 Good morning. Good afternoon. Good evening. Wherever you're hailing from welcome to another episode of the get ops happy hour here on open shift TV I am Chris short. I am the executive producer host with the most here on open shift TV I'm joined by two of my favorite red-hatters Shubik Bose and Christian Hernandez Christian You want to tell us what we're get ops scene today? Yeah. Yeah, so I'm excited today Yeah, and actually Every time you know, you have that intro like you should really trademark that right so like no one else can use it The good morning. Good afternoon. Good evening. Wherever you're hailing from like that should be on a t-shirt I'm gonna you know, like if open shift TV ever gets his own logo, right? Like that with the logo on the back kind of He should trademark, you know, like what's his name has let's get ready to rumble. Yeah Called Christian from marketing who could get to that. Yeah, well, yeah, that's right. Yeah, exactly So So, yeah, so I'm very excited today Today today we have a special guest Shubik Bose, right? So we're talking about the open shift get ops operator Right, so it's kind of something we've been teasing a little bit something we were working on in the background We've You know, we've we've done a lot in this conversation In this channel of conversations about like CD really like a lot about CD, right? We touched a little bit about a CI You know, I actually plan to do a show about tecton and you know, CI in general, but we've been kind of focusing on CD but You know, how do how does red hat and how are we gonna bring like the story together, right? Because it's like it's CI CD devops is CI CD driven and so So we a red hat, right? We've we've we've developed this operator, right that kind of just I think tells the story completely Right kind of like from the developer's perspective perspective was like, okay. Well, like, you know being as a developer How do I you know get started with CI CD in a get ops fashion, right? And so I'm very happy to introduce a Shubik Bose here Shubik can do like a little introduction and then maybe we'll kind of get rolling into what is this open shift get ops, right? So it's kind of like it's analogous. Is it tecton? Is it Argo? Is it something else? So anyways, I'll let you take it away, Shubik Sure. Thank you question. Hey, I'm Shubik Bose. I work as an engineering architect at red hat in the CI CD space I do things like Helm Argo CD Tecton and a bunch of these things to ensure developers can do stuff on open shift Productive. Yeah. Yeah, exactly. Yeah, that's that's getting open shift installs one thing, right? But actually using it That's like that's the important Different Yeah, so I kind of helped with that and I think today the plan is to show you the open shift get ops operator And as Christian mentioned, we try to bring the whole story together because nobody does CD only they will see I as well and Well, we all need something to manage cluster configuration something to manage app delivery configuration So I'm gonna quickly jump in share my screen and show you some of The things that we've been doing with the open shift get ops operator awesome Really cool. Really cool. Let me know if you can see the correct screen installed operator. Yes. Yeah. Yeah It's actually kind of weird. I think this is the only the second time ever in this show that I didn't share my screen So I kind of feel a little liberated To be like, all right, I don't have to worry about what I'm sharing or what I'm not sharing You're gonna do stuff on a screen now Christian. Yeah Yeah, exactly. Yeah, yeah, make sure I'm focused. Okay. Yeah, so we we can't see your screen. So Right, awesome Right. So the name of the office of so the name of the operator is red hat open shift get ops And the goal is that you install this and you should be good ops enabled from that point So what happens after install this? So a few things would you know show up around the console? Of course, you see it's installed But you go here on your launcher and you can see something called Argo CD here already the moment Yes, you don't have to really say I want to install Argo CD especially because like I said as as red hat we were saying hey Your get-up story includes open ship pipelines Argo CD and a bunch of these tools And I want to ensure that they are all installed out of the box So when you install open ship get ops, you had an instance of Argo CD installed for you and we're gonna go deeper into it But outside that it actually brings you Automatically your open ship pipelines operator as well. Why because reasons if you're storing stuff in git you need to have CI for them There's no way you can Get away with that. So which means we're gonna ensure that when you say hey I want to install get-ups Everything that that you need for get up at your CI your CD. They're all set out out of the box So yeah, so then there's no there's no guesswork, right? What you need essentially is like it's like hey, you know, I I want to get up's workflow Let me get started and basically this operator will be here you go. Here is the batteries included. Yeah Yeah, I should not have to read a book after installing Yeah, yeah, exactly. Yeah, it should be a lower barrier to entry definitely, right While we do that there are a few things from the command line tools I'll see when you go to see why you'll see something called a get-ups application manager that basically Is gonna show up as soon as install the operator and it's gonna let you download a CLI to bootstrap and we're gonna get to that shortly, but What I told you all the things that quickly happen. Let me quickly get to the screen There's this Here you go, so let me quickly get to The Argo CD that gets shipped out of out of the box So if you could see I actually Right before this I went ahead and you know deployed a cluster configuration for build config Well, I'm not gonna bore you with build config is but you all know that the build config is a concept in open shape That lets you build images and there's a global configuration. That's present which only cluster admins are supposed to mess with So let's say I need a Specific build configuration to be applied Like I said, this is if you see this is a config.openship.io build object This is a cluster scoped object which needs to which which configures your build config proxy and a bunch of different things That's definitely not something which your developers would put your hands on but a cluster admin would love to go and modify this Oh, yeah So this is like a global configuration like anytime someone requests a build they get like this global configuration You can apply it to your and this is what they would apply, right? So, yeah So so so what I just did here is let me is that I ensure that I could apply this cluster configuration using Argo CD I'm gonna try something else now Let's say I go in and just pick up an example. That's been created by the nice folks of from Hive There is a global red. There's a global configuration for modifying your registry details Also, and this is kind of interesting this makes sure that you can only pull from Kuei and nothing else And I hope that just import my demo all together, but So, yeah, I'm gonna we'll see I guess there we'll see So I go in here and I say hey, this is where my cluster configuration with respect to image registries are sorry and let's say image registry config Let me say here's where the config lives And let me pick up You know the path to the Config, it's Argo CD slash image So I'm gonna say that hey, this is where you're gonna pick up your manifest from for your global image registry configuration And just can set a few defaults and some done. I Didn't do auto sync which is why I'm clicking this here and you could see that. Hey, you know, I didn't work out quite fine It says that hey, you know I think I'm using a dip using a dip There you go. Well, they at least the error message is clear, right? Right. Yeah, totally. Yeah So you could see that, you know, you could potentially use this instance for configuring your You know build config your image registries But then you may not want to use this instance for applications because hey, really good But if I'm just trying to deploy a quarkus application, you may want to do it differently Not So yeah, but before we jump from there, let's let's quickly see a few our back Things that have been done for you behind the scenes. So as I said when you install this you get something like a cluster config Argo CD Now if I had to peel the layers and show you where it's installed sure you would be interested It's basically a new namespace global should get ups where this cluster config Argo CD goes in and sets and You might find it interesting to know Hey, you know, I've heard a lot about you know, Argo CD needing cluster admin to do cluster config things Which I'm kind of want to highlight today that hey, we know that if you give class right minute can do everything But well, there are things you can allow list so that you can ensure You can do a lot of things, but not everything which means Basically scope it down. Yeah. Yeah scope it down. So you can break your cluster to only such an extent and not to a large extent So let's let's see what are the, you know, roughly the cluster roles that have come with this and This is where things will go a bit Interesting. So I'm gonna go here and see. Hey, you know what? Typically to go to OpenShift docs hear the things that they say, you know, you're gonna have to modify your CVO operators, you're gonna do user management You're gonna do console customization as an admin. You're gonna set up cluster roles and you're gonna modify storage So what this cluster config Argo CD does is out of the box It says, hey, you're allowed to do these things because that's what cluster admins do all the time Yeah, and that's why I think a good point to not question here is it's kind of important to highlight it to users that You know, this is a cluster config if you're handing off if you're handing the keys to Somebody you got to be careful because yeah, exactly. This is a part of one So yeah, so in short, yes We are going to ensure that there's a cluster config out of the box And that's because almost everyone wants an Argo CD to configure the clusters initially. So that's the first step While you've done that Now for obvious reasons, let's say Chris says, hey, you know what? I've got a team of Node.js developers who want to deploy their applications Show me. Can you give me the keys to the cluster config Argo CD? I'm gonna say, hey, good I know you but well, I'm not gonna suggest that because that's I know you I don't know you that well I know you well enough, but I don't know you well enough that you're gonna go in and modify my credentials in the OpenShift config namespace I'm not gonna let you do that. Yeah So someone told you, hey, Chris, you know, why don't you create a new namespace for yourself? I'm gonna say that's a good idea. Yeah, there you go And then give him his own island to mess around with. Yeah So I'm what I'm gonna do is I'm gonna say, hey, you know, of course This is an important point to make now is that you're using the Argo CD controller Argo CD operator controller the upstream one which you've been seeing for a while in community operators in the OpenShift groups operator as well, which means We we haven't cloned code. We haven't split out code. We are still upstream first from a community perspective But we are ensuring that you have some of the OpenShift niceness around with it because you have OpenShift and bunch of things in it As part of OpenShift getups, for example we are ensuring that Your Argo CD installation is automatically connected with the service monitor to the cluster monitoring stack We're gonna ensure that your Argo CD instance that's comes shipped with this Is automatically connected with the cluster logging stack? And then we're gonna ensure that hey if this Argo CD operator is an OpenShift and The same amount of the operator may be for Kubernetes as well for non-opening for Kubernetes It's like if it's an OpenShift it should tap into the OpenShift niceness and it should feel like it's well integrated So yeah, those are things that we're gonna do apart from just the upstream operator Yeah, so here here this Argo CD is scoped to this namespace essentially so it's like I'll give you the keys to your I'll give you the keys to your own room Right, but not not the entire house. Yeah. Yeah. Yes. I Don't want the pipeline for production, right? Like I yeah line for my feature. Yeah. Yeah Yeah, totally. I think The so turning in general the idea is you know, I'm pretty sure no matter what knobs you have on Argo CD people are gonna say hey, just get me my own Argo CD and I'm gonna mess with it I'm gonna do whatever you want with it before I'm ready to actually jump into something more serious So this is probably where you could say, hey, you know, Chris, you have a team of five people Why don't you go ahead and you know and get your own Argo CD So I'm gonna log in here, you know create a dev and a you know test prod kind of Argo CD set up for my team now Yeah, totally Now probably gonna do something simple first, which is oh, why you something simple? So let's say now you have Argos installed in Chris's name space all good And it's going to be no brainer to know that we could always deploy things there But what if our Chris says hey, I've got Christian on my team and he has a different namespace to deploy things to I always have to ruin things. Yeah Always always running Causing trouble totally so Let's say let's take a sample app from the option community Try to let's let me first create a project for Christian So Christian, this is where you know applications relevant to you are supposed to live So let me try to go and apply there from the Argo CD, which Chris just got for himself Sorry, Chris and Christian are pretty confusing names with their sound similar, but Yeah, we'll take it. We'll take it. Yeah, we'll figure it out. Yeah, you should fill that out awesome, so Quit a new application and I'm gonna tell you here, you know what you better Get this into Christian's name space There you go. Throw some taxi or socks Kind of get spot on over here, but that's fine. That's not a point So I go and try to create them here. Let's say it's going to sink. What is the automatic list buttons to click? and It should fade Fantastic, why because Chris account? Yeah, because Chris took this namespace and I was at instance saying he wants to use it for his own Namespace and not start deploying in somebody else's namespace Right, which is a good thing, right? Like we don't great. Yeah. We don't want to cross streams, right? Like we don't want we want to make sure that You know as a namespace scoped Argo is right His namespace. Yeah, exactly Right, so so now let's see. How does Christian allow Chris to deploy things Into Christians namespace So let me take a quick look at So this is the service account Don't worry. This will all start making sense. I got a role bindings and Christians So Christian is not gonna say hey, you know, I'm here by going to allow Chris To deploy to my namespace Are, you know, Christian feels pretty Pretty good and say hey, you know what I'm gonna make Chris an admin in my namespace Be careful. I'm giving you keys now. This is gonna end horribly So Chris allowing Christian Sorry, it's Christian allowing Chris, right? Something like that. Yeah I'm allowing Chris. Yeah. Yeah, it's your namespace questions. So you should be allowing Chris and not vice versa Awesome, so I create this and there's a role binding creator, which means at this point Give this a try Demo gods be nice with me. I think you have to stop that sync. I think maybe Yeah, it's not in progress. I think it went beyond that. Let's see Yeah, it's probably going to, you know, yeah attempt number four It's better Yeah, I shouldn't have done it. I shouldn't have done an auto-sync there, but Never mind. Yeah. Yeah. Oh, there we go You're now Now Chris is deploying guest book in my namespace. Yes, and Chris was allowed to do that because hey You know, there's this pretty little role binding that you could add In your own namespace question so that Chris could do that. So What I tried to demonstrate here was let's say now here comes show big says, hey, Chris You know, I heard you want to deploy things in my namespace, but I'm not gonna allow you unless you tell me why Chris is gonna tell me hey show big. I'm gonna, you know deploy these nice applications which you built I'm just being nice and it's a sure, you know, here's a role binding from this point on You're allowed to deploy things in my namespace And that's how I think I would expect a lot of teams to function, which means It's wrong to give these powers to the Argo CD administrator Because then at that point you could use that as an escalation of privilege rather The one who is being Administrated like in this case Christian should be telling Chris, you know I'm happy to give you the keys to my namespace go to deploy things Without that, we're not gonna let that happen. Yeah. Yeah, so it's essentially what what you're doing here is Enabling cross-team communications or enabling cross-team Using the platform, right? So instead of going through saying hey Administrator, please give, you know, you know, Chris short access, you know or vice versa This this this tool using the platform of open-shift is like hey since I'm an admin since Chris is an admin or whatever of his own namespace We can, you know Essentially work work together Deploying applications, right? And as Chris was saying, this is actually a pretty powerful tool, right? Like as to say Chris short is a You know, not an engineer. Maybe let's just say he's like a project manager or an architect, right? And he's building You know different namespaces for different environments like dev test production for a different specific application stack He could then have teams work together and deploy together Yeah, I can definitely see the power in this definitely already Yeah, I think That's right. I think in general we want to ensure that, you know There are these clear roles in the industry. Somebody could be a Kubernetes administrator But that same person may not be your Argosedia administrator, right? Same person may not be our GitOps administrator. So Chris is the GitOps administrator But not the Kubernetes administrator in this case and therefore we want to ensure that We do not, you know, inadvertently Give Chris the keys to the Kubernetes cluster because there are different roles and we want to ensure that our platform should not Help people make those mistakes it should We shouldn't help you make mistakes. Yeah, we definitely shouldn't help We shouldn't be like to keep you out of your own fault. Yeah When you're shooting yourself in the foot it shouldn't be us pulling the trigger, right? It should be right No, definitely definitely and and you're right, I think you touch on Should be I think you touch on a really interesting point where a lot of people see like the Kubernetes administrator being Administrator for everything and that's not necessarily true, right? And that's actually not necessarily, you know, kind of peeking behind the curtain a little bit I'll give you kind of our even our own SREs, right our SREs For OpenShift dedicated. They're broken up into teams there. It's not, you know Yeah, each, you know, there's not one team that does the whole stack It's each team does an individual piece and they work together And I think that just basically shows you the power of having something like a feature rich RBAC To allow certain of this this communication, right? So a lot of the times you're right like the person doing the releases Isn't the guy that's managing your machine sets, right? That's that's like another team, right? That's so Yeah, yeah, another person another department all together working together, but it's it's a you know, it's a whole entire ecosystem Right. Yeah, I think That's it. I think now what I'm gonna do is let's say, you know, Chris comes in and says, hey, you know You know, I'm all good with the cluster now. Can you get me cluster config powers? I said, hey, I could give you that Can you still get your own cluster for that? I said sure we could do that But then I could kind of show you here that here is my Let me kind of check here. So I'm gonna create a new application here and I'm gonna try some of the old stuff that I was trying here Um, let's say I want to try and go and do some console customization and Let me say I am Chris is doing this Let's say Chris wants to do some console customization. I say Nice name here Let's end up in and let's try to create this Let's see what happens here See what happens anytime you click the sync button. You never know what's gonna happen magic Either magic or darts I mean, I think there's like a driver-run command, but like I don't think I've ever seen anyone use it It's like, oh, all right, let's just And I have come to you know, enjoy the whole message where it's a sync failed because I'm that person says, hey Well, I could successfully block you from doing what you should not be doing. Yes, exactly Yeah, like sometimes that's a good thing. You're like, yes, I can actually it's good that it's you know That is blocking you're doing this thing. Yeah So the other thing right? So I try to go and modify your cluster cluster scoped object here and it failed and That's a point to make is, you know The same operator is giving you two different RGC instances one that lets you do it The one in the Openship. They're off namespace and one that does not let you do it. So where's the magic? So where do you turn those knobs? You really turn those knobs in the CR, but well, if you can turn the knobs in CR, everybody can do that so the idea is that We kind of add to a global allow list that which namespaces are allowed to have cluster config Argo CDs and again, I don't know why somebody would need 10 cluster config Argo CDs, but let's say you need it Could be a million and one reasons why that happened So let's say now I create a new project. Let's say this is called Chris cluster config Nice name without hyphens and this is where Chris Wants to go in and install a cluster config The harder the better the hard read the better I'm gonna go to so let's say now I'm the admin who installed the operator in the first place So I'm gonna put on that hat different hats here, okay I'm gonna go here and say, hey, you know, this is the operator and I just got a phone call from Chris saying that hey Show me you have the powers here. Can you go in and set me up for a cluster config Argo CD and I asked Chris a few questions And then it's cool. Yeah. Yeah, you have to pass the questionnaire first Chris, all right We need to we need like a psychiatric Yeah requirements that I cannot fulfill on the show. Yeah And then I was a school, you know, what do you pass the test Chris? I'm gonna give you It's a miracle here we go So this is a view which a lot of folks haven't seen before but it exists which is you can actually set environment variables in your Subscription object that would get injected in your operator So as a Cuban assignment, I'm gonna go in and say, hey, you know Let me put that list put that namespace of Chris in the in the list of allowed namespace allowed namespaces for cluster configuration So I'm gonna say Chris that complex name Now you do this to yourself Member you're the admin at this It's all your fault now Right, so there you go I added that to the list of namespaces allowed to have cluster config and like I said This is not something that you should be able to do through the Argo CD CR Especially because yeah, then anybody would be able to get a cluster country. I'll see that's totally wrong This is something that is highly privileged and should be done by the So I wonder I wonder if eventually We can see I don't know if you're accepting Request live, but it'd be cool. Like if you could just as an admin like if I could just annotate the The namespace that I the namespaces that I want be managed I mean the CR is fine the editing the Editing that file is easy. So like, you know, you could put a you know, it'd be nice to be able to annotate it eventually Yeah, you're right I think in short we will have to ensure that it has to be a resource that Could that could be annotated only by the admin so If it's a namespace like if I'm trying to annotate that, you know, Chris's namespace and Chris would be able to do it And I need to figure out how that shouldn't happen. Yeah Think in general we want to ensure that and again. Yes Christian. I'm totally taking feature requests on live TV For those of you who are watching start writing them down really quick Yeah So I think one one feature request which we often get is that hey, you know, you just made me You know show me cool things on the UI and then finally throw me down some YAML to update this. That's so uncool But then I think in in short we're gonna have this config Options displayed in the UI as well. So which means yeah, yeah, you should be able to go here Go to subscription and edit that in here. That should be possible. That's the next So now that's done and again, this is a little Admin stuff here, but I'm gonna still gonna show you if you see This is my good ops operator pod Which is running and if you go in here and just to show you Like this resource this one Yeah, so this is the good ops operator for that and I'm an admin So I'm allowed to do and so this is where you might see a boring stuff. I'll show you So as soon as it did that you could see it got into the environment This is probably a cool OLM feature that you should probably learn about in case you're not aware of that You would actually have your subscription object hold somewhat for environment variables It really helps with the fact that The one who wrote the operator may not be the one who is running that operator, of course And customers should be able to pass environment variables to your operator if needed and that's something that we You know made use of here. Oh, yeah, I'll set them down. I'm now going to Get back to what we were doing which is You know, we created this complex namespace name I'm going to create an Argo CD instance and I say Chris Cluster, let's call it that. Oh, right It feels special I have a whole cluster supposedly Get the route There you go. So I'm gonna gonna go and you know install Argo CD and before I even get to you know The Argo CD UI I'm gonna go back to show you some young again. Maybe but not exactly So let's go to the rules here and see, you know, how things have changed years. So Yeah, so like, you know, we're Chris, I think Chris short made the the joke of like people now have like YAML engineer in the resume Just because we just do so much YAML. Yeah So if you see here, there is a new cluster role that got created for This instance of Argo CD, which gets you all these different permissions, which it's done happen. Actually Because why, you know, the admin after getting a phone call from Chris went and did that That's pretty cool. So the operator automatically did that like so when and when Chris requests his Argo CD instance the operator sees. Oh, hey, looks like This this namespace is allowed These extra permissions Nice. Yeah, that's and it just automatically gave that to you without, you know, Chris having to think about it It's just like I just have it now. So that's pretty cool and then yeah, so so in this case the The idea is to ensure that The admin has the powers to pull the plug on this whenever needed, which means yep We're not happy with what Chris is doing. Yeah, exactly Chris, you know that. Yeah, exactly. Yeah, Chris told me oh Chris told me over the phone that he's just gone going to He's just going to allow only quay IO Images on the cluster. But now I see he's also allowing Docker hub images, which is fine But he didn't say that that time right is an admin thing Hey, you know what that doesn't match with what you asked for and I'm gonna take this part Take these powers away from you, which means you still got an Argo CD because like I said, there's no harm with that But you just don't Get to do cluster configuration with it. Yeah, that's why things in that namespace, right? Thanks. Yeah, I think with that I'm gonna quickly jump over a few Areas around CI and CD. I'm gonna Show you some of the cam CLI the get-ups application manager CLI I'm gonna walk you through some of the directory structure guidance is that we've been coming up But before I get to that, it's slightly different topic Christian. Is there something that you want to add? Are you good? No, no, I think I think this is good. I think it actually just shows the fact that Leveraging the the RBAC and and having the the operator take a lot of the guesswork of the RBAC is Big, right? So that you know, you That's where most people shoot themselves in the foot, right? Yeah. Yeah, well, I mean, I mean, yeah, of course, right? Like and even I'm I'm being I'm like guilty of this is like I just work cluster You know give cluster admin, you know my RBAC and just let it do whatever it needs to do But I mean in a production, you know environment That's not gonna fly at all. So having that that flexibility of being able to Not only give people certain roles, but also Taking the guesswork out of it, right? So take a lot of the guesswork because, you know, our back could be really it's really granular in Kubernetes, right? Like you're literally You know, you have to specify each role in what you can do for each object and it can kind of get you know For each API group, right? Like it could get kind of overwhelming if you don't know what you're doing So yeah, I think this is really cool and very powerful. So Right, I think to to quickly add to that since you brought the topic up I'm gonna get to it before I jump to the next topic on this is It is important for you know From from a no from an open ship perspective and even and even from a you know, get ops user perspective It is probably important to be granular as much as possible. Yes, which means I would rather be happy If I saw a list of hundred different permissions here Than one permission saying that cluster admin, right? Yeah I think that's an understatement So which means and again, I'm taking I'm taking features I'm taking feature requests here, which means If you put on if you're an admin out there and if you think that there is a very common cluster configuration To ask you to which is not represented by the permissions here Yes, you could definitely go and create your own cluster role and create a binding to ensure it works But the idea is that we want to ensure that we optimize for the 80% case in a way that yeah Something that people are doing out there. We need to take we need to be cognizant of that and ensure that The cluster configuration rules that we ship out of the box Should be aware of it. So I still remember I think I think Gerald had told me, you know, what I do Console customization a lot and I said that sounds great and that's why I'm gonna put this in Yeah, yeah, exactly You know, it's not just him like we've invested I think in the open shift project a ton to ensure that you should be able to customize a console and that's a very You know cluster admin thing and that's where you know, we need the feedback from you folks are watching this is that What are the other things other than you know, storage our back console config users? OLM operators That that you do on a day-to-day basis on your cluster that you think should be shipped out of the box If there is something that's not represented here and that's fairly common I would love to have them represented here in a very transparent way Yeah, oh, yeah, definitely and like you said, it's better. It's better to have this big list and Star API group star Resources all resources right like that's yeah, that's scary. So cool sounds good And and then we're gonna ensure that you know in the future releases You should be able to take stuff out of here as well Not only add things to this list So just just to ensure that if you want to do our you know cluster config You should not be left with a huge list of things even though this is still better than the star star Yeah Right so with that I think I'm gonna quickly summarize what what we did here today before I show some of The good ops application manager what we've been doing a quick summary You know if you've joined late or you know, if you've not been following because there's a lot of information out here Um So this just came up in chat a feature request and this is probably more for Ali and that team Show the selected UI config as YAML manifest side-by-side right like that would be awesome That's actually so for for Aaron, right? I actually brought that up to Ali I'm like it'd be cool Like to have three choices right to have the form view the YAML view and then the side-by-side view right and as you're making changes The YAML is changing on the right side. Yeah, I think that is very powerful. So ACM does it so let's bring that that yeah So Aaron Aaron I don't know how to pronounce it sorry, but we actually did give that feedback to the UX guys awesome awesome awesome Right, so I think so I think a quick quick summary we install an open shift Good ops. You get a free Argo CD for cluster config which your equipment has access to out of the box Everyone on the cluster can get their own Argo CDs Not that you recommend that but we know people want it You can get your own Argo CD, but you can only play within your name space That's all you can do there unless you unless somebody allows you to mess with their namespace in this case Yeah, yeah, Christian allowed Chris to mess with his name space and we allowed that. That's right So we allowed that we allowed that eucliness to unfold. Yeah And then yes, if somebody else wants to cluster config Argo CD, call up your QBadmin cluster admin And the cluster admin is going to ensure that, you know, you're set for a cluster config Argo CD because that's serious business and we don't want to ensure everybody on the cluster has that With that, I'm quickly going to jump into some of the tooling that we've been building so All good, you know, we've discussed about how to our back your Argo CD instances, how to ensure the right folks The intended folks have access to the intended objects. We've discussed that now. I think we're going to go slightly into, you know, on the developer side of things a little more, which is, you know, I got, you know, a bunch of code out there. And, you know, I know that these tools called customize that are used to ensure you could take your application configuration in one place and have overlays on the same base for different environments. Now these could be pretty overwhelming for a lot of folks, even for folks who've been doing this for two years, it can still be overwhelming because, hey, I just want this to work. I don't want to go and write customized stuff for it right now. Yeah. Well, it's, it's funny. I'm a big fan of customized. We talked about customized on the show, right? Oh yeah, all the time. A few time. I love customized, but yeah, so there's, there's this like You can kind of get yourself into a loop, right? With customize a little bit, right? Because it's like, you go, okay, like, because you want to kind of unravel what's going on here, right? So, like, you follow, you know, someone's, you know, base to another base to another base to another, right, like, and you The tree gets leaves. The tree gets really, yeah. The tree becomes a forest pretty quick, right? Because, you know, because you can always pull in things and just patch them, right? Yeah. Which you, what you should do, right? Because you don't want to read, you know, have the ammo everywhere, but sometimes you're, you know, you throw yourself to search, circular logic, right? So, Yeah, but definitely, but we love customized. I like customized. Yeah. Just even outside of like Argo and everything else just standard. I love, I love customized. Right. I think, same year, I love to use customized. And I think during my day job with a lot of applications, I ended up writing customized. And I think one of the things that I often do is I go see my reference customized repos and I copy based stuff around and then they work. Yeah, exactly. But then I think there's one other aspect which I'd like to address, which is that a lot of engineers are probably not going to be great with customized. And that's that's for obvious reasons. They spend the time writing corks applications, they spend the time writing NodeJ applications and I do not want to burden them with writing customized, for example. Oh, but definitely. Yeah, yeah, someone's not someone's going to do it. Hopefully it's not your, you know, your, your developers and actually developers don't really want to run like because it's a lot of YAML right like I don't want to mess with that. I just, I just want to write code. So yeah, I totally get that. Yep. Right. So I think one thing that our team has been, you know, working on for a while is that figure out what is the right directory structure for you to lay out your application services environments with customized. And then ensure that the whole thing works with pipelines, slash tecton and our custody of course so here's a sample repo, I'm going to show you first and then I'm going to show you how we came here. So in this sample repo, we effectively have a pretty big customized path here so I have an application and inside that I have a service and inside that I have my diploma in manifests. Now, while you may say that hey, you know, let's have a simpler directory structure. I'm told I'm totally for that. But then I think we're trying to strike a balance between simple and powerful and sometimes. Yeah. Well, and you know, I think everyone has the same opinion. I did at first when first working with customized. It's like the directory structure should be completely simple. But then as you work with it and as your deployments get like more complex, your your directory structure gets more complex and all of a sudden you're like, how did I get here I wanted this to be simple. Right. But like, it's, you know, you're right, like you want to strike a balance between simplicity but at the same time you want to be like flexible and powerful. And that's just essentially just translates to, you know, directory trees. It just does. It's just the nature of how customized works. Yeah, totally. Yeah. So, so then yeah, in this case I have this directory tree which is an application and a service inside you see Sorry, sorry to interrupt again, but I want to say that if Gerald hasn't showed you he's like very opinionated on how the directory tree goes so like if you, by the way, for those are watching Gerald's an architect the solutions architect that red hat but that we interact with a lot. Yeah, he's like very opinionated right so if you suppose offline if you want to ping him and ask him like what's your, what's your opinion on directory structure for customized and he'll give you this, this big, this big repository and he's very opinionated on it so Yeah, I think he has a blog post on it as well right. Yeah, yep. Yeah, we should put it on the chat because I think the folks watching this would find it very handy. Yeah, actually, yeah, so I'll look for that while you while you Yeah, right so on that, you know, we want to ensure that you don't have something that simple not powerful rather simple yet powerful. Which means that it typically gets pretty hard for a lot of team members for a lot of engineers who are probably know just engineers caucus engineers who don't want to spend time writing a bunch of them like they can but that's not what this should be doing so do you want to ensure that we provide a directory structure out of the box that you can put in your stuff in and you're good to go. Um, so this is one such sample directory structure and show you the CLI and shortly, but in general the idea is that you want to ensure everything should be get up to fight sorry for using that term but in general I know I think we coined a new term on this show. Get up to fight. I want that on a shirt now so Right. So, so someone say, hey, you know, I have this cool thing called tech town, and I want to ensure that should also live on my get. So I got all my, you know, tecton objects and they can also be pretty complex on my get repo managed by someone we can come to it with someone is but the goal is that it has to be managed from get as well. Simple or complex doesn't matter in the get ups world what we're saying is that there's any email that's going to be applied to the cluster and we turned into a resource on open check that should be living on get. So in this case we have your CI pipeline configuration living on get and being driven off get. You have your August CD living off get and you have your environments which I just showed you now, how do you get to this. I think that's the bigger question that we typically have that where do we start. Yes, you could have strong opinion on it and that's great. But then what if you don't have an opinion you say hey you know what I don't care. Give me something that works. And that should work well enough. Yeah, so I think and also it's very. It's very important to distract that balance right because we have our opinionated approaches, but also when you're starting from zero like I want to start with at least a, you know, plausible good practice right like so but like what is the best practice. Because I don't want to start from zero so like you got to find you know, you got us in order form your opinion you got to see others opinions first right so I think. So I think you know although being opinionated is good because you know it comes from the fact of experience. Also like when you're when you're starting from zero you need to start somewhere so that and I think that's what the CLI tool attempts is like having some sort of same best best practice. Totally yeah. Yeah, I mean, your, your, your question that it's great, you know, we have opinions and that works but even the person with a lot of opinions at times says hey just get me something that works. I get to the mind. Yeah. So yeah with that. Don't want to don't want to build from scratch all the time. Exactly. Yeah. So I think with that I'm going to quickly give you an overview of the cam CLI that we've been building and which you saw you could actually go and download after installing the operator from your command line told you could download the get off application manager. In short it's called cam from the console itself. So what this potentially does is it basically has a bunch of options and a cool interactive mode as well to take some basic things. Hey, you know, I want the source code. I want to push it to this repository. And I want to ensure they're encrypted, you know, taking five or six pieces of information basically gives you this repository which everything set up so which means within minutes you are good to go with respect to getting your customized setup getting your Tectona object set up and ensuring that you know all your Rgo CD configuration is also in GitHub itself and get itself. So that's what the get off application manager does. It's not a heavy development at this point. So if you're watching this, I request you to go and try it out. If you have a bad experience, let us know if you have a good experience still let us know. We want to ensure that we make it better, but you're going to definitely enjoy using it from perspective that you did have to learn a lot of Tectona customize or Rgo CD to be able to start getting to use all use all of those technologies. So with that, I'm going to probably just point out one last thing. And I don't have a demo for that right now set up is that we're going to ensure in OpenShift console that if you have a good application manager bootstrap repository connected to your OpenShift cluster, we're going to give you a nice visualization of the different environments on your OpenShift console itself. And that's going to show up in a So we had that for a while, but then we are rebuilding it for GA. So stay tuned. Oh, that's always fun. Right. He's like, let's scrap it and start over for the GA, right? So let's rush this rush is true. Right. So, um, so I think with that, I'm going to give it back, give give the floor back to you question. Yeah, yeah. No, I think I think it's pretty cool. And I think what what I what I think the potential for the for for CAM is is really cool. So someone like me who struggled with I don't know, Shubik, if you you're probably too busy, but I was kind of ranting on some of these channels here that we have on Slack about how hard Tecton is to wrap your mind around it, right? Just a paradigm of Tecton. Tecton, Tecton, whatever. What one of them's popular ones not. So, but, but I think the the tool is really cool because it kind of, you know, for someone like me who was just learning, you know, can give you like a sane, you know, starting point, right. And so, I think it's really cool has a lot of potential like I can bootstrap and have Tecton I can have Argo I can have my applications. You know, I know we just scratched the surface of this operator. You know, you can incorporate sealed secrets with it, you know, you kind of have like this whole workflow built around the, the, the get ops application manager right cam is what we call it I guess for Kubernetes application manager but for copyright reasons. We have to call it something else. But, but, but it does not have a full form. That's how I say it. Yeah, yeah, exactly. Yeah, we're not at the full form yet. So that's, so that's pretty cool right so. So yeah, so let me check the chat here. Yeah, so Aaron Diaz any idea when OpenShift get ops operator will be generally available. Yeah, so. So I know we're coming for tech preview. So it'll actually be in tech preview in the next few weeks, hopefully right. But for GA, Shubik, I don't know if you have any idea or in general. And probably shed some light on a couple of interesting information there so we're going to go with get ops operator tech preview today evening or tomorrow morning. Here we go for 4.6. And then when 4.7 comes out, we're going to make it available for 4.7 as well. The get ops operator and then around the, you know, I think sometime around March, April, we're planning to do a GA of the OpenShift get ops as well. Oh, cool. So you're moving quick with this sounds like you're moving quick with this. Nice. Nice. Yeah. And I know there's been a lot of uptick right because I, you know, although because I've seen the Slack channels and all of a sudden you started like with like, I don't know, like two engineers and now like there's people I don't recognize on there. So it's going quick right so it's pretty cool to see how many engineers we've thrown this behind this so cool yeah so it's going to be a tech preview in 4.6 and 4.7 so that's going to be. That's going to be pretty cool. And so, so I guess we're, we're, you know, we're hopefully getting some sort of GA around, you know, sometime the end of this year or, you know, say half this year. Yeah, we're moving really quick. Cool. Yeah, I think we're trying to ensure certain while we are on this topic, I think between tech preview and GA. There are a few things that we want to ensure, you know, which are probably not super visible to a user but we still want to have in this whole thing that we're shipping. We want to ensure, like I said, we have a very solid support for monitoring on OpenShift with the cluster monitoring stack. That's something we're going to try doing better than what we have now. Same thing with cluster logging. And yes, we're going to ensure that, you know, you have a streamlined experience while, you know, you use OpenShift get off. Like I said, it should not look like you need to read a book after installing the OpenShift. I think those are some of the experience improvements, like you mentioned around ensuring that you get to see more in the OpenShift console as well. And I think we're going to try to make sure that we get to see more in the OpenShift from seeing on them on the August 3 UI in the native view. We're going to have that. Yeah, and in general, if you're watching this, I think the interesting bit about GA would be, we're also going to bring an application sets with OpenShift get off if you know about. Oh, that's right. Yeah, so actually, yeah, so let's actually put that in the chat. I can actually, I actually have a show planned just talking about application set. It's actually the topic where I'm going to be talking about app of apps, but then it'll obviously transition to application sets. But application sets is actually really cool. I put that link in the chat so you guys can take a look. Cool. Yeah. All right. Nice sounds good. Sounds good. So any other questions there? I'm not seeing any. I provided a link to get you very on certain force one shirt. Nice. Yes. Right. Yeah. That's right. My t-shirt. Yes. And force one. Right. Well, what's really cool about, you know, for this last few minutes that we have is where with with OpenShift. Yeah. Because it does it for you. Right. Like, you know, like, you don't even need to think about it, right? So like we've gone from like, you know, SC Linux being like, oh my God, turn it off to like, all right, it's pretty usable. All right. Let's keep it on. So now it's like, you don't even think about it. Like you can. Yeah. Now it's the thing that saves you from like. Yeah. Kubernetes breaking bugs. Yeah. Other assortment of things. Yeah. Zero day, you know, things on Kubernetes. I forget that one. I know what the one you're talking about, but like if you're running OpenShift, you weren't affected by it because, you know, I see next. So kind of a little few things here. I have actually PSP. No. It's not using PSP. It's its own thing. It's its own thing. It's just, it's a certain kind of thing. I'm just wondering if the, if it's, it's actually being deprecated. By the way, by the way, so, yeah. So don't even, don't even count on it. So a few things here. I actually, I started a, a get repo here called Argos. Getting started, right? So a lot of the times, especially on the show and especially like on some videos, just so you kind of get the fundamentals started. There's one module right now. I'm planning on adding more modules, but please make sure to start that repo, follow that repo if you want to basically get started with Argo and get kind of familiar before you kind of just, you know, jump into these more advanced topics, right? About like, you know, doing application deployment, right? Do you kind of want to get started there? So that's one thing there. But other than that, yeah, anything else fellas? I think this has been great. This has been a good intro. No, I'm trying to get all the, I shared your, I'm going, well, I'm added your thing to my share queue and... Oh, dev-op-ish, yeah, so. Yeah, yeah, yeah. So we'll get out there and expose to the world. Wow, someone says they run SC Linux and Arch Linux. Congratulations. Nice, there you go. I like that. I like that, yeah. Yeah, brave and challenging, yeah. Yeah, yeah, it's pretty cool. And since we talked about PSP, I am working with the Kubernetes upstream marketing team to get a blog post out on PSP. There's a little gun shyness around like, oh, but there's nothing replacing it yet. That's fine. We need to tell people that it's getting deprecated first before we tell them where the replacement is. Okay, cool. Give them time, right? Yeah, we got to give them time to, you know, evaluate options and everything. Yeah, so. Yeah, exactly, yeah. Yeah, so I will lead, I will let them know that you were asking about it in a channel today. Is the replacement OPA? I mean, it's just graduated. So that's, you know, the right direction to go in, right? Yeah, so I don't think there's, yes, there are other options out there, but there's not many, and it does look like OPA is going to be the de facto, but that could change at any point in time. This cloud native community moves real quick. Since you don't have a lot of time left, I don't want to start a discussion on security context, but yeah. Yeah, yeah, exactly. Cause that could be its own series, not even its own show. That could be. Sreentho, you're having problems? Just email me, cshort, at redhead.com and I'll get you fixed up. That's right. He used to be in the Ansible team. So he, not only OpenShift, but he knows Ansible stuff, so cool. Why do I even know Ansible stuff anymore? But yeah. It's been a while, yeah. Like, yeah. Anyways, all right. Great show, Zhubik. Thank you for joining us. Christian, great show as always. And thank you everyone out there for watching. Tomorrow on the channel, we will have an OpenShift transformation briefing with what comes first. The tools or the culture. Oh. So Kirsten, Gummer, and Diane will be talking about that. So feel free to join in with that at noon Eastern 1700 UTC. So thank you all. Stay safe out there and good luck. All right, I'll do this. Bye, everyone. Bye. Bye.