►
Description
London OpenShift Commons Gathering 2019
OpenShift at Horizon Assets
Brian Salzman, Horizon Assets LLP
A
All
right,
so
how
are
you
doing
so
far?
Is
everybody
totally
mind
blown
4.0,
all
that
container
security,
all
that
wonderfulness
I
promise
you
I'm,
not
gonna,
let
Mike
or
dan
has
disappeared,
but
his
jackets
here
so
they'll
be
around
they'll,
be
here
for
the
AMA.
So
please
store
up
your
questions.
Ask
the
questions
during
the
break.
Do
that
we're
gonna
switch
gears
a
little
bit
because
I
know
your
mind
is
blown
and
you
want
to
hear
how
this
actually
works
in
the
real
world.
A
A
What
is
always
the
most
fun
part
to
stage
is
a
series
of
lightning
talks
from
all
the
sponsors
I
promise
to
give
them
each
five
minutes,
so
they
paid
for
your
lunch
and
all
and
your
dinner
and
your
grapes
and
we're
gonna
do
six
of
them
before
and
six
of
them
after
lunch.
So
I'm
gonna
have
them
all
come
up
here
and
then
we're
gonna
rope
them
off
the
stage
if
they
take
more
than
their
five
minutes.
So
I'll
help
me
hold
them
to
that.
B
It
solved
the
problem,
but
he
was
like
I
want
to
talk
to
a
spreadsheet
file
and
I
was
like
alright
well
I'll
use
my
account
and
map
that
drive,
and
you
know
quickly.
We
started
thinking,
you
know
what
else
can
we
use
these
docker
containers
for
so
how
can
we
orchestrate
and
manage
them?
How
can
we
deal
with
resources
working
on
a
project
with
other
users
scaling
up
multiple
containers,
docker
wasn't
enough,
we
had
more
drivers
for
containers.
B
One
of
them
was
my
boss
works
with
nine
and
he's
we
haven't
installed
for
developers
on
their
PCs
every
six
months.
They
release
new
versions
of
nine
and
we
were
falling
behind.
You
know
updating,
pcs,
making
sure
they're
all
in
sync
with
the
server
version,
this
needed
access,
the
sequel
database
in
the
windows
world,
as
well
as
horizon,
shares,
Windows
shares
and
all
of
the
permissioning
and
security
that
goes
along
with
those
shares.
So
a
different
user
sees
a
different
view
of
this
same
share.
So
what
is
nine
if
you.
B
Workflow
ETL
tool,
just
if
people
are
not
familiar
with
that,
so
so
we've
kind
of
thought
like
how
could
we
you
know,
do
something
with
that
to
make
that
release
cycle
simpler
and
give
it
access
to
it?
So,
if
you
think
about
this,
we
wanted
a
private
cloud
solution
that
integrated
to
our
Microsoft
world.
We
want
the
security,
Identity
Management,
onboarding
users
we
wanted.
All
of
this.
B
Automated
I
was
one
IT
guy
and
I
didn't
have
the
time
to
you,
know
kind
of
look
after
integrating
and
building
a
private
registry
into
kubernetes
dealing
with
the
security
issues.
All
of
the
things
that
might
go
along
with
doing
this
I
wanted
a
little
bit
of
a
shortcut
in
some
help.
We
looked
at
things
like
Mesa
sphere,
core
OS,
which
you
know
redhead
bought
Rancher
Rancher
didn't
quite
do
enough
in
terms
of
managing
kubernetes
for
us,
and
then
we
liked
I
had
liked
a
bun
too.
B
A
B
Out
of
disk
space,
but
we
thought
you
know
we
can
always
hire
the
enterprise
people
and
help
going
forward
so
I
kind
of
looked
around
at
that
solution
and
I
thought.
Oh,
but
I
also
need
identity,
management
and
I.
Looked
on
the
kubernetes
documentation,
page
and
they're
like
well.
There's
a
lot
of
cloud
providers
that
AWS
Google
as
your
that
does
identity
management
with
kubernetes.
But
there
was
not
a
lot
of
identity
management
providers.
B
That
would
do
something
for
a
private
cloud
and
we
weren't
ready
from
a
bunch
of
legal
standpoints
and
other
reasons
to
jump
fully
into
the
cloud.
So
I
had
a
conversation
with
mark
and
I
said:
can
we
seamlessly
integrate
Windows
shared
drives
in
Kerberos
access
to
Microsoft
databases?
Yes,
I
was
like
wow,
that's
cool.
Can
we
enable
onboarding
users
and
entitlements
as
self-service
with
human
approval?
Where
needed?
Do
you
have
workflows
to
do
all
that?
Yes,
how
about
a
better
solution
for
the
registry
and
GUI
registry
Viewer?
B
Getting
kubernetes
to
talk
to
a
registry
was
difficult
for
me
and
my
novice
experience
dealing
with
kubernetes
and
Mark
said:
have
you
tried
Sun,
OS,
origin
or
now
okd?
It's
got
a
built-in
registry
and
a
GUI
to
look
at.
What's
in
there
out
of
the
box,
I
was
like
wow,
that's
cool
I
need
shortcuts,
like
that,
can
we
configure
and
deploy
CentOS
origin
production
cluster
ourselves
yeah
with
the
ansible
playbooks?
If
you
heard
the
talk
earlier
this
morning,
the
migration
to
4.0
sounds
great.
B
It
sounds
incredible
because
ansible
is
really
cool,
but
it's
it's
complicated
and
there
was
many
issues
that
we
ran
into
along
the
way,
and
you
know
ansible
upgrading
cluster
FS
was
very
difficult.
The
changes
that
3:9
310
311
went
through
in
terms
of
certificates
and
containers.
We
needed
a
partner
that
could
help
us
navigate.
All
of
the
you
know.
The
high
pace
at
which
kubernetes
is
moving
and
Mark
was
that
person
for
us,
so
the
nine
container
deployment
you
know
kind
of
infrastructure
is
code.
B
Now
we
ended
up
using
guacamole,
which
is
a
VNC
server,
so
it
can
display
a
bunch
of
desktop
in
html5
page.
So
now
you
go
if
you
want
to
use
your
nine
desktop,
you
just
go
to
a
link
in
your
browser
and
you're.
Looking
at
your
nine
desktop
and
I
can
release
nine
to
all
of
the
users,
just
by
updating
a
prod
link
of
the
image
and
basically
all
of
their
desktops
change,
and
they
see
it
through
their
browser.
B
So
okd
provides
authentication,
auerbach
built
in
docker
registry
and
viewer
and
multi-tenancy,
but
it
provides
a
whole
lot
more
and
I'm
going
to
get
into
kind
of
all
of
these
other
things
that
it
provided
us
with.
The
combination
of
marks,
tremolo
security,
so
I
mean
just
go
through.
This
solution
is
very
about
this.
Just
kidding
jump
over
to
some
notes.
They
have
here.
B
Right,
so
this
is
scalable
automated
deployment
of
compute
resources
to
meet
the
demand
manageable
in
terms
of
built-in
health
checks,
so
the
pods
would
get
restarted
if
they
weren't
available
as
an
endpoint.
You
can
stack
multiple
things
in
this
environment,
saying
I
need
a
database
first
and
then,
once
that's
up
and
running,
I
can
launch
something
like
protege
web
on
top
of
it,
so
you
can
kind
of
orchestrate
how
this
application
it
can
be.
B
Multi-Tiered
is
coming
up,
it's
transparent,
we
nee,
we
know
who
changed
what,
when
and
how
down
to
the
infrastructure
the
bitbucket
commit
JIRA,
all
of
that
audit
trail
and
who's
entitled
and
what
roles
they
have:
tremolo
audits,
everything
and
all
the
changes
that
we
might
be
giving
someone
a
role
on
the
cluster.
So
we
have
complete,
turn
span,
see,
and
that
makes
regulators
happy
which
is
really
important
in
this
age,
especially
for
a
hedge
fund,
so
isolation.
B
We
can
provide
a
way
to
move
this
code
through
our
dev
QA
and
prod
environments,
one
of
the
things
in
Prior
experiences
when
you
deploy
applications
and
different
environments.
Those
environments
aren't
the
same
here
as
infrastructure
is
code.
Your
you
can
be
pretty
sure
your
dev
and
QA
and
prod
environments,
because
they're
kind
of
coming
up
in
the
cluster
itself
are
going
to
be
pretty
similar,
just
changing
what
service
account
or
user
ID
you're
going
to
have
running
these
various
things,
and
that
leads
to
an
automated
deployment.
B
B
B
We
achieved
my
isolation
in
multi-tenancy
for
our
users
with
no
passwords
single
sign-on.
We
didn't
want
people
to
kind
of
come
into
this
cluster
world
and
be
like
wow
now.
I
need
to
store
passwords
as
secrets
to
be
able
to
get
in
my
database
or
you
know,
talk
to
a
file
share
and
get
you
know
some
data
from
a
file
system,
so
the
Kerberos
integration
from
criminal
really
helped
out
there,
as
well
as
leveraging
things
like.
B
B
Them
they
can
go
to
a
website
and
ask
for
it
and
we
can
either
let
that
happen
or
have
a
human
intervention.
Saying
ok,
I
prove
that
a
request
it
would
tremelo
provided
workflows
to
automatically
create
the
persistent
volume
claims
that
would
let
people
talk
to
those
drives
and
created
projects
dynamically
based
on
their
user
ID.
B
B
Right
now
we
well
we've
created
the
ability
to
create
multiple
clusters,
which
is
great
one
of
the
things
fun
about
working
with
startup
is,
you
can
say,
hey
I
want
to
be
able
to
spin
up
multiple
clusters
quickly,
so
we
we
have
a
mini
cluster,
that's
got
a
worker
and
a
master,
and
it's
very
small,
a
few
Gluster
nodes,
and
then
we
also
have
production
cluster.
That's
got
six
workers,
three
masters
three
and
four,
a
logger
and
three
gloucester
nodes
on
it,
yeah
so
but
anyways
thanks
for
your
time
and.