►
Description
Join OpenShift's Developer Experience experts for our regularly scheduled program filled with cloud native, Kubernetes, and OpenShift tips and tricks for developers.
A
A
B
So
I
will
go
first,
I'm
brian
tannis.
I
am
a
developer
advocate.
Obviously,
here
at
red
hat,
I
focus
on
openshift
yeah
based
out
of
based
out
of
dallas
it's
a
hot
day
today.
So
I'm
glad
I'm
inside
with
all
these
lights.
A
C
Hey
well
ryan
jarvin
in
here
hanging
out
with
with
the
cool
kids
welcome
to
the
party,
and
if
you
have
any
questions
for
us,
please
drop
them
in
chat.
We'd
love
to
hear
your
thoughts
and
try
to
help
you
answer
a
couple
questions
about
using
you
know:
kubernetes
open
shift
containers.
C
I
had
a
super
softball
question
for
us
to
to
throw
back
and
forth
today.
If
you
have
better
questions
than
this,
please
drop
them
into
chat.
We
would
love
to
hear
what
you
are
dealing
with
and
try
to
give
you
more
specific
advice,
but
I'm
going
to
start
it
off
with
two
topics
that
I
wanted
to
touch
on
today.
One
is
a
general
question
of
why
containers,
and
also
why
not?
C
What's
the
what's,
the
appropriate
balancing
point
for
developers
to
derive
some
type
of
meaning
and
value
right
and
then
also
I
was
gonna
do
a
demo.
I
have
an
environment
that
I
have
already
done
a
little
bit
of
prep
work
to
set
this
environment
up,
but
it's
ready
to
go
and
we
can
do
a
live
migration
from
openshift
for
something
to
whatever's
available
and
we'd
have
to
go
check.
C
The
check
the
list
of
available
upgrades
to
find
out
what
specifically
is
available
now,
I
know
brian
last
week
talked
about
the
process
he
went
through
of
switching
to
a
different
channel
and
then
initiating
the
upgrade.
So
I
might
try
to
kick
that
off.
That
will
probably
take
a
while.
So
while
we're
working
on
it,
we'd
love
to
hear
your
thoughts
and
questions.
B
C
Yeah
yeah
and
then,
as
soon
as
I
hit
a
stall
point,
feel
free
to
jump
in
with
try
to
make
it
relevant
with
why
containers
or
why
kubernetes
as
we
go
through
it.
So
let
me
let
me
see
if
I
can
find
my
login.
D
C
Here
we
go,
I
put,
I
pasted
it
into
into
a
dock
and
shared
it
with
the
two
of
you
on
the
stream
here,
chris
and
brian,
you.
B
I
do
see
I
do
see
you
chris
talking
in
the
chat
on
the
that
aws
bill.
That's
I
read
a
little
bit
about
that.
I
read
your
article
pretty
pretty
interesting.
A
Yeah
waleed,
it
wasn't
cube
vert,
we'll
we'll,
never
know
to
be
honest
with
you,
we'll,
never
know
what
went
wrong.
What
happened.
A
The
only
thing
we
can
think
is
that
it
was
just
this
really
really
horrible
mistake
or
something
broke,
potentially
in
somebody's
ci
pipeline
and
just
downloaded
a
few
thousand
copies
of
the
same
image
that
completely
were
bypassed
by
cloudflare,
because
I
wasn't
aware
of
a
limitation
on
some
of
their
caching
capabilities
and
the
fact
that
they
don't
cache,
like
everything
that
you
throw
at
them
anymore,
is
also
news
to
me
as
well,
because
I've
been
with
them
with
so
long
yeah
like.
A
A
512
megabyte
limitation
on
pretty
much
everybody
unless
you're
an
enterprise
customer
and
then
there's
only
certain
file
types
that
they're
caching
now
and
cubecal2
was
obviously
not
one
of
them
right
right,
yeah
5g
for
five
gigs
for
enterprise
customers.
I
think
so
yeah
like
even
this
as
an
enterprise
customer,
would
have
been
a
problem
for
me.
So
it's
pretty
wild
right,
but
I
mean
I
can
drop
a
link
to
this.
Isn't
about
me.
This
is
not
the
about
me
show.
This
is
about
the
all
show.
A
A
That
is
at
two
and
2
p.m-
eastern,
yes,
sorry,
2
p.m.
Eastern
and
I'm
trying
to
find
like
a
public
link
to
where
to
go,
to
get
to
it.
B
I
mean
I
say
that
you
know
it.
It
is
still,
you
know
relevant,
and
you
know
interesting
for
our
audience
and
our
perspective
at
least.
I
think
it
is
because
you
know
developers
we're
working
on
things.
We
might
have
projects
and
random
little
things
that
we
have
deployed
or
whatnot.
You
know,
and
it's
important
to
you
know,
think
about
those,
not
all
the
time.
You
know
you're
thinking.
Oh
hey,
the
I'm
expecting
my
caching
provider
to
cache
these
files,
but
there's
there's
a
disconnect
or
there's
issues.
So
I
think
that
you
know
that
is.
E
A
Now
that
I
can
add
this
to,
which
is
fun
but,
like
I
pointed
out
in
the
talk
that
I
did
for
jfrog
swamp
up
this
year,
that
those
little
asterisks
in
your
bill
like
when
it
comes
to
reserve
instances-
and
you
know,
having
all
the
you
know,
discounts
and
everything
else-
that's
all
dependent
upon
this
asterisk
and
you
have
to
apply
all
this
stuff
to
make
that
asterisk
happen
right,
like
so,
like
all
these
credits
and
things
you're
just
going
to
consume,
unless
you
actually
manage
them
like
you
have
to
manage
every
bit
of
it
and
it's
not
just
as
simple
as
like.
A
C
If
you
folks
audience
are
not
already
following
chris
short
on
twitter,
this
is
a
good
opportunity
to
follow.
Him
he's
also
got
a
dev,
dev,
ops,
ish,
email
weekly.
Is
that
right.
A
Yes,
I
just
relaunched
it
from
hiatus:
adjusting
oh
adjusting
to
life.
It
was
on
hiatus
for
a
few
weeks
adjusting
to
life
in
the
new
covid
coronavirus
world,
so
yeah.
If
you're
not
following
me
on
twitter,
I
highly
recommend
that,
because
I
will
talk
about
the
channel
on
twitter
and
you'll,
get
email
or
not
email,
but
notifications
about
when
slides,
go
out
and
things
like
that
too.
So
you'll
get
a
lot
of
tech
news.
You'll
get
a
lot
of.
A
You
know:
random
pictures
of
baby
turkeys
and
such
but
yeah,
that's
all
good
stuff.
For
you
to
see
on
twitter.
C
Cool,
so
I'm
gonna,
if
you
can
see,
can
folks
see
my
login
prompt.
A
C
I'm
gonna
go
through
a
sh,
quick
see
how
far
I
can
make
it
before
I
hit
a
wall
here.
So
this
is
a
fresh
cluster.
I
created
this
last
night
skipped
over
the
actual
setup
piece.
So
if,
if
aws
bites,
you
in
the
wallet-
I
don't
know
talk
to
chris
but
oops,
let's
see
if
I
can
get
this
log
in
right,
open,
yeah,.
A
See
so
there's
a
question
chat,
any
update
on
when
the
nsxt
ncp
support
will
be
provided
with
openshift
installer
ipi.
I
don't
even
know
what
nsxt
ncp
is.
So
that
might
be
that's.
Definitely
my
team
question.
Oh
the
reply
function
is
different.
Today,
cool
twitch
updated
some
stuff.
I
will
ask
that
question
in
my
team
chat
and
let
you
know
tajaro
to
your
hero.
However,
you
say
your
screen
name.
C
Okay,
so
here
I
am
on,
let
me
back
up
a
little
bit:
okay,.
D
C
A
A
C
I
think,
oh
there
we
go
even
better.
Now,
I'm
completely
out
of
the
way.
Okay
and
can
can
you
all
read
fine,
okay.
So
now
that
I'm
a
ghost,
let's
see.
A
Wait
waleed
says
it's
still
small,
so.
C
Okay,
no
problem
thanks,
wilit
cool.
Definitely
let
us
know
if
you're
having
trouble,
and
so
the
first
thing
I'm
going
to
do
is
check
this
channel
area.
It
looks
like
I'm
subscribed
to
stable
4.4,
I'm
going
to
go
brian.
What
do
you
think
fast
candidate.
C
Yeah
yeah.
Well,
I
know
I
have
pending
updates
already
available
on
stable
here
in
the
update
stack,
so
it
says,
updates
available.
I
was
just
wondering
how
how
weird
should
I
try
to
get
with
this?
I
could
try
to
do
the
stable
upgrade
and
it
looks
like
I'm
currently
on
openshift
4.4.8,
I'm
not
exactly
sure,
based
on
this,
I'm
a
little
bit
hesitant
to
click
this
update
button
and
do.
B
The
stable
update
and
then
try
to
see
if
you
could
get
to
to
version
4.5
because.
C
A
C
Let's,
let's
I'll
start
with
this
one,
so
I'll
start
with
stable,
but
this
is
definitely
something
that
if
you
wanted
newer,
more
bleeding
edge
code,
you
could
definitely
switch
to
this
release
candidate.
If
you
wanted
something
really
fresh
like
particularly
if
you
were
doing
service
integration,
work
and
you're
building
an
operator
that
is,
you
know,
some
data
supporting
a
database.
I'd
probably
be
testing
against
this
candidate
stream.
C
You
may
encounter
more
errors
in
the
candidate
stream,
but
you'll
get
the
newer
code
and
that's
probably
what
you
should
be
testing
against
if
you're
a
system
integrator
so
I'll
start
with
stable
and
I'll
hit
the
upgrade
button.
Aha-
and
here
it
goes-
here's
the
the
question
box,
so
it
looks
like
we
can
roll
up
to
4.4.16.
C
if
I
successfully
migrate
to
4.4.16.
This
is
the
the
valid
window
of
ranges
that
I
can
migrate
between.
So
I've
got
a
lot
of
flexibility
here,
but
I
can't
just
go
from
4.4.8
to
kind
of
anything
in
the
world.
I
may
need
some
precursor
information
in
order
to
successfully
roll
to
4.5,
so
it's
possible
that
once
I
get
to
4.4.16,
5
will
show
up
as
an
option,
but
I
haven't
played
around
a
whole
lot
with
this
brian.
What
do
you
think
should
I
go
with
four
four?
Sixteen.
B
Yeah
yeah
yeah
do
the
4.4.16,
so
the
the
the
things
that
are
in
this
list
are
things
that
have
been,
or
they
should
have
been
validly
successfully
upgraded.
You
know
from
4.4.8
to
which
version
is
on
that
list,
so
the
4.4.8
version
doesn't
have
a
six
or
it
has
a
you
know.
One
click
upgrade
path
or
whatever
a
4.5.
B
C
Yeah
yeah:
this
is
work
that
originally
I'll
I'll
jump
back
in
front
of
the
camera.
So
this
is
all
work
that
originally
started
at
core
os.
Under
the
tectonic
project,
core
os
was
playing
around
with
being
able
to
almost
run,
let's
see,
not
kubernetes
well
kind
of
like
kubernetes
on
kubernetes.
C
In
a
way,
what
this
is
actually
doing
is
we're
scheduling,
rolling
updates
of
each
of
the
pieces
of
kubernetes
one
at
a
time
until
we
roll
forward
to
a
new
release
of
kubernetes,
and
ideally
this
is
all
happening
with
zero
downtime
to
our
applications,
because
the
platform
is
a
distributed
system
as
a
platform
as
well,
and
so
we
can
migrate,
hopefully,
containers
or
workloads
onto
other
available
machines,
shuffle
the
deck
and
keep
everything
in
operation.
B
C
Cd
is
one
of
the
first
things
you're
going
to
you
got
to
update
the
database
central
database
at
first.
Another
thing:
that's
going
to
get
updated
very
early
on
is
the
api
server.
It
looks
like
that
one
hasn't
rolled
yet,
but
that
one
is
going
to
need
new
information
on
how
to
perform
a
controller
manager
as
well.
C
These
two
are
going
to
work
together
in
order
to
perform
rolling
updates
of
kubernetes
itself
and,
if
you're
rolling
to
a
new
api,
it
may
not
have
a
hundred
percent
knowledge
of
what
you're
rolling
forward
to
you
may
need
a
short
amount
of
downtime
on
the
api.
While
you
do
that
swap,
but
it's
hopefully
designed
to
be
a
distributed
system
that
tolerates
small
amounts
of
downtime.
C
So
shouldn't
be
a
problem
as
long
as
you're
not
trying
to
migrate
around
a
lot
of
instances
that
are
doing
streaming
and
have
streaming
connections
that
gets
extra
tricky,
but
you
could
use
istio,
link
or
d
service
mesh
things
to
do
traffic
shaping
and
traffic
routing
to
handle
that
layer
of
the
problem
as
well.
B
Yeah,
yeah,
yeah,
and,
and-
and
this
makes
it
this
makes
it
easy
you
don't
have
to
you
know
you
don't
have
to
you-
know
necessarily
update
each
thing
increment
it
like
it
handles
that,
and
you
could
see
those
updates
happen
as
they're
going
without
affecting
what's
going
on
on
the
system,
so
stuff's
still
working
one
of
the
other
things
that
that
was
neat
too.
That
I
thought
was
interesting
is,
if
you
go
into
the
the
admin
view
you
could.
D
B
C
B
Yeah
each
one
of
those
is
a
a
node,
that's
running
it
could
be
a
master
or
worker
that
that
your
cluster
is
working
on
right.
But
if
you
click
into
one
of
those,
you
could
see
the
red
hat
core
os
version
under
details.
After
you
know
some
of
the
graphs
of
the
metrics
it's
down
on
the
that
page,
you
can
see
that.
B
The
specific
os
image-
and
you
know
these
updates-
might
not
you
know-
have
an
update
to
the
actual
os
image,
but
if
they
do
that
gets
also
upgraded
and
those
nodes
get
rebooted
as
things
go
along
and
you
as
the
person
using
the
cluster,
wouldn't
you
know
know
because
those
upgrades
are
happening.
You
know
staged
one
by
one
and
it's
not
going
to
affect
your
application
running
in
production
or
wherever
it's
going.
C
Yeah
it
looks
like
this
three
minutes
ago,
this
kublet
just
came
back
online,
indicating
that
this
node's
ready
to
get
more
work
and
yeah
graphs,
look
pretty
good.
We
could
see
if
you
were
an
operations
person,
if
you
needed
more
specifics
about
how
that
workload
is
being
managed
or
whether
it's
being
managed
effectively
whether
it
has
memory
leaks
or
other
things.
C
C
A
One
and
this
could
be
a
rob,
zumke
question,
so
all
these
all
the
upgrade
information
and
tooling
is,
is
it
only
contained
in
one
image
and
from
that
image
all
the
other
images
are
downloaded.
I
believe
this
how
it
works.
It's
one
image
that
fires
off
a
bunch
of
operators
that
fires
off.
You
know
it's,
it's
triggering
a
ton
of
operators,
so
all
those
operator
images
are
being
updated
and
firing.
So
the
actual
mechanics
of
that
will
lead-
I
don't
know,
do
either
of
you
know.
C
I
think
one
of
the
first
things
that
that
gets.
So
if
I,
if
I
recall
the
order
correctly.
C
If
josh,
if,
if
josh
wood
drops
in,
I
know
he's
great
at
recounting
the
the
details
of
how
this
upgrade
happens,
I
think
one
of
the
first
pieces
that
gets
swapped
out
is
on
one
of
the
the
con
on
the
control
plane
nodes.
C
You
upgrade
the
kubelet
to
the
latest
kubernetes
version
first,
because
the
kubelet
knows
how
to
start
new
workloads,
the
very
first
workload
that
you
load
into
that
kube
and
that
that
step
of
loading,
a
new
kubelet
might
involve
rebooting
a
machine,
especially
if
these
are
a
containerized
machine
or
a
virtual
machine.
C
That
might
be
a
reboot
for
that
particular
step,
but
once
that
new
kubelet
is
in
there,
it
knows
how
to
run
just
about
any
kubernetes
workload.
Assuming
that
the
api
server
says
hey,
it's
you
wake
up.
It's
your
time
to
go
to
work
right.
It
needs
an
api
server
to
give
it
that
notice
and
we
don't
have
the
next
gen
api
server.
Yet
so
you
manually
get
a
new
kublet.
Somehow
openshift
does
this
using
the
machine,
config
operators
and
that'll
roll
our
base
level
machines.
C
C
B
But
important
to
know
the
upgrade
process
handles
all
of
that,
so
yeah
as
as
the
person
working
at
the
cluster,
all
you
do
is
click
the
upgrade
button.
It's
doing
everything
and
then
you
know
incrementally
doing
you
know
one
upgrade
piece.
Then
the
next
then
the
next.
That
needs
to
get
done
to
upgrade
everything.
C
Yeah
yep,
so,
oh,
let's
see
I
gotta,
let
me
jump
out
of
the
way
again.
It
looks
like
I
have
a
warning
here
and
I'm
going
to
click
in
and
see
looks
like
controller
managers
and
schedulers.
Those
are
the
two
things
I
was
saying
were
kind
of
vitally
important
automatic
image
pruning
is
not
an.
I
don't
know.
If
this
warning
is
super
relevant
to
me,
alerts
are
not
configured
to
be
sent
to
a
notification.
C
Oh
sure,
yeah
yeah
you'd
have
something
more
more
powerful,
so
you're
not
trying
to
swallow
all
that
information
on
your
own.
You
got
to
filter
it
through
something
first,
but
this
whole
system,
even
with
these
two
warnings
system,
never
went
down
system,
is
still
reporting
its
status
appropriately
and
it's
able
to
say
oh
wow,
I
got
stuck,
and
here
I'm
at
and
and
I'm
gonna
keep
working
until
I
get
either
to
the
result
you
want.
Oh
there
we
go
control.
D
C
Check
mark
got
the
control
plane
upgraded,
so
it
may
have
actually
hit
an
error
and
then
recovered
from
the
error
that
it
hit,
or
I'm
just
pointing
out
these
two
warnings
that
are
kind
of
non-issues.
Oh.
A
C
Image
pruning
image
pruning,
I
think,
is
more
of
an
optimization
step.
If
you
have
a
very,
very
new
cluster
one
of
the
things
you
want
to
do
in
order
to
make
sure
that
cluster
is
fast,
is
pre-populate
images
onto
every
node
in
the
system
that
is
going
to
need
to
use
those
images.
So
if
you
have
node.js
builds
that
are
running
that'll
take
a
lot
longer
if
the
worker
worker
node,
where
the
build
is
being
performed.
If
it
doesn't
have
the
node.js
image,
it's
going
to
have
to
wait,
do
a
pull.
C
You
know,
pull
down
a
couple
hundred
megs.
It
doesn't
take
that
long,
but
it
can
be
maybe
like
a
10
20
second
delay
in
your
build
process,
and
at
that
point
the
node.js
image
will
get
cached
on
that
one
machine
you
run
another,
build
your
build,
might
run
on
any
any
node
in
the
cluster.
You
may
have
to
pay
that
same
time
penalty
again,
so
an
optimization
technique
is
pre-populating
all
those
images
onto
every
machine
where
they
will
be
needed.
C
On
the
other
hand,
the
result
of
the
build-
maybe
maybe
you
can
clean
up
that
image
after
a
while
there
is
a
certain
amount
of
image,
pruning
and
image
cleanup.
That
does
need
to
happen,
but
that's
kind
of
more
day,
two
like
usually
my
first
concern,
is
making
sure
developers
can
work
and
and
that
their
builds
will
run
after
I
get
that
crossed
off,
then
I
can
work.
You
know
work
on
cleanup
and
and
kind
of
shining
things
up.
A
C
A
If
you
have
like
nfs
mounted
at
all
those
locations
or
whatever
you
know,
iscsi
yeah
yeah,
if
you
have
like
a
csi,
a
container
storage
interface,
going
there
already
yeah,
they
could
be
pre-populated
through
that.
C
They
are
going
to
be
cached
in
openshift,
has
a
image
registry,
and
so
they'd
be
cached
in
the
image
registry.
We
could
take
a
look
at.
Let's
see
where
would
that
be
storage?
C
Where
does
I'm
not
sure
exactly
where
images
has
ended
up
in
our
in
our
ui
workloads,
pods
staple
sets?
Maybe
I
should
just
go
to
search?
Is
there
like
a.
C
I
know
there's
some
way
you
can
just
like
browse
all
resource
types,
and
I
don't
remember
where
that
is
route
route
search,
search
search.
I
don't
know
where
the
search
button
is.
Maybe
I
got
the
the
ui
scaled
wrong.
B
You
go
into
the
you
can
go
into
the
developer,
oh
it's
in
the
developer
side
and
then
you
could
go
under
search.
D
C
C
So
there's
a
the
image
streams
and
the
images
these
are
going
to
be
things
that
are
there's
a
image
registry
that
every
openshift
cluster
comes
with.
If
you
were
using
google
container
image,
they
would
encourage
you
to
use
a
centralized
or
a
hosted
container
registry,
specifically
gcr
or
google
container
registry.
C
As
long
as
they're,
relatively
close
together,
the
wider
out
the
more
spread
out
your
kubernetes
cluster
is
the
harder
it's
going
to
be
to
synchronize
things,
but
if
the
machines
are
all
relatively
tight
synchronization
and
you
have
a
centralized
image
registry
like
openshift,
includes
then
you're
you're
good.
I
think
we
give
you
the
default
docker
registry
as
a
as
a
starting
point
is.
C
Yeah,
the
open
source,
docker
registry.
A
C
The
deal
we
had
an
open
shift
3,
it
was
the
open
source,
docker
registry
with
openshift4.
We
might
have
actually
swapped
it
out
with
with
cry
it's
probably
soft,
with
with
something
cryo
based.
I
would,
I
would
imagine.
C
C
In
openshift
3
it
was
the
upstream
source
code
for
the
docker
registry,
so.
B
You
could
look,
you
could
look,
there's
a
couple
of
things
and
I
know
that
you
know
quay
koi,
dot,
io
and
quay
enterprise
are
a
thing
and
you
could
have
quay
enterprise
running
on
openshift
and
use
that
as
your
image
registry.
But
that
is
not
what
you
get
by
default.
You
get
one
that
is
included
with
the
openshift.
B
Just
the
open
shift
image
registry
and
you
could
look,
you
could
go
under
the
the
projects
and
look
at
the
openshift
image
registry
project
if
you're
admin
on
that
cluster,
which
you
should
be
the
other
two
things
that
I
wanted
to
to
mention,
is
there's
a
search
on
the
administrator
view
under
home.
So
just
look
under
the
phone.
C
C
It
looks
like
it's
70..
What
did
it
say?
Administrator
get
back
to
my
overview
check
the
cluster
settings,
so
78
percent
complete
to
get
this
upgrade
to
4
416
done
and
then
at
that
point
I'll,
be
able
to
check
and
see
if
we
can
roll
to
4-5
but
coming
along
pretty.
Well,
I
mean
it's
it's
I
can
try
deploying
a
basic
project
and
we
can
test
to
make
sure
that
it's
fully
operational,
even
while
its
head
is
being
slowly
replaced
with
new
information.
C
Got
a
repo
here
that
should
work
with
node.js,
we'll
call
this
sure
base
app
yeah.
Why
not
I'll
use
a
standard
kubernetes
deployment?
This
deployment
config
resource
we
introduced
in
the
openshift
3
series
both
are
available
depending
on
what
your
team
has
chosen
to
standardize
on.
C
C
I
don't
know
if
this
I
have
a
not
a
great
network
connection,
so
I'm
curious
whether
these
loading
bars
are
my
own
connection,
problems
or
just
the
cluster
being
a
little
slow
due
to
the
api
server
going
missing
and
coming
back
online
and
and
all
the
cards
being
kind
of
shuffled
around
you.
A
C
Yeah
yeah
right
so,
let's
see
if
I
can
find
a
different
way,
is.
A
B
C
C
C
Of
everything
yeah
I
need
a
better
way
of
sharing
screens
looks
like
we've
got
at
least
some
progress
on
this.
I'm
gonna
check
back
in
on
the
administrator
side
and
see
what
how
we're
doing
with
the
cluster
settings
still
78.
Okay.
Well,
let's
see,
let's
see
if
we
get
there
before
the
end
of
the
the
yeah.
I
think
part
of
this
is
for
me
is
excellent,
because
I
never
want
to
have
to
deal
with
managing
the
cluster
upgrading
the
cluster.
C
C
I
can
go
anywhere
with
a
mobile
compute
platform
like
this
any
cloud
or
even
run
it
all
on
my
laptop,
so
lots
of
options
and
a
lot
of
ways
to
stay
out
of
the
business
of
managing
your
own
cluster
and
also
partially
helps
you
avoid
some
of
the
complexity
or
a
good
amount
of
complexity
in
learning
about
kubernetes,
managing
kubernetes
and
keeping
up
with
all
the
changes
and
terminology
over
time,
because
it's
it
moves
fast.
B
Yeah
I
mean
I
agree,
so
it
lets
me
focus
on
what
I'm
building
versus
the
infrastructure
component
right.
So
I
I
I
just
get
the
openshift
cluster
kubernetes
cluster
set
up
running
and
I
could
focus
on
what
I'm
doing
and
I
don't
have
to
think
about.
Oh,
I
I
need
storage.
I
just
need
to
you
know,
create
a
pv
and
a
pvc,
and
I
I
get
storage
for
example
right.
I
don't
need
to
think
about
how
to
connect
all
that
stuff
together.
C
So
it
looks
like,
even
though
I
wasn't
able
to
load
the
the
ui
during
the
demo,
this
thing
still
ran
the
build
things
are
still
happening
in
the
background.
Without
my
knowledge,
I
don't
need
to
know,
I
don't
need
to
care.
Hopefully
the
the
system
provides
a
productive
work
environment
for
people
who
are
interested
in
having
a
productive
work
environment.
C
A
Question
from
chad
here
is
there
any
way
we
can
integrate
any
image
scanning
tool
like
clear
with
the
images
registry
for
scanning
the
images
that
are
being
pushed
to
the
image
registry
like
we
already
scanned
them,
but
if
they
want
to
have
their
own
installed
scanner
scan
them
as
well.
C
A
C
Operator
for
that,
so
I
mentioned
earlier
that
the
kind
of
standard
open
source
container
registry
was
our
default
ins
option.
One
excellent
selection,
you
could
look
into
is
claire
or.
D
C
And
claire
as
a
upgraded
container
registry,
that's
something
that
is
hosted
in
containers.
That's
that's
how
how
we
run
it.
You
can
sign
up
for
a
free
plan
and
use
quay.com
instead
of
wcr,
yeah
or
quay.io.
Okay,
instead
of
google
container
registry,
or
instead
of
docker
hub
and.
C
You
get
clear
scanning
for
free
exactly.
I
think
you
could
also
add
some
amount
of
auditing
into
your
pipeline.
That's
definitely
another
option
and
claire
the
static
image
analysis
tool
is
available
as
a
standalone
binary.
C
Yeah
yeah,
whatever
your
pipeline
is,
you
could
definitely
mix
in
claire
to
get
some
visibility
and
that
usually
is
going
to
rely
on
you
using
your
workloads
need
to
be
built
from
some
type
of
image
that
has
a
cve
reporting
against
it.
So
I
think
alpine
linux
is
now
on
the
list
of
base
images
container
images
you
can
use
that
does
get
cves
reported
against
it.
Oh.
D
C
So
alpine's
now
a
viable
option
as
far
as
at
least
visibility
of
security
alerts.
Other
things
that
I
would
highly
recommend,
there's
a
universal
base,
images
or
ubi
sounds
like
universal
basic
income,
and
maybe
you
can
convert
it
into
money.
I
don't
know,
but
ubi
gives
you
kind
of
a
rel
or
a
rpm
based
base
image
or
or
at
least
something
that
reporting
wise
is
very
consistent
with
rel
fedora.
C
All
those
should
apply
and
you
get
a
large
base
of
businesses
that
are
using
it
testing
it,
relying
on
it
helping
kick
the
tires
and
make
sure
that
it's,
hopefully
working
correctly
right.
B
So
yeah
serena
serena
mentioned
there's
a
couple
options
too.
So
quay.I
o
you
could
use
that's
a
software
as
a
service
and
you
can
pay
for
it,
get
some
advent
advanced
features,
but
by
default
you
get
security
scanning
there
and
you
could
have
openshift
pool
from
quay.io.
Like
you
mentioned,
there's
also
the
container
security
operator
which
you
can
install
and
it
will
give
you
some
details
with
just
the
standard
open
shift
image
registry.
B
If
you
have
que
and
clear
it
will
you
know,
or
if
you
have
clay
quay
installed
on
the
cluster
as
well
so
quay
enterprise.
You
can
then
connect
it
that
way
and
it'll
show
some
information
there
and
quay
as
well,
but
then
also,
if
you're,
using
one
of
our
partners
tooling.
B
It's
scanning
the
image
registry,
that's
on
openshift
and
it'll
pass
some
of
that
information
to
openshift
so
that
you
could
see.
What's
going
on
security-wise
in
the
openshift
console
blackduck
comes
to
mind,
there's
other
vendors
out
there
that
work
with
us
quite
a
bit.
So
there's
many
options.
The
one
that
serena
mentioned,
though,
is
the
the
container
security
operator,
and
I
have
that
on
my
screen
I'll
I'll
post
the
link
into
the
chat
you
can
install
that
on
the
operator
hub,
that's
built
into
openshift.
C
Yeah,
that's
that's
a
great
suggestion.
Brian
thanks.
The
the
hub
is
always
a
good
place
to
to
turn
to
for
partner
vendor
solutions,
especially
if
you
want
a
second
opinion.
Other
than
just
red
hat's
advice.
Take
a
look
at
what
the
rest
of
the
community
is
doing
and
what
people
are
doing
outside
the
openshift
space
as
well.
We're
trying
to
make
sure
everyone
has
the
tools
they
need
to
do
their
best.
C
Let's
see,
do
one
more
check
in
here
on
whoops.
Let
me
get
another
check
in
on
how
our
cluster
is
doing
looks
like
we
still
got
a
little
bit
more
work,
we're
still
at
83
percent.
It
looks
like
only
one
major
piece
is
still
waiting.
There's
a
machine
config
with
four
four
eight
other
than
that.
It
looks
like
we're
just
about
completely
rolled
to
4.4.16,
so
we're
basic.
Basically
there.
It's
probably
just
rolling
worker
nodes
at
this
point.
A
It
is
a
little
bit
slower
one,
but
it
is
doing
quite
a
bit
and
behind
the
scenes
right
like
and
optimizing
that
is
not
trivial.
So.
C
The
the
the
work
there
is
actually,
if
you're,
on
the
administration
side
of
a
kubernetes
cluster
generally
the
work
in
that
phase
you're
going
to
apply,
I
think,
a
taint
to
each
node
make
them
non-schedulable
drain
the
nodes.
C
That
means
evacuate
all
the
workloads,
move
them
onto
other
available
machines
and
then
once
that
node
has
successfully
migrated
all
of
its
workloads
somewhere
else,
then
you
can
safely
shut
it
down,
reboot
it,
but
that
all
may
depend
on
how
many
workloads
are
on
the
machines
and
how
quickly
they
can
be
migrated
onto
other
available
machines,
and
you
can't
upgrade
every
node
at
the
same
time,
because
you're
constantly
cycling
the
workloads
around
onto
current
machines
right
or
machines
that
have
been
successfully
upgraded.
C
It
looks
like
I
got
some
kind
of
warning
here:
machine
config
has
not
yet
it
says
yet:
okay,
I
thought
it
was
a
failure,
but
it
says
yet
so
I
still
have
hope.
D
C
Yeah
but
nice
that
we're
constantly
getting
updates
streamed
in
and
all
the
while,
I
was
able
to
successfully
build
and
deploy
and
got
to
my
hello
world
for
for
the
app
that
I
was
dealing
with.
Okay,.
C
A
A
A
C
A
Like
go
ahead
and
get
your
cluster
spun
up
and
let
it
upgrade
itself
and
let
you
work
around
along
with
it
right
like
if
you
have
them
built
in
a
consistently.
You
know
if
you
have
your
applications
built
in
a
cloud-native
way.
That'll,
you
know
take
advantage
of
you
know
multiple
pods
or
you
know
not
lock
themselves
down
to
one
node,
particularly
somehow
you
know
through
through
annotations
or
labels
yeah.
Your
application
should
just
move
itself
right
around,
along
with
the
upgrade
to
just
keep
itself
running.
C
That's
the
idea
yep
so
anyway,
any
other
questions.
I
don't
have
my
chat
open
any
other
questions
in
chat
that
we
can
get
to.
A
So
willie
mentioned
trivi
the
the
the
simple
little
scanner
from
aqua
security,
so
I
dropped
the
link
to
that
in
chat.
Thank
you.
A
B
Always
I
did,
I
did
network
security
for
a
little
bit
and
it's
always
about
layered
security
protocol
yeah.
You
need
you
need
that
right,
because
there's
there's
different
ways
to
do
many
different
things.
They
pick
up
on
different
signatures.
They
pick
up
on
different
things,
so
you
need
to
stack
the
deck
in
your
favor
if
you're
really
trying
to
be
secure
to
put
it,
you
know
ultra
simple
and
you
need
multiple
layers
in
your
security
approach,
so
scanning
container
images
and
exactly
what
you're
saying
there's
multiple
different
ways
to
do
that.
B
So
you
know
having
that
at
least
should
be
something
that
you
think
about
yeah
you.
It's.
A
I
don't
want
to
say,
like
only
rely
like
it's
safe,
to
rely
only
on
clear
right
like
because
I
feel
like
claire
is
robust,
but
claire
is
not
going
to
be
like
a
quick,
speedy
thing
that
you
need
right
like
if
you're
like
all
right,
I'm
just
gonna
try
and
kick
the
tires
on
this
image.
Like
is
this
even
sane
to
run
this
in
production
yeah
running
truly
against?
It
makes
total
sense,
and
then
maybe
you
discover
you
know
later
on
down
the
chain
that
oh,
this
actually
has
a
cv.
A
C
But
if
you
for
some
reason,
let's
say
you
were
on
the
security
team,
you
found
out
that
there
is
a
new
major
exploit
in
alpine
node.js
image
or
or
you
know
something
like
that,
and
you
realize
that
you
have
a
a
whole
fleet
of
unpatched
workloads
that
are
in
production
that
are
that
are
vulnerable.
C
C
When
open
shift
recognizes
that
a
new
base
image
has
become
available,
it
can
automatically
trigger
a
new
build
to
basically
restitch
the
application
code
on
top
of
an
upgraded
base
image
and
then
do
a
rolling
upgrade
out
to
deployment.
So
you,
without
even
involving
your
developers,
you
can
go
from
this
morning.
I
had
a
hundred
percent
of
my
node.js
workloads
were
vulnerable.
C
I
found
the
issue
I
did
one
docker
push
and
the
cluster
was
like.
Oh
new
base
layers,
awesome,
I'm
going
to
rebuild
and
redeploy
and
get
you
back
to
where
you
need
to
be
so.
Some
of
the
work
can
be
kind
of
that
simple,
using
a
system
like
open
shift,
but
that's
really
kind
of
relies
on
a
whole
lot
of
coordination
between
you
know:
you're,
sharing
the
same
cluster
with
your
team
of
developers.
C
C
B
C
D
C
On
google's
cloud
or
anyone
else's
cloud,
the
idea
is
easy
controls.
So
you
don't
have
to
manage
the
complexity
on
your
own,
although
in
the
case
where
you
have
to
have
data
locality
or
machines
that
are
local,
maybe
you're
stuck
with
managing
the
complexity
on
your
own.
If
you'd,
rather
not
geez,
we've
got.
We've
got
the
tools,
regardless
of
what
cloud
bare
metal
a
hosted
doesn't
matter,
you
got
machines,
we'll
make
them
productive
machines,
hopefully
yeah.
Hopefully,.
C
Think
that
is
about
it.
I
was
gonna,
throw
out
a
update
for
folks,
a
small
small
minor
update.
I
pushed
some
changes
to
kubernetes
by
example.com
small
changes.
I
think
mostly
the
diy
page
now
has
links
back
to
learn.openshift.com
with
the
openshift44
environment
instead
of
4.2,
all
right
so
small
upgrade.
But
if
you
have
any
suggestions,
ideas
things
that
you
would
like
to
see
on
kubernetes
by
example.com,
please
file
an
issue.
C
C
Serena
next
week,
serena
will
be
joining
us
in
person
virtually
and
showing
us
a
lot
of
new
new
features.
Preview
features
for
openshift,
so
stay
tuned
meet
us
next
week.
Thanks
for
bringing
your
questions-
and
I
think
that's
about
all-
I
got
anything
else
from
the
two
of
you.
B
Next
week
we
might
even
see
you
or
talk
to
some
of
you
guys
at
oh
man.
You
could.
C
No
are
we
doing
the
show
next
week?
We
are
right
so
that
that's,
I
think
the
plan
is
serena
will
be
doing.
This
show.
A
C
A
See
you
there,
maybe
yeah
75
bucks
right
like
that's,
not
bad.
If
you
need
financial
assistance
for
some
reason
and
you
want
to
like
still
go
to
cubecon
and
75,
bucks
is
like
something
that
your
company
won't
cover
or
you
can't
handle
feel
free
to
reach
out
to
me.
There's
no
shame!
I
will
get
you
a
ticket
okay
seriously,
if
the
financial
means
are
just
not
there
for
you
right
now,
I
completely
understand,
and
I
will
help
you
out
yeah,
that's
not
me
giving
dollars
away.
B
Think
they
also
have
like
they
have
a.
B
That
they
have
what
is
it?
They
have
a
a
keynote
expo
that.
C
Chris
is
a
cncf
ambassador,
so
definitely
go
to
him
for
support
on
that
yeah
and,
like
I
said
what
twitter
handle
for
chris.
What
are
you.
B
C
Tannis,
okay
and
I'm
ryan,
jay
and
yeah
love
to
see
you
next
time
cool.
That's
it.