 Good morning. Good afternoon. Good evening wherever you're hailing from welcome to another edition of the level-up hour here on open shift TV I am Chris short host at the most an executive producer of open shift TV. I Feel like I have something that's playing that shouldn't be I don't know a phone went off or something. That was weird Anyways, I'm joined by the one and only the illustrious Langdon whites How are you doing today sir? Well, apparently I was a little fuzzy So I I decided to make myself a little sharper Okay, fair fair enough, but uh, yeah, sometimes when I move around too much because I tend to talk very animatedly The camera gets a little unhappy with me But I am doing okay You know, we always need more coffee as we talk about a lot on the show or we don't talk about coffee so much as we talk about We just need for it. Yeah. Yeah However, we do have a show about coffee, right? Or is it just is it really just a coffee clatch kind of it? It's it, you know, it's the open shift. No, it's It's every other week. Yeah, it's like the open shift coffee break or a coffee hour or something like that open shift coffee break run by the one and only Natalia Vento and Our counterpart Jafar Chorabi, so yeah, it's a great show if you're EU based check it out It's um, oh, it's still a great show even if you're not it's just whether like if you want to commit to you Want to get up at 4 a.m. Eastern and watch it or 1 a.m. Pacific you're more than welcome to and Nothing's gonna stop you from doing that, but it maybe some people can watch before they go to bed Pacific Yeah, maybe right All right, so but check it out for real. So yeah I'm going to share my as always awesome slides. I am promised. We're getting some new collateral collateral So that that's whatever yeah assets. Yeah. Oh, that was disappointing So maybe they'll get snazzier. I wouldn't hold my breath. I'm not but You know, they might they might at least look different. So that'll be fun and exciting for you So this is a level up hour where we talk about Kind of why containers are cool and why you might want to get Using containers yourself as kind of like a rail admin or you know, a system administrator who hasn't got a lot of experience with containers You know, we also cover some development activities as well. So, you know, obviously if you're a developer this might be relevant as well But then with the goal of kind of expecting that as you kind of get deeper and deeper into containers You discover that the need for orchestration is really really important and so you tend to start to Look for ways to do orchestration. So we're going to talk about one of those today with docker compose and using podman And we may be doing the docker compose as a as a group here today And we'll see how that goes I do know that I got it all running in podman. So so at least we know that variable is taken care of but the rest of it So I did want to mention a couple of the upcoming things So next episode We are Going to be doing a ubi deep dive. So a lot of people are really interested in how exactly ubi is put together So we've invited scott mccarty to come on the show And You know, I scheduled it months ago So I need to confirm that he's going to be able to make it but in theory We should be talking to him next week about the ubi and how that works And maybe the future of ubi like as in what do we have planned for it coming up? And then the week after that, yes father linux jp dade on on the twitters And then the week after that we're actually going to do a big special show with Our cto at redhat Who I just totally blanked on this name chris right also known her cto. Sorry chris right. Yes. Yeah Also known as cdubs on the on the interwebs And or colonel cdub. I think it's his twitter handle so Because he was a a colonel guy for a long time And also primarily in the kind of networking space And then our other guest With with chris is I cannot talk this morning Kelsey hightower of currently of google but well known in the kubernetes community and they so They did a show together That is going to be appearing on one of our channels in a few weeks time Basically releasing like at exactly the same time as this show But it's a really really short cut down, you know quick grab bag of content around kubernetes And both of them expressed an interest in kind of expanding about that concept So we're inviting them both to the show to talk about that and also to talk about upcoming summit Which will be the week after So next week is ubi week after that is chris right and uh, kelsey hightower week after that is summit Week after that is cube conny you so Yeah, it's it's a busy few weeks. It is a busy few weeks here at redhead. Yes, right, right So they're going to talk a little bit. Hopefully we're going to ask them a little bit about what they're looking forward to its summit and cube con Maybe in in reference to their backstory So, you know watch uh, and this kind of is a nice segue into, you know, watch us on twitter Watch the open shift handle as well Because we'll be kind of sending out the the announcements to kind of say hey, you know We're doing the show and this what's going to be to get a little bit more on the abstract um, but What I really want to talk about around kubernetes is also around kind of like What's the future of it? Like what's the? You know, what's the kind of end game, you know, is is it just Container orchestration or is it other stuff as well? Um So Talk to us on our discord. Uh, I also want to do another plug. Uh, we haven't gotten a whole lot of response. Um, so we are sad and disappointed Um, but if you share what you've learned something anything that you've learned on the show On various social media and then post about it on our discord just so that we can track it without having to follow the entire internet um We uh, we'll have we're raffling off a few tickets for kubekane you Um, and uh, if you haven't gotten a ticket yet and you are interested in going That's a great way to go. So hopefully uh You can you can find something that you learned about and feel free to just post about the show anyway, but now That this is a particular promotion. Um, we would also we are also offering tickets to summit So everyone who listens to the show um gets a free ticket to summit So does everyone else. Um, but you know because the the entire show is free, uh, but yeah, so check it out And uh, we'll look forward to seeing you there. Um, let's see I have no recollection as to what the next slide is because it's one of those mornings. Oh, yeah That's points in them. No, that's one after it. That's what I always think the next one's going to be points but it's actually this one which is um, Not very informative, uh, but today's episode is about podman v3 potentially docker compose and the cool store Um, and then the show notes from last time I realized uh late last night early this morning that I had forgotten Completely I thought they were done and it turns out when I went to look they were not So there's these apps called to-do lists In fact, it's on the to-do list, uh, and it's even marked is not done I don't know why I had it stuck in my head. It's this kind of never ending problem of I've never if I can remember What episode we are on right then I remember what the last one was and whether I did it And so I was totally thinking we were on episode 29, which means I did do the episode 28 uh show notes, uh, so That's the challenge. Um, so I will take care of that and we will have the show notes for next time One other quick thing I had uh for an idea this morning is um Uh, we know pretty closely right we know um A community organization that runs an open shift instance Aka fedora Um, and I'm not sure if it's I need to find this out I can't remember if fedora runs one and the centOS community runs a separate one Or if they run one together So that's the first piece of data second piece of data is we also run one internally for our Both for experimentation. We run one for experimentation, but we also run one that actually runs some of our applications So like a production instance Which is always hard when it's your own software, right? And then, you know, we obviously have a large number of customers And I was wondering and think about this during the show Obviously we have the time lag so it's hard to ask and get answers back immediately But what I was thinking is would it be cool? I think it might be cool to do like a three episode series where we interview the community group hosting open shift And then do another episode which is interviewing the red hat internal people hosting open shift And then the last one being, you know, we find a customer who's hosting open shift who's willing to come on the show And kind of talk to all three of them About what it means to host open shift and is there differences in those different environments So I thought that sounded like fun. Um, I don't know. What do you think chris? Yeah, sounds good. Um, why inside again? Yeah, no, uh, I think that's great You're never gonna get a no from me unless you're like calling a show a really terrible name or something Which I might have done in the past. Yes So the underneath I can't I don't know how to say your name. I'm very sorry, but someone on youtube asked How do we get the free ticket to cubecom? Can you clarify on that for sure? Speed through it. Yeah. Yeah. So, um, well first If you if written is better, um, you know, check out my twitter handle I have a whole series of tweets about how to do it, but um, the the short and you know, the short version is post somewhere on social media about something that you learned on the level up our Then put a link to that Posting and this is so that we don't have to limit you to what kind of social media you like to use Um on our discord just to say hey, I posted And then we'll we're gonna raffle off You know into what that means is um, we're gonna give just give away at random Some tickets based on the number Or based on the set of people who posted on social media Excuse me. Hopefully that made more sense Yes, and feel free to ask more questions We don't have uh, you know a good quick hand written or type written thing on it. Um, but that's basically the goal Type written okay. Um, so we should get a type written thing is what I'm hearing Which maybe I mean we only have you only have oh and actually there's a deadline. So you only have till the end of next week um, so Uh, sorry, I was noticing in the chat that we're having some technical challenges or or sleeping time challenges I don't know. I don't know what's going on. Yeah. Yeah issues elsewhere. I it's something's weird going on But it doesn't look like all the channels are broadcasting, but some people are having access access issues. So, yeah Oh, interesting. All right. Well, so long story short Uh, you have until the show next week not actually the show next week because I want to be able to announce it on the show next week Um, but the night before the show next week. So Tuesday night, you know midnight ish, uh um eastern uh, so that would be uh, whatever it is five hours off so about five a.m. UTC Um And uh, and then we'll be able to announce the winners uh at the episode next week along with uh christ Scott mccarty not christ mccarty whoever that might be There's christ cardy in the gubernator's community. Maybe that's where you got it all Maybe maybe or I just conflated christ short and scott mccarty because I was reading two things at the same time That's entirely possible as well uh, all right so With all that aside, um, and feel free as to chris's point, right? We kind of burned through that. So Feel free to ask questions if uh, we didn't say anything You know that made a lot of sense. Um the okay, so What I wanted to do today. So originally the plan for the show was to talk about um Um Docker compose with pod man, uh, and the cool store However, in order to do that, I need to make the cool store run in something not open shift right in pod man and so What I thought we'd start with is kind of the differences between uh, those two different environments Um, and assuming Oh meld you died on me. Um, So let me just open the Folders up because it's gonna take me a second because it's uh, you know, there's many many folders Folders or directories if you're old school. Yes, exactly. Um, I which one's original folder or directory? Actually directory came from unix folder came from microsoft. Oh, okay. Okay. I don't know what yeah I kind of I kind of it might have been apple for the folder. I forget that's what I was wondering actually now that you say it but uh I hadn't really thought about it. I don't know where I got it from because I was never a big mac user. Um Let's see Oh, and by the way if anyone wants to at least partially follow along The stuff i'm about to show is in um, the episodes repo Uh on a branch called e30 initial Um, I'll open this and then I can share a link. Um Oops Google calendar just blows my mind sometimes Yeah, the g-suite. I mean aside from you know, google drive is really really nice But the rest of g-suite is as far as i'm concerned not geared to work usage It's good for personal Um, but I don't think it handles work stuff very well It well, see here's my thing right like I schedule a lot of stuff On my own calendar and other calendars right the public facing calendar and everything else and it's just like When I add people that are invited they should not disappear a couple days later Right like it seems like you have one job the invite right like that's just leave the invite alone Right and don't change it for me right like That's all I want Right like i'm not asking for a whole lot. I don't think but yeah All right, uh Sorry, uh, just getting that link for the chat as well which So I'm here asking about video lag on twitch I am not seeing any video lag on my monitor over here Just did my head movements and everything to double check that JP says I wish I would disappear from some of my meeting advice. Yeah, you know kidding I feel you on that one Right like you you could just totally skip it if you wanted We give you permission. Yeah, you're allowed Not allowed to blame us or anything, but no you can totally blame it on me. Oh, all right. All right. I'm cool with that All right, so uh Let's see this Yeah, um So if you are unfamiliar with meld, uh, that is what i'm sharing right now I think it is a really cool piece of software. Um, it is open source and allows you It's wondering. I don't know if I can kind of make this any bigger Um, I don't normally present with meld. So sorry if it's a little small Yeah, I don't know if you Good question just kind of looking for a button that might be make big But yeah, so I was kind of looking for bottom right anything Nothing Oh, here we go. Oh no, that's tab width Oh, I can oh, well, it's 14. So maybe it's readable. Um, I can make it bigger. So, uh, let me know if it is not readable um Okay, so what I wouldn't not readable if it needs to be Sorry, I would say it's not readable. It's not okay. Yeah, I'll make it bigger. Uh, obviously for me, it's very readable. Um, Mm-hmm Let's make this 16 Try 18 18 It doesn't really like as far as My side it doesn't matter how much so here. We'll try this Um, that doesn't look any different does it? No It looks exactly the same. I'm so glad settings and invites and everything are working today for Well, you know, uh, if we didn't have something go poorly Let's try this So i'm trying to see if my mouth is lagging like bad net mess says that's weird mouth lag What i'm afraid of is it's gonna want me to Reload it Well, just push forward and be very descriptive. How about that? All right Uh, yeah, I don't know it doesn't seem to be making any difference, but at least I can feel better about clicking the button. Um Okay, so what I wanted to show was okay, so originally cool store as we talked about a few episodes ago. Um We talked about it in terms of open shift. Um, and if We get lucky, uh, maybe I can show you a nice picture. Um, Let me make sure that will be possible in a few minutes Oh, come on um But the suffice to say kind of the important Are you gonna go? Um, the important part is it's made up of a number of different. Let me collapse these um A number of different Versions. Oh my goodness. I'm so distracted today All right, so that should be cooking hopefully soon. Okay So the way this uh the architecture of the cool store works is um, it's got two Kind of data stores. Um, and one of them is your inventory. So basically like oh, actually, why don't I share? Yeah, share the repo I was actually going to share I'll share the app so that you can kind of see what I mean as well uh, so Oops wrong window, uh, this one Okay, so Here's the cool store. Um, it's got two different. Um, Kind of data sources, right? One is What are the things in the store and then how many of them we have left? Okay, so, um, and then so the inventory is and then we can actually see Because this is a demo app, right? It's kind of nicely set up so that you can see the individual pieces. Um, so in quarkus Whoa Oh, that's funny. Uh, Okay, and for us what's funny So, okay, so the way I have it set up is I set up the back end in a pod van pod So in other words in like an open shift pod or communities pod So now the back end is not addressable directly Which is exactly what you want except when you're trying to display stuff that's in the back end So let me Find my terminal window And we are going to Okay, so if you see I have Thank you a whole mess of Containers. So what I'm going to do is I'm actually going to kill this And Let's see. What is it pod man pod rm minus f? Uh, and I think it's um Ah, I can't remember. I think I called it back end or something. Uh, let's just do cat pod man launch Oops It's called Oops, not that one the other one This is the problem man launch pod. Yeah There we go. So Okay, so I called a cool store back end intuitively enough. Um, so we're going to say pod man pod rm minus f um cool store Back end Um, I feel like I'm missing a flag. Let me just check Um For no, I got force. Yeah force. Yeah, no, that's right Because I don't want all that's like different. Um All right, so this is going to make it all not work. Um, you just broke the cool store. Good job Okay, so uh, the Right, exactly. So, um the See this is I still feel like I'm oh no. Okay. There we go. Um, and now let's kill I think actually I can keep that running. So let's um um Pod man cool store. Okay. And so I have hopefully a working shell script which will just launch this um and we'll give that a second because uh, this is one of the challenges with like go applications and no j s applications Is they aren't great at caching because they go and get a lot of their libraries off the internet. Um, So I could fix that by going and hand building all this stuff and putting it all local Which arguably I should if I was going to warn this in production But because for the sake of a demo what I want to do is keep it up to date more than I want to Keep it running in a sense. Uh, so But it does take a few extra minutes. Can you blow the font size up on your terminal another one? Yeah How's that? Yeah, let me know if you can't read that who asked Uh, Vladimir let me know if you can't read that buddy Okay, so yes our good friends from Microsoft Yeah, so what I wanted to show off is kind of like you can use a bunch of different languages and you know, uh, You know various bits to uh to run your application. Um So I actually picked the more esoteric versions of the parts the cool store even so, um All right, so now it should be running um And it looks like it is And I'm just not sure if the front end is going to work because I'm not sure if it's pointing at the right ip um But I can look or sorry at the right port rather. Um So this is running on Here's catalog. Where is inventory? Where or where did my inventory go? Um 91 it's already in use that's what I was afraid of Oh, is it um the other one? Is that the port the uh, that's the one the web is running on. Okay, so I think no All right. Well, let me show you what I was going to show you and then Uh, we can worry about that in a minute Because we're gonna have to mess with that anyway if we want to talk about the composed stuff um, but suffice to say so if we look at um Let's see catalog is on edy. It looks like oops, 90 80 How did I get there? You got me All right, and so here's the catalog and you can hit this nice little test it Which is kind of cool and because fire fox decides to render jason nicely. Um, but as you can see it's the description of the Of the item and then the inventory carries the the amount of them that we have left. Um, so I was going to kind of walk through the individual pieces So on the left hand side, we have kind of the open shift version of the cool store and on the right hand side We have a slightly hacked like as in it's not a great version but I wanted to kind of show the differences of kind of running it in podman and What I wanted to kind of in particular point out is that we could make it so that it would run in both Um, but the original authors of the cool store were looking to run in an open shift So that's how it's it's focused So I wanted to kind of I thought it would be useful to talk about a few of the things that Are why it breaks down if you try to run it in podman And so and you might be able to want to run it in both, right? You might want to be able to experiment with things in podman and then post it to open shift Uh as you know kind of a way to approach it. So First up. Oh, this is got the nice big font. Um, it's just it must be Would you have to reload it or something? No, I think it's the the file comparison is in the big font But the uh the file list is not or maybe that's in a different setting somewhere. That's good, but okay Okay, so uh the first and foremost thing that we had to do was be more explicit about where we were getting our Base container images from so open shift provides a whole mess of container images to to put your stuff on top of And so we had to be more explicit about uh, you know where that was happening um The other thing that I discovered in kind of like and I don't think I remember this but apparently this is true in docker as well And this is actually where podman and build I come get it from is that um, if you Uh add files as a non root user to a container. They will be owned by root um Yeah, which I I don't yeah, that seems so weird. I can't believe it does that and I can't believe I never noticed that that would happen in docker as well Um, I don't use a lot of base. I tend not to use a ton of base images that are pre-built I tend to use bare one and then add this stuff. I want um, so it could be that so I don't have a lot of experience with that But so what I have to do here in this podman version of it is I have to switch back to the root user So that I can create this, you know, bring the files in for the go app And then Do the go get and then I go do the go build Because if I don't do it as root, I don't have permissions To access some of the files because they were brought in as root. So I think that's kind of annoying You know, but it is what it is. So that's why I switch to use a root The hard part here is when you if you want to switch back to from the root user Um Is knowing what that user is. So you have to go investigate your base container image to find out what user it's creating and what it's using We tend to like red hat based container images. The user is almost always default DEFAULT But your mileage may vary it may be different For different environments. Uh, yes jpdade from scratch. Um, okay, so this one is from scratch I was yeah, okay, right. So so this is well, this is the point I could have just looked and said from go blah blah blah as builder. Yeah, okay. Yeah, right exactly So but what I'm actually doing is a two. What do they call it? Uh, multi-stage bill? Um, I'm like two phase commit. No, that's not right Oh god so Uh, so what it's doing is so that's why I don't switch users back because what I'm doing is I'm going in as Use a root. I'm doing the build or whatever and then I'm just pulling the ub8 minimal pulling in the binary from go that go generated Um, and then the other thing I if you notice what I do is I change the port that's exposed here Because one of the differences when I'm when I don't have like a service interface Like you do an open ship is I have to put everything on different ports, right? Um, because the service handles that for me. Um, but in, uh Like pod man, I have to put everything on different ports because they can't all listen on the same port. Um So those are some of the differences here. Um There was no particularly good reason that I switched from alpine to ubi Except that alpine wasn't working for me So I'm not sure maybe that version is a little old or something and I just and I couldn't be bothered trying to find What the right one was so I just used ubi 8 minimal. Um, and you know, and it works So I just kind of walked away. Um Okay, so that was the differences in the docker file But the thing that really particularly bothered me is that I had to change the actual code base So if you look here, I changed the the uh port number here as well So this is not very what we refer to as dry, right? Um, you know, uh, I don't even remember what stands for but it's an acronym for uh usability It's only like no, it's like only store the same data once Right And it comes from ruby land and I'm totally blanking out what it stands for. So somebody in the audience Uh remembers what the acronym expands to I got it. We would hear it. I'll figure it out. Don't worry. There we go. All right. Um, so That 80 90 or 80 80 in the old version, uh, that should be yourself. There you go. Don't repeat yourself. That's it. Um, so, uh, that is both in the docker file and in, uh, this go Code file. So it really should be in some sort of configuration So that you don't have to maintain it in multiple places Um, and then we can ignore, uh, yeah, so we'll move on to the next component. Um Because I think that's the only differences. Yeah And so that's our go application. Um, and exactly christian bad coding. Um, so You naughty Langdon you I didn't write it. Uh, so and it's funny because you can tell at least I can I think I can tell Different developers wrote the different components. Um, because the style is different. Uh, so it's kind of funny. Um But so moving on to our dot actually let's move to the inventory just for the sake of the architecture Um, and let me see if this thing is back up yet Just to give you a picture of What we're talking about um, so just for the sake of, uh, you know, uh, visualization I wanted to show you this But in podman, I'm actually not using ria dv or postgres. I'm just using this in memory database Provided by java called h2 Um, so just kind of ignore those in the picture here I just kind of I had him set up in a script and I just let the script run instead of like trying to clean it up too much um But as you can see there's this catalog um For the cool store there is um I can't remember how to make this thing go away. Um, and then we have the inventory for the cool store And then we have a gateway in front of it. Um, and then the Web goes to the gateway Which then goes to the catalog, uh, which then or the inventory actually what it does is one api call here makes two You know one to here and one to here and then it combines the data set into what the web front end is actually looking for So just kind of scallion reeves. Um, I think I kind of answered it But I think I kind of the answer do you have to expose a different port in the docker file? Or can you just publish it as a different host port? To which I answered I think the cli overrides the file itself Yeah, so so the expose the the expose itself is purely Like or to the best of my knowledge to expose something so you have to put it It actually doesn't have to do anything. It doesn't have to be there at all. It's purely as guidance for the consumer Um, so I can do Exactly. So I can give it any arbitrary port um, the the reason I Don't is the guidance for the user problem is so yes, I could on the command line change the port uh, and in fact I do um, but That's but basically that's the problem. We're we're talking about is that you know, it's more the the guidance to the user not so much the actual code that is required to uh, you know Be that way in a sense All right, so going back here um Moving on to the inventory. Um, so one thing that happens with the java build out Is just that this target directory gets created and um all the All the bits when it's compiled when the java stuff is compiled it lands in this directory called target So we're going to ignore that because it's the same, right? Or or it's not important To what's happening. We're just whenever we run that maven build It's going to create a target directory with a bunch of combined stuff um, I all 90 percent of the errors I run into our pet kek. Um, so The other thing I want to point out here is um The differences between Why? Oh, sorry. Uh, the other thing is um Another annoying factor which I probably could fix but I wasn't sure how to originally And this is kind of like another one of those examples is When I run a corkis app, I want to also have tests The thing is when I'm running the corkis app in podman Um, I had a chicken and egg problem basically I needed to build it and then build the container image and then I needed to run the container image before I could run the tests Um, because there was no other way to run it because I don't have java installed or for the sake of argument I don't have java installed on the the target build machine so I removed the tests Because there's not there wasn't a real clean way of getting around that problem without pretty serious rearchitecture So or at least the only ways I knew how to So maybe there may be somebody smarter than me knows a better way But uh, that was the problem I ran into and so that's why I removed the tests Um, you know generally a bad idea But you know, this is a consideration to take into account when you want to make an application that is Kind of multi deployable, right? Right and I'm waiting for a christian to call you bad again. Exactly. Um All right, so one thing I wanted to point out actually let me Back up. I'll I'll come to this in a second. Um So let's talk about the container file. First of all in the original in the in the uh, OpenShift version there is no container file because OpenShift has a cool tool called odo which will let you Create a quarkus application and a bunch of other platforms And just say here's the code buddy Go make a container out of it. Um, and so if you come over here You can actually see Uh, if I remember what I'm doing, um So this is the quarkus app and then Let me see how we want to do so view logs um In theory I'm just not sure if it goes back far enough to actually see what I'm looking for. Um, so Yeah, I don't know if we're going to be able to see it here but What's actually happening is it is actually creating a you know a docker file on the fly or a container file on the fly and then Putting all the bits into it and then compiling the java and then deploying the java code because it How java is laid out and most of the languages but how java is laid out and have the structure Of that deployment environment. Um, it can just automate that whole thing for you Unfortunately when we do it on kind of the command line with like podman we can't so we have to go manually create a container file Um And one thing I just wanted to leave in here and I'll call it out is I was mentioning that we use this h2 in ram database So I can't so one of the things a quarkus lets you do on like typical java Is that you can actually compile down to a native application? That's part of or one of the ways it gets so much speed um, and so But if I compile it to a native application h2 doesn't work, uh, because h2 Uh for whatever reason hasn't You know done enough with their code or you know, maybe it doesn't make sense or what they have they may have perfectly good reasons for not doing it But an h2 server Can't be compiled native it it even warned me. It said you can do this with the client, but you can't do it with the server um, so Uh, so that's why it's not compiled native instead. I'm using this other Horkus ism Which I think is actually a java ism now as well. Um, or maybe it was first but called an uber jar So, uh, if you do any java and for me, it's been a really long time, but I know it pretty well Um, you know normally when you launch an application you have to provide Uh, what's called the entire class path, which? Give some huge advantages because it means that you can for your application declare all the libraries you want to use The downside is you have to declare all the libraries you want to use Uh, so typically people do that with jars to try to wrap up some of those dependencies so that it makes um So it takes up like less so you have less command line essentially But then you can kind of go all the way to the other end of the spectrum and make what they call An uber jar an uber being from the german. Um, you know for super, uh, which basically says shove everything into this one jar so that I only have one File I need to like bounce around to wherever to make it go. Nice. Okay So that's what's going on here. Um, and then So I just create I mean it's a pretty basic, uh container file. Um, and then You know, so that's kind of it there Um, but I do want to talk about run it dot sh and the reason I want to talk about it is because What one would expect me to have done is to have put This directly in the container file right as an entry point or command And the reason I'm not Which I finally figured out um is because This container is actually based on a software collection So a software collection you're learning everything there is to know about uh rel and deployment and everything else Yeah, I'm kidding. Um, you see why I wasn't sure if we'd even get to compose. Um, but uh, you know software collection the the code is not installed in the same directory as it is Normally, so one of the things that sys admins in particular really like about linux um is that All the linux is at least within their own distro Follow very strict rules about where files land on the on the system um, and my running joke with an old friend of mine who's just admin is like Somewhat because at 3 a.m. When you need to replace open ssl you want to very blindly be able to type You know move open ssl to new directory and know with your fingers where that goes Without actually having to be fully awake um So that consistency has the problem of what if you want to have multiple versions of things? Okay, so two languages in particular Uh do a good job of solving that problem in the language itself. One is python and one is java um, so However, a few years ago like 10 now. No not 10. Um, let's say seven eight seven. Okay Uh, I'm just trying to remember because it's it's slightly less than I've been at red hat So I have to do it so I can do the math that way. Um but uh There was this concept to choose called a software collection Which through some magic trickery allowed you to have multiple versions of something not java not python Installed on the same system and then use it or choose it by application So it's super nice and advantageous and is actually superseded now by upstream So this is kind of the same goal as ab streams, but with a less invasive approach The problem is in order to use a software collection. You have to enable it first so What I wasn't doing when I was just calling this command Directly in the entry point is bash rc never runs So bash rc is what is actually doing the enablement of the software collection Which is then in turn um in Setting up java to actually be able to execute this command So long story short in the container file. I could go try to set up the uh software collection You know basically through a few different like double and commands Or I can shove it off into a shell script and then actually call the shell script Which has bash the bash commands are being run first then this shell script then uh off you go So that was a long story as I explained to chris before the show This uh had some interesting challenges in trying to make this work with podman But I think like I said, hopefully y'all are finding this a good learning exercise of like these are the kinds of differences in the real world that you might see between um, you know an open shift deployment and You know and like a podman deployment and how you could probably get around having to have so many differences Okay, so the last thing that I ran into is uh Maven and java builds in general Generate a lot of content. Um, yes that you don't want so and then kind of a related problem is um Docker when you do a docker build um, it actually tar balls The entire sub directory or tree under where you are Before the build starts So, oh, okay. If that is 20 gigs of content Which that could be easily be the case. Yeah, right So it does not tar ball only the things that you say add or copy it does everything um This is actually a big difference one of the things I really like about podman and build over docker So everyone always focuses on running. Um, you know the uh, what do we call it? That the difference of being podman lets you do rootless as well as um, not having a daemon running But one of the things I really like is that I don't have to go through this kind of machination to Not have monster build times when I have a really large, uh, you know, like website or something like that So this docker ignore file Conveniently has this star right at the beginning and then it says not on these few directories, right? So I spent a whole bunch of time and and also looked like an idiot on the internet asking questions Not able to figure out why I could not get this run it .sh to show up in my container turns out because This is the original and star covers run it pretty well So I had to explicitly call out that I want to include this now So if you're ever seeing, um I should have showed Uh Yeah, so uh for future reference, let's just look at This real quick, um Uh dot And let's say and then um actually less yeah build minus i No minus t uh temp Um and just dot right So if you're ever seeing this error right here Talk about driving me crazy because I'm like, okay. Maybe I typed the path wrong, you know something stupid or whatever Um, I think you know, I've run into problems with having sim link directories around and things like that. Um So I checked this path path looks good blah blah blah, you know, and then I'm like you literally are telling me It's it's there, but you decided not to use it So it took me a really long time to figure out that That's because I told podman not to use it right to to filter it out. Um So if you ever see that error, uh, that should be handy For you because uh, then maybe hopefully you won't run into this problem And you will not look like an idiot on the internet when you ask people why it doesn't work Um All right, so moving on In a head where did my there we go Let me just close all these Okay, so that was the inventory and then lastly we have our gateway here. Um, and Excuse me. Um One of the things that actually let me Let me start here. Um Yeah, okay. I did take this out. I thought I deleted it. Um Okay, so One thing that was Both, you know expected but also annoying was just that. Um The original author of this docker file Uh relied on defaults to get to the uh url or to the port numbers that it was looking for So by default If you don't set this environment variable it will use 8080 Again going back to that. I want to run it on different ports Oh actually to whoever's earlier question the reason I do need to specify different ports in here. Um, and Not in the docker file, but in different ports is because to run it in a pod That pod is all one network namespace As all one network namespace. I cannot change what port it's running on and what I wanted to do is at least Even if I didn't have the exact same files between open shift and podman I could have the exact same files between running four containers and running One pod with three containers and then another container So in if I want to run all those things in one pod, they all have to be on different ports That was the genesis of that. I had forgotten. Okay, so long story short, uh, there is a um Environment variable you can set in dot net that will let you change what port it listens on and it's called ask You know ASP net core underscore you URLs and it will go and use that other port Yes, did you have another comment? No, I just said nice. Yeah, so uh, so yeah So ignore the fact that program.cs is different. That's a mistake on my part. I just I commented out the line and forgot to delete it So what I thought was particularly funny about this is that the least problematic of these pretty much was the dot net one Of course. Yeah, which I just kind of thought was amusing. Um, and then finally we get to the uh, no j s app So the no j s one. Let's start with the container file Had the initial same problem as what was it quirkus? Um, which is that the Um, there oops, uh, there is no container file in the original um Because no j s is like a near and dear to uh to open shifts heart platform um So I had to go and get a container. Excuse me for a sec So I had to go and get a container or a base image that I could use for this I ran into the same problems of Which user am I and then uh, kind of switching back and forth In this one, I'm not using the multi-stage build. So I have to switch back to user default Once I do basically I just do a chone to make the ownership right um Because in no j s unlike in go for example, uh, everything's not compiled in so I have to uh go and Also change the ownership of all the libraries to make sure that it can access them But if you notice even though I'm root, I'm not doing a global npm install I'm doing a local one so that everything will be under whatever it is dot npm But it's all in the same directory as the code base so that it'll just work um, so Moving on from that so but then I run into the same problem again as the With the software collection because no j s is actually delivering as a software collection Which then I need to use my fancy fancy run it To be able to do the scl enable and then in the npm start And this obviously, you know, if you're familiar with no j s there's like 87 different versions of this command Um, I just chose this one because I like it. Um, but no dot would also work. Um, you know, so yeah mileage very very Okay, so that was the run it there the thing that got I thought a little annoying here was Uh, let's see if I can show this. Um, so this one was another kind of dry problem. Um, can I see how do I I would just like to ask you to time check yourself Yes, I was just noticing that as well. Um, I'm almost done though. So yeah I get it Let's see. Let me open this differently. Um, oops Oh my goodness, uh What was it Slash Original and then okay, what I wanted to point out here is There's a configuration here that it's using. Um to get the uh, basically Where that gateway service is being hosted. Um, but then it It does some cheating by because this is all client side. Um So it's actually using the javascript location dot host to find out what the server is and then it's inserting Um, the generated by open shift service name. So if you look Uh here um So if you go To this And if I click on it correctly, um So what it's doing is it's doing, um Oops wrong window, uh, it's doing location host replace here, right? So it's grabbing This And because that's location dot host, right and then it's injecting the name of the service So the gateway service in front of it and then it's adding api products to the end of it to get to the api Um, and the api if you see here is here Um, and if you do the test it here, so this is actually running in vertex, but whatever it's the same code I mean, it's the same result. So if you notice this url, right? So it's the uh, you know location dot host with gateway and stuff injected the front and the api product. So, um Speaking of not dry I was I was not I was not thrilled with that. So, um But this is the kind of thing you have to go and dig through is that now With a locally running set of containers you don't get any of these advantages of generated routes Generated services or whatever they give you pointers at things all you get basically is a port in an ip address um Yeah, like a port in an ip address. So if you look at If you can get out of vi um so if we What was it, uh, and then we look at the web node j s Um, and then we do essentially the same file. I had to change it to hack in Um, you know, basically I tried to go kind of as trivial as possible But I created the api endpoint and I changed it to be Um, something I pass in on the environment variable command line um So if I look at this I have to pass in right an ip address Mind you because I'm on fedora. Um, and I think most of the linux is now I have to go and hack out and figure out what my ip address is right because there's no Nice eth zero anymore. Um, so I have to figure out what my ip address is I have to know what port is going to be on and then I have to supply that into the container Um, so that's a huge pain in the neck. Um But suffice to say I make this choice here by or make this fix here by basically using the environment variable that I'm now passing in on my launch command So, I don't know. Hopefully this was interesting. I thought it was really interesting Um about because I don't know that I've ever really I don't know that I've ever gone from open shift to podman. Um, and uh, you know, but I think we've on the show We've done podman to open shift. Uh, so I thought it was an interesting set of differences That was it. I think cool Uh, let me just find the right Hope You can do it Okay, so and then I created a couple of shell scripts to to launch it just to make my life a little easier. Um, Those aren't super interesting. Um Yeah, we have two different versions, but um, so but they just kind of launched the container. Um, I thought about using like even a function in there to try to clean that up But let's talk about points real quick before we are officially out of time. Yes And then we can figure out if we want to move on to compose or like I said, I wasn't sure how long this is going to take I thought it was a useful exercise. Um, but we can always cover compose soon instead Um, yeah, what's the let's do points and see what we got. Alrighty. Um Now we just have to find that window All right, so here are the points For uh, this time So we have norenda up at 4800 and in netherlands hackham at 4700 Uh, both no affriction and joe fuzz have had no movement in a couple of weeks. So I'm a little afraid. Where have they been? Um, are they on vacation? Um, and if they're on vacation, why wouldn't they be watching the show? Uh, so But we uh, detective Conan kudo steadily moving upward uh bacon fork also steadily moving upward. Um, and there's the codes for This episode. Um, and if I can find the correct window, I can paste them into the chat Um rap scallion reese has never seen sweet sweet internet points apparently. Oh, well, so sweet sweet internet points are, uh, awesome sauce Um, but I'm not biased or anything. Um I'm uh, here it is. Uh, let me just throw this in. Okay, so Yeah, usually I intro the more don't I so As part of the show and part of the kind of level up or whatever. Um, we Try to Give out points for people doing stuff. Uh, so that we can um, you know, have a little fun with watching the show or submitting issues on the repo or um, you know for Uh, let's see what else we have joining our discord and you know, a bunch of different activities So if you go actually to the activities page, um Which not sure which uh branch I'm on but um So the activities which I will throw in the chat as well You know, so we give out points and uh, then every episode we talk about who's in the lead and how they're doing and you know And uh, there's also um, you know, what I refer to as risers I don't know if there's a different better term for that But um, basically if you watch a certain number of episodes you get a big bump in points Um, and so but you don't always know where that is Um, you know, if you do certain kinds of activities you get, you know more points and less points Uh, so if you go and enter that form, uh, then you will get um, you know, you'll get your your initial points And one of the things I wanted to call out for this episode normally We do the leaderboard and then we sometimes we'll do like newcomers. So people who've just gotten new points But what I wanted to point out even though my tab broke and now i'm annoyed. Um Is uh, we have a couple of open comers. We have some people who are now in the 500 400, uh, point range mroche, uh, and what did we decide that was michelow? And michelow and mroche, I think we're both featured in prior episodes as new people to the show Um, um para I can't remember if they were I thought it was imporam But those am at the end of that username Oh, I could have done bad copy paste. So if there is that's entirely my apologies. Um So but long story short, uh The uh, you know, I'm really glad to see that somebody we featured as newcomers You know are still with the show and are steadily collecting more points. Um, so rapscallion, uh, we look forward to you collecting your points for the next episode And uh, yeah, and right now they only have intrinsic value Our goal now for now our goal is to have them have extrinsic value And uh, you know, and we are assured that it will be any day now. We are mostly just waiting for t's and c's But then we will also be able to give out maybe some um Whatever you call it, uh, like, uh, you know access to the red hat cool store for some swag around the show You know, etc. Uh, so we we really look forward to you participating. So We didn't cover what we were supposed to do today. Um, I thought it was a really valuable exercise So I'm sorry if people were just coming here for compose Um, but I will reschedule compose and we will do it in a future episode. I promise Um, you know, it unfortunately it won't be for a few weeks because as I said before we already have a scheduled guest Talking about ubi scott mccarty next week. Then we have, uh, chris rite and kelsey hightower talking about the future of kubernetes and summit and kube con the week after that um, and Uh, bad debt mask. I'm sorry, but you should just, you know, watch it during your meeting. Um, you know, just wait for the Actually pull it up and put it on the projector. Right. Right. Just have everybody watch it And uh, you know, we will we will happily entertain if you want we can uh, we can have more We can have just a set of slides that just continuously run on the side Uh, to make it feel like it's a it's a meeting with boring slides. Um um so Uh, norenda was expecting some live debugging. Um, yeah, I didn't I didn't quite get that far. That's what I was going to do with the compose part. Um, the uh, You know, but it does, you know, like I said, I posted it in the Get repo. Um, you know this part of it And I want to get to the next part of it and we will be doing live debugging for that definitely Uh with the uh, trying to make this work and compose I don't know. It's kind of where I'm at. Uh, I don't Chris. How do you feel? What do you what do you think we should uh, I mean, I say Can you do compose in 10 minutes? Maybe but I doubt it. Okay, so let's not do it right now. Let's Yeah, but when I will point out, let me let me do one quick thing if you're interested in compose. Um, which So I did not oh, I forgot I made a nice little, uh, directory over here. Um So this is not in, um the repo because I'll literally show you this vagrant file. Um, So didn't seem valuable. Um But what I wanted to show was If you do, um, and I need to fix this one of these days, but Yeah, um Yeah, all right. So if you do Uh Let me just just oh, I can just do it this way. So All I did to get docker compose was dnf install podman and then Because I wanted to ensure the weak dependencies would come out correctly so one of the newer things about rpm is that um You now have more sophisticated dependency relationships than just it depends on this Excuse me. So in other words, um Although I guess this has kind of been around for a while, but Docker compose is going to look for a container engine when it tries to install In order to ensure that the container engine it looks for is podman without knowing the ins and outs of how that rpm works Um, I installed podman and then as a software operation. I installed docker compose um And if I had been smarter, I would have shown uh the basically the rpm install podman the wrapper. Yes, um No, but I I want to point out to people The person that's doing data on kubernetes is actually a very talented rapper like on the side So yeah, when they do shows like this, they come up with a rap afterwards to market them I think it's pretty genius and like who is this? This is uh bart ferrell Uh, I don't know how to say his last name, but oh that's hilarious. Yeah So like he's been around the kubernetes sphere. He just became an ambassador yesterday So it's pretty cool to like welcome him into the community and everything Of ambassadors, but he's been doing stuff on the outside and it's been bart ferrell. Yeah Um He should just he should just put in quotes in his middle. It's his middle name is podman Right, you know, like his his nickname the Speaking of rap battles. Uh yesterday I came across. Um, if you don't mind some questionable language, uh biggie smalls Uh doing a rap battle on the street in brooklyn when he was 17. Yeah. Oh my god. Yeah amazing. Yeah, um so Okay, but long story short. So I'd sell docker compose but what I want to point out is I don't have mobi I don't have docker You know, uh, so So it is using podman like that that fulfilled the requirement for docker compose. So that was kind of like what I wanted to point out And I was kind of playing around with this might just work Because it might um So we could just see It's upright Where's it start dude? I don't know I don't I try to stay away from things to start with the word docker That's uh, oh, I thought I could do minus f Those Yeah, let me just rename it. Uh move compose to docker compose Yeah, well So I used to use docker compose back in the day like, you know a while back all the time. Um, but it's been a while Um, so that looks promising Okay, so Yeah, you're five minutes into your 10 Right, right. Uh, but at least we're satisfying, uh norendes. Yeah, um Let me just make sure I can actually see the internet In this box. Yeah, okay. Yep. So that's not the problem high version So, yeah, so I found no such problem The thing that I was a little confused about when I was looking into this the other day was uh, or yesterday or whatever, um was One of the veins of my existence or anybody else who's uh used uh docker on um At least fedora and rel and kind of its derivatives. Um is that There's a there's a socket which because it's linux, right is a is a file called docker.sock that is owned incorrectly if okay, so So backing up a little bit. So docker when you run it is always running as root You don't feel like it's running as a root because normally when it tells you how to set it up it says Okay, put yourself in the docker group The docker group has the ability to run containers using the docker uh daemon Which is in fact running as root The thing is is that if you're in the docker group the ownership on Var run docker sock, which is where the socket lives that docker uses for its api communication is owned by the wrong user Actually, it's owned by the wrong group. So it's root colon root rather than root colon docker So as a result if you put yourself in the docker group, it doesn't work Um, so the only way to do it is to run docker as like with sudo, which I don't like doing Um partially because I didn't realize when I first started using docker that it was always running as root anyway Um, but now it's kind of like habit. Um But so what you had to do was if you chone the docker sock to be owned by Uh root colon docker and then you're in the docker group. It works. So What I'm a little confused about is pod man as far as I can tell Is not putting a docker dot sock in the directory and I would assume That docker compose is accessing it through that and this is why I wonder if that's why we're getting this error here. Um Because it's a no such file, right? Um, so I suspect that This this is the biggest hurdle is figuring out How to make compose? Realize that it's using pod man in a sense. Um, so that's the uh, that's the the first double-ing point My suspicion is is that once we get over that hurdle everything will just work. Um, it's just this kind of and this is A dumb setup thing not a not an important thing in a sense So I was hoping or what I was expecting is that we could either figure that out during the show today Or we'll figure it out when we reschedule um to do docker compose as pod man, uh for some future show Cool. Does that make sense? Yeah, no it makes sense to me. Um I'm assuming there's no more questions from the audience because things have gone into uh food talk. Um, so yeah the So yeah, there is a question about an opa t-shirt. I am not wearing an opa t-shirt. I am wearing a rel 8 t-shirt I'm shouting out to opa today because uh, the pod security policy deprecation blog post went live yesterday. So Just reminding folks that psps are going away. Um, go to the kubernetes blog to find out. But yeah the The uh, the concerns that I had are about like folks that are starting to use psps right now Are addressed in that article, right? Like stay close to the core set of psps and try not to deviate with too much wildness And you'll be okay in the future as the community develops a new Solution for psp and there's also many alternatives as well including opa Is it worth expanding what psps? pod security policy A pod security policy will basically say this software can only do this And this is connect to a database Connect to an outside resource some s3 bucket whatever talk to other stuff inside the cluster But basically is to prevent people from designing Bad software because when bad software breaks it breaks in unexpected ways. So it's targeted at me. Is that what you're saying? well And essentially right like think of it as oh somebody's gotten into this container somehow But they can't break out because the policy for the container is set in such a way that it kind of isolates it to just what they Allow that pod or namespace to see right? So the sc linux for kubernetes Yeah, that basically bad net mask is right here, right like sc linux for pods. Essentially. Yeah. Oh, yeah There you go. Look he said it for it or day. Sorry um So pod man does not require socket for communication because it works on fork exec model question mark like pod man buying Well, that's what I wonder so contain what child process. Yeah, what pod man v3? Yeah, so it does do a fork exec but pod man v3 What it one of the things that it does so the way docker compose and a lot of other things that wrapped up around the docker Ecosystem work is that there's a rest api that docker exposes the docker daemon exposes That is then called by I don't know if the actual docker client uses it or not But all these other things like docker compose for example But right because docker compose wasn't originally developed by docker It was developed by a third party who I can't remember the name of but I think was a guy who just built it for fun And so it calls the rest api pod man v3 its big bring to the table is support for that docker rest api In the vast majority apparently there are a few things in the in the api that it does not Support because it's kind of antithetical to how pod man works Oh, I wonder if that's what it is Uh, because when Brent was on the show the other day He said that docker compose requires root. Yes So I wonder if it's just I need to sudo do it as root now. Nope. Okay So I stopped sharing but I got the exact same error. Uh, but I threw sudo in front of it. Um, oh well okay, so There's there's something like I said, there's some set upy thing that's dumb that I'm not doing correctly Um, and I will I would rather not debug that on the show because it's boring as far as I'm concerned I'd rather just tell you how to set it up and then we can go and have a grand old time Sorry, I was reading the comments And then we can have a grand old time actually debugging getting the cool store working and compose And that that I think would be a lot more interesting episode. So That's where I'm kind of at and I think we should kind of wrap it up today and We'll revisit it in a future episode. Yeah, so coming up next on the channel folks Uh, it's the one and only Andrew Sullivan and and myself and we have a special guest today We'll be going over the various Open shift installation methods, you know, we kind of went through them all last year But there's more But wait, there's more Um, so stick around for that. That's at 11 a.m. Eastern 1500 utc and then In this getting progressively easier, right, which is really really the part that I care about And then open shift commons briefing. We'll have get live on today Talking about dev ops. So that's going to be a good one and then wrapping up today at an odd time because the guest has a meeting prior 215 today eastern We will do red hat enterprise linux presents. We're going to be talking about application streams. So that's kind of You know tying into what we're talking about sometimes on this show. Um, So, yeah, it's going to be a great day for the channel and stick around Appreciate y'all cool, um Yeah, I like abstracts a lot in case you're interested. That's I think 1915 utc. Um, so Yeah 1850 1850 I can't remember. Have we done the time zone switch? They did the st last week, I think. Yeah, okay. Um, so we're Yeah, uh, so we're four hours off instead of five. Um Cool. Yeah, uh, I don't know. I may I may try to be around for the uh, the rel show I know I have a prior meeting as well. Um, but uh, we hopefully hopefully I'll be able to make it Cool. All right. Well, thank you everybody for watching. Thank you for tuning in and don't be a stranger. Also Uh, before I forget, uh Red Hat Summit is coming and right. I haven't heard red hat summit is going to be a three-part event and uh, very little cost Like this much like this much. Yes. Uh, yeah, three weeks give or take. Um, Yeah, a little three weeks ish. Yeah the last week of the month, right? Yeah, but yeah, so definitely look into that sign up get your team to sign up whatever they need to do. Uh, check it out and uh See what you can learn Without any further ado, I will sign off for the day. Thank you all for watching. Well for the moment You'll be for the moment not for the day for the for the for the illustrious one. Yes. Yes. Yeah All right. Thank you everybody. Stay safe out there