Red Hat Advanced Cluster Management Presents: A little bit of everything

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
foreign [Music] [Applause] [Music] so [Music] so [Music] [Music] this [Music] good morning good afternoon good evening and welcome to another episode of red hat enterprise linux or not red hat enterprise linux oh my gosh red hat advanced cluster management presents can you tell i work on a few shows on this channel sorry um scott how are you doing today sir fantastic um i'm good with however you want to introduce us christmas we're just excited to be on your show uh a pleasure being part of your experience in the live stream here thank you it's almost to the point of the year that we call not summer here in austin we have two almost yeah we have summer and not summer so this is like you kind of get a chance to open your windows just briefly get a breath of fresh air and that sort of thing i know you guys get a bit more of a seasonal thing we have five seasons here we have you know the normal winter spring summer fall and construction season oh nice keeping on your toes i thought it was gonna be like extended winter or no no no no it's there's only a brief bit of time you can actually do like real like foundation lane in the summertime here that makes sense so i am joined as you can see by a full cadre of the senior leadership here at rackham as we like to call it advanced cluster management i'm going to do just a brief round of intros just so we can get through that i don't know where everybody lines up on the left and right but i've got jeff brent who's the product management director based down there in south florida you can see the glimmer of sunshine and clouds on his face i have uh our vp ibm fellow the man who leads automation and management that's dave lindquist right there i've got the senior director and lead for engineering across raccoon that's kevin myers you guys both face down there in raleigh and then i've got josh packer our senior lead architect based in toronto as you can see he's got the open cluster management shirt on which is awesome and i don't think michael elder needs any introduction i think he's been on this show a few times and many of you would recall that one time when his house was actually on fire and he was in the midst of demonstrating dr scenarios with acn which was awesome not on fire but the arms are going off pretty hardcore i'll say the demo was on fire but yeah your smoke alarms were definitely moving so i think what we want to do is kind of you know we we embarked on your show a year ago this is our 10th episode i'm thrilled that you've kept inviting us back thank you talking about new features and new functions we're coming off of ansible fast we've got a 2.4 release coming up we've been very active in the upstream and a lot of push on our cncf proposal there's also kind of this whole market what's what's happening in the automation and management space and that's why i kind of wanted to hang out and bring dave in today who really leads a lot of that tone and sets the plan of the agenda for what we're going to do so i'm going to turn it into dave's hands here to kind of give us the lay of the land of what he sees as rackham in this space today thanks scott and thank you christopher inviting us to the show the fun discussion on seasons earlier i think we have almost all the seasons covered here between florida texas the carolinas and canada we have quite a bit of coverage and the weather is getting nice here that's for sure advanced cluster management hybrid cloud we've been in this space for a few years now we've had the advanced cluster management capabilities available as a red hat offering since late last year third quarter i think is when we introduced uh two of uh a red hat advanced cluster management for kubernetes what we have seen through the years and it just keeps heating up is as customers accelerate their adoption of cloud in particular their investments in hybrid cloud we see a continued almost accelerating focus on how to manage how to automate these environments how to secure these environments how to enterprises do this at scale and that's really what we're all about that's what we're investing in is how to how to allow customers enable customers to bring openshift and their kubernetes to their enterprises for production workloads across hybrid environments across multi-cloud environments with the management they need the automation they need in the security and the security they need for the for their businesses we put a lot of focus on cluster lifecycle using the support of clusters through their lifecycle on applications how to manage applications and the complexity of applications deployed across clusters within clusters and all the dependencies that that creates governance risk and compliance how to really lock down with consistency the configurations support the various compliance activities that are required for different businesses regulatory requirements so that's been an acute focus of ours particularly around policy and opening up the policies and integrating with many of the security systems that are available for containers and kubernetes and observability how do you get a view of all of the environment of your hybrid cloud how do you define your hybrid cloud how do you deploy it how do you update upgrade at warrior clusters where are they deployed managed environments or self-managed environments by the class by the customer as well as any alerting and events in the health of the environment that's been deployed so that's that's been the core investment we've had um scott and chris it's the adoption has been outstanding the growth of the adoption has been outstanding um the reception we're getting from the industry on the open source as well as partners coming coming into the ecosystem have all been great with that why don't i shift over a little bit to some of the demand we're seeing and the growth we're seeing and opportunities to jeff brent oh yeah absolutely i think he hit the nail on the head there dave when we talked about scale and and scale and particularly to the container management journey a lot of our customers doing from modernizing applications being more efficient we've we've really have learned a lot through the pandemic and agility and being able to meet the customer needs change new business models adjust very quickly our platform from a management perspective is all about scale being able to do that one cluster to two clusters of three clusters to you know hundreds of clusters in fact one of the really exciting things we've been doing on a scale front is supporting our telco customers and the scale that they require for rolling out their 5g efforts so we we've got a lot of scale and a lot of some one of the things that we that i'm very proud of and i know that we do from from an organizational perspective as we look at the market our market is a lot like us our own development organization we have a group of components and and capabilities as dave just listed there broken those down into pillars and then further in the squads and those squads are really delivering at scale a a kubernetes based application bundled and delivered as an operator running on top of openshift and we've taken an advantage of the opportunity to eat our own cooking and to really take a look at how we as an organization innovate and are able to deliver at that scale we have a tremendous uh scale issue within our own development organization for testing our platform on really anything and everywhere that ocp supports an open shift in our and our support for the star ks that we call them eks aks ik sgke those out there so we've got to spin up a lot of clusters we got to make those clusters available to our development teams for their their own development efforts getting them those cost clusters consistently being able to roll out configuration through get ops that's exactly what our customers are trying to do on a daily basis whether that's core banking application or fleet management for our logistics customers or even the rollout of um 5g and the virtualized ram infrastructure so we're taking and embracing our our market and our customers uh requirements and really applying those to our own engineering effort and kevin is very much involved in the thick of that exercise for us absolutely and i think it's an exciting opportunity um as we think about some of the concepts around operate first now being maybe you talk about eating your own cooking but being your own first customer and almost allowing the team internally to understand what it's like to try and use the tool on a day-to-day basis gives you a really unique perspective that uh you know as we expand more and more the types of things that we're making available on console.redhat.com and cloud.redhat.com the opportunity behind the scenes to use acm to manage scale really bring a lot of insight into the day-to-day experience and how we can make things easier for our end customers i remember some of the topics we've delivered just on that point kevin we talked we started talking about cluster pools i want to say in like november of last year and we we sort of set the seed we planted the seed i'm sorry i'm using a different metaphor maybe i would we were starting to acquire the ingredients for the recipe to begin eating the cooking and yeah it's matured over that time we started to see developer you know the dev tooling adoption of using the cluster pool establishing the pool of machines they could take out and that's exactly what our developers are using today stamping out and claiming those clusters i mean josh you have a routine i think it's like monday of every week you stamp out a new hub it proliferates the you know through git ops it proliferates the manage clusters the applications the policy definitions that are defined around that exactly before you even get out of bed and put on your slippers like that's already happening automatically so it's just kind of fun like you know jeff was reminiscing about the past year and dave was talking you know through the story how we got to this point but kevin your your embrace of that concept of those concepts and really educating us in terms of how we do operate first how we bring these tools into our hands as the way to really solve it you've seen you know building in submariner bringing additional engineering and staffing around that capability as we expand the pillar of multi-cluster networking you've seen opportunities galore in that space and beyond to bring more in-house and how we do that upstream and how we deliver that downstream so it's pretty easy you can also hear your points of view and how we continue to grow in that space yeah well i i think there's a tremendous opportunity both with submariner specifically and as we think about things like service mesh and you know anytime we're able to bring an ability to start to control the interaction between application elements it becomes an exciting opportunity for us especially at scale especially multi-cluster multi-cloud we we are talking to more and more customers that begin to have uh you know i mean it's it's taken a while but i think as the kubernetes deployments have matured uh the complexity of the types of applications that are people trying to manage there have matured as well and so their need for us to bring more to the table that allows them to manage at scale and do that in a way kind of like josh does every day do that in an automatic way so that you know when capacity is not being utilized it's put to sleep when it's needed whether that's a time of day or that's based on you know load balancing capacity our ability to bring that up um integrate it in seamlessly into the application and make it available it's been really powerful it it's also i mean just transparently it's been a huge part of us trying to figure out how to control cost as we try to think about like the number of different places where we want to run our tests to make sure that things are rock solid on every platform you know when we first started out it's like i'm going to spin up these clusters i'm going to leave them there and i'll run some tests later today our ability to use cluster pooling to you know arrest that capacity um but very quickly bring it back up when we need it has been tremendous tremendous cost saver for us as we've expanded the number of places where we try to run openshift clusters so it's been it's been great for us internally to work on utilizing our own technology to make sure that we're being as efficient as possible but also ensuring that you know our developers and our qe engineers don't need to wait around while we manifest new environments building that into ci into the whole devops routine um yeah from from soup to from ship to nuts yeah instead of saying it's the perfect storm it's like the perfect wave we'll use the surfing metaphor instead is that yeah we're building a product that's all about managing hundreds and thousands of clusters and so you know it makes sense to use that product in our day-to-day living as well as we as we do it so jeff early on you were alluding to some of the different consumption models of course we have uh rackham we also have openshift plus we also have capabilities that we're working on components and delivering and integrating with the individual offerings what can you elaborate for the for for the audience on the different yeah absolutely consuming uh these capabilities yeah exactly we've well we've we've um as we've we've discussed there's a lot of applications for this and really it is a multi-cluster world that's the the theme and with red hat uh open shift platform plus you know putting together all those capabilities in the one box including uh advanced cluster management advanced cluster security your registry with quay along with openshift is the foundational platform that is basically the package that all of our enterprise customers need in order to be able to provide this true hybrid cloud experience across the on-premises and the managed cloud world and that's one one way that we provide the uh the acm capabilities to the market the other way is obviously you can get acm straight straight up from from the sku if you already have some of those existing parts or a specialized need but i think one of the things that's really exciting for us is an organization is how we've spent the last i'd say quarter or so breaking down and modulizing the acm capabilities and so it's a more composable type of platform with a foundational element that's going to be included into cloud.red hat's back-end for being able to provide multi-cluster capability multi-cluster registry an api set that's consistently used by serverless and our openshift data foundation team and and service mesh all those components that need to have a cluster registry and be able to provide a point of view of of their services on the hybrid cloud platform we're making that capability available inside the ocp box so they they have that consistent type of delivery and experience and that's also something that we're really uh aggressively exploring for the overall cloud.redhat.com management experience is being able to provide that that there as well that gives you a nice layered approach it helps us we call it a little bit of acm light so it's just the foundational elements and then you can easily snap on top the rest of acm for the broader use cases and and really fill out the box that way what's been neat too jeff just to dump it you know our name is red hat advanced cluster management for kubernetes so we've been we've been marching to that to that drumbeat you know building things into the products like the imported management of those clusters uh being able to pull cluster health metrics that's a new one that we're bringing out in 2.4 coming up in a few weeks that's a great feature that illustrates to the users that we have to have this fleet point of view i you know i can't just only worry about one cluster here and one cluster there i have to have star ks monitor so we've listened to customers you listen to accounts we said yeah we can pull cluster health metrics off those clusters and we can bring that in and i think that starts to illustrate sort of our problem statement josh i'm going to tee you up here because i know you've been working a lot on storage and business continuity how do we manage those workloads that have business critical application and pv data you know those aren't just running on one cloud or not just running on one platform we need to get into that spot where we can manage those across cloud or cross-platform across distribution and that's always been part of our central theme here things that we need to do we pull an ansible if we need to we make that you know we do the automation across different platforms or we just pull in the metrics like i just explained we can bring those off of the star chaos and start to bring those into the fleet view josh can you bring up dispute on what you've been working on in the storage space and some of the tools in that area absolutely so let's take over the screen so we're not just looking at us anymore although and i promise this is the only slide that i brought to the brought to the stream today and then we'll be playing with live systems going forward but the backup and restore is a little hard to show in the short time frame that we have but so there's acm is getting involved and collaborating in the storage spaces now and so one of those is around our dr scenario which is the main point of this slide here and so up until this point you could still recover acm there was a get ops scenario that would allow you to do that it was actually you know not to do a plug but there's a video one of our customers demoed it at summit this year where they had data two acms running in different data centers and they are able to move their workload from the management of their workload from one acm hub to the other um at a moment's notice as needed for dr and so building on that and working with feedback that they had on that process we were bringing a full backup and restore capability that can kind of be run in two different modes one is the git op scenario where git is still your system of truth so everything that's applied out into your fleet is still in git and that get gets applied on the left and the right in data center one and data center two as you see in the slide but we also have it for those day zero that maybe haven't quite got into the get ops yet and have been using our ui which creates all the resources for you and allows you you know through a few clicks be able to provision be able to import be able to deploy applications and create policies we have a backup that is able to capture all those resources that are part of acm proper and through a or an external store because you always want that external store when the database enter disappears god forbid to be able to push it into the other one and you can restore then you can restore all of those bits so you can do it with a git ops flow in which case those get those bits are repetitive but if you you know you haven't quite got your journey going or you're in a hybrid model where you've got some stuff in getting some not we're able to take all those bits back them up and restore them and then the key part which was you know a bit of the pain point when uh when we were doing this in 2.3 was the reconnecting of those managed clusters that's now an automated affair and so if you have two clusters they'll automatically reconnect you have 10 clusters 100 clusters technically a thousand clusters as well uh assuming they're all up uh we'll be the hub is going to reach out and re-initiate those connections and connect them back uh to that management hub and i guess the other key point to stress in all of this backup this is just for that single pane of glass management plane the workloads themselves both when you're using us or you're using the openshift git ops for applications as well as the policies that are applied all of that keeps running on the managed clusters even if the management plane is experiencing an audit so if your production teams are well technically your development team is making commits to change the versions of their software and then merging that through your pipelines into the production repos all those clusters in the fleet they're still going to service those apps based on the instructions you've given um even while you're doing that failover of the hub so from a business continuity perspective you know the applications stay up helping you meet your slo but uh we also offer a quick way to get that management plan and once it comes back up on the other side in the other data center it just reconciles all of the changes that are there and again brings you back to that one pane of glass so that's the backup and restores side of things that we're bringing to the table in 2.4 the other one is more of a building block unit and we're kind of excited to see how our our customers and the users uh decide to what they decide to do with it and we've got some examples of things we do with it as well and that's ball sync which was previously known as scribe and so this is a community it's out there in the community it's an open source project that acm is now bundling and supporting as part of our offering and what that does is get down into the nitty-gritty of storage we've in the past when we've come here and talked we always talk about dynamic apps and being able to move them around we everybody who's watched the stream knows that acm is able to put it onto one cluster two clusters ten clusters and present that pretty topology view that gives you the gives you that single single pane of glass easy description of those resources and show you where the problems are well now we're bringing in volsync which allows us to also start to create replications for those pvcs and so you know if you're doing data centric database work you're still going to deploy just using the standard approach the uh a database with a three replica set across your clusters and acm placement rules are going to help you do that but when you have things like repositories that you maybe want to put on the edge or you have file based systems or different types of you know you're storing objects from your custom application on a pvc volsync is a way to replicate one to one or replicate one to many to your external clusters so let's take a quick look at that now hopefully the screen is still there are some of the folks on it is it big enough or do i need to zoom a little more to me all right they say it's visible so that's all goodness so we'll hop over here to our application list and we'll visit docuwiki i figured it was time for a uh a new demo app uh since we're usually playing with pacman and others so we will visit that a little later and so this app we've got it deployed to two clusters we can see there's a physical volume claim and so what i'm going to do is i'm going to launch out the route for the first page and we see here that no topics exist so i'm just going to do a quick edit put something like josh here and i'm going to save that and we'll actually come back to see this complete because replication is replication it doesn't happen instantaneous right now it's set on a five-minute sync so every five minutes the data gets backed up and so it has some live implications uh so it could be used for things like this wiki where we you enter it in one space and then you want to replicate it out to a bunch of other servers in uh different geographical locations as well it's got an opportunity here for migration as well so if you want to move an app from one location to the other the vol sync is able to take that pvc replicate it and then you can clean it up and you only need two resources to do this which is also part of the beauty of it and those are you have a destination resource and a source resource that you define so we'll click over here to the other one and we'll just do a quick refresh and you hopefully you guys see the fact that it did there so we know that there's nothing there right now but we'll come back to this in a little bit and we'll see that it hopefully i remember to come back here but we see that it replic that the replication has taken place but i guess the point is is this is one of those building blocks and so we've got a bunch of examples the docu the uh docuwiki being one of them but we have mysql there's a few other database ones that you can we can replicate the pvc stores and so we're kind of interested to see what customers are going to use it as well as expanding this into other options for our dr strategy and so that's one of the one of the new pieces here yeah just to just add there it's uh it certainly is one of those building blocks and people might be asking themselves you know how does this relate to openshift data foundation and it would the way i like to describe it you know there's a lot of different use cases for these building blocks and to bring back that cooking analogy right in the acm box you have flour sugar and and eggs right you can bake your own cake but what we're going after working with the odf team is they're going to give you the cake right it's going to be more of a push button experience to allow for you to do a full dr scenario leveraging their advanced capabilities and and openshift data foundation we we felt it's important that you had this generic heterogeneous volume replication for any type of use cases that that fall into uh different things that josh has already described absolutely this is a point where like josh said you said the feedback helps direct the roadmap that's a thousand percent true i mean we listened to the to the community and they said well we we want you to bake in these tools i don't want to have to go fishing for business continuity elsewhere and the get ops model that you've described and many of our customers are using is fantastic it's got similar characteristics of recovery that you'd expect in these kind of scenarios but a lot of organizations aren't there yet and they need that traditional model and sort of that that checkbox that says yeah i have my dr covered and i'm seeing something like this because it's exactly what we want to be doing from pm and engineering is taking that feedback designing this and executing on it delivering market in ways that customers find immediate value on it exactly i also think it's a a important example of where we we are often opinionated about some of the pieces that we put in or the things that we decide to snap in um and how someone might use it but making sure that there's a level of extensibility so that uh customers that need to can extend on top of what we've already done um or decide that you know there's another option that works for them but we've architected it in a way that allows them to snap in another alternative i think it's an important way that we go about building this right so we i think on an ongoing basis we try and get feedback for where do people want the hook points so that they can um make a different decision if they want to um but you know there's a lot of customers obviously that that want to know red hat's opinion on what we think is the right way to go about doing some of these pieces and where that's the case right we're gonna we're both gonna snap it in and give you some examples out of the box about you know how in our own development we're using these pieces or where other where we've talked to other customers we've you know already have out-of-the-box policies or other things to um to operate in a way that we think will will be um you know easy for other people to adopt with answerable last year right that was you know yeah and i mean i think that's a place actually where we will continue right to figure out ways to integrate more tightly with ansible and find where customers want to build automation into hybrid cloud applications for sure and i'm going to use that as my segway to the next section which is ansible integration and the ansible portfolio so ansible fest it just went by it was this past week the acm was there we were demoing uh some of our integrations into more of our pillars we see all the pillars actually listed over here so way back in the day i actually when i heard we were doing this i went looking but i couldn't find one i was looking for some screenshots from like way back in the 2.0 just so i could put the title screen up the uh the what it looked like back then and what it looks like now but i i couldn't dig enough i guess i needed to look a little deeper into my google drive but anyways um we started with application that was our first foray but we've now expanded that into our cluster lifecycle pillars as well as our governance risk and compliance pillars and so as you can see ansible is slowly growing to all parts and that's because automation is key i mean we talk all the time about fleet management we talk about git being a system of truth but really there's pieces that need to glue to get glue that all together in a coherent way and a repeatable way that's what ansible automation is for us there's also the fact that as much as i wish everything in the world was coop there is a whole portion outside the cluster that you still need to interact with and ansible is a key integration point for that mainly because there is a huge library of tooling that exists integrate with load balancers even you know server control planes you name it in a data center power systems you name it the data center somebody's written an ansible jaw or playbook for it and if they haven't three steps later you've got one and and that's kind of the key point and i'll that'll come up a couple times as i'm walking through some of the ansible pieces here and we've demoed these in degrees of detail on previous uh switch or twitch uh streams but we're going to touch on them again so we'll start first in the cluster life cycle space and so here what we've done is we've introduced the ability to put the pre and the post hook that's very similar to the integration we had in the application space we've got this new tab here on the left for automation where you're actually able to create the template of what ansible you want to use and if you remember back and we'll just create a test one here you pick a credential if you remember back to when we did this in the application space you had to paste in a name of like a secret that you wanted you had to paste in the name of a job that you were after in the previous release that is all taken care of and automated now so i picked a credential which is defining a tower that i want to use and automate an ansible automation platform tower and then that is automatically we reach out with that yeah can you talk just a little bit so here you're adding the job you're talking about tower what's the tower what power ansible automation tower is the centralized point for animal playbooks and automation so most customers run one maybe two or three of these in the environment and so this is the core store almost for all of that automation that you would use in your business or you depending on where your tower is maybe the line of business and so this may have things that uh we have demo jobs but we have jobs such as an f5 publish which is going to control the load balancer or we have a route 55 53 record which is doing dns modifications for deployments and the ones i'm going to use in my demonstration is these uh servicenow tickets or playbooks that they're going to create tickets for us and again that's a critical point right because that central automation hub ultimately provides you a method of bridging into the container world right so if you're a traditional rel admin you're a traditional devops engineer you might be using ansible already in your continuous delivery pipelines or in operational pipelines right for run books or other activities and here what you're able to do is bridge out to that existing ecosystem of non-container workload and make it easier to bring in containerized workload and still leverage all of an existing automation behind it exactly and so we've we've accessing this being able to set it up we're trying to make it easier and easier you know there's no cutting back and forth between the uis to figure out what you want to do all of that is in there so you can pick one two three four as many of these as you want if you're familiar with ansible you'll know you can supply additional variables that go with it and then you can do that for both our pre-job and our post job and we support it you install the upgrade space you go through and you save that and then that becomes available for any cluster you want to provision so if we're over in the cluster space and we wanted to create a cluster we've got all of our provisioned cloud and on-premise providers are the same as they were before with the addition of we have the new on-prem technology that's based on us it's called centrally managed here but it's based on our assisted uh installer technology that we use which is more of a allows you to create more of a upi style flow uh because you've asked and we've heard and we've we've taken that feedback and so it gives us that it gives you that ability to build a more custom deployment methodology it also is very well versed for or well suited for edge and single node uh cluster deployments as well uh so here i'm just gonna choose aws pick a credential this is all stuff we've seen before so i'm not going to spend too much time here i'm just going to give it a name i the points i want to get to here is we have access to some new things like cluster sets which is a new grouping uh concept that we're introducing so you can join your clusters to a cluster set and instead of granting your user access to individual clusters you can grant them access so a line of business can be granted access to a cluster set say it's a development for front end and all clusters in that cluster space would then become available and you can set the the degree of availability so when you're assigning them to that cluster set they could be view or they could be admin etc but the point i wanted to get here was actually to hop down because most of this is already seen but we have our new interfaces for proxy that we make available uh so that if you're running behind firewalls that are needed to get to the internet or to specific repositories that can that's configurable here as well as automation this is the piece where we just defined that test but where we'd be able to define uh or pick say the uh aws service now and so we're running low on time so i'm not going to go deep deep into this just to say over if we need to oh okay and so yeah it might just be here in the evening and you can see i skipped yeah i as i was telling scott i could talk and talk it talk all this stuff but so this will go off and so this specific job says oh something went wrong but there it started working for us um is going to go off it's going to do the pre-hook and so we see we have this new sort of install bars so you get an idea a picture of where you're at it's going to reach out we'll get the log in a minute uh it's reaching out to that tower that michael mentioned and then it's going to instantiate a servicenow ticket and that's going to wait and it's going to wait for someone to go out and actually approve that said ticket so that's something we've been asked about a bunch before you know how do we eject servicenow or how do we inject a a system of record where we need an approval you know ansible is one of the key ways that we can do that you can also use this for more just push type of activities as well so you could just push a servicenow ticket instead of requiring an approval you could uh push a slack notification the sky is kind of the limit there are thousands thousands of playbooks out there of things you could do both in your cluster as well as in your data center and integrations as well and if it doesn't exist you build your own even for something like the servicenow in you know i've been using the surface now example for a while to create a ticket it was two extra lines in the playbook to add a uh to add a check for the approval so that it would wait on the ticket until it was approved before it went through and so you can see here now we've jumped into the logs and so you can you know you launch out it'll take you to the tower instance and you can see them yep i think the most powerful thing about this right is if you are a team providing clusters to developers or qe or others and you're trying to create a more self-service experience now this integration with ansible gives you a method that you can still leverage your existing approval methodologies record-keeping methodologies etc whereas everything around that approval that manual approval is completely automated right even after you click approve the rest of that life cycle is going to create the cluster the policies that you define they're automatically going to get delivered any backup restore policies are automatically going to get deployed and so you've still got that self-service experience for the developer for the qe engineer whomever but it's tying it in automatically to the rest of your organizational processes exactly all the things off cluster all the infrastructure bits dave you've been part of this journey with the the ansible story coming along i know this is part of your purview and your domain i mean does this give you chills you got to oversee as jeff calls it the celebrity wedding you got to see this come together across all of the pillars but to really galvanize that message to the enterprise in terms of what they said they needed now it's here now we've delivered it it's ga across all the pillars you know scott it's been great to see this come together a lot of the leadership from josh and michael and how this these pieces came together between ansible and acm and and openshift all the points they're making just resonate so much with the customer base i can't tell you how many customers have been asking us to slow down show us how did this just work in the context of managing the cluster deploying a workload into a cluster how did the integration with all the processes the it processes that organizations typically have from ticketing systems to networking systems to storage systems to security systems often different parts of the organization now we can seamlessly integrate the cloud native container kubernetes world with all the existing it the networking storage security et cetera and ticketing systems cit processes which is just is fantastic it really helps accelerate uh the journey the customers are on and modernizing their applications and then delivering these in production environments and scaling it across their business i'm the value time to value time time to value it brings up a question i had um or comment for for michael michael you've been a leader in the kubernetes space for many years as well as in the management management space and in the communities seeing how these communities come together in automation with ansible and acm oppa with gatekeeper the getup space from your perspective what's the excitement going on in the core open cluster management space where some of this headed sure so it's a great question ultimately everyone on this call is already aware of this so just to kind of share it uh for the audience one of the key things that this team has been focused on is not just delivering awesome neat capabilities that make it easier to manage clusters but actually establishing a community around that technology so all of the code with the exception of one component has been open sourced under github.com open cluster management and that is all of the code that largely has originated from red hat and prior to that ibm and ibm research and what we've been in the process of doing through literally the last year more than not even is taking the parts of the code that are maybe less centric to an open shift or red hat ecosystem and putting those into a cncf project proposal known as open cluster management so josh has been kind enough to bring the site up this is open cluster dash management dot io and ultimately this cncf project is currently in the evaluation phase it will be evaluated by the cncf steering committee and our goal is to have it approved as at least a sandbox level project so that not just an openshift centric view of the world but a kubernetes and community-centric view of the world other vendors can come in and contribute and drive consistency in this space we've actually been hosting community meetings for open cluster management that happen every other thursday and that's going back most of this year i think maybe our first one might have fallen into december of last year and that open community meeting is also on youtube you can go back and watch all of the history of the conversation we've had contributors and interested stakeholders from companies like and financial group who are using and deploying the open cluster management community project today there's conversations with adoption from oli cloud as well and then students and other interested parties in the industry but this is something i think is exciting because it's about trying to simplify how consumers leverage the open hybrid cloud right and doing it in a way that is not tied into a singular cloud ecosystem so if you haven't had a chance to catch some of the community meetings to try it out yourself if you're not a red hat open shift or a red hat user per se this hopefully i think still delivers lots of value we hope that you'll see the value that we've built into the openshift platform in a way that's very consistent across every cloud provider but ultimately anyone can come in and pick this up you can contribute pull requests you can look at what we're talking about in the community in terms of features and roadmap but really our goal here is to drive a multi-vendor vibrant ecosystem around this set of concepts nice and we've seen that i mean some of the questions coming up in the kubernetes slack are interesting as folks get involved with workload and placement and they're looking for features around um you know gpu right like how much how smart can we get with workload placement even down to the level of capacity that's available on the cluster and is it available even down to the cpu metric or even even more into the gpu so those types of upstream community engagement activities they're awesome i appreciate josh your leadership michael as a as an upstream contributor and uh you know part of the steering of what we're doing and the cncf proposal has been amazing to just watch that community come together so hard so hard and not enough kudos to spread around the to the team that's engaged there but it's the right approach and being part of red hat and seeing that vendor neutral approach has been very fun and very exciting kudos yeah no it's definitely a cutting edge and it's where it's where all the neat stuff is well not all the neat stuff but a lot of the neat stuff is happening especially as scott mentioned in the placement rule and the fleet management space it's uh so we invite you to come out there's free swag too if you come to the meetings so uh you know come come check us out all right just to make sure it doesn't get lost everything the only part that that hasn't undergone open source has to do with the license and the search database component but everything else that's shown even if it's not part of the cncf community project proposal is still open source is still available so everyone even things everything that josh has shown here is available in upstream repos you can go you can take a look you can file bugs you can submit pull requests you can help submit enhancements but what's in the cncf proposal is something that we think applies to every vendor and ultimately we want to see that you know drive the community but i want to reinforce that there's nothing here that is not open source absolutely and yep we do everything in the open it's the red hat way which is awesome it's and that's been a lot of fun in the journey um okay i'm gonna segue a little off ansible here for just a second and take a talking point that scott made and turn it into reality and so he had mentioned around uh the star ks or the xks i've heard it referred to lately it's a new new new label for me but uh i've always been a star ks person but we have the j uh the aks and the eks clusters that i've got imported here plus we do gke uh iks we do all the managed openshift got to put an openshift plug in there uh the rosa and the aro as well but i'm gonna launch out the grafana so this is part of the thanos package that acm ships with and i'm in the overall cluster health which uh talks about a bunch of the clusters here but we can see so i've got my aks cluster if you were on the 2.3 release you might not have seen that but now in 2.4 we bring that to you as well so you've got the aks and you've got the eks uh cluster stashed in here i think i scrolled by it and then you can individually look into them as well we come with some pre-seated dashboards but you can choose additional ones as well so we have the aks cluster as well as the eks cluster and this works on the gcp as well so all the flavors of kubernetes that we've talked about in previous streams that we bring to the table that you're able to manage from a policy an application point of view a an execute point of view well now we've got the monitoring and metrics there as well and so just you know filling in all those pieces to give you that full story that single pane of glass across all of our supported kubernetes uh targets so yep great overview it was absolutely driven by customer demand and it was it was apparent right you want to be able to provide the fleet view okay great go do that we have to live up to the moniker of kubernetes so i like being able to do that like you know approved that we're listening and taking the feedback and iterating on it with each release absolutely and so actually we were talking through it i will show the screen once more just to show it uh but we had so this was the ticket that was created from my my original provision request you can then go in go through the approval but we're gonna keep moving because i got lots of other stuff too lots of other cool things to show uh in this uh in this space that came up there josh though was around the geo replication you know and you might have even gone over this quickly but you're you you had two clusters i don't know where they were located and one was local maybe one was in east and west but everything is out there except for the vmware so vmware is in my data center or equivalent to my data center openstack usually in your data center but all of these are all over the place and you can look at the regional so this one's u.s east but my gcp i think it is yes these are ones i provision in europe uh i don't i don't pay the bill so i put them where i where they need to be to look nice but uh so these have the europe west and so this again as you're targeting policies targeting workloads anything that's a label can be turned into a grouping of of workload that you apply to your fleet and so you know we can provision in all these spaces we can manage them latencies obviously can be a problem but uh but under normal circumstances we design for the fact that you know we may have some delays here and there but you know on a daily basis i manage my uh european as well as we have some asia pacific clusters as well not in this this specific hub but in other ones and we're able to do it thank you feel free to pivot i was just making sure we covered that live stream no absolutely and you know you we have the options here you can see i i've uh i've been a little tardy here although i will maintain i'm sure it came out in the last three days but i from this screen i can bulk upgrade all of these clusters we see they have the upgrade available you can select the individuals this has sort of been part and parcel for a couple of releases but you can go to the upgrade and you know you get the list and you can make choices especially if you have different versions and you're also able to you know this is automatically updated just like any other update system as the new release comes out that day acm gets the new level uh but you can also self curate these values uh if you want to control what goes where uh and the time frames associated with it so i'm going to go back to ansible for a minute i'm not going to go into big detail because there's still lots of other places to look but i just want to show that you know the integration there still remains uh oh it's off and running and having problems i guess it's a great demonstration that you know when there is a problem we bubble that up to the top but so in our application space we still have that pre and that post capability i suspect this is actually because the systems all went to sleep and so when it went to try and do stuff in the middle of the night because systems were going offline the placement rule will say oh systems are off i got to move but i put all my systems to sleep and so for pacman at least so those went away it is kind of funny though now that i mentioned that i have two pac-man apps one that we just looked at which is ansible and one that is deployed by an argo application set here the segway to uh sorry the prehook job failure that's in the pacman app it's not because clusters went to sleep it's snow expense goes down after 24 hours without being king exactly so to save money i use a development service now it's instead of being productive a key point is that even though in this case the pre-hook blocked it all of the existing workload continued to run happily the the job didn't actually if you poke any one of the deployments right for the audience to recognize that the deployments that are actually underneath clusters one and two below are still green and healthy they're still running on the cluster um we're just reflecting that the ansible job hiccups and it's not uncommon that's part of the point of automation is that you can always re-run it if you need to right like that's that's not uh it didn't generate an outage because of that yeah exactly and again it actually it illustrates that that is the whole point though of this topology as well is to be able to zero in right away as to what the problem is and well it's pretty obvious that my ansible job had an issue in this specific case but um what i was segue to because it run or it reminded me of that with clusters going to sleep was that my other pacman app which is actually deployed via argo application set and this will be my segway but it actually was originally on an aws instance but because all of my cloud instances go to sleep at night the placement rule went oh all of the clusters are down but i'm supposed to keep one copy of this running oh the only cluster left is the vmware cluster so i'm going to move it there which is where it's where it's found it's new humble abode and uh if we click in we see we get it's again a similar looking design no there is enhancible integration in this space at that point at this point but you've got it's the argo integration you can um uh you can take you to the argo uh instance where it's running since it's this one is on the hub actually so this is the openshift git ops that was deployed by the hub and then we have the other one that michael mentioned uh let's see here so we're also able to and we've changed it around a little bit it used to say get here we've got this discovered so these are actually instances of argo applications that have been deployed by a remote argo on my fleet so it had nothing to do with the hub there was argo running on each of my managed clusters and we distributed the argo application resource to all of those managed clusters which then caused ngx to be deployed acm without having any not pre-knowledge of that detects it also detected it all came from exactly the same source which is git branch and path and so group them together to say look you know this app's been put onto all seven of these clusters which is why you see the terms remote discovery in there but if we look at it from a visualization point of oh this one's going to give me trouble nothing like the demo guides to show their face let me try that that's all you're ahead josh i was going to say just knowing about the discovery capability yes that's that's awesome so what it should show you is the you would get the same topology and uh you can click into those and view the pods as well as the logs that go with it we do display that or usually display that when it's not giving you a uh a hiccup as it is in this and so i'll use that segway then for well i said i have git ops everywhere well i used a configuration here in my policy in grc and so in my policy in grc i've got things like fcd encryption that we all atta talk always talk about so that's making sure all of my openshift clusters have their sed encrypted i've usually run that in in force i switched it to inform and positioned a new cluster just so that we could see the uh the error and that it actually does you know we do detect problems so one of my new clusters that i provisioned which automatically otherwise if it was enforced would have got it it's telling me you know there's a problem i need to go out and do that we have the uh installation of openshift get ops which i mentioned which is argo so this is pushing the argo out to all of my clusters i see michael is gotta drop take care and uh i've also got acs which we'll talk a little bit about we have an acs integration as well as an enhancement to these policies themselves you can now create policies that have that are that have templated values and that's something new for us it used to be you defined a very pre-canned set of yaml and that was all that the policy was going to be able to check for well now you can dynamically inject using a policy template things like names that you read off of a config map or a managed cluster or even in a special case you can use it to deliver secrets securely from the host hub acm to your remote clusters and so in the example here we have the red hat acs install this has activation of acs which is advanced uh cluster security by red hat it also has delivery of what they call it a nip bundle which is three secrets and so if we look inside of this and no we're not going to be showing our secrets thankfully um that has happened and that's that that's an easy fix i could believe it on a on a live stream but that's kind of part of the core piece here is is that fact that we aren't sharing the secrets instead we've got let me see if i can drag this over a little bit we're able to build these query type of analogies inside of what is otherwise a secret so if you look the kind is a secret it's got the name and the name space that it wants to create but the values themselves they reference a secret that is stored securely that i'm not going to show on the hub in the namespace and it's able to take those and securely deliver them to my remote clusters and so this is a great i'm getting started i need a demo i haven't yet figured out if i want to go all in and reprogram everything for bolt with side cars or use external secrets or use or or my security stance won't allow for sealed secrets which would put it into git now this is a great starter where the secret only exists on the hub you can maintain and manage those secrets in a secure store that is mandated by your it department and for a delivery mechanism we have a secure way where acm is able to put those into a name space on a remote cluster where it needs to go and never do you have to commit any of that to get like so i can commit the policy to get and have it as part of my infrastructure and system as record system of record but i don't have to commit any port any form even an encrypted form of that secret into it and so it's very powerful as well for acs we're standing up a um we call it an operator but a resource that represents the agent and that agent needs to have a unique name to register back if you think back to what i just said fixed yaml meant that every agent would have the full the same name well what this templating allows you to do is here we have hub which means it's querying some data off the hub side but you have it on the client side as well so i'm able to look up the name of my manage cluster use that in my resource that i'm stamping that initiates acs so when i hop over to acs and it registers out which i had the screen up here and we go to health and oops we go to clusters it's able to give the unique name of the cluster back for each and every registration that otherwise you know you have to write some really fancy customized expression that you store in git that you may or may not be able to debug now we've got a very simple template it does the lookup it applies the correct name for the cluster and acs is happy to register back and and hook up so and and that's kind of then segues into the beauty of acm and our placements and our labels any cluster i import any cluster i provision either through the full provisioning process or i pull out of a pool as soon as it's registered into acm and its labels become available i could have something like placement for which is what i'm using where the vendor equals openshift all of our imports all of our provisionings all auto detect that it was an open shift and so they will all get the acs client deployed to them same thing because this is my demo cluster they all get the open shift get ops operator deployed to them as well but so there's the power of the whole life cycle from you know from that very very initial point where you bring it under management and going forward can be a completely automated procedure and our placement allows you to do configuration application security compliance you know monitoring the the whole gamut is covered in in that one sense and so you know if anything i want to summarize you know what we've accomplished in the in the year it's it's really that we've we've really filled in that whole picture you know there used to be little gaps here little gaps there and that's why a lot of this was you know we've gone from ocp only to stark as for metrics or we now have ansible in all three of the main pillars that you you know you use where it makes sense to have automation is that you know a year later having you know been been at this we've we've really filled in the picture and it's come a long way as far as you know what we have is for the fleet management across all of the pillars of concern that we expect our users to be to be after and so i will touch on one thing just because it was a talking point and i love to prove they're there is i wanted to show the ansible quickly that we've integrated here as well so for something like i created this policy here that's non-compliant you see we have the automation which matches up with the automation tab and jeff you want to jump in while i'm doing this yeah i mean you're flying through all these advanced features that we just for 2.4 and and that's because we have a little bit of time but you know what i heard there josh more than anything else coming from the business side is the first thing you do is you install acm and when you're an open shift customer or an openshift platform plus customer install acm is the first thing you do after you stand up your first cluster and then i hope you roll out acs it'll help you roll out the get op strategy that'll help you roll out all the configuration policy and new clusters on top of that as well as from we've been dealing with a lot of customers that are that are migrating from three x to four that's first thing you should do on those migration scenarios stand up your first four cluster put acm on it bring those clusters that are 3x under at least observability use cluster lifecycle to create new clusters create consistency of your configuration between the two you have the templating thing that we went through real fast both hub and on the policy side it's it's really the the game changer one of the things that we hear a lot that we want to combat is well i don't have a multi-cluster problem yet and i only have a few clusters and that is that is absolutely wrong you don't want to look for to use a florida analogy you don't want to look for the bucket to bail water after the boat's taken take it on the water right you want to have everything prepared and start with ship ready and and put a multi-cluster world under governance and that will accelerate your your cloud and your container adoption journey sorry no absolutely and so you know we've got ansible everywhere and i guess to jeff's point and i'm sure we haven't actually done this in a in one of these streams in a while you know when i start day one in an openshift cluster i end up here if i go to operator and i go to operator hub and it loads it's canada we're far away you see the second pitch the second card that we got up here is advanced cluster management you click on this you click install you get the next page and you go from there i'm running dev so it doesn't pop up in the same way and within eight minutes you're running acm you've got an acm console that you can hit you plug in some cloud credentials you plug in a vsphere credential you plug in an openstack credential you can number one you can start importing things or number two you start provisioning you grow your fleet especially when it's on-prem and it it it doesn't have the same cost associations but even if you're in the cloud we've got single node openshift that you can deploy you want to keep it down you can do three node master or three-node master worker clusters there's a whole bunch of different ways to slice and dice you know how you expand your fleet but this is it they're there from day one is the best way to do it josh is like a kid in the candy shop i i absolutely i learned so much thank you thank you john i'm going to kick it over to dave to bring us home this has been such an awesome session josh what can we say thank you awesome um chris scott thank you for uh hosting us scott thank you for emceeing us through this um it's been a pleasure to rejoin the live stream here chris i know everybody on the team you can tell the passion the energy and enthusiasm coming through the team uh it's a hot space as jeff said shift lift bring your management security right to the forefront with your deployments those are the most successful customers that we see that we work with day in day out community is growing rapidly the integration points are growing rapidly um the adoption has been outstanding the reception in the in the field with with users has been has has been outstanding and we didn't even shift into a lot of the next wave of things from event driven architectures to the edge space um a lot coming even in the area of ai so thank you very much thank you everyone we had a chance to touch on cloud services and scale to the moon and beyond we'll do it on a future one chris thank you so much we always enjoy this show thank you no thanks for coming thank you really appreciate it yes thanks for having us y'all stay tuned we got five more five more streams to give you chris [Laughter] cheers [Music] you
Info
Channel: OpenShift
Views: 77
Rating: 5 out of 5
Keywords:
Id: 0gJMGNEQfSA
Channel Id: undefined
Length: 66min 33sec (3993 seconds)
Published: Tue Oct 05 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.