►
From YouTube: OpenShift Administrator’s Office Hour (Ep 4)
Description
Join Andrew Sullivan, Chris Short, and the occasional special guest for an hour designed specifically to help the OpenShift admins out there. Come with your questions, leave with solutions. https://openshift.tv
A
Good
morning
good
afternoon
good
evening
and
welcome
to
another
episode
of
open
shift
administrator
office
hours
here
on
openshift
tv,
I
am
chris
short
executive
producer
of
open
shift
tv
and
co-host
of
the
show
with
my
wonderful
teammate,
the
illustrious
andrew
sullivan
andrew.
Please
introduce
yourself.
That's.
B
A
B
B
Like
you
know,
I've
found
and
what
I
learned
largely
through
one
of
my
mentors
was
that
if
you
teach
someone
else
how
to
do
it,
it's
easier
right.
It's
one
less
thing!
You
have
to
worry
about
right
exactly
so
in
instead
of
and
I
get
some
people,
they
want
to
be
that
single
point
of
failure.
They,
like
being
you,
know
the
the
focal
point
they
want
to
be.
It
helps
them
to
feel
important
and
yeah
sure.
B
Anything
inherently
wrong
with
that.
Necessarily
there
are
some
downsides,
though,
but
there
are
definitely
some
downsides
right
if
you
like
your
nights
and
weekends,
if
you,
you
know
that
type
of
stuff,
if
you
don't
want
to
be
constantly
on
the
hook
for
everything
all
of
the
time
but
yeah
I
try
to
take
the
approach
of
hey.
I
had
to
learn
this
stuff.
You
know
and
if
I
can
help
someone
else,
learn
it
then
so
much
the
better
and
the
other
side
of
that
being
well.
B
B
B
Yeah,
so
if
it's
one
of
those,
if
I
can
communicate,
you
know
every
instance
that
I
get
to
practice,
communicating
those
concepts,
those
technologies,
you
know
it
helps
and
I've
tried
to
throughout
my
career,
I've
been
doing
tech
marketing
for
seven
years
now,
almost
exactly
seven
years.
Actually,
seven
years
yesterday
that
was
my
I
joined,
I
left
the
customer
world
and
joined
the
vendor
worlds.
B
A
Yeah
you
got
to
demonstrate
it
often
too
right,
which
I
find
is
the
most
interesting
part
right
like
you
have
to
change
what
engineering
has
provided
you
into
something
that
satisfies
a
customer
request
right
like,
and
that
is
often
not
one-to-one
right
like
it's
not
like.
Oh
yeah,
just
slap,
some
emel
on
it
and
off
you
go
there's
always
caveats.
A
There's
always
these
little
things
that
we
have
to
do
because
regulatory
reasons
we
have
to
do
because
of
x
or
y
or
z,
and
like
here's,
how
to
plug
that
piece
in
right
so
like
if
you
look
at
the
red
hat,
advanced
cluster
management
show
they
did
yesterday
right,
like
they
just
started.
Looking
at
like
the
whole
piece
of
pie
that
they
made
with
this
pac-man
app
that
they
created
and
like
just
looked
at
the
very
entry
point
of
it,
and
it
was
like
oh
there's
so
much
here,
you.
B
A
B
Yeah,
so
for
any
new
watchers
any
new
attendees.
This
is
the
admin
office
hours
so
effectively.
That
means
that
we
are
focused
on
the
administrator
experience
of
people
who
are
in
an
administrator
role
with
openshift.
Although
we're
also
happy
to
help
answer,
questions
for
anything
in
the
red
hat
portfolio
just
may
not
be
able
to.
It
may
take
a
little
bit
more
time
as
we
have
to
reach
out
and
ask
people
yes,
which
we
will
happily
do
exactly
very
much.
B
So
it's
good
to
make
new
friends
inside
of
the
company
right,
absolutely
yeah.
So
our
goal
being
this
is
very
much
an
ask
me
anything.
A
type
of
experience
feel
free
to
ask
us,
quite
literally
anything
about
openshift,
about
red
hat,
about
red
enterprise,
linux
et
cetera.
If
we
know
the
answer,
we'll
certainly
give
it.
We
certainly
welcome
your
participation.
I
hear
the
lawnmowers,
sorry
or
or
maybe
you're
just
doing
the
stunt
airplane.
So
no.
B
So
yeah,
please
by
all
means
this
is
meant
to
be
an
interactive
session.
Normally
we
have
some
cee
folks
that
join
us.
This,
the
customer
supports
and
enablement
folks
that
join
us
they
weren't
able
to
join
today.
This
is
also
the
first
episode
in
the
last
three
weeks
because
we
had
some
special
occurrences.
I
would
definitely
encourage
you
to
check
out
both
of
those.
Two
weeks
ago,
reese
was
on
and
reese
and
christian
and
talked
about
the
new
assisted
installer
experience,
which.
B
It
is
yes,
it's
very
awesome
lots
of
interesting
things
or
lots
of
exciting
things
to
look
forward
to
there.
So
if
you
haven't
seen
that,
I
know
that
there's
a
blog
post
that
should
be
going
out
relatively
soon
on
that
as
well.
In
addition
to
the
live
stream
and
then
last
week
was,
of
course,
the
what's
new,
which
I
saw
today.
We
have
a
new
vanity
url
for
that
openshift.com.
A
Yep
and
you
can
go
grab
that
and
we'll
actually
in
the
next
few
days,
have
a
transcript
of
the
entire
call
like
out
there
for
you
to
search
and
hunt
and
figure
out.
You
know
hey.
Is
this
feature
good
for
me
kind
of
thing
right
so
that'll
be
pretty
great.
Let
me
drop
that
link
in
here.
It's
high
speed,
yeah,
I
mean
it's
we're
getting
it
to
the
point
where
it's
we
want
to
keep
everything
like
on
the
openshift.com
site
and
not
have
it
as
like
distributed.
A
B
So
if-
and
I
created
a
giant
spreadsheet
of
this-
that
I've
shared
with
chris
before
we
have
this
huge
progression
that
walks
through
various
aspects
of
open
shifts,
so
we're
still
relatively
early
in
the
in
the
process,
which
is
choosing
which
installation
method
you'll
you
want
to
use
for
your
openshift
cluster
and
just
prior
to
the
show
we
were
talking
about.
You
know
what
that
means
and
why,
with
red
hats,
and
why,
with
open
shifts,
it
is
the
way
that
it
is
and
especially
compared
to
some
of
our
competitors.
B
And
the
reason
I
want
to
share
my
screen
here
is
because
I'm
going
to
bring
up
the
documentation
I
like
docs
docs
are
important
yeah
I
try
to
so
it's
funny.
We've
been
asked.
I
don't
know
how
many
times
why
don't
we
have
reference
architectures
or
stuff
like
that
for
openshift,
and
it's
it's
because
right
and
the
goal
is
to
have
all
of
that
information
in
the
documentation
right.
So
I
try
to
always
start
with
the
documentation
and
if
there's
not
something,
that's
not
there.
If
there's
information,
that's
missing,
that's
inaccurate,
etc.
B
B
B
I
will
say
that
we've
done
a
pretty
good
job
of
starting
to
break
it
up
and
organize
it
better.
So,
for
example,
we
we
added
this
post
installation
configuration
section.
So
you
can
see
we
have
this.
Here's
the
the
way
the
product
works,
here's
how
to
get
it
installed
and
you
select
based
on
which
infrastructure
you
want
to
use.
B
And
then
you
can
go
into
this
post
installation
set
of
things
and
it's
here's
all
the
things
you
need
to
do
or
consider
doing
after
your
cluster
is
deployed
to
get
it
up
and
and
fully
deployed,
because
it's
important
to
point
out
that
with
4
we
changed
the
installation
process
so
that
the
the
end
result
of
the
installation
is
a
running
cluster.
One
that's
ready
to
host
workload,
but
does
not
have
all
of
the
features
and
functionality
out
of
the
box
all
right.
B
B
And
the
problem
was
it
meant
that
the
installation
process
was
massively
complex
and
very
very
lengthy
and
often
led
to
issues,
and
it
was
an
all
or
nothing
type
of
scenario
either
if
it
succeeded-
and
I
have
this
fully
functional
cluster
or
it
failed-
and
I
have
basically
at
best
a
broken
cluster
and
probably
nothing
so
openshift4
installation
is
focused
on
getting
a
minimally
open,
available
cluster
up
and
running
and
then
all
of
those
other
things
are
done
as
day
two.
So
that's
why
this
post
installation
configuration
section
is
very
important.
A
So
yeah
jp
data
says
you
know
specific
hardware.
Reference
architectures
would
be
helpful,
like
the
next
cluster
will
be
on
an
hpe
synergy
frame,
hopefully
with
a
fully
automated
ansible
template
for
configuration
of
the
nodes
and
everything
else
right
like
that.
Yes,
that
would
be
great,
but
do
you
realize
how
many
different
kinds
of
bespoke
hardware
sets
you
could
run
to
openshift
right
like
so
we
could
do
that,
but
we
lean
on
the
partner
to
help
us
with
that.
B
A
B
B
A
B
A
C
A
C
A
D
A
B
A
B
A
B
B
Essentially,
what
that's
saying
is
when
platform
equals
none,
it's
not
going
to
look
for,
or
even
attempt
to
configure
any
kind
of
integration
with
the
underlying
infrastructure.
So
if
I
do
platform
equals
vsphere
right,
it
is
going
to
configure
the
vsphere
storage
provider
and
other
things
that
are
aware
of
that.
If
I
do
platform
equals
aws,
not
only
is
it
going
to
want
to
deploy
to
aws,
but
it's
going
to
look
for.
B
How
do
I
connect
to
the
aws
api?
How
do
I
integrate?
How
do
I
deploy?
How
do
I
manage
all
those
resources
platform
equals?
None
basically
says
I'm
not
going
to
talk
to
the
infrastructure,
I'm
not
going
to
talk
to
anything
else
underneath
it.
I
don't
know
what
it
is.
I'm
not
even
going
to
try
to
know
what
it
is.
C
A
A
C
B
Go
so
it's
connected
to
a
focusrite
and
occasionally
the
focusrite
has
been
glitching,
so
I
have
to
turn
or
change
the
capture
bitrate
that
it
uses
which
resets
it
and
then
it
works
fine
again.
How
did
I
learn
about
this?
Oh
I
learned
about
this
because
I
recorded
an
entire
tech
ready
session,
with
the
audio
being
absolutely
abysmal
and
then
had
to
re-record
ouch.
C
D
A
B
Yeah
back
to
the
installer
platform,
so
platform
equals
none
means
that
it
doesn't
attempt
to
configure
or
integrate
with
the
underlying
infrastructure
at
all,
so
that
would
be
referred
to
as
a
bare
metal
install
irrespective
of
what
the
underlying
infrastructure.
Actually
it
is,
so
it
could
be
physical
servers,
it
could
be
virtual
machines,
hosted
on
pretty
much
any
hypervisor.
You
can
possibly
imagine,
or
it
could
be
even
installing
to
a
hyperscaler
again
without
that
underlying
integration
being
configured.
B
B
Yeah,
so
it
ensures
that
there's
always
that
default,
and
if
you
don't
want
that,
then
you
deploy
with
the
bare
metal
method
onto
whatever
infrastructure,
and
there
is
of
course
a
trade-off
of
well.
If
I'm
on,
you
know
vsphere,
for
example,
and
I
want
to
be
able
to
dynamically
provision
new
nodes
right,
so
the
the
cloud
provider
integration.
B
Okay,
so
platform
equals
none
is
bare
metal,
but
bare
metal
is
not
physical.
Servers.
Bare
metal
is
any
infrastructure
that
that
that
you
are
not
integrating
with
the
underlying
hardware
with
this
will
only
get
more
confusing
with
4.6,
because
4.6
has
bare
metal
ipi,
which
is
really
ipi
with
physical
servers.
A
B
B
Yeah-
and
that
is
a
that
is
a
limitation
of-
and
I
just
bookmarked
this
yesterday-
that
is
a
limitation
of
kubernetes
yeah.
So
if
we
look
in
the
kubernetes
cloud
provider,
there's
this
long-standing
issue
where
effectively
the
clouds
controller,
doesn't
it
assumes
that
all
nodes
belong
to
the
same
cloud
controller
and
if
it
doesn't
recognize
that
node?
If
it's
not
a
part
of
that
cloud
controller,
then
it
ejects
the
node.
B
So
you
can't
do
an
ipi
install,
for
example,
to
vsphere
and
then
add
physical
nodes
into
that
cluster,
because
the
cloud
provider
would
say
I
don't
know
what
this
is.
I
need
to
eject
it
from
the
cluster
with
that
open
shift
on
openstack
and
ironic
type
of
setup.
Well,
it's
all
one.
It's
all
one
provider
right,
it's
all
the
openstack
cloud
provider,
which
means
that
you
can
get
that
hybrid
model.
B
You
know
virtual
some
virtual
some
physical,
while
still
retaining
the
ipi
cloud
provider,
integration
for
node
provisioning,
and
I
realized
that
as
I'm
talking
through
that
that
I
got
a
little
ahead
of
myself
because
yeah.
So
that's
one
of
the
key
things
with
installer
provisioned
or
full
stack
automation.
B
So
the
first
thing
I
want
to
point
out
is
that,
at
the
end
of
the
day,
when
the
installation
process
is
finished,
you
have
the
same
cluster
right.
It
has
the
same
capabilities.
It
has
the
same
things
deployed
to
it.
It
has
the
same
support
status
right.
In
other
words,
if
I
choose
to
do
full
stack
automation
on
vmware
or
user
provision,
user
provision,
infrastructure
on
vmware
or
a
non-integrated,
slash
bare
metal
installation
on
vmware
they're,
all
fully
supported,
they're
all
going
to
have
the
same
capabilities
when
the
installer
finishes
doing
its
job.
B
What
is
different
between
them
is
that
integration
with
the
underlying
infrastructure,
so
full
stack
automation,
assumes
that
I
have
a
fully
functioning
cloud
provider
that
is
able
to
interact
with
the
infrastructure
to
do
things
like
create
and
destroy
nodes
user
provision.
Infrastructure
usually
means
that
there
is
a
some
integration,
but
not
the
same.
So
in
reality,
what
that
means
is
things
like.
So
yes,
with
vmware,
I
have
the
cloud
provider
I
can
go
in
and
I
can
create
nodes,
but
it's
not
configured.
B
Only
the
storage
provisioning
is
configured
if
there's
network
integration,
so
let's
say
it's
aws
right
with
aws,
because
we
integrate
with
their
load
balancer
paradigm
and
everything
else,
you're
still
going
to
have
the
ability
to
create
load
balancers,
but
not
manage
other
aspects
and
then,
of
course,
spare
metal.
As
I
said,
because
I
got
ahead
of
myself,
for
it
is
no
integration
with
that
underlying
infrastructure.
A
C
B
So
I
know
engineering
has
done
it.
They
created
several
bz's
and
did
some
changes
in
one
of
the
earlier
versions
to
make
sure
that
it
works.
I
personally
have
not
tested
it
so
upi
to
ipi
is
something
that
should
be
possible.
Ipi
to
upi
is
also
theoretically
possible.
It
is
not
something
I
have
tested,
but
it
is
effectively
unconfiguring
that
provisioner
or
that
cloud
provider
integration
underneath
the
covers.
B
A
A
A
B
A
B
Yeah,
you
know
and
it's
it's
on
tap
as
a
whole
and
it's
the
way
that
their
storage
system
works
and
and
everything
it
makes
it.
You
know,
rightfully
so
the
the
most
robust
and
capable
nfs
server
that's
out
there.
So
I
think
it
is
important
to
point
out
and
that's
why
you'll
sometimes
find
things
like
if
you
look
in
our
documentation
for
various
openshift
services,
the
registry
is
one
I'll
pick
on.
B
We
don't
recommend
using
the
registry
using
nfs
storage
for
the
registry
because
well
we
don't
test
it
on
anything
except
our
own
nfs
server
and
we
found
some
issues,
but
netapp
has
tested
it
with
theirs
and
they
say:
hey
it
works
great.
You
know.
So,
if
you
look
at
our
documentation,
that's
why
we
we
we
have
caveats
like
always
check
with
your
storage
vendor.
D
Yeah,
my
name
is
I'm
richard
vanderholt,
I'm
a
senior
software
engineer
with
the
openshift
support
team
and
what
that
means
is
I
get
to
work
on
some
of
the
more
quote:
unquote,
fun
cases,
so
I've
kind
of
I
wouldn't
say
I've
seen
it
all
at
this
point,
but
I've
definitely
been
involved
in
some
really
really
interesting
cases
and
have
seen
some
interesting
failures
and
it's
always
a
lot
of
fun
to
help
people
work
through
their
their
problems.
So
it's
really
fulfilling
part
of
the
job
is
getting
to
help
people
out
so.
B
B
Day,
yeah
yep,
so
today's
sort
of
a
and
as
I
mentioned
at
the
beginning
right,
this
is
an
ama
style
office
hours
right,
please
feel
free
to
ask
any
questions
at
any
time.
But
in
the
absence
of
that,
today's
topic
is
the
installer
and
richard.
I
I
know
that
you
just
joined
and
but
I'm
going
to
put
you
a
little
bit
on
on
the
point
here:
yeah
no.
D
B
B
Yeah
yeah
and
the
reason
I
I
asked
that
is
because
I
I
thought
I
already
knew
the
answer
which
you
confirmed,
which
is
the
installer,
especially
with
version
three
I
think
was
the
source
of
and-
and
somebody
told
me,
the
statistic
once
that
it
was
like
30
plus
percent
of
all
support
tickets
for
openshift
in
openshift
3
were
around
the
installer,
and
so
earlier
on.
I
was
discussing
how
we
changed
the
installation
process
with
openg4
so
that
at
the
conclusion
of
openshift
install
you
have
a
minimally
running
cluster
right.
B
C
B
So
I'm
glad
you
brought
that
up
and
I
think
the
slide
really
illustrates
that
you
know
I'm
not.
I
don't
usually
like
to
show
slides
on
the
live
stream,
but
you
know
it
illustrates
the
breakup
between
the
two
different
installation
experiences
and
what
you
know
the
the
administrator
is
responsible
for
versus
what
the
installer
is
going
to
do
for
you,
but
I
I
think
the
what's
not
directly
obvious
here
is:
if
the
installer
is
doing
it,
that
means
that
you
have
to
have
an
infrastructure.
That's
capable
of
doing
that
right.
D
For
sure,
and
and
there's
there's
a
well-worn
path
in
how
we
intend
for
someone
to
deploy
4.x-
and
I
wouldn't
see,
there's
conflict,
but
when,
when
we
have
when
we
go
into
infrastructures,
where
people
have
very
specific
requirements
of
their
load,
balancers
that
aren't
necessarily
something
that
we
encounter
on
a
regular
basis.
It
can
create
some
interesting
working
sessions
to
try
to
help
figure
out
how
to
get
things
to
fit.
I've
never
really
encountered
an
environment
yet
where
we
couldn't
but
but
yeah
it's.
It
is
interesting.
A
Choices
yeah.
We
we
talked
about
diversity
of
hardware
for
a
minute
there
and
how
we
kind
of
lean
on
our
partners
to
help
us
with
you
know.
This
is
your
setup
for
hardware.
How
would
you
install
openshift
on
it
right
like
right,
but
how
I
mean
how
many
times
do
people
like
have
one
of
those
cookie
cutter
setups
right,
like
probably
not
that
often,
I
would
imagine
right,
like
yeah.
B
And
chris,
when
we
were
in
the
the
virtual
green
room
right
right
before
the
the
show
started,
we
were
talking
about
how
you
know:
openshift
is
different
than
a
lot
of
other
kubernetes,
because
we
don't
give
you
an
option
for
many
of
those
things
right.
There
is
no,
you
know
curl
pipe
to
shell
installation.
B
D
D
B
C
D
D
B
A
A
D
C
D
How
that
changed
the
troubleshooting
strategy
a
little
bit,
because
some
of
the
errors
that
we
would
see
specific
to
misconfigured
load
balancers
in
4.1.
They
meant
something
different
in
4.2,
because
cluster
proxy
was
was
actually
hiding.
The
true
nature
of
of
the
failure
and
some
of
the
errors
that
we
we
were
getting
were
misleading.
So
there
were
a
couple
of
days
there
just
going
back
and
forth
with
the
customer
trying
to
figure
out
why
we
couldn't
access
the
console
and
why
certain
operators
were
degraded.
D
So
it's
not
really
an
unusual
thing,
but
it
it
goes
to
show
how
sometimes
particularly
early
on
when
we
introduce
some
features.
It
can
be
really
tough
to
get
your
arms
around
how
to
pin
down
what
exactly
is
going
on.
But
I
think
one
of
the
really
awesome
things
about
the
openshift
4
life
cycle
is
how
quickly
we're
able
to
respond
to
weird
troubleshooting
situations
and
add,
alerting
and
instrumentation
into.
D
A
Dropped
that
link
right
like
so.
This
problem
happened
to
me
and
I
might
have
mentioned
this
right
like
I
bought.
You
know
I
was
like
okay,
I'm
stuck
at
home.
I
need
something
to
run
openshift
with
that's
like
for
real
for
real,
and
you
know
I
asked
for
andrew
and
andrew's,
like
oh
go
to
the
site,
there's
actually
like
a
great
way
to
like
find
good
deals
and
stuff
on
servers
and
used
hardware,
and
I
bought
it,
and
I
was
like
all
right.
A
Great
yeah,
four
hard
drives
raid
10,
let's
go
10k
hard
drives,
did
not
come
up
to
the
task
to
be
able
to
run
the
fcd
because
of
high
latency,
and
my
cluster
was
just
a
total
dumpster
fire
right
as
a
result
and
like
I
couldn't
troubleshoot
it
and
then
eventually
it
was
just
like
christian
was
finally
like:
hey,
wait,
a
minute
run
this
thing
real
quick!
Is
your
storage
fast
enough
and
sure
enough
400
later
now,
my
storage
is
fast
enough.
D
Yeah
yeah,
so
that
that
actually
is
that
does
lead
me
to
perhaps
the
weirdest
thing
I've
ever
seen,
which
is.
It
was
just
like
you're
saying
somebody
wanted
to
set
up
a
prototype
cluster
and
to
the
to
the
average
user.
It
doesn't
make
sense
necessarily
how
sensitive
std
is
to
latency,
but
they
were
trying
to
stand
up
master
drives
backed
by
usb
2.0
thumb
drives,
and
the
install
would
actually
progress
to
a
point
up
until
enough
things
got
running
that.
C
B
D
C
C
A
D
A
B
A
B
B
So,
there's
a
couple
of
questions
in
the
chats
that
I
want
to
go
ahead
and
address
so
in
param.
I
I
know
their
usernames,
so
they're,
sometimes
difficult
to
pronounce.
So
apologies,
if
I'm
butchering
anybody's
name
or
or
fictitious
name,
but
yeah
yeah.
How
would
you
recommend
forwarding
the
cluster
logs
to
a
or
I
guess
they
started
with
an
off
topic
question
to
be
clear:
there
is
nothing
that
is
off
topic.
B
So
please
don't
feel
bad
about
that.
How
would
you
recommend
forwarding
the
cluster
logs
to
an
external
elastic
without
the
cluster
logging
operator,
with
fluentd
daemon
sets
template,
or
is
there
a
red
hat
option
with
openshift4.x
and
chris?
Thank
you
for
posting
the
the
documentation
over
to
the
log
forwarding
section.
B
B
You
can
absolutely
deploy
splunk
or
datadog
or
any
of
those
others,
and
they
will
collect
the
logs
and
forward
them
into
their
respective
services,
and
you
can
do
the
same
thing
right.
Deploy
fluentd,
create
the
demon
set,
let
it
forward
logs
over
to
whatever
it
is
that
you
want
to
do
using
the
cluster
logging
operator.
B
You
know,
which
means
that
it
is
supported
by
red
hat.
You
just
have
to
stay
within
the
constraints
of
what
we've
defined
inside
of
the
documentation
there,
but
that
doesn't
mean
that
you
can't
deploy
fluentd
yourself
and
can
figure
out.
However,
you
want
to
do
whatever
you
want.
It
just
means
that
if
you
pick
up
the
phone
and
say
hey
red
hat,
my
fluentd
is
broken.
Well,
we
can't
help
in
that
particular
instance,
because
we
don't
know
we
don't
know
what
you've
done.
D
That's
that's
exactly
right.
I
mean
you
can
certainly
deploy
the
component
yourself,
but
that's
a
very
good
question.
That's
a
very
good
point
about
support.
So
within
the
confines
of
the
cluster
logging
operator.
We
do
have
some
expertise
there
and
can
provide
production
level
support
for
that
type
of
configuration.
B
B
Can
the
system
admin
user
change
the
registry
volume
from
empty
dir
to
a
persistent
storage,
a
pvc
or
does
it
have
to
be
a
regular
user?
So,
as
far
as
I
know,
the
system
admin
user
can
do
it.
Generally
speaking,
we
recommend
that
you
don't
use
the
system.
Admin
user
right,
create
a
dedicated,
a
user
that
has
relevant
permissions,
but
absolutely
system
admin
can
do
that.
D
A
D
B
A
A
B
B
That's
in
the
kube
config
in
the
install
directory
and
that
user
is
right
there
there
by
default,
you
can
even
after
you've
configured
authentication
everything
else.
It's
always
there
unless
you
remove
it.
So
to
me,
if
I
put
on
my
security
hat
well,
that
tells
me
that
there's
a
a
known
user
with
a
certificate
that
you
know,
maybe
the
guy
who
installed
it
he
left
and
and
I'm
concerned.
Maybe
he
took
a
copy
of
that
certificate
with
him
or
something
like
that
yeah.
B
C
A
A
D
Yeah
right
right,
yeah,
I
I
will.
I
will
tell
you
that
you
got
to
really
think
long
and
hard
before
you
delete
that
delete
that
id,
because
what
happens
when,
if
you
have
an
outage
with
your
authentication
provider,
which
is
not
unusual
and
what
happens
if
your
authentication
operator
goes
degraded,
which
can
happen
for
a
whole
host
of
reasons
like
a
a
outage
with
your
load
balancer
or
some
something
really
mundane.
And
now
you
can't
log
in.
A
D
A
B
A
A
B
So
only
if
you
are
using
the
red
hats
method,
right,
yeah,
you
don't
have
to
use
the
red
hat
methods,
you
don't
have
to
use
the
login
service
logging
operator,
like
I
said,
and
I
saw
somebody
making
a
tongue-in-cheek
comment
about
being
able
to
get
off
of
the
splunk
mailing
list.
You
know
those
other.
You
know
the
third
parties
are
partners,
they
don't
rely
on
the
logging
operator,
they
have
their
own
forwarders
in
place
and
you
can
absolutely
do
the
same
thing.
C
A
C
A
A
B
Having
worked
for
one
of
those
organizations
yeah
that
that
that
doesn't
always
is
sometimes
the
security
team
wins
yeah
and
they
get
to
make
up
those
roles.
Many
years
ago,
when
we
were,
I
worked
with
the
governments
and
we
were
doing
the
whole
itil
yeah
and
they
wanted
us
to
update
the
cmdb
every
time
a
virtual
machine
live
migrated.
B
Yeah,
so
we've
only
got
about
five
minutes
left
want
to
make
sure
that
if
anybody
has
any
last
minute
questions,
please
let
us
know
please
submit
them
in
the
chat
that
being
said
next
week
we
will
be-
and
I
haven't
looked
at-
who
the
guest
from
the
cee
team
is
yet,
but
next
week
we
are
going
to
be
talking
about
sizing
clusters.
So
this
is
a
timely
one
for
me,
because
I
am
about
98
done.
A
Skin
this
kubernetes
cat,
you
know
with
worker
nodes
and
for
nodes
all
kinds
of
things,
there's
just
it's
a
lot
to
wrap
your
head
around.
What
is
the
right
way
to
do
this?
Where
should
I
put
these
kinds
of
workloads
should
I
have
my
sk
master
schedule
at
all
right,
like
think,
like
questions
like
that
right,
like
yeah,
those
all
come
up.
B
Yep
and
we'll
we'll
talk
more
about
it
of
next
week.
Of
course,
the
short
answer
is
it's
a
wild
guess,
you're,
never
going
to
get
it
right
on
the
first.
Try
don't
even
don't
even
think
that
you're
going
to
and
the
good
news
is
well,
it's
openshift.
It's
kubernetes!
You
can
always
change
it
tomorrow.
A
A
B
I
don't
have
anything
if
anybody
has
any
questions
that
come
up.
Please
feel
free
to
feel
free
to
reach
out
to
me,
I'm
on
twitter,
at
practical,
andrew,
no
spaces,
no
other
special
characters
straight
up
practical
andrew,
so
feel
free
to
reach
out
to
me
there,
as
well
as
reach
out
to
me
via
email.
If
that
is
your
preferred
message,
firstname.lastname
redhat.com.
A
B
B
Yeah,
so
you
should
be
able
to
check
the
operator.
So
if
you're
using
the
you
know,
integrated
open
shift
registry,
you
can
do
like
oc,
describe
co,
so
cluster
operator
and
get
kind
of
the
high
level
status.
You
can
also
go
into
the
open
shift
registry.
I'm
still
sharing
my
screen.
Aren't
they
yeah.
C
B
B
B
B
B
So
if
we
come
down
here
so
inside
of-
and
this
is
the
operator
configuration-
so
let
me
exit
out
of
here,
real
quick,
so
the
registry
operator
is
managed
by
this
particular
object
right.
This
describes
the
configuration
that
the
operator
will
then
implement
against
the
registry
that
that
you're
using
and
I
need
to
find
over
here
in
my
off
to
the
side.
You
can't
see
it
notes
where
my
registry
config
is.
D
B
B
B
And
then
the
last
thing
that
I
need
to
do
is
set
the
management
state
up
here.
So
there's
three
management
states,
so
there
is
managed
which
means
that
the
operator
is
going
to
do
all
of
its
things.
There
is
unmanaged
which
means
that
it's
there,
but
the
operator
isn't
going
to
do
anything
with
it
and
then
there
is
removed,
which
I
hope
is
obvious.
B
B
A
B
B
You
can
see
it
was
created
53
seconds
ago,
so
david
for
for
your
situation.
If
it's
failing,
if
you're
having
issues,
you
would
want
to
look
in
the
logs
for
essentially
two
places
most
likely,
it
is
going
to
be
in
the
failing
image
registry
pod.
So
you
would
do
like
an
oc
logs
against
this
one.
If
it
is
failing
to
be
able
to
deploy
or
even
get
this,
you
know
attempt
to
instantiate
this
image
registry
pods.
Then
you
want
to
check
in
the
operator
logs
and
see
what
issues
it's
potentially
having.
B
A
Cool,
so
we
are
over
time,
so
we're
gonna
make
a
quick
jump.
Please
join
us
here
in
just
a
few
seconds
for
openshift
commons
briefing,
a
fireside
chat
with
systig
some
folks
from
cystic
are
joining
us
here
at
the
top
of
the
hour
here
in
a
few
seconds
I
should
say
so
yeah.
Thank
you,
everyone
for
joining
and
we
will
catch
you
next
time
two
weeks.
Thank
you
very
much.
Bye!
No
next
week
next
week,
that's
right!
This
is
every
week
duh
same.