It does not say rc or anything like that. It is not a ga version. So just keep that in mind. Yes But you are welcome to their public access here, but still future Yeah, I suspect much like it was 4.7 You know 4.8.1 will be the first ga version But if you want to go and test it out deploy a new 4.8 cluster PGA not supported test it out kick the tires so to speak By all means go go forward So let's do oc api resources and I want to grep without case sensitivity for vertical And you can see that we have these now vertical pod auto scaler CRDs inside of here Nice, I can do an oc get vpa And there are none in this particular namespace or any namespace for that matter And we also have the vertical pod auto scaler controller So if I do Wait, did it just complain that it wasn't in the default namespace and then tell you it's under default namespace? No, it's um Oh, no, I should the namespace is the auto scaler. The name is default. I'm backwards. Sorry. I have not had enough coffee today Default And then we'll output that as yaml. Uh, so what this does This controls the vertical pod auto scaler controller among other things Specifies kind of the the bare minimum if you don't figure anything If you don't specify in your vertical pod auto scaler, this is what it will do So let's switch back to the documentation for a moment now that I've covered that briefly To talk about some of these objects So first the vertical pod auto scaler can only work with a certain set of objects You know workload objects inside of open shift So deployment stateful set job daemon set replica set or replication controller If you're just creating, you know, plain pods, you know, oc create pod or you you're defining specific pods It won't work with that. It needs to be a deployments replica set whatever you happen to be using inside of there So second There are multiple modes that the operator or that the vertical pod auto scaler will work in So you can see auto and recreates Initial and then off which provides only recommendations for the resource limits and requests Initial as the name suggests will basically say when I when the pod is created I will set some initial values And then auto and recreate both will automatically apply recommendations So what that means is if your pod is a single point of failure You rate when if it is set to auto it is going to say hey, I need to bump up or bump down The resources associated with this pod it will terminate it and then recreate it with the new resource settings So if it is a single point of failure, it is going to experience a lot of time HPAs and VPAs are there for a reason Yeah, it is going to be a Yeah, it won't it won't go well One thing to note. You cannot use the HPA and the VPA the horizontal pod auto scaler and the vertical pod auto scaler against the same resource set So it is one or the other. Yep. Oh, I didn't know that So, yeah If you're doing, you know, the whole cloud native right Blah blah blah, you know, if you if you already have, you know, three five ten five hundred whatever instances of the pod out there You're fine. If it's a I have a deployment size of one And it is a, you know, when that pod goes down so to does the service. Well, that that will cause interruptions if you're using the VPA and it resizes those Yes So we can see OC get VPA. We already looked at that. There isn't one inside of there Um, and then we can look at all of the different values that it's set inside of here So what I want to try and do here is Uh, I think I have an application. I haven't tested this yet. So it may go completely sideways and oh, we love that. You know, we Yeah, we'll see what happens Uh, so I do have a replication controller running inside of here But it's very simple. Yeah, it is it's this is my, um Andrew is not a developer. Um, so this is my very simple app that just returns back like a simple json string Uh, so what I want to do is create a VPA For a deployment of basically the same app So I've got my vertical pod auto scaler defined here So it is going to so the target reference. So what is it going to take action against? A deployment that has the name simple deployment And I wanted to have the update policy of auto so let it do its thing Right. So let's first create that You know, if I get my oc get vpa I do a dash o yaml You can see that it is looking for Our application with an update policy of auto So let's see what happens when we create our deployment So a very simple deployment here As you can imagine by the name, right? All I want is three replicas And then we're just using this this application image down here So one thing to note and the reason why I already have an an existing rc here. So we see get pod So let's do a oc describe On one of these existing ones So you note that there is no There are no requests. There are no limits defined here, right? If we look down here at the bottom Our qos class is going to be set to best effort Okay, so let's create our Deployment. So we have our deployments here. It's doing its thing We have our pods which are now running So now I want to do an oc describe On one of these pods And what we should see Hopefully I think is Well, I thought we would see A set of resource limits and requests being associated with it Um provided false mode auto No pods matched no pods matched Maybe I Yeah, simple deployment. Yeah, I'll have to look at this is what I get for doing it without testing it, right? They're right Um, anyways, what should have happened there and Andrew apparently fat fingered it Is it should yeah, I'll I'll figure out why in the interest of time And follow up in the blog post There you go. Uh, but what what we expected to do is essentially automatically assign the default values for requests and limits Right, so that's why we looked at the so if you did the uh When we looked at this auto so it should have done Why did it do that? Uh, it should have assigned a minimum of 25 Millicors and 250 megabytes of memory to each one of those pods Um Why it didn't do that? I I don't know. Maybe it does it as an after-action once it's deployed then it will take action So we'll I'll look at it here in just a second Um But yeah, I'm gonna see 12 seconds. So maybe it is restarting these slowly Oh, well, yeah, but uh, there we go. So it did work Hey, it takes time. Yeah, it just took it a little bit to actually take action against each one of those So, yeah, there we go. Um, so it will automatically assign those resources Over time it will adjust those according to what their real utilization is right and what it thinks it has There's a bunch of rules that go into this that are all in the documentation As well as I will link to this So inside of the kubernetes vertical pod autoscaler github repo There is more information than you probably ever want to know about it. That's inside of here Yeah So lots of good information there about how it works including this proportional The the limits being proportional. So basically it How it creates both limits and requests and keeps them In proportion to each other so that way you don't have one that's way out of a whack So to speak keeps them consistent, right? Yeah. Yeah, okay um So the next thing I wanted to talk about is oh, uh, the api request count. Uh, this one I thought was really cool You know see gets limit that now finally Um, I don't think you can let I don't know if you can limit it or not um, but the interesting part to me was that This will tell you if I can Can I get it wide enough? No, there you go So we'll make it slightly smaller apologies if it's harder to read come on Yeah, there we go. There we go So the interesting thing here is so it tells us How many times each api and the cluster is being used? Maybe that's interesting. I don't find that particularly interesting myself But this column is new and this column Is telling us for example in 1.22 this ingresses v1 beta 1.extensions api Is going away that means it's being Taken out of beta and put into yes So ability yes As and I strongly suspect I don't know for sure But I strongly suspect that as time goes on with our releases, right? So as you get as we get closer to 4.9 for example We'll start including more of these apis that will be deprecated as we know So that way you'll be able to look in the future and say oh And I think the us use case is a great one of these You know, hey, I'm using you know open shift 4.6 us Whatever the next us is Right is going to be you know what three four or five six versions of open shift ahead How do I know which of my Objects my kubernetes objects I need to change or update or use a different api for Right guess what we'll we'll have that ability You know at least in 4.8 and later Where you can go and you can see you know, hey I know that when I go to this next version when I go to the next version I need to you know change all of these objects Hey, so it's it's much easier. You no longer have to dig through release notes and all that other stuff So I found that to be incredibly interesting and incredibly helpful Well, yeah, I mean the release notes have gotten to the point now where it's like almost reading the dictionary For every kubernetes release You don't regularly read the dictionary Not anymore See I'm I'm gonna move on again in the interest of time Because I wanted to talk about did I just skip it? No, I don't know what you're looking for you setting up a seed rest. I'm looking for this one. There we go So this one I I think might have raised a lot of eyebrows. It certainly caught my attention You know, I'm I'm an old virtualization admin And I can vSphere we have things like network IO control where I can go in and I can say You know this 10 gigabit network adapter I want to you know reserve three gigabits for live migration traffic I want to reserve six megabit or gigabits rather for I scuzzy traffic and I want to reserve one megabit or gigabit rather for management traffic All right, I can divide up that and on the surface That is exactly what this looks like, right? It looks like I can go in and I can effectively take These adapters and I can divide up that bandwidth. I can provide guarantees and and other things for ingress and egress traffic Um, so I struggled to find anything in the documentation about this Uh, so, you know, yes, you saw I'm looking at this. Um, you know pre g a documentation, right? It has this big alert over here, right? Um, in case you didn't know you can also go to github Yeah, so github.com slash open shift. You can search for the docs here Um, and we'll go to open shift docs And we have all these pull requests So you can see all of the stuff that's going to be in the docs well ahead of time Including most of the time so here I'll pick on one of these and hope that it actually works So most of the time you see this there'll be a netlify bot when there's a pr associated with it So you can go to the netlify or netlify or whatever it is. Netlify. Yeah Um, and you can see What those are going to look like Right, so yeah somewhere inside of here is whatever change was just included. I don't know what version of open shift This is related to This so this is something 4.7 related But you can find the prs that are associated with a certain feature and then look for that netlify Uh link and you would be able to go in and browse those docs So just a a little hint if you want to get early access or see what's happening in the docs Anyways, my original point here was I couldn't find anything about this Like nothing. Uh, I actually I actually went back to engineering Uh, and I asked them about it and they shared with me an internal only so I unfortunately cannot share Uh document Um, but what I'm going to do is I'm going to cheat a little bit And I'm going to copy and paste the example that they provided So the way that this works is Surprisingly straightforward So I just want the yaml editor here Close that So I'm not actually creating a pot. I'm just using the yaml editor here as a to show off or to show this This example machine config so What they're doing here is Using machine config to create a unit right a service That will effectively use Uh, the ovs ovs ctl vs ctl to configure those qos policies so My and this is you know, I just got this information less than 24 hours ago So I am still digging into this and trying to find out What all is possible what all is supported? Right and how we can take advantage of this in a number of different ways Uh, you know, Andrew's mind again old virtualization administrator goes to things like, you know Hey, can I can I have a set of network adapters that are used for? You know dedicated pv traffic, right? I'm using nfs. I'm using. I scotty scuzzy something like that can I Guarantee an amount of bandwidth to those functions Um, so I wanted to bring this up basically to say if you saw that or if you see that any of the materials Um, it might be a little bit different than you're expecting I'm trying to track that down to ground truth Uh, because I I would really like to show off this feature and this capability and what all that we can do inside of there so Keep an eye out for it Um, I'll I'll make sure if we do talk about it. It's definitely it'll definitely be in the show notes Um, I may even have an entire stream dedicated to this depending on how complex it is Yeah, and what's going on it might be necessary. So yeah interesting stuff I'm excited about it. Even if it isn't, you know machine config is Not necessarily the most user friendly way of going about it. Um, but it's an incredibly powerful feature set Okay, and I know we're at the top of the hour But I'm going to cover one more thing And that is csi So Csi has been in kubernetes since 1.16, I think I think 1.16 was when it went ga 1.16 1.17 somewhere in that time frame was when csi went ga So effectively there are and csi container storage interface is the way that storage volumes are Created and consumed by kubernetes And there are two ways of doing it. There is entry drivers and there is csi drivers So kubernetes announced back about the same time That entry drivers were being deprecated and they would be removed in the future in favor of csi drivers So what we are seeing with 4.8 is the first work towards that within open shift So if we scroll down here We have this handy dandy table of supported csi drivers Inside of open shift So from an open shift perspective, it's important to know a couple of things. So one Today we have a whole list of entry storage drivers that are supported and used by You know, basically Every cluster So i'll pick on vmware down here if you deploy a vSphere a vmware upi or ipi cluster today It will out of the box configure the entry storage provisioner So that you have that thin storage class you can write away go in and create a new pvc The storage class then and it will create a vmdk on the underlying data store In the future We will use a vmware csi driver So that means that entry will be removed and csi a red hat vmware csi provider Will be the default that we use at that point now When kubernetes where when the kubernetes sig You know storage sig and all of them did all of this It was mandated that when you transition from entry to csi you have to have a migration path So Makes sense Yeah So when you do that what you will see is your volumes will convert from entry to csi volumes That may or may not unlock some additional features. I don't have precise details there But you can see at a minimum csi volumes often have additional features and functions available to them So if it's converted, I don't know if those will be available But definitely with a brand new one it would be right where you can do a resize of the volume if it's running say here azure so Be aware and I can dig up the Somewhere in here is the slide. I think we passed it a minute ago Anyways, one of these slides in here I'll find it. Can you do a search? I feel like you could search and the already got it. I just realized I've already got it up Yeah It's like it's like slide 54 for the record tab number 3000. Yeah So you can see all of these are in tech preview today With the exception of gce So when 4.8 goes g a you'll have tech preview for all of these you can if you want You can enable the feature gate for a tech preview no upgrade And it will automatically switch over and it will begin using those like my cluster is deployed to azure right now I can enable that feature gate and it will automatically deploy the csi driver and do all of that other stuff And in the documentation Nope In the documentation here If I go to csi automatic migration This is really important. Remember I said that it'll migrate from entry to csi driver The migration is automatic But what that really means is the tooling is doing it for you You can have it so that when it comes up with the csi driver It will automatically it'll look and see all of those entry volumes and it'll move them over Or you can go through and you can basically say I I don't want you to automatically write so csi migration aws right you can Say deploy the csi driver, but don't update don't automatically migrate all of those volumes yet You know either I'll handle it or I need to do something or whatever that happens to be so Just be aware when I say automatic migration Yes, but no so right it it's really dependent Yep So if we look down here, so vSphere csi driver operator, remember this will be in tech preview and 4.8 But this will be you know using the the vSphere csi driver inside of here in order to provision and consume storage resources I don't know Precisely What features will be available and what that feature matrix will look like So if you're familiar with vmware csi driver, and I know it's the most popular one Which is why I'm bringing it up Let me find the right documentation page here So if we come here to uh supported feature matrix for vmware csi driver Right, you can see here like oh, I need to be running, you know vSphere 7 u2 with You know vSphere csi driver release 2 2 1 right to get you know some of these features Um, you know here online volume expansion for block volumes 220 to 2 2 1 Um, I I don't know how our the red hat vSphere csi volume Driver will map over those features and versions and all that other stuff I can only assume that we will fully document that when the time comes for it to go ga But just be aware. Yeah, it'll be a red hat csi driver for each one of these which means that it is deployed and supported and maintained by red hat Whereas today if you were if you want to use the vSphere csi driver It is unfortunately not a certified one at this time. Uh, which means that It is Well, it doesn't invalidate support with open shifts, right? It is not supported by red hat. It is supported by vmware So, right All right, I uh, we're five minutes over. Um, that's uh, yeah, everything's fine. Yeah, it's I know I'm so used to I'm so used to having our hard stop at noon. So no, I know it's probably joined for you But yeah, there's there's no no hard stop today. So yeah, you can totally go over man. It's fine. Um, do we have any questions? I haven't well the one last couple minutes. So yeah, the one question We did get was where can I learn more about, you know open shift and so forth? So I dropped a bunch of resource links in there Uh, you can also have free trials on the developer sandbox. Let me change the uh little banner real quick So you can get back to that easily No, really. I wanted you to open the obs window Did you uh, let's see. So so ranjan, um Recently started exploring open shift. Do you have any learning videos for your installation and configuration of open shift? Yeah, yes. Yes. That's the one, uh, drop a little links for and then obviously Our archive contains a bunch of resources Yeah, so can we get a pdf of the presentation? It's already there Yeah, if you go here on speaker notes, uh, if you click on the download button wherever it is. Yeah, here it is download Uh, you can see it automatically downloads a pdf Yep, so they're posted there for your downloading and edification Of all things new and open shift. Uh, so so ranjan if you and I I'm I see you dropped a few links inside of there. So I'll point out a couple of important ones Or ones that I like personally. Yeah So here learn.openshift.com Doesn't cover installing but it covers basically every other aspect of open shifts in some way Um, again, I'll I'll make a uh a plug for this open shift playgrounds link down here. Yep Um, so these are just generic Open shifts 4.7 in this case, right? I can click inside of here I can hit that start and it drops me into a 4.7 environment You notice I didn't have to log in. I didn't have to register I didn't have to do anything and I've got access to a cluster for I think he's last for an hour or so Yeah, um, yeah Like when we used to do in person events, you know, go to conferences and stuff like that This is what I used to do demos Yeah, they these are they're amazing and it's a great way to just you know, hey, I want to explore my cluster, you know Give me a fresh cluster. Let me use it. Yeah, so, you know, so you get pod And there's if you want to use the console, there's a link over there on the left hand side to it Yep blue So it'll open up the console for this particular one. So yeah, it's a great way to just full feature kind of demo Yeah, zero efforts and have access to a cluster um, the other one that all highlights, uh, and I don't know how it's linked. Um, so if we go to There is a uh, depending on your infrastructure, we've done a bunch of videos. Yeah On installing open shifts, um, including and I'll include it in the show notes for this one. Um, We did a couple of shows on installing to various platforms on this stream I think one of the I think my most popular video was an ad hoc stream. We did on installing open shift to vSphere. Yes And I feel like we should maybe Do another show similar to that in the sense of we just try different platform, right like Kick the tires on something else And let's see, uh, see what happens if I randomly duck duck go for this. Oh, yeah, there it is. Oh, look at you Damn, that was a year ago. I know Yeah, so, um, actually, that's a good point. Uh, chris. I had floated this idea briefly past you I hadn't really done any checking with it. Um, but running like doing a Super mega stream like, you know, six or eight hours or something of let's go through as many installs as we can Okay team has done that before on channel and it it went Incredibly well, so I would encourage that like maybe we pick a day It'd probably be a friday, you know Just based off the current show schedule and show load and we could just sit down and blow through all of them You know taking breaks when we need to that kind of thing, but yeah Actually, I'm I'm looking for our just if you put There's a live stream If you put ask an open shift admin in front of it, that would probably help. Is that what it is? Yeah, I think so Anyways, I noticed that pull your playlist. But yeah, these are all like Five minutes long. There's one that's like a two hour stream where we went through But we did both upi and ipi and I think we did uh, because it was right when ipi was released And I think we did both dhcp and static ipis even Right. No, we did we did a lot Here we go I'll post that in there. Thank you. Yeah, this one we walked through. We did a bunch of stuff in this one You know like that was back when I Had covid long hair and everything it was before I moved offices Yeah, I mean I think it was before I moved offices. Yes It was So all right, um I think uh, I think we'll go ahead and cut it off there at 11 minutes after the hour. So perfect Yeah, thank you everybody really really appreciate your time today Yes, uh, if you have any questions if there's anything we didn't address Any questions that occur to you between now and the next show, please don't hesitate to reach out to us So you can always contact me via email andrew.solovan at redhat.com You can also reach me on social media, uh, twitter Practical andrew just like you've seen me posting inside of the chat here So it's literally practical andrew no space no dash nothing like that just one word So you're always welcome to reach out that way. Um, or either one of those methods at any time with any questions that you have Yeah, my dms are open on twitter and you can always email short at redhat.com and I I will Get the right answers for you. Yep. Likewise. We are we're very happy to track those down and and make new friends in the pm team. Yes Uh, it's always helpful. Yeah, hopefully not enemies just friends. Just friends. Yeah, um, so I don't know. Uh, so I think we have a what's next presentation coming up So what's what's new which is the one that happened two weeks ago is Yeah, the new features in the next release What's next is the roadmap presentation and I believe that that is coming up in another two weeks Oh next Thursday. So in a week in a week So be sure to put that on your calendar if you aren't aware So you can go to openshift.tv And there will be a link to the streaming calendar. Thank you. I knew you had a macro for that Um, so you can always add those to your calendar. So that way you're aware of it But I love that presentation Even though it always runs way over because it gives us a really good idea of what open shift with the product management What the product team is thinking and where they're going to be going with it We will be live streaming insightful. Um, and both chris and I and probably a few others will be here on the stream So you can ask us questions. Um, you know, what does this mean? I'm gonna miss be added Why isn't this there? You know, did this get removed? Happy to help answer those and we do take those questions and we send them directly to the product management team as well So if you watch the what's next there is a number of questions where we that's exactly what we did as they were presenting We were asking your questions to product management and getting and those answers for you. So yep Awesome, but yeah, anyways have a great rest of your week great rest of your day And thank you everybody for tuning in. Yeah, thank you and one programming note I mentioned on the last stream that we're going to be talking about rail troubleshooting today this afternoon I just got a text where you have to postpone that basically until the next Red Hat Enterprise Linux presents show life happens folks, so This is it for today for streaming it looks like So enjoy your day and stay safe