Ask an OpenShift Admin (Ep 34): OpenShift 4.8 for Administrators

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Music] so [Music] so [Music] good morning good afternoon good evening wherever you're hailing from welcome to another episode of ask an open shift admin i am chris short uh executive producer host with the most whatever you want to call me i am the thing that runs the openshift tv uh product project whatever you want to call it um it is an awesome thing and i am joined by the wonderful andrew sullivan and uh andrew what are we talking about today buddy i feel like there's some cool things coming out what wonderful andrew sullivan i uh apparently i i forgot to put your check in the mail there yeah no you you are quite wonderful so i i can tell it's been one of those days when you like as you're introducing yourself you're you're pausing and doing an um like you're just it's been one of those days it's a wednesday right it like it's been a week let's just put it like that hey it's i was on pto last week so apologies for anybody who's expecting a live stream last week last wednesday at this time i was on pto enjoying some some relaxation sometime before which you fully deserve yeah thank you uh but yeah it was um my my kids so we do year round school uh here i'm just outside of raleigh uh north carolina so we do year round school so my kids basically had the week of like the last week of june and then the the first half of last week off right and that was when they rolled between grades so my oldest is now in eighth grade and it's also i never understood the whole three around school thing in raleigh so yeah anyways it's a little different i like the year round but so yeah and then they're back in the classroom which is super weird you and i were talking about this before we started right yeah like this is the first time i've been in an empty house for a stream in 18 months like since before we started streaming wow so yeah no kidding uh yeah like wasn't it wasn't it a phone call between you and chris like started all this nonsense like at the beginning of the the now times i guess yeah we we were we were talking about um you know how how do we in the time of you know everything being cancelled this was last march yeah it was right as everything was being canceled and all of that you know how can we continue to connect with folks how can we and my thought was you know if we're not going to do conferences how do we offer people the ability to have that same sort of experience of i'm going to walk into a booth i'm going to find somebody and i have a question i want to ask and those questions you know as you and i both we've worked hundreds of booths for you know probably thousands of hours at this point yeah those questions can be anything from i have the support case can you help me with the support case to like what does this mean how does this work or what's your opinion on this or hey did you hear that your competitor did this right and so how do we offer that same experience um and it just so happened that my son was asking about uh he wanted to be a youtuber and a twitch streamer at the time and that i i brought it up with uh with our manager right with chris and and he he ran with it and it turned into uh what you all have today yeah so i was i was just talking to langdon about it right like look at how far we've come kind of thing it was it was pretty pretty awesome to like look back i wish i would have done a better job of like documenting some of those historical things right because there have been some like step ups right like we have what we call graduated shows now and yeah you know the whole nine yards like this would have made a great like story or something and at some point we will have a how do we do things here uh on openshift tv but that's not the point of this show yeah and today you know me i've advocated for that for that show of the yeah you know the uh behind the scenes a day in the life of chris short um which is not i need to get like a drone or something just floating over my head at all times all right so i i know we've kind of uh dilly-dallied and and small talked here for a couple of minutes so circling back around to your original question uh so i'm one i'm doing great and two uh as the title of the show indicates we are talking about openshift 4.8 yeah and specifically because this is the ask an openshift admin live stream that means that we are going to be focused on sort of the administrator-centric or things that are relevant for administrators uh so gotta talk to our ops folks y'all yeah and so it's funny because you're just the dev with the openshift cluster credentials right [Laughter] which might be a little scary yeah um so originally this show was scheduled to be after the 4.8 g day uh so late yeah yeah so very late in the process they found an issue which caused them to delay out the 4.8 4.8 ga yeah uh so we're pressing ahead um you'll see i'm going to show a cluster in a few minutes uh it says 4.8.0 it doesn't say rc or anything like that anybody can go and get those bits and you can look at it but it is not officially ga yet so so i know let me flash the yeah what we're talking about is in the future even though it might only be a couple weeks away yeah so i i want and the reason why i'm saying this is because you know uh two weeks ago we had the what's new in 4.8 live stream right where product management went through all of this and that's kind of the basis for this show um you know a week after that so last week we had all of the pr go out so if you were looking at redhat.com or openshift.com right or um whatever the news release thing that we have is right yeah yeah yeah you saw all of the announcements we've had a bunch of social media about it and all this other stuff so it's i would understand if you thought that it was already generally available uh it is not um but it will be very very soon yes so we understand your confusion we understand you know there there is a lot of content that is out there about 48 and it's not out yet we get that yep and there will be more yeah so yes as we as we go to ga you will see a huge number of blog posts drop over a very short period of time talking about individual features and capabilities and lots of other stuff inside of there so it's turned from what was going to be like a two-week thing into well several weeks longer than that but just be aware not ga yet will bga soon sorry for the confusion yep okay first question to jor okay i want to configure thanos object store config and receivers is that possible on ocp48 yes yes it is i think it's possible right now on a four seven is it front yeah yeah so and an acm will automatically do that um as will if you enable uh so if you enable the user project or or user uh uh namespace user application monitoring i'm trying to think of the right word here that'll automatically deploy yeah so that'll automatically deploy all of the thanos components so that it can query both instances of prometheus so if you aren't aware in the default configuration right when you install out of the box openshift it has the kind of core system prometheus right so there's a prometheus instance that scrapes and collects and displays back all of the metrics and all the information about openshift itself but it doesn't deploy and you cannot use that prometheus for user workload monitoring for your applications so there's a config file an operator you go in and you say turn it on it will deploy a whole second instance of prometheus and then configure thanos and all those things so that you can query across both of those at the same time user workload monitoring yes thank you yes whoever said that thank you sorry uh so yeah just yes it's possible you can also deploy and uh if you're using acm acm will aggregate all of that information up as well using thanos so that way you can query across all of those instances and you can deploy it manually of course we talked about that in the uh uh monitoring episode which was oh three episodes ago yeah something like that i'll dig up the link and it'll definitely be in the uh show notes yes if you're not familiar with this show go ahead yeah um let's see find the right where's the right window uh you are the right window yes that's the right window uh so speaking of which just uh just to show you an example this is openshift.com blog you'll see that after every episode that we do uh so the following friday morning we will publish a blog post that has a link to the stream as well as we go through and we cover all of the things that we talked about with links directly to those so you know here this is the authentication authorization show right hey did you know you can assign permissions before the user account exists and you click that link and it jumps to precisely where we're talking about that so keep an eye on openshift.com blog for all of those you can also as a little cheats they all get lumped into this openshift.tv category so if you look at that category at that tag up here nice you can see all of those blog posts and i'll not realize that alex had a whole tag for us yeah so i'll put a link to that in the chat but yeah you can see all of these you can see it's mostly mine but there's a few others in there here's uh one of christian's get ops guy to the galaxies uh so here's the one that uh you and chris morgan did on the the launch of opening a year yeah yeah yeah so yeah a little cheat if you're looking for all the blog posts that come out of these uh these live streams nice uh so i need to make that the blog a landing point as opposed to but anyways go ahead so um kind of moving on with our you know in tradition for this show uh so the ask an openshift admin office hour is an office hour show uh what that means is that we are here to answer your questions this is meant to be quite literally an ask us anything type of show whatever it is that is top of your mind you are more than welcome to ask us in chat and we will address that to the best of our ability and that may mean that today right now right here we'll we'll say well we think it's this but we're not sure um or sometimes we've also outright said i don't know we'll have to give you on that one and yeah we'll we'll chase down those answers and we'll put them either in the blog post or we'll have a follow-up we'll talk about it in a follow-up episode as well so it doesn't matter what's on your minds feel free to ask away in the chat whatever platform you're watching on it gets rebroadcast to all of the others so we'll be sure to pick that up uh and we're happy to answer that in the absence of those questions or in addition to those questions we also have a topic that we like to talk about right i said before today we're talking about 4.8 and i also have it's not really a segment or anything like that i also like to talk about at the beginning of each episode kind of the things that are top of mind for me uh so things that have come up in the last week or two right however long it's been since the last stream that i see as either recurring issues potential issues or information right things that are pertinent to you all as open shift administrators uh so with that in mind the first one of those that i want to talk about uh let me find my cheat sheet here uh oh open shift on arm yeah so i am so stoked for this yeah so if we look um right here openshift on arm developer preview uh so absolutely today you can go to uh and actually i'll i'll bring it up we can go to cloud.redhead.com openshift we can click on create cluster here and down at the bottom we have this aws arm so if you have arm-based workloads arm-based applications uh you want to start trying those out in aws there you go you deploy a fully arm-based open shift cluster so that makes the fourth architecture can't wait until this is like ga across the board right like there's so much stuff you can do with arm that is just possible because of arms like low energy footprint low you know resource utilization that kind of thing and it's just an amazing platform and like i love arm more than probably any other processor architecture out there i know that sounds like a weird thing to love but i am a nerd at heart so yeah um when when i think it was cloudflare they had a rack of their intel servers and a rack of uh new armbase servers that they were testing out and they put one of those like power meters in line for the rack and it was like a third of the power being consumed yeah but twice the compute power i think is what they said it's like this is insane yeah it's um you know as somebody who uses and you know an m1 mac everyday you know that's m1 my daily driver it's shockingly fast at everything it does yeah uh so before anybody asks uh so this is specifically you know arm on amazon right it is not raspberry pi it is you're not gonna be able to apple silicon right yeah it's it's not going to run on an m1 it's not going to run on an arm our arm is or not arm pies because that arm architecture is actually different than the gravitron or graviton i don't know but whatever also doesn't have enough resources so even the yeah even the largest the biggest pi 4 with pcie on it whatever you want to do still not strong enough to run fcd so yeah it's it has been asked about and inquired about many times internally um but no unfortunately uh or fortunately depending on your perspective no no open shift on raspberry pi today um today now so yeah definitely interesting if you are running those rmark loads if you're interested in the low energy um i think they're also slightly cheaper instances inside they are way cheaper yeah okay i don't keep up with aws pricing i just i have an engineering account so i just i use aws and i don't know you are one of those lucky few i guess uh you have what we call cloud privilege um yeah yeah very much so it's when i used to work for a storage vendor and people would ask me i'd go visit customers oh how much does it cost for you know model x well i i don't know it's all free to me i just put in a request and it shows up so yeah i definitely have that uh that issue uh anyways so moving on so openshift arm definitely a thing check out the blog post they walk you through how to get started how to use all of that stuff uh including down here at the bottom you see list of known issues check out the readme and the openshift on arm issue tracker so it is tech preview or dev preview i don't remember which but either one means that it is not supported today but that doesn't mean that you can't open issues and stuff like that so you see we have this if i click on that it goes to ocp on arm you can absolutely open issues inside of here if you have problems and engineering it's best best effort type thing right they'll do their best to help but it is not an officially supported offering right so the next thing that i wanted to talk about oh we actually i already kind of touched on this um by showing you this interface uh so i very rarely go to cloud.redhead.com just like the base level like yeah you and i were talking about this we normally like have multiple layers of depth that we dive into first yeah so if you haven't been here in a while like i hadn't it's been redesigned a little bit and specifically if we go into the openshift tab here there's a lot of really cool stuff that's happening one of my favorites here is this downloads tab so now i can click you know basically in one link i have you know quick links to all of the downloads so here's the oc interface there's odo here's open shift install right direct links to all of those things as well as your pulse secret down here so i find this much easier you know previously you'd have to go to clusters and then you'd have to go to create cluster and then you'd have to go to like oh i want to deploy to rev and now i want to do ipi and oh here now finally i can get the installer so clicking on that downloads link much much easier the other thing that i really like is this releases tab this in my opinion is amazing right it tells you precisely what are the available releases right now and what their life cycle stage is so i can see right now openshift 4.5.41 is the current release it is currently under maintenance support um note that when 4.8 goes ga 4.5 will go into end of life it will no longer be supported so i find this to be you know really helpful for helping me gauge what's the current release which one should i be on so here this one is that one's all five four five forty one but you see here how we have multiple releases depending on which stage it's in so stable and eus are the same candidate which remember candidate is not a supported channel uh candidates that's 4.6.39 fast as 4.6.38 so on and so forth uh so check out cloud.redhead.com openshift if you haven't recently uh you can see all kinds of stuff inside of here some new features and functions go check it out yep if you haven't um yeah yeah and i don't have this is my developer account i don't have anything associated with it but if you haven't seen all the subscription information in here and chris our team has a monthly meeting with the ux team and they showed us some of this stuff around yeah making it easier to see both individual and your aggregated subscription consumption all through this interface so yeah very very cool stuff that they're doing inside of here yeah it's they've they our ux and ui team are making a very conscious effort to make this better right like they check with us before they release features right like that is something i've never experienced at a company before i think it's wonderful that we do that yeah um yeah and um and to their credit they they take everything that we say very seriously and like i give them every opportunity of like no andrew's full of crap andrew doesn't know what he's talking about you shouldn't listen to andrew and they they do take us very seriously so i i appreciate that like we are users of the product as well so it's good that they get our input um so while i'm on the subject here of releases so you'll see out here that 4.5.41 is the current 4.5 release if you have updated to 4.5.41 you may have noticed that there is not an update path to 4.6 so essentially they found an issue with coreos versioning that made it incompatible so when so you see 4.6.38 so if you're on the fast channel 4.6.38 is an eligible update target and then later on it'll either be late this week or early next week 4.6.38 will move into stable and then you'll have a stable update path which comes basically a week to two weeks hopefully before 4.8 goes ga and 4.5 is out of support so if you're up you know keeping your 4.5 cluster right at the edge of those 4.5 updates um just be aware that there's going to be a a relatively short window where you'll need to update from 4.5 to 4.6 to keep fully within that uh support guideline um let's see oh what's next on my list oh this is a fun one uh so i i don't know why i was doing this i was searching for something inside of access.redhat.com inside the kcs and i found this one and this one is super exciting to me uh yeah the title alone is like super exciting please share the link yeah so i just posted it into the twitch chat so this kcs article effectively consolidates as the name implies a whole bunch of other kcs articles into one place so that is what i've been needing my whole life yeah like oh you're having trouble you know my upi installation isn't going the way that i wanted to i don't know what's happening and like here here's an entire you know article about it all the different things you can check and look at and test and you know here you're having trouble with openshift sdn okay what are some things that i need to figure out inside of openshift sdn so yeah uh wow okay i don't know i don't know how we promote this one better inside of the kcs system but this kcs is is pretty awesome it's dope yeah i need that i'm logging in to get it saved mark that one now yeah for some reason some of my extensions just went away all of a sudden that's really weird um yeah you didn't need those yeah apparently not it's the bookmarking one's still there so that's what matters the most um yeah red hat docs save all right uh so that's all i've got for this week um yeah for the the top of mind so let's move on to 4.8 as i said um a couple of times now florida a is not yet ga again you would be forgiven for thinking otherwise with all the noise we've made about it but it will be ga very very soon um all things uh assuming all things continue to go well right so the first thing that i want to talk about here is uh well actually there's a couple of precursor things so one remember we did a stream on openshift 4.8 just a couple of weeks ago so i'm going to go to youtube.com and i want to go to you know off the base youtube youtube.com and i want to go to our h open shift is the channel name yep or username actually there we go yeah so if you go to videos and then if you go to uh uploads and you go to past live streams it's a simple way to see all of the stuff that we have here on uh openshift tv yeah and if we look back somewhere inside of here authentication authorization real workstation uh maybe it was two weeks ago it must have been because i was on pto last week yep here here's the what's new there it is yeah so yep here's our what's new stream i'll paste that into the chat here just a link to the whole what's new web page earlier so yeah um so yeah we we talked about a lot of this already uh you know maybe in slightly less detail with the product management team as well as at that link that chris just posted we have all of the slides so you can see the slideshare that has all of those et cetera that slide deck has over 2500 views so far last i checked it has useful information in there apparently so one of the first things that i wanted to talk about in the 4.08 release is that core os is now based on rel 8.4 okay so a little known fact so first of all this page is open to the world so this is the ci system that openshift uses so you can come to this release status page and you can see kind of the status of all of the different releases and what's going on with them and like you see here's all the rcs right here's all the 4.7s and so on and so forth and i can click on one of these so here's 4.8 and i can see all of the different information about it this one's going to be relatively quiet because it's not substantially different from rc3 yeah and right i can get just a ton of information about what's going on inside of each one of these releases and this this is updated nightly with every one of the nightly releases so if you are aren't familiar uh anybody can go to [Music] cloud.red.com you can use the uh pre-release access inside of there you can get access you can see there's already 4.9 that's being pushed into the nightlys so the reason why i brought this one up is if we scroll all the way down here you can see underneath components red hat analyze enterprise linux core os and then it gives you this version string i don't know what happens if i click on that oh nothing i get a bad page strange resolve to be on the vpn i'm guessing that's an internal site yeah it must be oh that's privileged in the url yeah yeah so this release string or this name is meaningful so if we break it out the first two characters here so this 4 8 represents openshift 4.8 the next two characters are the the version of rel that it is based on so 8.4 and then the last string which you can probably see is a date string and you might rightly guess is the time that this was built from uh so a couple of interesting things here so let's go back to like 4.7 we'll go with 4 7 18. as soon as i click and this one doesn't have a core os update associated with it 4717 and i'm going to throw this in chat as the warning message that appears at the top of the page the site is part of the openshift continuous delivery pipeline neither the builds linked here nor the upgrade paths tested are officially supported so yes go pull down stuff from here and expect support yes this is informational so you can get context around things that are happening so here we see with 4.7 we see it's based on 8.3 and we can see the build date that happened here i can't click there we go so and then we have the bill date of june 3rd there so rail 8.4 so updated kernel updated drivers um i know there was a at least one account team that reached out to me about hey this network adapter driver isn't available until rel eight four or eight four i can get it added in earlier we want it in 4.6 um well no not easily but hey guess what it's there now yeah um so one thing to note i i have heard rumor that 4.7 may rebase to rel 8.4 at some point um in its future uh so just be aware if you happen to see this 47.84 in the future uh that means that it's rebased tyrell 84. nice so be aware and yeah and so that's important because uh remember it's the eus releases that will stay so openshift 4.6 is an eos so it will stay within the rel which i think is related to eus release channel so it wouldn't rebase as it goes forward whereas the other releases the non-us releases will keep up with what rel is doing uh so i'm not going to go into all of the different changes that have happened in rel84 and there's a lot of yeah yeah um so there's a huge changelog that's associated with that you can go and check out um all of the rel stuff and the rel coreos stuff that's related to that at a minimum be sure to check out the kernel version make sure that you're not going to encounter any issues there as well as if you're running openshift on bare metal you may have some important driver changes that are happening there too yes and a little nudge for insights here if you are using insights and you install a new version it will look for the new problems that you might have so that that's a little nudge to just turn on insights because maybe that kernel version doesn't quite work with your db or something crazy like that right like who knows so yeah always good to have that oversight they're getting better and better about that all of the time um and a little bit of uh good news here in two weeks three weeks uh we will have the insights folks uh here on the stream yeah um so what about all things yeah because insights for openshift is relatively new and i think it's uh as a consequence it's relatively unknown so it is not new to the rel and like ansible worlds i mean i remember talking about insights when i was on the ansible team so it's it's grown since i first touched it a lot yes very much so i i mean they have insights for rev now insights for openshift um you know rel has been two years two years at least now um so yeah uh we'll we'll get john spinks on um and we'll have a good time talking about openshift or insights for openshift and all of the cool stuff that that outputs yeah question here about the compliance operator will it get any love and 48.z specifically the oc plugin which makes it much more straightforward to read the reports that i don't know about yeah i don't know the answer to that either because keep in mind the operators are kind of built outside of the normal like release process so we would have to actually talk to the pm that is the compliance operator uh so our hope nine if there is something because i i'm not sure what you're referring to with the reports there right if you can send us an email um andrew.sullivan redhat.com with like details of what you're looking for there then we will hunt it down yeah happy to hunt that down uh bring in the product manager for that and then we can get good a good answer for you for that uh but yeah off the top of my head i i don't know the answer yeah i don't either uh i wish i did because compliance operator while it being a little new is near and dear to my heart um likewise yeah i'd like to make that easier for folks so yeah our hope nine please email and we'll figure it out yeah uh so the next thing i wanted to talk about is something that came up uh and where's where's that link coming in so openshift.com what's new so if we go to the slides here oh look at you using speaker deck i know we have it so if we jump ahead here so one of the early things that we talked about was sandbox containers yes and sandbox containers spawned a surprisingly large number of conversations internally yeah um and especially with confusion about sandbox containers which are based off of cata containers and openshift virtualization and we talked about if if if this isn't surprising to you because you do watch open shift tv religiously we talked about this on monday on the open shift common stream but it's good that we're talking about it now here as well yeah and i i don't know enough to go in depth probably you know anywhere near as much as what uh what they did on monday so if you are curious about far more than what andrew is getting ready to say definitely check out that stream on monday i'm gonna grab the link right now thank you uh so the core thing that i want to communicate here and basically say is sandbox containers which is kata containers and openshift virtualization are [Music] fundamentally the same but very different so what do i mean by that so sandbox containers uses a hypervisor kvm to provide isolation between container instances so it's effectively creating a very small virtual machine that is running the linux kernel and then running the container on top of that so it provides that strong isolation strong kernel level separation between containers it requires a physical server right bare metal server with the virtualization extensions available right all that other stuff basically until vt or pt pd whatever but you need to have the hardware virtualization extensions available yeah open shift virtualization is more like it's a real real it's a full virtual machine right so i am just like i would with you know virtual machine manager or lib verts on my rail host or with red hat virtualization right i'm going to go in and i'm going to use qmu to instantiate an entire linux or windows based virtual machine inside of there it has a whole operating system you know all of the things that go alongside of it a sandbox container is basically just a kernel for running you know an isolated kernel for running that container openshift virtualization is a full virtual machine they both require physical servers bare metal they both require virtualization extensions all that other stuff so very different use cases one is increased container isolation the other one is virtual machine hosting so hopefully that will eliminate some of the confusion uh please don't be afraid to uh yes thank you for posting that link adele which if you have good eyes you can see is the pm down here so adele can go into great amounts of detail if you have questions if there's still confusion please don't hesitate to reach out either here in the stream chat you can reach out via email andrew.sullivan redhat.com and we'll we'll be sure to address that um and i am hoping to have an entire show talking about this at some point in the future because it's pretty cool technology and there's definitely some interesting use cases associated with it uh let's see go back to my cheat sheet here um so api graduations uh this was a fun slide i'm going to switch over should be in here so api graduations vertical pod auto scaler is one that folks have been asking about for i don't know like five releases like it's so vertical pod auto scaler is the inverse of horizontal power scale so the vertical pod auto scaler or single one is harder than yeah and this is why it's now uh so if if you're not familiar horizontal pod auto scaler basically says you know there's uh i have six pods that are running that you know they're all the same say it's an apache pod and when they reach 80 utilization deploy some more instances of it right you've got a service or a load balancer in front of it it's automatically sending traffic to all of those things vertical pod auto scaler is take the running instances and change them so that they go from you know maybe one cpu or a thousand millicourse and two gigabytes of memory to 2000 millicourse and 2 gigabytes of memory and so it will adjust the size of those pods according to the observations that it makes so rather than increasing the quantity uh so what does this actually look like yeah uh let's see here good questions here we go uh so this is the uh the the pre-ga documentation i won't share the link to this um even though you can easily guess it if you can it does have a very it does have a password protection but as soon as 4.8 goes ga this will become fully available and it should look exactly like this so like many things in openshift it is deployed and managed as an operator so let's see here's my 4.8 cluster i'll i'll take a slight detour here and notice um if you haven't seen 48 before they've added in some convenience features like you're getting started it's a brand new cluster so here's some things that you need to do to get started with your cluster here's a link to the documentation and that goes to the uh day two configuration stuff so they've they've added a bunch of new stuff in in the gui to make this make life just easier so if we go to operators and operator hub and we do search for vertical we have this vertical pod auto scaler and i can hit install here and i'll just go with the defaults and we hit install interesting that the graphic is missing oh that is weird is that your browser doing that uh it could be it could be i don't know i don't know where those graphics even come from i think i thought they were part of the i think they're embedded in the csv yeah so i thought it shows what we know anyway so that's going through and doing its thing we'll move that over so i've installed the vertical pod auto scaler operator what we'll end up with is a couple of crds so let me change my screen share changing switching to guns i know i'm going to share a region of the screen you like to live dangerously only on occasion i'm just going to figure out how to change the size of it there we go the problem with doing this is it covers up the clock so i have a harder time seeing well it's my job when we're approaching time you got 19 minutes but we do we don't have anything at noon today so you can go over if you want bonus and your time you know there we go man using a mouse is hard sometimes using my hands is hard sometimes [Laughter] all right so let's switch back over here so our vertical pod auto scaler is now installed and the reason why i fiddled with the screen there is that i can easily bring this up so oc get node so we're connected to our uh cluster here which is running kubernetes 1.21.1 which means that we're running openshift 4.8 so literally just as you saw before i went to uh the the mirror i just pulled down the 4.8 binary and deployed using that remember that even though this says 4.8.0 it does not say rc or anything like that it is not a ga version uh so just keep that in mind yes um but you are welcome to there because you're successful but still future yeah i i suspect much like it was 4.7 um you know 4.8.1 will be the first ga version but if you want to go and test it out deploy a new 4.8 cluster pre-ga not supported uh test it out kick the tire so to speak uh by all means go go for it so let's do oc api resources and i want to grep without uh case sensitivity for vertical and you can see that we have these now vertical pod auto scaler uh crds inside of here nice i can do an oc get vpa and there are none in this particular namespace or any namespace for that matter and we also have the vertical pod autoscaler controller so if i do wait did it just complain that it wasn't in the default namespace and then tell you it's in the default namespace no it's um oh no the name space is the auto scaler the name is default i'm backwards sorry i have not had enough coffee today default dash in there you go and then we'll output that as yaml uh so what this does this controls the vertical pod auto scaler controller among other things specifies kind of the the bare minimum if you don't configure anything if you don't specify in your vertical pod auto scaler this is what it will do so let's switch back to the documentation for a moment now that i've covered that briefly to talk about some of these objects so first the vertical pod auto scaler can only work with a certain set of objects you know workload objects inside of openshift so deployment stateful set job daemon set replica set or replication controller if you're just creating you know plain pods you know oc create pod or or you you're defining specific pods it won't work with that it needs to be a deployment replica set whatever you happen to be using inside of there so second there are multiple modes that the operator or that the vertical pod auto scaler will work in so you can see auto and recreate initial and then off which provides only recommendations for the resource uh limits and requests initial as the name suggests we'll basically say when i when the pod is created i will set some initial values and then auto and recreate both will automatically apply recommendations so what that means is if your pod is a single point of failure rate when if it is set to auto it is going to say hey i need to bump up or bump down the resources associated with this pod it will terminate it and then recreate it with the new resource settings so if it is a single point of failure it is going to have some downtime hbas and vpas were there for a reason it is going to be a uh uh yeah it won't it won't go well uh one thing to note you cannot use the hpa and the vpa the horizontal pod autoscaler and the vertical pod auto scaler against the same resource set so it is oh really one or the other yep oh i didn't know that uh so yeah if you're doing you know the whole cloud native right blah blah blah you know if you already have you know 3 5 10 hundred whatever instances of the pot out there you're fine if it's a i have a deployment size of one um and it is a you know when that pod goes down so too does the service well that that will cause interruptions if you're using the vpa and it resizes those yes um so we can see oc get vpa we already looked at that there isn't one inside of there and then we can look at all of the different values that it's set inside of here so oops what i want to try and do here is uh i think i have an application i haven't tested this yet so it may go completely sideways yeah we'll see what happens uh so i do have a replication controller running inside of here but it's very simple yeah it is it's this is my um my andrew is not a developer um so this is my very simple app that just returns back like a simple json string so what i want to do is create a vpa for a deployment of basically the same app so i've got my vertical pod auto scaler defined here so it is going to so the target reference so what is it going to take action against a deployment that has the name simple deployment and i wanted to have the update policy of auto so let it do its thing right so let's first create that now if i get my oc get vpa and do a dash o yaml you can see that it is looking for our application with an update policy of auto oops so let's see what happens when we create our deployment so very simple deployment here as you can imagine by the name right all i want is three replicas uh and then we're just using this uh this application image down here so one thing to note and the reason why i already have an existing rc here so we see get pod so let's do a oc describe on one of these existing ones so you note that there is no there are no requests there are no limits defined here right if we look down here at the bottom uh our qos class is going to be set to best effort okay so let's create our deployment so we have our deployments here it's doing its thing we have our pods which are now running so now i want to do an oc describe on one of these pods and what we should see hopefully i think is well i thought we would see a set of resource limits and requests being associated with it provided false mode auto no pods matched no pods matched huh maybe i yeah simple deployment yeah i'll have to look at this is what i get for doing it without testing it right right um anyways what should have happened there and andrew apparently fat fingered it um it should yeah i'll figure out why in the interest of time and follow up in the blog post there you go uh but what what we expect it to do is essentially automatically assign the default values for requests and limits okay so that's why we looked at the so if we did the uh when we looked at this auto so it should have done why does it do that it should have assigned a minimum of 25 millicourse and 250 megabytes of memory to each one of those pods um why it didn't do that i don't know maybe it does it as an after action once it's deployed then it will take action so we'll i'll look at it here in just a second um but yeah i see 12 seconds so maybe it is restarting these slowly oh well yeah ah there we go so it did work it takes time yeah it just took it a little bit to actually take action against each one of those uh so yeah there we go um so it will automatically assign those resources over time it will adjust those according to what the real utilization is right and what it thinks it has there's a bunch of rules that go into this that are all in the documentation as well as i will link to this so inside of the kubernetes vertical pod auto scaler github repo there is more information than you probably ever want to know about it that's inside of here yeah so lots of good information there about how it works um including uh this proportional the the limits being proportional so basically it how it creates both limits and requests and keeps them in proportion to each other so that way you don't have one that's way out of whack so to speak keep them consistent right yeah yeah okay um so the next thing i wanted to talk about is oh uh the api request count uh this one i thought was really cool can you limit that now finally um i don't think you can lim i don't know if you can limit it or not um but the interesting part to me was that this will tell you if i can can i get it wide enough no there you go so we'll make it slightly smaller apologies if it's harder to read come on yeah there we go there we go so the interesting thing here is so it tells us how many times each api and the cluster is being used um maybe that's interesting i don't find that particularly interesting myself but this column is new and this column is telling us for example in 1.22 this ingresses.v1 beta1.extensionsapi is going away that means it's being taken out of beta and put into yes so mobility yes as and i strongly suspect i don't know for sure but i strongly suspect that as time goes on with our releases right so as you get as we get closer to 4.9 for example we'll start including more of these apis that will be deprecated as we know uh so that way you'll be able to look in the future and say oh um and i think the eos use case is a great one of these um you know hey i'm using you know openshift 4.6 eus whatever the next eus is right is going to be you know what three four five six versions of open shift ahead how do i know which of my objects my kubernetes objects i need to change or update or use a different api for right guess what we'll we'll have that ability you know at least in 4.8 and later where you can go and you can see you know hey i know that when i go to this next version when i go to the next version i need to you know change all of these objects so it's it's much easier you no longer have to dig through release notes and all that other stuff so i i found that to be incredibly interesting and incredibly helpful well yeah i mean the release notes have gotten to the point now where it's like almost reading the dictionary for every kubernetes release you don't regularly read the dictionary not anymore [Laughter] uh let's see i'm i'm gonna move on again in the interest of time uh because i wanted to talk about did i just skip it nope i don't know what you're looking for you're sitting on this egress i'm looking for this one there we go uh so this one i i think might have raised a lot of eyebrows it certainly caught my attention um you know i'm i'm an old virtualization admin right and like in vsphere we have things like network io control where i can go in and i can say you know this 10 gigabit network adapter i want to you know reserve three gigabits for live migration traffic i want to reserve six megabit or gigabits rather for iscsi traffic and i want to reserve one megabit or gigabit rather for management traffic right i can divide up that and on the surface that is exactly what this looks like right it looks like i can go in and i can effectively take these adapters and i can divide up that bandwidth i can provide guarantees and and other things for ingress and egress traffic so i i struggled to find anything in the documentation about this uh so you know yes you saw i'm looking at this um you know pre-ga documentation right it has this big alert over here right in case you didn't know you can also go to github yeah so github.com openshift you can search for the docs here um and we'll go to open shift docs and we have all these pull requests so you can see all of the stuff that's going to be in the docs well ahead of time including most of the time so here i'll pick on one of these and hope that it actually works so most of the time you see this there'll be a netliffy bot when there's a pr associated with it so you can go to the uh netlify or net liffey or whatever it is netlify yeah and you can see what those are going to look like right so somewhere inside of here is whatever change was just included i don't know what version of openshift this is related to this so this is something 4.7 related but you can find the prs that are associated with a certain feature and then look for that netlify link and you would be able to go in and browse those docs um so just a little hint if you want to get early access or see what's happening in the docs anyways my original point here was i couldn't find anything about this nothing i actually i actually went back to engineering and i asked them about it and they shared with me an internal only so i unfortunately cannot share it uh documents but what i'm going to do is i'm going to cheat a little bit and i'm going to copy and paste the example that they provided so the way that this works is surprisingly straightforward and so i just want the yaml editor here close that so i'm not actually creating a pod i'm just using the yaml editor here as a to show off here to show this uh this example machine config so what they're doing here is using machine config to create a unit right a service that will effectively use uh the ovs ovsctl vsctl to configure those qos policies so my and this is you know i just got this information less than 24 hours ago so i am still digging into this and trying to find out what all is possible what all is supported right and how we can take advantage of this in a number of different ways uh you know andrew's minds again old virtualization administrator goes to things like you know hey can i can i have a set of network adapters that are used for you know dedicated pv traffic right i'm using nfs i'm using i scotty scuzzy something like that can i guarantee an amount of bandwidth to those functions so i wanted to bring this up basically to say if you saw that or if you see that in any of the materials it might be a little bit different than you're expecting i'm trying to track that down to ground truth uh because i i would really like to show off this feature in this capability and what all that we can do inside of there so keep an eye out for it i'll make sure if we do talk about it it's def it'll definitely be in the show notes um i may even have an entire stream dedicated to this depending on how complex it is um yeah and what's going on it might be necessary so yeah interesting stuff um i'm excited about it even if it isn't you know machine config is not necessarily the most user-friendly way of going about it but it's an incredibly powerful feature set okay and i know we're at the top of the hour but i'm going to cover one more thing and that is csi so csi has been in kubernetes since 1.16 i think i think 1.16 was when it went ga why not 16 1.17 somewhere in that time frame was when csi went ga so effectively there are and csi container storage interface is the way that storage volumes are created and consumed by kubernetes and there are two ways of doing it there is entry drivers and there is csi drivers so kubernetes announced back about the same time that entry drivers were being deprecated and they would be removed in the future in favor of csi drivers so what we are seeing with 4.8 is the first work towards that within openshift so if we scroll down here we have this handy dandy table of supported csi drivers inside of openshift so from an openshift perspective it's important to know a couple of things so one today we have a whole list of entry storage drivers that are supported and used by you know basically every cluster so i'll pick on vmware down here if you deploy a vsphere a vmware upi or ipi cluster today it will out of the box configure the in-tree storage provisioner so that you have that thin storage class you can right away go in and create a new pvc a storage class then and it will create a vmdk on the underlying data store in the future we will use a vmware csi driver so that means that entry will be removed and csi a red hat vmware csi provider will be the default that we use at that point now when kubernetes when the kubernetes sig you know storage sig and all of them did all of this it was mandated that when you transition from entry to csi you have to have a migration path so make sense yeah so when you do that what you will see is your volumes will convert from entry to csi volumes that may or may not unlock some additional features i don't have precise details there but you can see at a minimum csi volumes often have additional features and functions available to them so if it's converted i don't know if those will be available but definitely with a brand new one it would be right where you can do a resize of the volume if it's running say here azure right so be aware and i can dig up the uh somewhere in here is the slide i think we passed it a minute ago anyways one of these slides in here i'll find it can you do a search i feel like you can search in the day i've already got it i just realized i've already got it up uh yeah it's like it's slide it's live 54 for the record tab number 3000 yeah so you can see all of these are in tech preview today um with the exception of gce so when 4.8 goes ga you'll have tech preview for all of these you can if you want you can enable the feature gate for tech preview no upgrade and it will automatically switch over and it will begin using those so like my cluster is deployed to azure right now i can enable that feature gate and it will automatically deploy the csi driver and do all of that other stuff and in the documentation in the documentation here if i go to csi automatic migration this is really important remember i said that it'll migrate from entry to csi driver the migration is automatic but what that really means is the tooling is duly doing it for you you can have it so that when it comes up with the csr driver it will automatically it'll look and see all those entry volumes and it'll move them over or you can go through and you can basically say i i don't want you to automatically right so csi migration aws right you can say deploy the csi driver but don't update don't automatically migrate all those volumes yet you know either i'll handle it or i need to do something or whatever that happens to be so just be aware when i say automatic migration yes but no so right it is really dependent yep so if we look down here so vsphere csi driver operator remember this will be in tech preview in 4.8 but this will be you know using the the vsphere csi driver inside of here in order to provision and consume storage resources i don't know precisely what features will be available and what that feature matrix will look like so if you're familiar with vmware csi driver i know it's the most popular one which is why i'm bringing it up let me find the right documentation page here so if we come here to uh supported feature matrix for vmware csi driver right you can see here like oh i need to be running you know vsphere 7 u2 with you know vsphere csi driver release 221 right to get you know some of these features um you know here online volume expansion for block volumes 2 2 0 2 2 2 1. um i i don't know how our the red hat vsphere csi volume driver will map over those features and versions and all that other stuff i can only assume that we will fully document that when the time comes for it to go ga but just be aware yeah it'll be a red hat csi driver for each one of these which means that it is deployed and supported and maintained by red hat whereas today if you were if you want to use the vsphere csi driver it is unfortunately not a certified one at this time which means that it is well it doesn't invalidate support with openshift right it is not supported by red hat it is supported by vmware so right all right i uh we're we're five minutes over um everything's fine yeah it's i know yeah i'm so used to i'm so used to having a hard stop at noon no i know it's it's probably jarring for you but yeah there's there's no no hard stop today so yeah you can totally go over man it's fine um do we have any questions i haven't uh well in the last couple of minutes so yeah the one question we did get was where can i learn more about you know openshift and so forth so i dropped a bunch of resource links in there uh you can also have free trials on the developer sandbox let me change the little banner real quick so you can get back to that easily no really i wanted you to open the obs window did you uh let's see so so randon um recently started exploring openshift you have learning videos for your installation and configuration of openshift yeah yes yes that's the one i dropped all the links for and then obviously our archive contains a bunch of resources yeah so can we get a pdf of the presentation it's already there yeah if you go uh here on speaker notes if you click on the download button wherever it is yeah here it is download you can see it automatically downloads a pdf yep so they're posted there for your downloading and editification of all things new in openshift uh so so ranjan if you and i i'm i see you dropped a few links inside of there so i'll point out a couple of important ones um or ones that i like personally yeah so here learn.openshift.com doesn't cover installing but it covers basically every other aspect of openshift in some way um again i'll i'll make a plug for this openshift playgrounds link down here yep um so these are just generic openshift 4.7 in this case right i can click inside of here i can hit that start and it drops me into a 4.7 environment you notice i didn't have to log in i didn't have to register i didn't have to do anything and i've got access to a cluster for these last for an hour or so yeah yeah like when we used to do in-person events you know go to conferences and stuff like that this is what we used to do yes yeah they these are they're amazing and it's a great way to just you know hey i want to explore my cluster you know give me a fresh cluster let me use it yeah so you know so you get pod oops and there's if you want to use the console there's a link over there on the left hand side to it yeah blue so it'll open up the console for this particular one so yeah a great way to just full featured kind of demo yeah zero effort and have access to a cluster um the other one that i'll highlight uh and i don't know how it's linked um so if we go to there is a uh depending on your infrastructure we've done a bunch of videos yeah on installing openshift including and i'll include it in the show notes for this one um uh uh we did a couple of shows on installing to various platforms on this stream i think one of the like i think my most popular video was an ad hoc stream we did on installing openshift to vsphere yes and i feel like we should maybe do another show similar to that in the sense of we just try a different platform right like kick the tires on something else and let's see uh see what happens if i randomly duck duck go for this oh yeah there it is oh look at you damn that was a year ago i know yeah so um actually that's a good point uh chris i had floated this idea briefly past you i hadn't really done any checking with it um but running like doing a a super mega stream like you know six or eight hours or something of let's go through as many installs as we can okay team has done that before on channel and it it went incredibly well so i would encourage that like maybe we pick a day it'd probably be a friday you know just based off the current show schedule and show load and we could just sit down and blow through all of them you know taking breaks when we need to that kind of thing but yeah actually i'm looking for our just if you put there's a live stream if you put ask an open shift admin in front of it that would probably help is that what it is yeah i think so anyways i noticed that your playlist but yeah these are all like five minutes long there's one that's like a two-hour stream where we went through we did both upi and ipi and i think we did uh because it was right when ipi was released and i think we did both dhcp and static ips even right no we did we did a lot i can't here we go we found it okay here we'll i'll post that in there thank you but yeah this one we walked through we did a bunch of stuff in this one you know like that was back when i had covered long hair and everything it was before i moved offices yeah i mean i think it was before i moved offices yes it was so all right um i think uh i think we'll go ahead and cut it off there at 11 minutes after the hour so perfect yeah thank you everybody really really appreciate your time today yes if you have any questions if there's anything we didn't address any questions that occur to you between now and the next show please don't hesitate to reach out to us so you can always contact me via email andrew.sullivan redhat.com you can also reach me on social media twitter uh practical andrew just like you've seen me posting inside of the chat here so it's literally practical andrew no space no dash nothing like that just one word so you're always welcome to reach out that way or either one of those methods at any time with any questions that you have yeah my dms are open on twitter and you can always email short at redhat.com and i i'll get the right answers for you yeah likewise we're very happy to track those down and and make new friends in the pm team yes always helpful yeah hopefully not enemies just friends just friends yeah um so i don't know uh so i think we have a what's next presentation coming up so what's what's new which is the one that happened two weeks ago is yeah the new features in the next release what's next is the roadmap presentation and i believe that that is in another thursday oh next thursday so in a week in a week um so be sure to put that on your calendar if you aren't aware so you can go to openshift.tv and there will be a link to the streaming calendar thank you i knew you had a macro for that that's why i don't know so you can always add those to your calendar so that way you're aware of it but i love that presentation even though it always runs way over because it gives us a really good idea of what openshift with the product management what the product team is thinking and where they're going to be going with it we will be live streaming insightful um and both chris and i and probably a few others will be here on the stream so you can ask us questions um you know what does this mean why isn't this there you know did this get removed happy to help answer those and we do take those questions and we send them directly to the product management team as well so if you watch the what's next there is a number of questions where we that's exactly what we did as they were presenting we were asking your questions to product management and getting and those answers for you so yep awesome but yeah anyways have a uh a great rest of your week great rest of your day and thank you everybody for tuning in yeah thank you and one programming note i mentioned on the last stream that we're going to be talking about rail troubleshooting today this afternoon i just got a text we have to postpone that basically until the next uh red hat enterprise linux presents show life happens folks so this is it for today for streaming it looks like so enjoy your day and stay safe you

Info

Channel: OpenShift

Views: 1,122

Rating: 5 out of 5

Keywords:

Id: jryuFS3R8pg

Channel Id: undefined

Length: 73min 55sec (4435 seconds)

Published: Wed Jul 14 2021