 Good morning. Good afternoon. Good evening wherever you're hailing from welcome to another episode of get ops guide to the galaxy I am Chris short executive producer of open shift TV I am joined by my fellow redheader and teammate the one and only Christian Hernandez Christian. How are you today, sir? I'm doing great. How are you? I? I'm hanging in I'm going to t-ball practice you're hanging in there. Ask me after that Yeah, okay. All right. Nice. All right. I'll I'll check up on you after that. So Well, what's what's interesting about this Today's episode is that it was something that Someone's been at I guess someone I guess most people have been asking me for a long time talking about our back in Argo CD and it's And I decided, you know, finally to to dive in right to figure out Argo I originally had this this this episode planned like Earlier, but like it kept getting pushed out and pushed out And then we went GA right with open shift get ops and then The content that I had before no longer applies Right, but I think I think I'm yeah Because like once you go GA things break right or like things that were valid before of course. Okay. Well, it's not valid so But I think I'm gonna still go go over the bulk of it is going to be applicable so For me, it's interesting To talk about our back and Argo CD because I always think of Argo CD as synonymous with Get ups and like as a practice and it's like not necessarily right. Um, you know, we've always said chris and I think, you know You said it a lot is that get ups is a practice not a tool, right? But I always but I always you know since Argo CD Um Can be used for get ups. I always use a synonymous. So I always When people say our back with Argo CD. It's like, why are you doing our back with Argo CD? um Because like why why why would people even log into Argo CD like like for me that get as a get ups practitioners Like you're doing everything to get so why do you need to log into Argo CD? But So that's why some cases where somebody might have to log in to manage it. Yeah. Yes, correct. Well once to manage it also it's like um For status right like if a developer wants to see like it's it's my stuff broken You know, like a view or the builds breaking now. Yeah, the builds breaking is my my application and sync Things like that and also people use the whole nine yards. Yeah. Yeah metrics Right, so that that does make sense and also people use Argo CD Not just for get ups to use it for their event driven architecture, right? So like At the tail end of their CI CD process, right? CD obviously Argo CD So, um in those cases it makes a lot of sense, right? For me, it's like, oh, yeah, that makes you know, if you're not doing a, you know 100% get ups Using it as a You know in your event driven architecture. It does make sense. You do want to log in and you know Initiate some sinks pause some sinks doing some troubleshooting that that completely makes sense. So, um Especially when you're first starting to use it, right? Like oh, yeah Yeah, you definitely need to be able to jump in and be like, okay, that wasn't expected. What do I need to change? Yeah, like let me take a look around like how do I troubleshoot? So So in my in in my core, right in my core belief my core get ups, right? Like you're doing get ups My opinion is that you do most of it through get workflows. So you don't necessarily Um need to log into Argo city, but there's a lot of other workflows out there and you actually do need to um You know, I leveraged some of the capabilities. So I'm going to do a First hold on let me show my screen. I'm going to do a um an Andrew here Andrew Sullivan. Okay And basically just troll the docs a little bit. So let me know if you can see my screen. Yeah Here All good I never know what how to move that little thing when zoom comes in, right? Yeah. So I have to Yeah, so that little little thingy. Um, so we're doing Andrew Sullivan So for you guys who don't know Andrew does a uh, um a show Ask a open shipped admin Wednesdays, right? So he does something similar. He kind of just trolls through the uh, uh the documentation the There's something that red has working on a lot is that How do I put this nicely the documentation that leaves much to be desired? So there was so um, there's some stuff that Um is missing right some of the stuff that we're trying to quickly ramp up on We actually hired a bunch of people that do documentation Both in the upstream and in in our documentation to try to you know, ramp that up. Um, so For those of you trying to break into open source software just kind of a small tangent before I dive in Um, the documentation's always needed. Yeah, so like Like if you're trying to get started in a project The doc's team is always welcome Always welcoming people. So like if you're if you're good at writing docs if you if you want to break in Even if you're bad at writing docs, if you're bad at writing docs, it can help you, right? Like they have stuff guys and things like that. So yeah They will they're oh Any project I've ever worked on Um, or it has ever been involved in is always hurting for docs people So so there's a little little clue for for those out there who are looking to break into the open source software open source world Documentation people will love you. Um, so yep Yeah, so let's talk about Um before we like dive into like what our back is actually doing in argo city I want to talk about a couple of concepts of um Of argo city, right? So let's go to the core concepts Uh here, um, let me go to Let me put this in the chat Read the docs Argo city read the docs just, you know so, you know, so, um First thing is application, right? I kind of just discussed this a little bit Before in other shows and if you're using argo city, you kind of get the concept, right? And so, um An application, right the capital a application is an actual it's a it's a cd When you install argo city and it's essentially, um The representation of a collection of manifests, right? So, um In it in a either in a git repo or from a helm chart It's like, you know, something as simple as like pod service route Right and that's an application, right or it could be as complex as all your yammo your, you know, 12 factor Authentic application deployments with all its resources, right? That's also an application. So Yeah, all the bills and whistles. So an application is, um Is it's whatever you make of it, right? It's like one of those things is It's it's it's what you want Call it what you want. It's it's a collection. It's a logical collection of your application of your resources that make up your application What what is that app that? Not a hot dog Not a hot dog. Yeah Yeah, from silicon valley. Yeah, that's a great show. This is not an application. This is not an application. You can define that You can define you can define what an application is. Um, so for me Is all the manifests that make up my application. It's a logical collection, right? And so, um And uh, that's is a uh, a resource type, right and and the reason why I want to, um I mentioned some of these core concepts is is that our back is going to apply to some of these concepts One that's not being here is called a project And so Open shift users kind of get a little bit confused. That's about to say. Yeah Yeah, when uh, if you're a kubernetes user um In in open shift land, uh a project encompasses Uh a lot of things right in terms of like metadata and network policies or whatever But it's logically grouped. It's you can think of it as a one-to-one to namespace But in open shift land, we call it a A project which encompasses namespaces and other things. Um in terms of security and You know and that'd be kind of interesting for andrew. I'm gonna I'm gonna ping andrew. It's like he should probably dive deep Right dive deeper. What a project is because I always say like, yeah namespaces are part of projects What's the other parts of projects? Yeah, yeah, like we'll see like like yeah, exactly like sec ranges network all the other namespace like it's a logical collection of of these little things but For another show for andrew show. Um and so but um a project is In conceptually is the same of um inside of open shift As it is in argocd. There's a few key differences. Um The projects is the logical grouping of applications. So essentially is a It's a way to get like that multi-tenant names, um I guess ability right so like you can create a project called I don't know foobar right and it may house, you know, 30 or 40 applications and And you'll do a lot of your rbacks specifically to a project. So, um It's like it says here It's useful when you when you're using argocd by multiple teams, right? So you can get kind of like a multi-tenant like team a Can look at you know project foo team b can look at project bar Um in the same argo instance and like they don't know about each other, right? So it's that's kind of like almost very very similar to a namespace almost very very similar to Uh an open shift Um a project Uh except projects isn't the overarching um What is it the overarching control bit? Uh, I don't even know how to how to Articulate this is that in in in open shift slash kubernetes like the namespace is like the It's like the isolating thing But it's it's on the top of the hierarchy essentially because you have like the namespace slash project The name of your uh deployments, right and all these things are related to that so you can have project foo sorry in application foo in um in project one And but then you can read you can use that same name in another project Whereas in argocd you can't do that in argocd. It's kind of flipped where the application is the overarching um Uh the view of the world is from the applications point of view, right? And it makes sense for argocd It's meant to deploy applications your applications can span many namespaces, right? Like you're just because you have um an application it doesn't necessarily tie it one to one and um And so You know you can have an application made up of like lots of microservices across a lot of namespaces, right? And each you know have their own little thing so um But you still will apply your r back to the project itself inside of argocd So there's um there's a default project in argocd. Um, and essentially it's like essentially wide open um By default right like anyone can deploy to that uh default namespace and if you don't specify um, sorry project I have to get my terminology right because you're because i'm talking about specifically an argocd project You can deploy anything into the default project. Um You know, it's it by default everything lands there if you don't specify which is different than the default project and uh open shift Slash namespace kubernetes because that's like Restricted right that's like You know, that's the the default project It has it's like its own thing. You know, you never deploy to it. That's what I think but here On on argo, uh, you deploy to the default project. Um So you can uh create projects and maintain projects You know kind of just like how you would do namespaces and so Uh, then you have roles within that project and so this here is actually when I want to like, um move away from projects a little bit and uh, let's I want to do this to our back our back configuration. Okay So, um a few things about our back and our go our back and our go. It's hard to say. Yeah, say that five times fast. Yeah, exactly There are uh There are only two built-in roles Okay, our go there's read only And a hundred percent admin so zero and a hundred right All or nothing. Okay all or nothing. So that's the default role roles in um In our go cd. So this makes it a little bit. Um laborious, I guess In anything else that you need um You have to build yourself. So essentially there's a, um There's a It's very very granular Right, it's like very very specific and so, um, you'll set a policy You have to write your own policy, right? So anything outside of a hundred percent admin and read only you have to build it yourself essentially And so, uh, you have things like P sense for policy, right? And then you specify the Um the role user or group, right? um so like You know, if you created if you say role, um, you know admin or user bob or group Um, you know, uh developers, right? You have to specify or i'm going to create a policy that's going to apply to this guy Uh resource, right? So whatever the resources are so resource is is a list like, uh clusters, right is a resource Projects is a resource applications is a resource, right? Um Repository so like you're going to say okay for i'm going to create a policy That is targeting this role user group for this specific resource and what action um That you're going to, um Allow, right? So you're gonna say, um Get right like i'm gonna allow get To um to this resource, right? I want to allow them to update. I want to allow them to sync I want to allow, um To create actions Right delete, right? So you have to specify um what, uh You know what resource you want to target as well. So, um, here's some examples here Great policy I want, uh, my role or admin to be able to In the repositories I want them to be able to delete all Yeah, you know, i'm gonna allow that right so it's kind of a, um Uh, that's how that maps out, right? So p Meaning i'm going to write a policy Role user group, right? So i'm going to say a role or admin Repositories, which is the resource What action right delete? um What uh specific thing right like all of it, right? So you can do either everything or a subset of it I want to allow that right and then, um Uh, and then you set up your groups, right that you can set up your group um Group mapping here, so i'll get oh i'll uh um Explain what the group mapping is in a little bit. So here here's some other examples Um, these are pretty good examples. Um, yeah, like db admins for all application be able to create applications um In this uh project And this argo project. Yeah in this argo project It's good good. Yeah, you need to specify because we're talking about different projects In this argo project all of them, right? So allow Delete all everything right be able to get everything. Um Things like that and Uh So here testing policy. Yeah, so this it gets kind of um confusing because what what you need to do is Since you have only Read only an admin when you deploy argo cd You need to be you need to uh tell it specifically. Hey, I want um I want to create a policy Right, so then you create your policy. I want to create the group And I want to map the users to this group And then I want to map this group to Something else right and when I mean something else is that something yeah Yeah, so like when Um You can do to do here. Uh, let's uh, there's a section about all off here. So you can This all overview. Let's try overview I found that this page So this is local accounts. We're not gonna do local accounts because no one cares. So here. Um So here is the section here. So, um Argo cd can connect to your um authentication provider Using uh oidc. Right. So that's kind of like the generic A connector. Um, so like if you're using ldap github Samo, right, whatever um Argo cd supports that um the only The only problem i'm gonna call it a problem. No more challenges, right? Because it is a problem I think open ship doesn't support native oidc connectors, right And so, um, I'm not sure why there was decision made before my time. Um, but, uh, open ship you can't use oidc uh natively inside of open ship. So you need to use a way to, um To bridge these together, right and for the longest time, um Dex was used and dex was a popular Um method of doing this Uh, just because of its lightweight and simplicity, right, right? So like all it's doing is just taking how you're logging in and passing that to This other thing, right? Yeah, this other provider. So, um and so Uh, uh, there's a picture of jesse. He is one of the engineers on indian twit side. I might have funny as he has picture here. Um And uh, you can do this, um Via it's essentially it's a config map in argo cd So you can set up like your your connectors your dex configuration this way here, um What I am here is like the oidc provider like if you're gonna, you know, you can code this in whatever right and um specify the scopes and things like that so, um Even in the open source upstream We actually made this easier via the operator, right the upstream operator So what I'm gonna do is I'm going to go through an example. I have For using dex so a few caveats, right? So one this isn't supported Oh, okay. So do I need to use that new thing that we created? Yeah, so yeah, yeah, so actually that's not a future thing. It's this is not supported just flat out It's just flat out. It is not supported. So, um, it's not supported because we don't, um, we don't Support dex officially So there's no official support for dex. So therefore it's just not, um, we just can't use it, right? So, um And so Yeah, so we're using um, we're gonna use dex This is like the old way of doing it and then I'm gonna go through like the new way of doing it but um, this will kind of just show how it's, um Yeah, dex is not supported. So this is um This is the way to uh, to do it this this is kind of like the older way But you can kind of see how this mapping happens. So I have a configuration here um This is my old old school This is I think Let's go to argocd So in chat we have a question. What is the difference between oidc and ldap providers? I feel like You know open well open ldap came before oidc. I feel like yeah, yeah oidc uses um oauth 2 where off too. Yeah, ldap is its own like lightweight directory in itself Right. So if you use an oauth 2 service or provider, um Like there's a lot of options out there like you log in with google log in with github log in with You know facebook all those fun things. Yeah across the internet kind of log in deal Those are using oidc Yeah, oid is the standard, right? So oid is the the in here. Here's here's a I'm good. I always send this article here. Um It's essentially it's it's an open standard of how Of identity management, right? I guess right or um Oh the oidc is the connector, right? So oidc provider is Is basically an implementation of of open id so using oauth 2 and um All that stuff whereas l ldap is like a whole full-fledged, right, you know directory server ldap is the thing that Like linux tries to use in place of actor directory essentially Yeah, yeah, and then um our land Yeah, yeah, exactly in our in linux land and so you can read up more about oidc here. Um in in the uh Um, I put it in chat here. Thank you. Yeah, they actually made uh most wikipedia, um This is actually a good now. This one. Yeah, this one actually is a pretty good pretty good read It's basically an open standard. Um, yeah of identity. So so, uh, where was it? Oh here so here, um This is again old school. This is version um 1.8.2 We're on 2.0 now. So this is this is how Here i'm using um decks And then here, but you know, that's Not as important as what i'm doing here, right? So our back is this section here. So let me Shift here. So um So here what i'm going to do is i'm setting a default policy blank, right? Which essentially my default policies read only When you do that, um when you don't um provide one Okay, but here i'm creating a policy, right g is for group Right, and then roll admin that comes from let me go back here Well, that's no Comes from this page, right roll admin here, right? So this is our go city So g is group And this group and i would provide a roll admin, right? So you're gonna thinking like where does this group come from? So this group comes from open shift so when um So this is kind of like where dex comes in like the the oidc provider is that when you log into open shift It's gonna pass this information into um Uh into argo cd. So it's gonna say Um, so i say i'm gonna create a group. Yeah x yeah Yeah, so this yeah say this user. This is the username. This is the group they're in and blah blah blah um And this comes through and this is actually the cluster admin group in case you didn't know system cluster admin this is a cluster admin group and i'm gonna sign it to the admin role in Uh In argo cd and then i'm gonna create a group called admins and again Where do you create whatever logs? Yeah Um, it's gonna map it right join it to that roll That roll inside of argo cd And i'm gonna say developer Right developer has a role developer. So you're now you're now you're thinking now you're creating roles Now i'm creating roles. Correct. Yeah, so now um, it's because now, uh Where's my there it is? Uh now, you know remember when I said there's only two roles now if I go back to where's my There Um here now i'm creating them because this doesn't exist. So um And i'm creating a marketing group, right? So this role is marketing Um So here i'm just creating it right so it says all i'm saying is that anytime someone comes in With the marketing group assign in this role marketing, but i'm just creating it in the beginning so Um So if we're using the red hat this is a question from chat if we're using the red hat get ops operator How do you integrate that with open shift off? Yeah, so that's um, uh, that's with the um red hat sso operator. So yeah, so i'm gonna um, so i'll go through that Towards the end here. Uh, I'll talk about that Towards the end and if I have time i'll i'll try to hack at it Last time I tried to hack at it as you see I got a bunch of weird logs. So um We'll we'll see what goes on there. So but yes, you use the um RHS so so that's an operator that you'll use so Um, so here i'm essentially creating developer and marketing, but i'm just defining it not it um, I'm not i'm just creating it, but i'm not defining anything yet. Yeah that comes later So if I go here to the Manifests This is a really old No, that's not it There's a really old repo that I actually never use but it's good for this example here projects, there we go Yeah, so here here's here's an example. So what i'm going to do is uh, I create a project Right, i'm going to create a project. This is our argocd project. So at our argocd app project um And I am going to create the role. So here. So going back here notice I said, um, you know marketing gets assigned the role marketing in the application project Now i'm setting my policies, right? So in the marketing I'm saying a policy role marketing, right? So Here I here I created it now i'm defining it here Um, I want to be able to get All projects Um, sorry all applications in this project, right? So allow Uh sink, right? So I can get it meaning I can list it. I can sink stuff right, um In that project and I can get all projects within this project This is kind of something weird that you have to do but um for it to work, right? So i'm only allowing essentially read only and sink. So um Here since I didn't like list like delete or update or anything like that. Um Uh I um It won't essentially this is a read only account, right? So here when someone logs in as marketing um, they're going to get uh be able to see this app project But not be able to do anything with it as well. So Here, uh, so this it's it's kind of it's kind of hard to maintain your head Yeah, like even i'm having a little and yeah, so it's it's essentially um it's like uh In my former job is kind of like um rat droppings, right? It's like kind of like everywhere, right? So it's kind So it's kind of like wait a minute like I have to like make sure I define First I need to make sure to find the group And then build a group and then build a policy for that group for that group and that's part of the app project Yeah, that's part of this app project and I want but I need to make sure it comes through Via the oidc provider as the right so that you know like it has You have to keep in um keep a lot there a lot of these pieces in mind and it's hard to kind of keep track um So let's actually deploy this here what allowing the sync permission allow the user to stop and pause the sync Is that like carte blanche just you have all capabilities under sync? Uh, I want to say soft. Yes. Why yes, so let's actually I'm gonna um deploy this So let's actually find out. Um Here on I have a cluster here. Uh, we'll see you get nodes Do I am I connected? Yes, I'm connected so paste Um here so let's There it is blah blah blah that'll go And then gotta make sure our go cities deployed so I'm using the open source our go city again This is unsupported. I'm going to go through the supported way after um Because again, I built this a while back before Before and we're shift get ops was released. Yeah, so Uh, so get pods So that's we can do we're gonna watch on that. Yep So something I something I learned this is this is interesting, right? If I do k get pods uh, our go city Right, if I do a watch Right, it says, um Because k is an alias, right? It doesn't right But if you do this alias watch equals Watch space and then do a watch Then that works. Isn't that weird? Huh, that's some yeah, I I wouldn't think Yeah, that's some weird bash but As as we're waiting we see kind of the little bash hacking here. Um That's because the Watch has its own environment. Maybe or something. I think I think that's what it is. I haven't looked into it I just for one day I stumbled into it. I'm like, that's weird. It's weird But yeah, I think it like it performs its own sub shell environment sort of thing. So I don't know um Yeah, nice catch one user says So yeah So there's the uh Crash loop back off. Let's watch this not work. Oh, yeah, that'd be great I think it's waiting for it's got to wait for something to initialize before. Yeah Oh, it's probably waiting for the oh, it's probably waiting for our next server is Yeah, it's not it's not happy. I think it's waiting for argocd server to start running Before it does. Oh, it could be that that crd has nothing Responding. Yeah. Yeah. Yes. So we'll see We'll see if this works if it even works Error, okay, now kick off again Oh boy Yeah, this might not work Like where are you pulling decks from? Yeah, this might not work. Uh, let me see here. Can you get I just go to the supported version early folks. Yeah Yeah, exactly. Yeah, that's definitely failing. Um I'm curious Can you describe them? Oh, there you go. Yeah, I'll do some. Yeah, I might have described it very crazy here Uh, where is back off? There it is I saw it Failed contest it pulled image It okay successfully pulled it Is it the wrong version or anything? No Okay, uh, I think I did hear something about the version. I may be using a different tag Uh Let's do k get pods I think it is the version I had this, um Well, wait, what did you run to instantiate those? I did, uh, I just basically applied Uh, this manifest here what we're looking at earlier Oh, okay, so But I thought that was 182 as well No, it's version 227 Lots of decks. What? Yes of decks. I think I'm using the wrong version of decks I think All right, let me look real quick for you Yeah, there was, uh There was a chat about this here Oh, really? Ignore the man behind the curtain Yeah, um, I can't find it. I just can't find it on slack currently What with Argos CD decks tools used by Argos Okay, that's not helpful Yeah, let's decide this a version tagging that has to happen I'm looking for something that I Oh, I need to go back to one eight. There we go Okay, the wrong version of the docs Wrong version of the docs Yeah, I think What was it, um I think I found the issue here Oh, no, this is from 182 Do you need to set a url and arg of cdcm? There is, uh, maybe Let me see. OC get Logging Unknown command run decks for Argos cd. Oh, okay. Um, that may be related Let's go to the googles to the google machine Crashly back off. Okay I bet you and and andrew's on this because he, um He's the one that Yeah, are you looking at this one where it rendered terribly? No, that was I was looking at a docs page that rendered terribly From Argos cd Let's also look at the SSO Yeah, it's like a dead page. Oh, it's fun Andrew says he's here but not paying attention. Well, thanks, Andrew. We appreciate the moral support. Um Well, I was looking at Um, I was thinking of Andrew block. He actually Faced it and he told he told me which which tag to use and Oh, don't maybe don't don't maybe Sound the andrew horn because you know I can get him coming Uh Dex Who best do decks? Uh So then, uh, run containers command run decks Argos cd decks. So maybe Let's try that Uh We get Live hacking Argos cd Argos cd decks How about that? I'm looking I'm still looking Argos cd server. Let me try that Uh We'll see get I'm gonna try to change the version Yeah Try seven Uh, let's just go little by little 8.3 Until it starts working. Is that what we're gonna do? Yeah. Yeah, just like Here we go Andrew is writing tomorrow's blog post and listening to the What's it? Dulcet tones of christian. Oh, the dulcet tones of christian. Yeah That works Um, yeah, so now it's doing Rolling release Okay, I think it just has to do with the version i'm using but we'll see Not that Not that a 1 8 box or kind of Mm-hmm. Yeah Yeah so Yeah, I'm still trying to look at the there is Back configuration. Let's see Oh, don't tell me it wasn't the gchat where that tag was because I can't open a chrome while I'm streaming so Oh, well, which gchat and get ops? Uh, the get ops channel, I believe. Yeah What am I searching for decks or Dicks andrew block Just oh, well, that's gonna be a lot of hits, but okay Decks version something or other i'm trying to scroll through here. Yeah, uh navigating gchat isn't that uh That fun either. It's one of those tools that google just somehow Can't make better Yeah, I don't know search is Sorted it's very We show wouldn't have had this conversation there Yeah Yeah, it's just the version of decks is what this is what the Yeah, I'm trying to figure out What I just accidentally clicked on something now my search is gone. Okay. Well, that you My decks Unknown command run decks for argo cd or go see hell for usage I think Okay, I think I might have found something for you nine-day old issue So you need to use You're not using the operator right now, correct? I'm using the upstream operator. Right Let's try I think there's a bug Yeah, there is a bug. I remember vaguely seeing it and now This is what happens when I don't pay attention to the bug. No, no, I think I got a doc for you Dex tool migrated to argo cd util to argo cd from argo cd util to argo cd decks Wow, we only 15 minutes by the way Yeah We may abandon this and I have to like switch over to the sso way of doing it Yeah, let's just do that because I don't think we're gonna fix this right now given the length of the response to this issue like Yeah mess I'm gonna try this one last thing and if not, I'll go to the We may have to revisit this And some other some other time. I'm gonna where's the best place to send your link zoom chat Well, you have to open. Yeah zoom chat. Yeah, okay You have to open a browser though. So pick a good one Pick a good browser. All right chat Just let you know Christians The chip shortage has hit christians desk That's right. Yeah I can't have uh chrome running and anything else Like the work around until next fix there it is Right below Check that out. There we go Check this out She was latest tagged argo cd specifically it works. Yeah, so uh migrated can use documented here For for not found perfect Someone said that Yeah, did someone say that for afford not found. Yeah, they said the page for afford. Um I ran into the same thing. She was 187 183 works fine. This is my As a worker Okay, so if I just edit again, oops, we go Let's see if this works. If not, I'm giving up uh Command shared argo cd run dex name dex Okay containers This is Init containers command cp Okay And then if it were So this would be a knit container cp that and then shared Argo cd dex run dex. All right Init error. Oh great. I just totally foobard this. Yeah, and so um, well Abandon ship Abandon ship Did we say any of this was easy? I don't think so. Yeah, I don't I don't think so. Yeah. Well, what's what's um Uh Like technology changes so fast. I actually did kind of test this out like a couple weeks ago I'm like, oh, it works the same as it always does and two weeks later and I was just foobard. So there you go um All right What are you gonna pull off in 12 minutes here? Well, I'm gonna pull out in 12 minutes. So um It works in case you guess um Let's go do uh ocp and then do argo cd. So The first hit is a configuring sso for Argo cd on the open ship. So I'll put this in the chat So now we're switching from unsupported, which I guess it makes sense. Why this is supported because it is documented This is supported because it is documented on the official red hat Open ship red hat Page here. It does say note the bundle dex odc bread is not supported. So it even tells you there the first thing that you read Um, so what you're red? So is installed on the cluster. Yeah So you have to um Install the red head sso. So I have another cluster here. I do an oc get um routes rep uh Console And sadly we do have a hard stop today. Yeah. Yeah. Yeah, so it's um since dex is Shipped with the red hat get ops operators or any chance that it would be supported down the road map The reason I'm talking about dex is because with dex With dex it is dead simple to integrate open shift. Yes with argo cd as simple as setting one environment variable in the operator disabled x false and then setting spec dex open shift oauth true In the argo cd instance So it's weird that it's not supported Yeah, well, it's it's just one of those things that um uh when when uh, we say supported it means that like one is that we have engineers Um working on the project which actually ironically we do on dex. Um because dex was a coro s project And so and those engineers became red hat engineers and they still work on dex actually Uh, but two is uh testing right and testing it with Uh in our ci process, right and we just don't test it um and mainly because uh red hat it has its own Open shift has its own Oauth provider that we didn't incorporate it, right? So essentially is we we took, uh Uh tectonic right tectonic tectonic tectonic so many Was the tectonic yeah Was the chorus we took that we took that and you know mush together with open shift v3 Which is why you got v4, uh, but some of the things just didn't come over um And so that's the long-winded uh answer of just saying it's not on the road map and so um So the answer is it's not going to be supported. I mean right now it's not on the road map. Um, That may change but right now it's like there's it's it's not even One is it's I guess it's such in the backlog. I think they they did close will not fix and then um Two it's just like they're worried about other things. So, um Kaiser's very sad. Yes. Yeah. I think that's a way to say that but Yeah, um That can change right like if enough, um customers ask for it. I mean we do have all the pieces there. It's just not Um, you know, we're just they're not just together right now. We have the engineers. We have the ability to test it. Um, so it's uh It's there all the pieces are there, but if enough enough people um do an rfv with uh customers attached to it, so Yeah Please it could be a possibility. So put in your request Why is this taking so long for you to log in? Yeah, I wonder why Is this where is this living? This is come on log in do it do it Maybe Maybe although we got over the first hurdle Which is a lot Getting through the oa now and he's actually load now. He's actually load So this is a very long-winded way of saying Red Hat sso is actually some operators Yeah, you go to operator operator hub And it takes forever. I don't know why oh, I know why it's my computer. Yes. I ordered the I ordered the wrong computer um So I had a laptop refresh right at red hat right every three years you get a new laptop And I thought I was being clever by getting less threads, but they're faster No No, that's not not clever always get more threads doesn't always get more faster. So they are yeah always get more more threads Yeah, so this is yeah, it's not like you're building a server where it's like well, this one will be a database and you know rh sso Right and it says uh red hat single sign-on operator you click that You click install You have to create a name space for it, right? So I do Uh rh sso Right and you install it And then it'll actually install and then then you deploy an instance of key cloak And then that's it. Um while that's going I'll go through the doc a little bit more. Um When you create a new instance of key cloak, you have to Create the um an open id connector essentially so Um And you connect that with yep using oidc for argo cd um, and then you uh create the group claim meaning that like, um I want the group membership to come through right uh the via the uh when you log in and then um In you need to take that token it generates because it generates a token And then base 64 it and load it into um argo cd. So in in a secret here You load whatever that long token is We're gonna be able to do this in five minutes you think No, no, no, no I was just time jacking out just to make sure Andrew Andrew saying what did you break? I need the He just he just chatted me on on on slack Because I broke the if you're listening Andrew, I broke the um the version of of dex It's got me in a crash loop back off here Yeah, so andrew block can't join us right now. You yes Yes, but it's there So in case you're watching that's why I do that's why I broke. So you do the od uh oidc connector Um And you do this Essentially, you're you're um, you're telling argo cd. Hey use this oidc configuration and connect to key cloak And so that's essentially How that mapping happens first you create it in key cloak Then you bring that information like the other token and all the um information that you want right into our stuff. Yeah Uh Cool Uh view operator at four minutes here, but if I do uh key cloak Create key cloak, uh, I just named this guy key cloak and You know everything else is it's essentially that easy to get key cloak up and running If I can do it anyone can do it. So that's like it's like so first First you sell the operator and then you deploy an instance of key cloak and then you can go through this documentation To get argo cd Did you link that? Sorry in the chat. Uh, yes, I did. Okay. Cool the chat. So um, I could have scrolled up, but that just would have made sense Yeah, yeah, um, see here, uh See here And it crashed the back off. Let's let's let's take a look for the last few minutes Yeah, andrew. Oh, I have that. Yeah Let's see here. Let's do an oc get pod. Oops oc logs Oh, wait, uh, how do you view a knit container? Do you know? No, not off the top of my head. I've got a lot of brain fog today. So audience if you know or andrew can chime in Oh, there we go. Let's try this Even though we uh watch us hold on. Let's let's let's just do it next So this is why I couldn't remember off the top of my head to stop Oh my gosh, that's the version I need to use So can you blame me for not remembering the shot? No Let's go back down here to this version and change it back to let's see if this works My gosh, okay Yeah, so the version you're supposed to use is this long shot. So let's where do you get the shot from? Get out Yeah, it was it. So he actually fixed it. Um upstream, right? Again, we do have engineers working on um On decks, but it hasn't um It hasn't merged yet or something like that or it hasn't it hasn't been tagged For whatever reason here, right? Um, yeah, we might still get an error. Well, we don't know Because I I made a lot of changes and who knows who knows what else I broke I broke On that error. I'd say that's bad Yeah, oh wait, go back Oh, it's doing something. I thought it did No, it's doing something never mind. That's still error. Yeah Yeah, so this is uh, this is a fool bar here. Yep 45 seconds Yeah, so um So yeah, so hopefully all right next time we'll go the supported route. Yeah next time. Yes, exactly. We'll go to the supported route. Um And uh, and yeah, so this is what is one of those things we're just gonna do in an hour. So we'll definitely revisit this topic Um And uh, get get something up and running for everyone. Absolutely. Yeah. Thank you for tuning in to watch this. Uh, Yeah crash happened very. Yeah cuts of car crash. It's it's you know, even we uh, How do I stop sharing even we mess up, right? So yeah, we're humans too And you know humans weren't designed to remember long strings of long characters All right folks, uh, that is it for this week actually, uh, I got a lot of meetings tomorrow morning So I will be if it's not too late for a question I'm looking for suggestions on how to handle open shift configs with argo mainly how to set up the get repo Oh a 10 million dollar question. Yeah, 10 million. I wish I had a show just with that I know right That's another that's another big question that I get Yeah, it's a frequent question and it's really kind of dependent upon Your environment, right? Yeah. Yeah, what you're trying to do So there's a lot of different ways to skin that cat. So we'll address that at some point time in the future Yep. Yep. Uh, actually. Yeah, so um one housekeeping thing I know I know chris you have to go so I appreciate the time. Um Is we're taking a break for summit, right? So we won't be back Uh Until I think july I think is is one of the all right or whatever two weeks after two weeks So that'd be four weeks Fourth we're not on the air We're not on the fourth it'd be july right Yeah, I think so the first July 1st and we'll be actually talking going deep into helm. We already had a helm show, but we're going to going very deeper Much deeper. Um, we're we're gonna have um scott back right from we've worked. He's a helmet Helm maintainer, so he'll be able to answer questions better than I so Um, so yeah, so thank you everyone for watching. Yeah, appreciate it. Stay safe out there folks. Yep, but