Red Hat OpenShift OKD Working Group, 17 Aug 2020

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: Deploying OKD4 on VSphere AND Azure | Walid Shaari Josef Meier | OKD4 Deployment Marathon

Description

Deploying OKD4 on VSphere AND Azure
Walid Shaari and Josef Meier
OKD4 Deployment Marathon
August 17 2020

A

Okay, hello, everybody. My name is walid chari. I am basically a community leader of two groups, the aws for the eastern province in saudi arabia, and the uh locker meetups, um I'm I like community- and I like sharing- and this presentation is about openness, auburn shift, okay and my mentor is joseph mia joseph. Do you want to present yourself.

B

Yes, I'm joseph meyer, um I am a cloud I dect and evangelist at rhodian schwartz in germany and we are with. We are using okd three since two years and we are excited that uh ok d4 got released a few weeks ago and yes, we are trying to get a live installation on vsphere, for you.

A

Okay, so this is mostly hands-on. uh We will start with the v-sphere first and then we, the next hour, will start with the azure.

A

um But let's because it will take some time, we decided that we will show you something running first, so what we are expecting after the installations, so we're expecting to see. Basically, this console the ocd console and if you click on administrator home overview straight up the installation, you should have the cluster ready the control button ready, but we didn't include the operators from red hat, so you have two operators regarding red hat sample and overshift samples are not done and the storage is not done. That's why it's degraded.

A

So this is what you expect at the end of the installation. This installation was done on one two, three master nodes and one two three worker nodes and you can see the specs of these nodes. This is the okd console uh view.

A

If you want to look at the vsphere console view, you can see that basically we have these vms and we have a bootstrap node. It's not needed actually now and we can just power it off.

A

I hope I power off the bootstrap, not uv center, okay, good, uh we used bfsense, but it actually delayed us. It caused so many issues, so we dropped it. So that's what you should see from the v-sphere. You should see the vms and you should see the ib addresses because they have the vmware tools built in and one important component of the installation is the load balancer. That's how the load balancer should look like and that's the end points at the end of the day.

A

If it all looks green, that's good, but if you you can see that the load balancer already has the bootstrap also, but it doesn't matter and the ingress has just needs two nodes. So there is one node which is not that's debating on the ingress which is okay, fine. So that's what we're gonna see at the end. Okay, now, uh what's the plan, the plan is that we start the installation and then we can talk about it.

A

So we need to go to the console. So I have uh so everything we try to do everything me and joseph from the the documentation. So we you have to start with: okay io.

A

Basically- and you go to the documentation there is the documentation, will point you to a github to github repo for the okd, yes, and on the okd there is guides and under the guise there is user provision, infrastructure b, sphere terraform.

A

So this is one of the installation that is when you provision the infrastructure using terraform, the other installation which is go to the slide.

A

In in any in any open shift installation, okay, the installation or open shift installation, basically, the installation ends to be open, shift, install create cluster. That's it yes, so that's as simple as it is, but different environment will have certain different prerequisites. So that's what we're going to take care of.

A

So let's go now and see so I have here if I want to do open shift, create cluster shift. Install first thing uh check, especially if you're running, open shift and okay check. If you have the right open shift installed, you could be running a different version of openshift install. So the first thing that hit us before is which version that we're using and I just say- create cluster.

A

I prefer to give it a directory where it saves its artifacts and in this directory I already have an openshift installed. uh This openshift installed has my environment, okay, so let me not run it and show you my environment, how it looks.

A

A

Oh sorry, it's a that's, uh install config.tm.

A

So so this is the ml file, but you don't need to worry about it, because this gets generated by the installer itself.

A

Okay, we can generate it, so it asks you things like, uh for example, if I'm installing a vsphere, you need to know what is the vcenter and you need to know uh what cluster you have inside the sphere. What's the data center? What's the data store and if you want automated install what is called infrastructure provision installation you just give it two things: the ingress whip and the abi whip, and these are floating addresses that will be maintained by kiba life b.

A

Of course you need the administrator, you need certain privileges, you don't need full administrative privileges, but I'm using full administrator leverages and- and you need the ssh key so that you can do some troubleshooting.

A

I actually one extra step that I am using so just in case the internet or query goes down or there is an issue or there's contentions, so I'm doing also an offline registry. This is this section. Okay, so now.

B

This is optional. You don't have to do that, but um at least in lots of company environments, I think you will mirror the images uh just to have them in in place and.

C

B

Dependent of external registries.

A

Yes, so if I run the installer okay, uh because the file is not there, actually I copied the wrong file there. It will ask me these questions.

A

It will ask me which public key I need, so I don't need to write any mn I just select which key I want to use what platform. So, basically, it's the same for any other platform. I'll select, v3, keep me honest, joseph vcenter, so it's vcsa.lab, but local. This is a home lab one machine, then r620, a user name, admin.

A

As these here locker and password.

A

If I get it right, if I get this right, it will connect to v sphere oops. I didn't get the.

A

Mic likely it's the password.

B

But you could also use the install configure, I think and won't ask you yes, but it's.

C

B

What you see the questions.

A

If this phase will use the okay it's connecting, oh, let me find the password. Maybe I forget the best word uh yeah. It's correct.

A

Okay last time the live demo, so this is expected.

A

A

A

Okay, so it was the.

B

It's talking with sweet sphere and.

A

It shows you yeah go ahead.

B

So um it's the same for azure. If you entered the credentials it will connect to the system and provide you with information this at this step. You can be sure that the connection is uh uh yes stands and, yes, you can proceed.

A

Yes, so in my data center I have three data stores. I have one cube con, which is basically empty. Now it's an ssd disk around 890 gig, okay, so I select this data store and then it will ask me about the network. Again. As joseph said, it gets this information from the vcenter. If I look at the vcenter, I have these networks.

A

So basically I will select this network okd.

A

Okay, I need a floating ib address and this ib address should be non-used clothing, so this is one of them and I need another id address for the ingress. So this is the other one.

A

Now this domain is my home domain, local and cluster name. You con.

A

Let me okay, so that it's kubecon, so I get it from the dns. It's kubecon 2020 eu. I will tell you why I need to get it. I need.

A

A

What was it again.

A

A

A

Get it grab api from the dns? Let's double check.

A

It's cubecon 2020 eu. If con 20 eu, that's my cluster name, full secret.

B

It's also fake secret in the chat you can take it from there.

A

I don't see the chat. Okay, good.

B

A

And what is it, what is this blue secret? I.

B

A

Okay, I have it here, so I have this document always.

A

The word secret is just fake. Unless you want the red height operators, you can put the word secret from try.openshift.com. Now this will start the infrastructure provisioned. We have been trying it. We have a problem with the uh virtual ib, the ingress, but several people on the slack have have success with it.

A

So you see now what it's doing it's pulling the image. So you don't need to do anything. You just sit and relax. You just basically fill the information, you didn't even touch the ml file and you sit back and relax and it will pull the image and it will create the infrastructure.

A

So it will pull the image and cache it. So if you do another one most likely, it will not be doing it and that's what happened here. It's reusing my old image. Now it will create the infrastructure resources.

B

Don't get confused by the message that it's pulling on rh cos image. It's uh in fact it's a quarter core sms messages and.

A

B

A

Here it created the folder on vcenter, it created the folder and in this folder there is a template. It's powered off because it's a template, it's not a vm and from this template it will start cloning the uh what what machines are required so uh because I didn't customize it so by default it will create three masters and then it will create three worker nodes and of course it will start with the bootstrap okay.

A

If we go back okay, it's still creating the resources. So let's go to the slides you can you.

B

Could show you could show maybe in vsphere.

A

B

How it creates the resources in the industry.

A

Okay, it started so it started. It created the bootstrap node, which is the most important node to initiate the cluster installation. It's only required during the cluster installation. It will run the hcd, which is the key value data store that keeps information about your cluster and then we just start the three masters.

A

Okay later on. It will start basically the worker nodes, because the worker nodes depend on the masters to start and for this the only requirement for this installation. The only requirement is just two entries on your dns okay, and this is all in documentation in one hour. I cannot really tell you much, but in the resources I have basically asking you to join definition or join openshift tv. They have already created several videos and several blog posts regarding the installation, steps and the different options that you have, but.

B

It should be, uh should we delete it because we know in our setup it does not work. Should we show as installation with terraform, because maybe.

A

We can yes, but I just wanted to show how easy it is this one okay, and um so it will wait until the bootstrap completes, but let me delete it as his uh joseph said, so the deleting is very easy. Actually you don't need to enter any information, you just say destroy the same command, and this is good because, basically, it cleans up after itself, so you can, you can see now I I don't have the vms. I just have the template and most likely to remove this, also okay.

A

So this is the the easiest way to install openshift on vsphere, um okay, the other way, the other way, as I showed you in the documentation in github.

A

uh Okay, where is the mi here using tera form, so terraform is a very popular infrastructure, iac infrastructure as code tool and instead of using uh instead of revisioning the machines yourself doing the template and cloning them and whatever it. You just enter the information that you require and it will install it for you. What is the information is exactly the same as we saw before the cluster id the cluster domain. What kind of base domain you have?

A

What is the vcenter server here? It's called vsphere server, but it's actually the vcenter server, the vcenter user, which has certain permissions, and these permissions are defined in the documentation in rpdio, so normal stuff. Okay, now what is not normal? It needs the bootstrap ignition control plane ignition. So this is basically the openshift install program that will give it to you.

A

Okay, let's go, and we have a cluster by the way, the running, so we need to destroy it also.

A

So if I go to the to the um v0, so this is my terraform directory and I have a cluster running so what I need to do, I need to delete it and I delete deleted this time using terraform terraform, destroy, auto, approve.

B

So it's a um you should take care about about um um sometimes to delete all the terraform tf state file, terraform sources date. We had uh a few moments of trouble with that. um If you don't yes and telephone will have something in the history and some sometimes uh complain about it, it's good to know that the openshift installer is also based on terraform.

B

So um and if you want to customize something you could, in theory change the terraform files they are in the ins, openshift installer repository, build it and you have an installer exactly matching your infrastructure. That's one nice thing about the installer.

A

Yes, so, as joseph said, my first initial try was with terraform and I had several issues because basically the terraform assumes that you have a cluster, and I just have one host so to solve this. I added the host to the cluster and it assumes you need resource pools and and to have a resource pool. You need more than one host in a cluster. So what I did I enabled drs to basically get over this requirement, but because I was playing on and off there is a file.

A

Terraform.Tf state was created and I had other issues and I couldn't solve them, and so basically joseph showed me how to do it. Just if you have a terraform, delete the state file or make a backup and start fresh.

A

The terraform is a declarative tool, but we have found out that there are some corner cases and you don't need really to learn a lot about terraform. All you need to do now. If you go back to vcenter, uh we'll find that basically, uh our our cluster is done done, and this is the other cluster using the ibi. So now we can start a new cluster okay.

A

So what we need to remove? uh We have certain files that are hidden. I need to remove this.

B

A

B

It would be good to know what the purpose of this file is, because, because, if you don't delete them um and you call the installer twice, uh you also will have trouble that your installed conflict change won't be recognized until you delete those files we and they are hidden. So uh it's very easy to stumble about above that just delete.

A

B

Just start and you're fine.

A

Yes, so the log file is the log all the log file from the previous state, terraform tf state is the most important one to delete and the open shift install state because also there's a certain things related certificate.

A

If I believe that, especially if you cross the 24 hours that might cause you installation issues, okay, now I have deleted the the files and what I need to do if I am starting from scratch, I need to add the context of my environment in terraform.tf was what's this context, this context is basically again the cluster name. What domain you are going to use?

A

What's the cluster domain, the vcenter credentials and the vcenter name? What data center are you going to use? Okay, it's correct uh here: the data store is seeing cssd01, which is okay. I have another one and what template you're going to use and this temp link you need to upload it actually earlier. uh Terraform doesn't upload it for you and you need to upload it to a content library.

A

So if you go to the fees here and if you say content, maybe it's easier to go through the menu and, if you say, where's content, libraries, yes, content, libraries and you find basically I have uploaded the template here.

A

Okay, now, one section is that it requires the ignition file, so this ignition file you need to create them using the open shift, install command. Okay, we are fixing mac addresses because we need to use dhcp. So the prerequisite for user provision infrastructure.

A

You need to have a certain services around it which are dns for the host names and dhcp, so that, basically you can um you can map to ib addresses you can. Then you can exactly yes. So what we are missing now in this file is the ignition files, how we're going to do this again using the openshift install program. So if I say open shift install on okay, I was trying to get my history, but open shift.

A

B

Create a creation.

A

Let me uh I can sorry, oh okay. Basically it will ask me the same question, but if I have a main, uh if I have an open shift, I can get the other one. Okay, let's do it open shift, install, create and install config things.

A

B

I think I will, I think so.

A

I have one I have one.

B

A

B

One one nice or one nice side effect is that the installer will delete your install configure for some reason. So uh you should take a backup of that before you call the installer.

A

Yes and let's reduce the compute to tool just case and yeah, it looks fine on that and okay, it looks fine.

B

The ssh key is okay,.

A

B

So we can ssh and into the vms okay,.

A

Yes, okay, so if I have the install.config, I just run the installer, which is again open, shift, install create uh so this time I need the ignition files so that the microphone can consume them, create ignition files, collect configs instead of functions.

A

Make me honest: I don't need to specify directly because basically.

A

But there was the ignition files here. I need to believe them. Let's delete them.

B

Those are the terraform.

A

B

A

What's wondering about them? Yeah? Yes, so let's do it and start from scratch. Okay, now, what's the result, the result is the ignition files that were created. If you can see so I have the bootstrap ignition file master ignition file, and I should have worker ignition yes now. What is this ignition file? Think about it as a way to tell the fedora core os how to configure itself?

A

Okay. Now I need.

B

To it's applied to the vm in the first start, um if the daughter cores will wait for ignition file and um we provide it to uh fedora cores through terraform, uh there is a specialty on vsphere vsphere does because the bootstrap ign file is rather big. I think it has a 200 kilobyte and it's not possible to provide um a vcenter with um with such a big ignition file. That's why? Maybe you can show this short ignition file valid?

B

A

There is, there is a variation. There is one trick I do when I copy the file. I copy extra characters to make sure that I copied the right file, because sometimes you think that you copied the file, but you didn't you didn't so oops, okay,.

B

You have to provide a chain of ignition files for the bootstrap. um Can you show that again.

A

You want me to show the ignition file correct.

B

Yes, no uh z, terraform tf4s,.

A

um Okay, let me get the worker file so that they can copy it. There.

B

A

B

Yeah so as you.

A

See basically,.

B

As you see, the worker and the master ignition files are very short, as the same is for the bootstrap eigen file, and the reason is that in the ignition file there is a source defined. Maybe you see it in the first line, and this https address is at least for the ignition for the bootstrap ignition. Maybe, while you can show it in a second.

A

Yes, okay, again, the same trick. I copy extra characters just make sure that I have the right file and here's the bootstrap ignition. It's really long, okay and it's in base. Actually it's not in b64, it's json. So if you want to look at it, yes jq dot and you can look at it and it has all the information that you need. So it has basically what it, what kind of uh ignition file now fedora core os it uses version three open, openshift uses version 2, so basically be careful with this.

A

I don't know why it adds another key. I guess this is a cluster key, but that's my key and this key I'm not sure what it is.

A

So it has all the information it needs to configure the fedora color as there is a base64 or there's a certificates.

B

There are lots of files; basically, there are lots of files and their content um yeah. They.

A

B

Written to the fcos directories as a storage, and they are also defined some services that are started automatically on the first boot and um but it maybe you can show, because I try to explain that since maybe you can choose it. uh Terraform tf files again.

B

Yes, um can you show the ignition.

A

B

There is a bootstrap repetition.

A

B

A

The bootstrap ignition, because.

B

Yes, because um because the ignition file for the bootstrap node is so big, you have to provide it in a user web server for it and that web server can serve this ignition file and the bootstrap node will only get this small. You see it here online, uh starting at line. 40 43., um this small part, tells ignition set.

B

The master ignition for the bootstrap icon will be served from this location and you have to provide either either a gitlab a repository or a web server that serves this file and as yeah with this way, you can provide service vms um with a very small ignition files, um but the big ignition file will be pulled afterwards in the second phase from the web. Server.

A

You don't need a full web server. Some people just do a rope or byte and script to serve this file, but yeah whatever floats your boat basically, but that's good, because, for example, if joseph didn't tell me about this, I would have forgotten to copy the bootstrap the technician file to the web server and that's one step you need to do and an extra step you need to do. Is that curl it? So you have and don't call it from your.

A

uh I mean from your memory, just find it and use the same command that is here same url yeah to make sure that, basically, because this is the most important one, this is what it triggers the whole installation. If you cannot get to this file, the whole installation will not uh work.

A

A

Where's, the phone.

B

It's not copied.

A

Oh no, I get stuck.

A

The time, okay, that's live level, we're expecting.

A

A

Let me open another camera.

B

A

They're, the beauty of democ- oh no, I cannot okay, so I am using a helber node and this helper node was created by christine herbandis.

A

Let me another idea of this.

A

So because I'm using tmok, I can attach hopefully oh okay, I can attach, I need to reset and find out how to reset um okay, so, okay, so the ignition file works.

B

Now we can start.

A

Somebody can find out how to reset the mark uh this size, it's the same size, but I'm not sure okay. So now what can I do? I have the ignition files and I have the tf bars ready. I can start the installation, how do I start the installation.

B

Maybe you should clear the screen, so we don't get uh character, mess.

A

uh This one it's uh I need the reset uh tmok reset. I don't remember it. It doesn't happen. Often the micro set window size. I use google to find out how to do this. Is there any way to the right max? Yes, there is a t max minus v: oh okay, control.

A

The mac attach minus.

A

Ctrl p b, which makes flash number sorry.

B

There was a command detach if you go up yeah yeah here it is.

A

Yeah, okay, but the problem is that I cannot be attached from the other one because it's stuck, but maybe.

B

Is it okay, close terminal.

D

A

Nice, I just need to close the other one. Now. Can you.

B

Can you clear the screen violet.

A

ah Because the issue of yeah.

A

Okay, so I need so, I need terraform apply or to approve yeah. You can do plan if you want, but that's the quickest way. Now what terraform is going to do going actually to create the infrastructure, for you is communicating with the vcenter to get the state uh it's doing the virtual machine template checking if it's there or not, checking the data stores. Doing everything that open shift install does because open shift install at the end of the day is using terraform and okay. So you can see it's creating the machines creating a folder.

A

Let's go back to the center and see if this is done. We center I go to home, go to vms and templates. Okay, it created the folder, ok d4 and I can see it started, creating the machines. Okay, just a matter of time, it will start them up.

B

Normally, you have nothing to do with the insights, but we will show you a few important steps just in case if you have trouble getting the system running. So if the vms are up, um I think valid. We should start with the bootstrap vms to sh into it, but at first we will show in vsphere if something is wrong with the boot procedure.

A

Because I spent some time on the slides, I would like to show some it's. uh The slides are just for supporting us. While we are talking, uh because there's lots of things that you have to wait.

A

So the takeaway, if you want to ask me, what's the take away from this whole hour, the takeaway is that if I want to install openshift or okd, ok d4, it's very simple: it's just open shift, install create cluster. What's difficult, the difficult part is the. If it's a user provision infrastructure, the user has to provision this infrastructure.

A

How can he provision this infrastructure? There is. There is basically the.

A

The ocb helper! So if you go to github and you say, ocp helper.

A

The cb helper node, this will give you all the services that you require so dns server, load, balancer, whatsapp or dcbc, and whatever method you need and actually, if you go at the end, it have the ubi automation for vsphere. If you click on this one quick start, this other repository, which is under red hat official git rebel, have all the different scenarios you might have you want to install with from over. Or do you want to install with bixi? Or do you want to install static ibs? Are you in a restricted network?

A

You don't want the cloud provider so all the options you have are there? Okay, let's go back and see. Okay, the notes have started so now. What we can do, we can check what's happening with the bootstrap.

A

Okay, the bootstrap came up and it has. It has taken the ignition file.

B

And you, you got an ip address, it scrolled out of the window and you have a host name. The hostname is bootstrap and we should we should ssh into it to show this two-phase um installation, oops error who knows attacks not have the permissions for the tags.

B

B

Strange but it should, it should work without that. I think.

A

B

A

B

A

Store the the taxes for the um um for the storage, I believe, is it but.

B

But I think it will work because um the beauty of of of okd force installation is that it will start cvms. They get the ignition files and you are done. The installer, mostly um the openshift installer, will provide you with some status messages, but normally you yeah you can you can wait and it will run. You don't need the installer if the resources are created.

B

Now we will um there's a question question. Firstly, yes, yes, this fake uh yeah. I think they are working on on at least a sample operator, um because it's uh degrading after some time. This is fake secret.

B

Is it 100 eight.

A

It is 100, yes, yeah.

B

We tried it before, that's why I know that maybe, where there's no hosts.

C

A

So that's what we usually do, uh because it takes time. So basically, you try to figure out. Is everything? Okay or not? First thing that the bootstrap needs to do is to pull images because basically, it's dependent on containers to start so, yes, it pulled one image, that's good and it will keep pulling how we can check that you do psa ux grab for bond man, yes, bullying imagery using boardman. Yes, I have woodman is still putting images.

A

B

It's booting in two phases: before we are thrown out um it will. I think it will pull two images um in this images.

B

There is a release, payload and uh tools like cryo, vm tools, demon and then it will install them and it will reboot and yeah sorry go ahead and yeah and if it reboots uh the first phase of the installation of fedwater core on on a note is, is finished and every node also the masters and the workers do have this two-phase installation, yes, and I think in a few seconds we will be thrown out here.

A

Yes and another thing when it pulled the image from fedora core os download the ci server or from the download site, it pulled the latest image, but each ocd release has a specific image to it. So if it needs to upgrade or downgrade you will see that basically it will take care of that.

A

You don't need to worry about it because, sometimes in other different installation, if you are not going to use the official okay there objectory some some other instructions will ask you to download like, for example, this is great um he's also from the uh okay working group.

A

He has instruction that you have to download the image and you download just the latest image. Don't worry about it. Okay, let's check the masters of their. uh The master will not do anything until the boot until.

B

You get this yeah, you could show the masters what they are doing.

A

Okay, so so there is lots of errors, but that's fine, because the the way, the um the controls, the control uh cycle in kubernetes and on all these systems that to get to their desired state. So if you look at the logs, it's full of error get error, because basically the bootstrap is not ready. Yet so it's trying to go to this ib address and this board, which is basically the api internal, which is the machine config server. This is where it will get. The master will get their ignition files from.

B

Yeah, maybe you.

A

B

Showed we showed yeah, we showed before the terraform vars file and we had a little stubs also for their masters and workers, and they are all they are pulling their huge ignition file from it from the load. Balancer and the load balancer in the beginning only contains a bootstrap node and that if the bootstrap node has finished with this installation, it will serve the ignition file to the masters and at this time you won't see this message again, because the master will load the ignition files configure itself and start with the two-phase configuration.

B

C

B

We should have thrown out from the bootstrap node valid. I think, let's see.

A

No, not yet: okay, no jinx, just in time, yeah, yes, and it's very fast to connect it's the. I love it because basically the the two things I love about the okay and open shift, the images they use for host the fedora core, os or red headquarters. They are very minimal and they are very easy to maintain and you are not supposed to configure them except using the ignition file and accept using basically a desired state. You are not supposed to ssh into them.

A

Now, if you look, if you look here, this is a different version than the one here this is. uh This is june. This is july july 26th. This is june 29th, so basically it did downgrade itself so that it can fit to the requirements of this release. Version of okd, okay: let's do the same command, again images and see okay, so we are getting more images. uh I think we'll get over 12, 16 images, correct, yeah,.

B

Yeah, I think so yeah and it's good to know that um in okd and openshift 4 the operating system is an implementation detail say you don't have to patch um hosts for security uh packages, but openshift and okd will take care about that. If you upgrade your cluster, you will get a new operating system. It's automatically installed during the update in a rolling up upgrade on each uh node of your cluster.

B

So you have. You must not take care about os upgrades on your own.

A

So if you look, if you look at the journal, you can see that basically it's it downloaded the release image and now it's starting bootstrapping, the kubernetes cluster. Usually the bootstrapping takes 10 to 15, sometimes 20 minutes, hopefully not much, because basically the images I have them close by and if you see these characters, this is basically arabic, characters and linux, but they are really messed up. So don't use arabic in linux.

B

Yeah, I could um so we could. We could. um What do you think about showing oc get pots, because I think we could see something already.

A

Yeah, I tried okay, so about my images. I have the three images. So what did what did it do? What did it do with these images? So if we check what men or not yet man, I know hi control. Sorry, yes,.

B

Right ctrl, there is a t too much.

A

Yes, it's a live demo expect me to do machines.

A

Not yet you can do bs, but I don't think there is something yet change it takes.

B

A little bit it's, it pulls rather slow.

B

A

Another image yeah, you see the lock.

A

Okay, starting at cd, that's the most important thing, because what the bootstrap will do it will be its own key value, data store for the whole cluster and it will try to provision another cluster.

A

So the moment lcd is up and running, then it will try to scale out to the other nodes, the master nodes and the moment it scales out to the master nodes. They will start the machine, config server and the bootstrap node job has finished. It will, basically, you can create them.

A

Instantly the same images so now, because it's starting the tv certificate signer most likely will find we should see drops you should see. What's now.

B

I think it will pull.

A

Okay, so how to start how to start. As I said you go to like the io and you get. Basically, uh you get the um instructions from there or from this side. Okay, now one one of the things it will tell you. If you go to the release page one of the things it will tell you, it will ask you to run this command or see adam. So you don't have oc adam. You go to the github of okd and get it from the releases pages.

A

So you see, this is the release and if you go down, this is all the images that are contained on the release. You'll find basically, which this is the client which is openshift client oc. So it is also okay, client, so it can be. Actually you can submit the bug report that should be okay, client, doesn't matter yeah the moment you have this client from the release page, as you saw, you run this command, it will pull the boot open, shift, install and oc and cube control, and you are then you are in your way.

A

Yes, now uh this is the menu just in case you haven't seen it in the beginning. So what kind of you don't need to create any ammo? It will create it for you now. uh If I want to do the caching, I just set up certain variables and they use the oc. Adam release mirror the instruction is for this connected environment, but you don't need really need for this connected environment. Even if you need to make sure that you are not dependent on the upstream.

A

Just in case you can mirror them into your own network, okay, so the installation we said there are two types: there's the full stack automation, which is what we call ipi with infrastructure proficient installed and the ubi the user provision infrastructure, which is not fully automated, and you can see here the the fully automated it will build your network. It will create the load balancers to configure dns.

A

It will provision the vms for you. It will do the operating system installed. It will generate the ignition config, so you don't need to generate the initial configurancy so that we have to do it for terraform, but even in terraform the installer can take care of that open shift, open, open system support for the okd. It's usually fedora core os. I think there are talks about centers, correct.

B

A

Yes, now the other thing about, why do you want? The automation is that you can do the auto scaling out of the box if it's user provision, you need to make sure that your cloud provider in this case the vsphere- has the capability to do this and I believe in 4.5 it has the capability to do this. That's that's true, so this will be fully automated.

A

Yes, let's go back.

B

um Because um I I just want to take the chance to look inside. If you have progress- oh no, okay! Now uh we should maybe we you can show uh oc, get pots um outside of the bootstrap. No, because now we are in the bootstrap node and we could do a watch. Maybe.

A

So one of the things, the artifacts that it creates it, creates this odd directory and it has the cube config, which is basically the configuration you need to connect to your cluster. So if I say export queue, config off and the cube config I can see, I was seeing get bots minus a to see what kind of mods I don't have yet because it's just a cd, it's still starting.

B

A

A watch yes, so another thing I can do using the openshift install. I say: wait for. I want to check the status for the bootstrapping. Is it finished or not? I can say bootstrap complete, yeah wait for both put.

A

It helps if I type correctly yes, so it doesn't tell me much so I I increase the velocity by increasing the log level.

A

Again, it doesn't tell me much so what I can do. I can actually trail the open shift log file. There's a log file. It will tell me what state it is on, so it can tell me that the company waiting for commits api to come up so I'll unless the abi server is up. I cannot use oc because oc is basically a client for this kubernetes api. Everything is restful. Everything talks to the api and if the api is not up in the bootstrap, I will not be able to talk to it.

A

Okay, so, as we saw, the installer is very simple: it's text, user interface. uh It takes the cloud credentials, the vsphere, for example, the recenter, the administrator. What data store do you want to use what network you want to use and bootstrap creates a cluster control? Plane creates the bootstrap. The bootstrap basically creates the master nodes.

A

So that's the diagram. If you want to see so from one machine, the your installer, it will create the bootstrap node and then the masters will depend on the booster update to get their ignition files and to basically provision themselves into the desired state of the cluster. And then the worker nodes will talk to the masternodes.

A

Now the ingress for the applications ingress basically usually gets installed on the worker notes. uh We'll share the slides. This slides are from dev nation uh to give credit to definition and barcelona and eric these are actually the slides from the master class for the open shift operators.

A

So it tells you basically are you starting stuff like this? Okay, I don't think we will have time to do the auto scaler. So let's see it's strange because.

B

It's a pulling is rather slow, so maybe you could do.

A

B

You could uh do a watch on oc, get ports all name spaces, or maybe you see a little bit more now.

B

Normally you should yeah, you would see a list of pending pots. This is this is already good, because it's talking to the api server already.

A

I know the ips server is not updating.

B

Because it, but it responds, does it is.

B

Yes, this is this message comes short before you see a lot of pending pots.

A

I am again on the bootstrap note to double check. What's happening, okay, I have more images, but they are not really enough. uh I want to check if these images are actually resulting in container runs. I will try control vs, okay, that's better! So what I have I have the fcd.

A

I have the lcd metrics. I have the hcd member and I have the machine config server. That's really good, because the machine config server is the one that is responsible. How do I check again? I can also check from the load balancer from the load balancer. uh If it's it looks green, but that's uh not true. If I do refresh oh actually, I have the bootstrap is starting to serve the operation.

B

A

The masters this.

B

Means masters yeah, the master should be able to pull them and.

A

B

A

B

Maybe you um you remember that um before it, the masters were pulling they're pulling for an uh ignition file, and now the bootstrap node can serve this ignition file. This machine server port is responsible for that and the master pulled it configured it, and now we should, but now we should see something with oc get ports.

B

It's a third third. Try.

A

Here it says still waiting for the co-operators api. I believe the current cbi should be ready.

B

Normally, everything is fixing itself, it's magic.

A

I can reboot the notes during the installation and don't worry about them. They will get to the same state. Also.

A

So they are in a loop to get to the desired state.

B

Normally you can, you can't break anything because the system will fix itself, so we we had. We were often in a situation where we thought we have broken something, but um it's it's rather easy to to fix it, and because okd is our shift. 4 is based on operators.

B

Operators are first class citizens. This operators will take care about their pots. They are responsible for in fix itself. Yes,.

A

If you have a problem, you can also go to slack and open chef dev in the kubernetes. Slack is basically where you can ask your questions when you have problems or openshift users.

A

These are two nice channels. If you have open shift or ocd, I believe open ocd is mostly open shift. Dev, correct, josie.

B

Yes, very how's, the most time. Yes, I think give me.

A

B

The first force yeah give me a first try, um I think now we should see the pending parts. I have a strong fee. Okay,.

B

Yeah because pulling is slow, so normally it should not take so long. You, you will see a list of pending pots and then the cluster the containers will creating.

C

B

The masters will.

C

B

Will configure itself themselves.

A

Okay, I mean performance is okay for the bootstrap. The bootstrap specs is really low for cpus eight gigabyte, but it's doing good uh the master, uh let's see. Actually the registry, that's the one. Maybe that is, I guess my registry is the one that is blocking this.

B

You are using mirroring.

A

Yes, uh basically.

B

A

One, maybe is the one that is causing us, the headache, not really it's the.

E

A

E

Guys it may just take a little bit of time.

A

E

So give it a little bit of time.

B

I want to see the pending.

E

Pots I want to see the okd dashboard is my proof of life.

A

That's why that's why I showed it in the beginning, uh just in case.

B

Normally but but you can say normally an installation takes 30 minutes.

E

B

Pull from a from an internal registry, it takes about 30 minutes, so we were.

A

B

Talking a little bit about the insights, because I think it's more interesting to yeah to see the insights as to have a dashboard. um Yes, because yeah, you should see uh what normally happens if you install it what's normally and how to fix.

A

This is my home lab. It's an old dell server like five six years old. uh It has 40 electrical cores and basically memory is good enough. uh Around 320., I killed everything just to basically to make sure that we don't have any contentions or anything I didn't shut down. I killed actually everything.

A

But I I mean at work: if we I do this at work, it will take, as joseph said, maybe 15 30 minutes max.

A

If you have good ssds, if you have basically a powerful server, this is really an old server and you can see the hertz. It's really 1.7 gigahertz, it's very, very um it's good for a home lab.

A

I love it. So, let's.

B

Go back, but we can, we can let it run because we have the next um platform. um We will install it on azure and we can. Let do the installation.

E

What it wants to do.

B

E

B

In the end, but what could you do? Have you seen some pending pots or last try not yet not yet.

A

So basically, if you look at the, let's see the logs still waiting for the api, okay, I hope the tagging issue and I don't know why.

E

It's taking some time for a couple couple of the other demos, so don't panic.

A

D

E

And if it takes too much time, it must be live.

A

Actually, I was worried that I'm not being fresh- I was I wasn't really fresh this morning and they needed to do lots of stuff to catch up with the installation. I wanted to do the automated install because I know it's doable. I know people done it, but there is something in my environment that is blocking me from doing it. So I.

D

Couldn't try it out here.

A

Yes, so the automated install for vsphere very, very straightforward. You just need two entries, one for the api and one for the ingress and they are floating and they are keep alive d and it will. This ib addresses will travel with the nodes.

A

So basically you don't need to provision a load balancer and you don't and you have to have dhcp, because it will create the it will talk to the vcenter to create the vms yeah. So it's it's really very nice.

A

I will get it done, okay. So uh what are the issues that we had? As joseph said, the terraform tf state. So I like this one uh I like to stay, there's so many that one of the of the problems with openshift and okde okd is that so much information and so much videos are there outside. But if you follow the official red hat and the open comments, the comments open shift comments.

A

uh I think you should be safe and the slack of course so and what is the difference between openshift and okd when it comes to installation? First of all, the release format. If it's open shift, it would be 4.50 or 4.51, but okd you'll see this date. If I go back to the index and you see the different releases, you see.

D

A

Yeah, they are really a little bit different. What should you go for documentation? It's okay, dot! Io! If you go to open shift, there might be some discrepancies in how things are done. So it's better stay. Okay, but I oh so this.

B

Like also that you can, as he said, change look if you click on the version. You will see.

C

B

What changed in each uh each version and also yes,.

B

I'll access it it's generated automatically and you can see exactly the commit that leads to this entry.

A

And actually, you can see what can you upgrade from and what what can upgrade to you cannot assume that you can break from one release, so the other release straight away. You have to check basically now there is another github from a red hat engineer who created the like chart that basically draws all these upgrade paths to you.

A

You can see what the kubernetes reviews version is using and what fedora color is open shift. 4 is viewer kubernetes, with the extensions using operators.

A

So if you ask me, why should I use okd because, first of all, it's an open source platform, I can use it in hybrid cloud. uh As far as I know, it's the only hybrid cloud open source platform that is out there, which is holistic. It will give me logging. It will give me a registry, it will give me monitoring out of the box identity providers, you name it.

A

It comes really, and maybe this is an advantage and disadvantages. If you need something quick and just raw kubernetes with nothing at all, maybe you can use k3d or k3s, but then you have to do lots of stuff to get it up and running in in a good shape.

A

So uh and when you see this, this is not really a tag that is used on the installer. Actually, when, when you see this one, if I go to this one, for example,.

A

And I go to query or will show I found out that if I need to do really, uh okay and openshift, they don't use these tags, they use the digest.

A

So you have to do this trick to get to the digest you have to go, you have to use the image and then try fetch tag and when you fetch the tag, you fetch the datejust, not the docker bullet and you fetch the pages, because everything in open shift in oking is digest.

A

It makes our life a little bit harder, but it's much more immutable, much more secure, much more um good, good practice for uh configuration, management and stuff like that. Let's go back to joseph bodz.

A

B

You can you do an oc, get points.

A

B

A

B

Yes, on the first try.

A

B

Almost yeah, that's uh that's! uh Oh, we have already one running container one running pot, uh the or yeah. I don't hear there.

A

B

A

B

Running the network operator is always the first and now um network is instantly installing on the masters and yeah. Now, from now on, things will go their way.

A

The openstack voltage is an operator responsible for several networking functionality. Okay and obn is d. uh Actually, okay, I need to show you this so another descript another default configuration between openshift and okd uh openshift will use. The sdn is openshift. Sdn okd uses the kubernetes ovn, which makes it easier if you are going to run windows container later on. So one requirement for windows container is to have the sdn as kubernetes ovn, which comes by default.

A

The network network configuration option for okd.

B

I think it's okay um diane! If we explain that, because on azure the azure installation will have the same um parts, yeah.

A

If I go here, okay and if I do bs okay, so things are running- I have the cube apis. Okay, so the api, I think, is done yeah the api is done. So I think the bootstrap completed the same.

B

A

Not find the requested resource.

B

It's okay: let's let it do its job, I it will it will. uh It will work so maybe in 10 minutes we could um the master as a workers will join the cluster and we have to approve the csrs, but maybe.

A

B

We can in the meanwhile, it starts as a azure installation, so maybe we could be an uh ui afterwards and then you could explain the operators again.

A

B

Afterwards, no.

A

Oh so azure installations. Okay, uh so if you install okd on on b sphere on gcp on google cloud, uh the fedora core image is available there or you can download it for v3 or the installer will download it in azure. It's a special case, because the moment azure was helping for os as an official image. It doesn't have fedora core os image. Yet so.

D

The installer has.

A

In the marketplace, so the the installer has a hack and if I go back to the releases, so joseph wrote a workaround and this workaround was available until beta 5, but after beta 5, this workaround by mistake got got out and we have a bull request for it to bring it in.

A

So there is uh yes, so there is a bull request to bring it in.

B

A

uh It was merged so that if we we can use the you want to try the new install.

B

uh I don't know if it if it if there is a nightly, but um I think yeah. There was a little problem. um The procedure, because the video records image is not available in the marketplace is the following: the openshift installer downloads, the fedora course image from let's say: fedora core site extracts it it decompresses it and uploads it again to azure the problem with that is, if you have a slow internet connection like me, and your upload is slow, then a terraform will time out.

B

So um our procedure, or the only work around at this moment, is to use the openshift installer not locally on your pc, but in a in an azure cloud. Shell, because if you are already on azure, things are much faster.

A

Yes download it now, the openshift installer is open source for both openshift and okd. The okd is basically you have to go to the branch fcos and that's where, basically, you find the openshift installer and if you want to participate or held in on the openshift installer for the different platforms.

A

Okay, so so azure, as I said, the main thing is the openshift install. So I already downloaded this beforehand and the one I downloaded. As I said, the first thing to do is always check the installer, so the version make sure that you're not using something that you don't intend to use, because this happens the moment you go into different version or testing different releases, you, you might get messed up which release I'm using now, unless you have a system in place.

A

So it tells me that this is from commit because, as I said, uh we joseph basically made the request. I made the bold request after him because I thought my request was better, but it was the same. So I closed mine.

A

So basically this was from a bull request. It was not committed yet but, as joseph said, it's committed today uh to save us time. I will use this because I already know that this one works and you can say you can see this yes now what I have already clustered up as usual. So basically um here so I have one cluster up.

A

Oh maybe I need to log in again.

B

This is a piece here I think.

A

uh No, no, it's just local. Yes, this is vc local, yes here, so this is developer uh screen in okd, and this is the default open shift monitoring, so you can see the bots and they are not related, they are not in, they can see them and you can scale them and whatever.

A

If I go to the administrator, I will see the status or that's not good.

B

But this is vsphere again.

A

Again, no! Oh, yes! Okay! That's why it's not good!

A

You see the confusion when you have more than one cluster okay. So how do we get? How do I know which cluster is up? I can, uh as usual, I have the cubeconflict file, so I export you.

C

A

Install directly hot and the cube config and I ask for the routes, what routes are there and actually I'm looking for a specific route, which is the console? I know what it is, but let's check, I will not get it this way, because I need to ask in all name spaces in all projects.

B

But this is a pre-installed cluster. Isn't.

A

It, but this is a pre-installed cluster, just in case that we had issues.

C

A

Yes, so I can go here. For example, I can delete this.

B

So this is a pre-installed um azure uh okd cluster on azure just said. You believe us that it's uh it's working in prints in siri.

A

I don't have a storage configured, but I have managed premium. Would this is the difference? Is now so in vmware? You would, basically, you will have the vsphere built in driver by default, which will provision a storage class called tin. If you need the csi, you need to do it as an after step in azure. It will use basically azure storage, so this is using azure storage.

A

And you can create different tiers. You can create different storage classes for this okay. So let's kill this cluster. I have to actually and okay. I will use this time. I will use actually the azure shell as um as uh joseph explained, um because of the uploading and downloading of the image this could. uh It would be faster doing it from an azure shell, azure shell times out every 20 minutes. So if you want to get rid of this timeout, you use dmacc and you do watch whatever okay.

A

So basically you open, pmuk and just run a watcher.

B

Or you press enter from time to time, but.

A

Yeah to come around and press enter okay, so I'm in this directory, uh I, why do I want to kill? Because basically the quota reasons? uh Actually let me kill the other one. The life.

A

B

Because of your quotas, so we have enough. um I.

A

Have enough now, but just in case okay.

B

A

Let's do a cluster.

A

A

But this is how you destroy the cluster. So if there's anything you learned today, it's how to destroy a cluster, don't do what this network.

B

Alert alert takes a little bit.

A

Usually fast, and if I go to the console, okay, I am in the console. Actually, if I go into the console and I check vms, for example, I will see some vms starting to disappear or starting to go into a known state.

A

So I have two clusters: one is running in north europe, switzerland and one is running in east u.s.

A

The one I'm kidding, I think, is ah the one I'm killing is the east. In the north, europe.

A

I was expecting to be contention and last red hat summer there was contention in aws regions in your in english, but here today there was no contention to be honest with you. It's either azure is really good, or I was lucky today to provision these clusters or the quarter system works because didn't give me my requirement is very small. 80 calls maximum, but it's like took a week to get me grab me this quarter.

A

Okay, let's go back to the command line, so while this is destroying, we can actually create another.

A

A

Okay, so you have to be careful when it comes to azure when it comes to your cloud, because it's not your machine, so you have, um you are limited on the size. Okay, so slash home, which is non-resistant disc, is quite good, but it's not resistant anything you put there. It will get lost if you disconnect the terminal and slash home slash. Your user has only five gig blob, so my images is around eight gig. If I look I have, I think I know I don't have okay.

A

Actually this is so the trick is, and it's uh available in the get rebel of the uh okd just to make directory slash home, slash class. You create the cache with an unpersistent one. Okay and you link to it from your persistent one.

B

This won't be necessary if fedora cos still will be finally will be available in the marketplace. Azure and redhead are working on that. So we hope that in a few yeah in a few reasonable time it will be available and you can call this command from your local pc.

A

I love to create directories so that I can limit my the pollution of my artifacts for the installations. I create a directory and I love to have debug level high. As I said, the.

D

A

Takeaway, how to install openshift is open shift. Install create in no matter is it vsphere is it ogcb is.

C

A

Azure, okay press enter, uh I'm missing something create. So what do I want to create? I can create a cluster. I can create a manifest and this time I want I'm using the automated install. So I want to create a cluster. So it's asking me which platform in this time it's azure, okay, which region you have to be careful with this, because there is a quarter and the default quarter is 20 cpus. This is not enough.

A

You need at least 28 unless you customize, unless you customize your installation, which one there I need north europe yeah. This is where I have uh quote already agreed by microsoft. Thank you, microsoft, and now this is the domain. This is another requirement, so basically you have to have a domain in azure in your own account: okay, cluster name. What do you want to name the cluster? Let's name it joseph nice. Thank you.

A

Okay, the whole secret! Okay, the trick I do is I have this in the dashboard, so, basically, okay. I cannot write jason, I'm not very good in jason, it's fake power, that's all in json, but I have to put it in the dashboard okay. So it goes and it fetches master machines. It basically checks with azure. Do I have the credentials the contentions was done earlier and I'm not good in video editing like the yen, so I didn't record it. um So basically, uh you need a certain service account with the with certain privileges.

A

It's all documented. It's very straightforward.

B

It needs lots of priv uh permissions. I I don't know why, but yeah I don't. I think it's very good to have uh service a principal with so much permissions, but it's required.

A

Yes, so now that's the step that joseph told you about it's trying to obtain the fedora core os forget the message obtaining red hat, core os. It should say core os and that's it.

A

Maybe I should do pull request and then it copies it into the cache file that we did we created and it and it starts decompressing it. If I want to check now, we saw how we check the infrastructure, one, the on premise, the vsphere.

A

If I want to check, I just do refresh here- and I should see a north europe resource group- okay, nothing! Yet it's very slow. The console's slow understand the azure console. I don't see north europe, yet okay, oops refresh okay. Now we see a resource group resource group is a concept in azure, where basically it's a container that contains all your uh artifacts, your virtual machine, your storage, your network, your security groups. So we see a network security group. We see disk be careful that this.

A

This is the one that are costly if you're running open shift select the right disk. If you want to customize, these are the ones that really cost and you can add gb if you want, but this is another time so it started creating the virtual machines, it started, creating artifacts. I have two disks and I have two measuring machines. I have the masters.

B

Where's, the storage account.

A

Okay and what is the, what is the storage account good.

B

B

Virtual machine is already running, there should be an image and a storage account no.

A

Let's see again, let's refresh sometimes it's just the console. Okay or we can straight go to storage accounts.

A

Okay and we should see which ah we don't see the north europe yet strange- it's because it's still the compressing, let's see what's happening on the shell, uh still decompressing the image it's yeah, so.

C

Basically, that's.

A

Good by the way, because it's creating the machines yeah well just creating the vms, it's not really installing them, it's creating all the artifacts that it needs before. Actually, the image is ready, which is good, optimization.

B

um But I think uh valid, I think. uh No, I I I think the machines should be created after the image was uploaded. Are you in the right? um Well? Was it an old one? Maybe it was an old one.

A

No I'm uh what what I selected north europe correct, yes yeah! So it should be, and you cannot see it here because it's not there. Yet, let's do again. Yes,.

B

A

B

um From the in the installer code, um the terraform starts after the decompression, though telephone.

C

B

At all, it will take a little bit until the decompression has finished. Maybe.

A

B

A

B

A

Oh, yes, oh so this is the one that is deleting.

B

A

No, I think it's not. I wish there is a way to say how this resource.

B

A

Yes, yes, it's still decompressing the.

B

Download uh it was faster than the decompression.

A

And the deleting is this low okay, so I think the azure uh I said azure was good today.

B

um Can we can we peek over to a vsphere? uh Yes,.

C

B

Hope we don't uh uh cause lots of confusion for that, but maybe.

D

B

E

I'll fix it in the video editing. How is that.

B

Okay: okay, it's still downloading.

D

B

It's okay, yeah.

A

But that's too long for a woodstock.

B

Yeah, it's downloading. It's still downloading.

A

The timeout is 40 minutes, so I guess it didn't time out yet, but even if it times out it's, you can actually it's still going on okay, so we have bootstrap, not finished on vsphere and the decompressing of an image, and if this is my fault, I should have done it earlier.

A

If it was on the cache and that's the difference now you saw in vsphere, it was on the cache, so it started straight away, but here it's not on the cache. So basically it's taking its time to get the image and then decompress it and decompressing and uploading okay, it uploaded. So we should see a new resource group.

A

Yes, so if you go to the resource groups, we should see new north europe resource group.

B

A

Little bit because.

B

The web uis, always even if c resources are created on azure as a web ui takes a little bit, shows.

A

A

Okay, let's see the what's on the console, so on the console, it's telling me that basically terraform started it downloaded the azure provider and it's initializing, the modules that are in the terraform uh code manifest. So there is a bad bootstrap. There is a dns. There is a master. There is venus. These are all resource. The bootstrap is an openshift resource, but the rest is basically is azure resources that terraform will use to provision to provision basically the ocd and that's. Why?

A

What that's? What happened here when I said the josef code got missing here, because the terraform provider was changed here and it required certain changes on the code and by mistake I guess it got dropped, and so there was an upgrade to the azure provider.

B

A

A lot of meta file.

B

Lots a lot of people have had problems had reported problems with error messages from the installer telling them that some page blob.

B

Yes and we fixed that, um it was only a small change that was necessary and it was.

C

B

Today and I think in the next release of okd, it will be, uh it will be in next. Release will come out um next, no uh the week after next week. Okay, so you will have azure support an official way.

A

Don't have so one type of storage containers in azure is base or block uh block are aligned to 512, and that was the error message. The other issue that was dropped was the source uri. So the source is a cache image is not a url, so this is what's the other change, so it's very easy to participate on the fixing things, especially if you have joseph backing you up as a mentor. It's really amazing.

A

Yes, uh so that's the issue.

B

I have a strong feeling valid, let's see, decompression has ended and that uh we should see a resource group.

A

Yes, so we are seeing resources creating we see v-nets, we see azure private dns, so it's recreating the sub-domain. Let's go to the portal and see where I am in the portal. Okay. So let's refresh okay, you see new joseph joseph here.

A

So if I refresh here also because it's also- I mean the user interface of azure, you need to refresh several times. I think it will create like 22 records at the end. Now, what do we have? We have a load balancer which is expensive and we have basically the public ib address and the virtual network. We don't have the vms yet.

B

A

B

That is crucial is um maybe you can show the storage account. It should already be created. It's still so.

A

It's creating it. Let's see it, let's go and see it. So I love basically the cloud shell on google and azure. It's really nice, it's very very convenient. If I go to the storage accounts.

B

Yes, okay, this way, yes,.

A

Okay- and I refresh, I- should see north europe. Yes, here is joseph north europe and if I look what.

B

The first entry it's the first entry you can take that.

A

List, yes, I did storage accounts, so why did okay? There was a.

B

A

Interface, okay, so this is the storage account for the resource group that created recently.

A

Okay and I have different types of files, we are in containers and basically there's one for the bootstrap ignition file. Okay, it's up and it's uploaded and the other one is the vhd. So this is the initial phase of theraph of the azure installer. If you have these two you're in good shape- and you saw it's 8 gigabyte- that's why you have to be careful when you are installing several releases, because you could run out of space.

A

Okay, let's go to the resource group again.

B

It was creating an image, so um the vms should also be created soon. Maybe we have one if you scroll down.

A

Yes, by type and virtual networks, this should be up next.

B

A few seconds.

A

Let's refresh this is the take away for azure refresh.

B

The nice thing about the azure ipi installer is that you have to take care about nothing. You have to prepare the service principle one times um as it's uh yeah. It's documented very good. It's very yes.

A

B

Have a service principle in a few minutes and then you only call the installer create cluster um azure enter your credentials, and here you are.

A

B

A

It's a bit confusing uh because now, if I want to check, do I have the right service principle. I go to the it's not really service principle. If you search for service principle, most likely you'll not find it, you go to the application registration and then you say view all applications, this directory and that's the service principle I created and actually it created, others.

B

Created something for ingress.

A

B

And I think that's uh the reason why the uh initial uh service principle has so much so high permissions that it can create um other service principles on its own.

A

Yes, um so I guess this information is safe because the password there is a password related to the service principles and there is permissions, and this is what you need to check. You need to check that you have the directory graph and I'm not sure if this is because it worked for me before, but last the last installation. We saw that somehow it's not granted for me, but it will tell you here there will be a warning and then you just follow what the warning tells you.

B

In my company, only a special group of people is allowed to grant, so I personally cannot grant service principles on my own and that's why this is a two-phase.

B

A

So in vmware there is something called v-mag advantage where you can have one-year evaluation license for almost all products of vmware. In microsoft there is the intel. What is it the developer, basically subscriptions which will give you like 150 us dollars per month, access to azure, and it will give you access in the beginning. If you don't have an azure account, it will give you 200 free account and later on, uh you get like a quote 150 us dollars per month, and you cannot use this in production.

A

This is basically uh development test work, but it's good enough. It's really excellent.

A

So this is what we call a developer subscription or something like that. It's still creating the blob images for the machines. Okay. Now, if we look somewhere, we can actually.

A

Let's see, let's see if it created the virtual machines or not yes,.

B

C

A

Really uh this is okd. This is not uh the current installation. Sorry, we know what's happened.

B

C

B

Vms, it's always confusing if you have lots of uh resource groups in azure to mix.

A

B

A

Yes, now, if you ask me, do you want automated install or do you want it? In user provision install? It depends if you are in company that is heavily regulated and you cannot change the host names. The current automated install will for a reason. It will create a hash.

A

They cannot know the names in advance unless you change your process. So do you want to be on control or do you want the installer to be in control? That's the questions. So, if you can answer this question, then you can decide if you want it automated or user provision, so user provision has advantages and automated has advantages. It's not like.

A

I should always go with automated. Everyone has an advantage. Okay, if you want more slides the other thing that I like about openshift the concept of operators, okd or openshift basically are operator.

A

So if it's openshift, you can call it operator container platform. If it's ocd, you can call it operator kubernetes. I don't know what. um So what are operators? Think of them, as that you have joseph and you have christian hernandez and chris short and diane and everybody from red hat in one room and anything you can ask about open shift or okd. They will answer it for you. So basically you are, you are putting the whole experience of all of the operations or the developers in one package.

A

That's what it is. It's basically application life cycle management capitalizing on all the knowledge that human operators have. So they are just regular bots and there is a controller. So it's a controller and a custom custom resource and there is a and if you and everything you configure using the custom resource definitions, so basically, even how to manage your kubernetes environment becomes much easier.

A

Yes, so this is how an operator look like. This is custom resource definition, and this is just a hypothetical example. If I have something called cars, this is how I will define it and it becomes a first class citizen in kubernetes. So what kind of first class settings do we have.

B

Go ahead joseph, oh! um Maybe you remember that in okd three we had also api extensions, but I don't think that they did it with operators. I think they were extending the api server itself, but with custom resources. You actually can extend the api of kubernetes with own resources, and this is the mechanism. That's not um proprietary propriety, for you know what I mean for openshift or okd, but it's a plain kubernetes, and if you write the um operators with a series operator sdk, um we we also use it in my company.

B

It's very easy to write operators on your own. If you, if you have written um operators with that, so will and this source code, you will immediately um see how they work, because there is always yeah. Maybe maybe you can show show one.

A

Actually, I could short with like two hours uh workshop on how to write all breakers using answers, but now an idealistic person, an idealistic person on um on I mean he will say. Oh no, this is the wrong use of uh ansible is not a programming language or whatever, but for somebody like me from operations is the easiest way to get operators running up and running on uh on on openshift or tv.

E

There's also yes, great operator, um uh civil talks by michael rivneck as well that you can find and there's an amazing group of people in the ansible world, doing um work with operators so yeah tons of stuff. I just want to give you a heads up. At the top of the hour, we are going to cut off the live stream, so if you wanna- and that will continue with the the openstack stuff and if you can take more time if we need to- but just let you know.

B

We are flexible, we will. um Maybe we should uh should have a look on the vms, valid.

A

Yes, they are creating. I have the masters creating.

B

Nice, okay, so the bootstrap okay, the image is uploaded. Cvm start nice.

A

uh And as dian said, there's lots of resources for operators. One of them is actually learn.openshift.com. It's very easy. You don't need to provision your cluster. You can use one cluster for one hour and there's lots of uh small tasks that you can do within one hour.

A

One main task is the operator framework, so you can understand the api you can understand. What's the atc operator, you can use it as for the application, it's not for the infrastructure and you can use the operator sdk that the one that joseph was mentioning and the ansible kubernetes, which basically chris shaw, did a long workshop covering it and there's an answer refresher. Even if you want to do the the ansible kubernetes module. I think.

B

Sorry, sdk, you get a cli where you provide a few very few parameters and it will create an operator for you. You can immediately compile it and yeah do a few things and you have only to fill. I think, two files, the controller in the uh the api files, where you can specify own fields for your new kubernetes resources and yeah. It's lots of fun to write operators, especially especially, if you, for example, if you want to create a database like a mongodb.

B

There are operators that take care about that or if you want to create vms, you can use operators that create vms. On azure, we wrote an operator. My colleague wrote one that creates an uh vms on azure with the help of operators in kubernetes.

B

A

So this cluster is running on azure. This was created early this morning and if you look at the selection, you have you have ai machine learning in ai machine learning. You have the open data hub operator, yeah, it's a community operator. So basically you don't need to subscribe and it's very easy to install you just click on install. Hopefully it will work. This is a live demo so and okay, so basically status unknown. It will uh try to get the images, and so that's how easy you install a machine learning, deep, deep learning environment.

A

It's basically clicks succeeded. How long did it take less than a minute? And now I have a complete machine learning environment using operators. So operator is really what does it have? It has jupiter hub, which is the main interface for data scientists, data engineers to write, machine learning, module models, apache spark for data management, prometheus for monitoring and graphene airflow for workflows.

A

So if you are not using- and there is seldom also for workflows- argo for basically get ops and kafka.

C

A

So basically, I installed all of these without any knowledge in any one of these in less than few seconds. That's how easy it is now you say: okay, you installed it, but you still need to configure it. Yeah, no problem!

A

You go here to all the data hub and then you create an instance and you configure okay, and there is, if you go back to the openshift commons videos, the there are several videos related to how installed open data hub and, from definition also there is some uh stuff related to this.

B

Because was using a chip, provides a gpu support. I installed a chip as a nvidia gpu operator a few weeks ago on also on okd. It works absolutely smooth and uh yeah. It's it. It's a lot of fun and you can play with your create creativity to invent new things, because you don't have to care a much about how things are installed. You can use operators and it makes life more easier for you.

B

Yes, so it's rather.

A

B

Today, maybe maybe the other guys from the cucumber also creating things.

A

Yeah, can we send them a message in slack.

B

Please stop here, live consideration for.

A

Five minutes.

B

A

Guess they are partying virtually now I mean everybody is in his own way.

B

But if you are, if you see that uh things will magically uh goes away and in the end you have your ui, you can log in and have fun, but what's also nice with azure is that um you can immediately use the auto scaler.

B

um I tried it on my own. It's.

C

B

uh Very easy to to do that on azure and it's, I think it's a very important feature to save money that uh you enabled autoscaler it's on, like, I think compute.

A

Thank you for reminding me, okay, because I have a problem uh because the uh the one problem I have is basically, I didn't configure the storage and the open shift samples which are commercial subscription to red hat. I don't think they are commercial, but they are. Basically, you need to use the uh bull secret from red hat okay, but if I go to the administration cluster setting I can see there is an update ready for me.

A

So this is the second cluster that I installed now how to update and just press this button update to another version, and then you can select okay, the only way I want to go. Yes, I want to okay. So now, while we are installing one cluster, we are updating another cluster.

B

And it's uh that's: how and it's um your workload is still running so because the upgrade it's a rolling upgrade. It will, uh yes, all the operators. You can see this in that in this menu here. You will see that after a few seconds, the versions of the operators change and, in the end always the last steps is always that all the all the nodes get restarted, and this is a rolling upgrade is always one master and one worker that gets rebooted and your workload.

B

If it's cloud native will run and it will be not interrupted by the upgrade procedure. That's very nice.

A

Okay, good earlier there was in maintenance status, updated now it's gone. I don't I haven't seen it before. So I guess this is. It means that when the node was upgraded or something uh when the node was reported anyway, uh the upgrade would not continue because it thinks that it's not safe.

A

So the cluster version sometimes we'll have this sometimes it's say will not be enabled, but then- and I guess because I have one operator upgrade and if I get rid of this one most likely this will be very smooth, but even with this one degraded most likely, it will work.

C

If you, if you do, if you put that operator into a remove state um that will fix it,.

A

C

A

uh Okay, but this is the cluster operator, how can I do it.

C

A

I see 10 51 joseph. Where is it ah this? No, I don't see it.

C

A

You can see my screen, so you can tell me.

C

Yeah, I'm gonna drop it in the chat.

A

C

Rolling through my.

B

What are you looking for for the pull secret or.

A

No, no, it's basically how to disable the samples operator, but I think it's handy to do it. We should disable it by default. Unless somebody wants it now,.

B

But can you is it possible to upgrade if you remove it.

C

B

C

Yeah, if you really remove state um that that should do it for you.

B

A

Okay: let's try I go to the console. I go to the cloud shell. I open a new shell.

B

Creation complete so, okay now they are getting in completed state.

A

Hopefully, okay, I'm more working on live correct, so I need to work on this one now, um but.

B

You have to use a different cube config. You know that yes,.

A

C

B

Should we have a look for vsphere because.

A

I'll just make sure that I'm on the right cluster, okay, I am on the right cluster. I apply the update, so it's a batching job for the operator. That's what I like about operators, you just configure the operator, and it's very simply so. This is like.

A

We didn't really agree on this. We didn't do any demos we didn't do any dry runs. We were busy doing the request.

A

So that's easy. Let's see now in the console.

A

B

Then we'll go to.

A

The and then we'll go to the fees here: okay, good! Yes, that looks.

C

A

Better, thank you. Remove.

B

Okay, now, let's see.

A

If the upgrade so, basically uh we'll wait a little bit and we will see if the upgrade will go on, okay, let's go to the mi sphere, uh waiting up still, there's something wrong with the bootstrapping. I think.

B

It's taking too long, could you could you see if we have an oc uh if you have a certificate signing request? Oh yes,.

A

A

Certification, user provision: you need to assign the workload domains. This is all approved. This is basically the masters and stuff, so we don't have.

B

The obs um the network was not set up, I think uh yeah something is we had. We had this tagging problem in the start. Maybe this this was a reason.

A

Okay, the thing was for the storage for the network, everything, okay, I.

B

Think for the vms, because.

A

B

Normally it does not stop at this point. We had bad luck, but azure the azure vms are starting now um it means we should um because.

A

Basically, yes,.

B

A

A

Bootstrap yeah but- and I think well, we can log into the um you want to.

B

It's I want to say that it is really nice that, on every platform, the installation processes com is almost the same, um it's even possible to use platforms that are not officially supported like they. I installed um okd for on proxmox by selecting platform, none and I provided the ignition files to each vm manually and yeah. The cluster came up and the procedure is always the same. If you have you have the freedom to so choose um how you want the things to to set up with upi. I, like that very much.

B

um You have full control about your installation and the opposite opposite installation procedure is to use ipi where you have um less control about what happens, but yeah. You have to not take care about it. It's easier! Yes,.

A

Bootstrapping and azure is done so that's good, so we can kill the bootstrap, but we don't need to why, because, basically, the committee is installed.

B

I think they kill it. It's installability normally.

A

Yes, so now it's basically, uh the masters are in control, oops, what uh we already have the cluster. So people don't look at this.

A

B

Yeah, it's something with joseph I've seen it.

A

So I need to log into the okay: is it really.

B

A

Running yes, it is already up. So it's the initial issues with the vmware installation, but they this is the api. Why is called api? Oh? No! No! This is the kubernetes abi. No, it should be.

A

ah This is the old one. Yes, sorry, sorry.

A

False false alarm.

A

uh At the beginning, I think we should have resolved it before we continue. Actually it is coming up. If you look at the so, let's say: let's see why it's not coming up.

B

Because yesterday.

A

B

We had a few problems with the set with the environment. um um I have. I have installed um okd on vsphere since january this year, and it always worked so. Yes, it's a problem with our setup. I think.

E

Too many cooks in the kitchen.

B

Yeah but but um normally it takes half an hour. We we have, we talked um lots about the insides and maybe we should have started with the installation just in the beginning and uh let it install for for the hour, but um you can believe us. It works either on vsphere and also on azure. We have done it several times on this weekend.

E

We'll we'll let you sit there in the background and run it for proof of life and if you come back we'll.

B

At least azure will finally end in a working console.

D

E

Which, I think is interesting because it's the one you have to do the biggest workarounds for yeah.

A

But the workaround is clocked in in the install booth. The only thing is that you have to take care of creating the cache, but even if you don't do this, it should work.

A

There's another way to customize your cloud chill and you get a larger storage. If you really need to do several ones.

B

A

B

You can also create a vm um and run the installer there. It's also faster than doing that in the in the azure cloud channel, because azure cloud, shell, is rather limited in resources.

A

Yes, so as long as you are in azure, uh that would be okay and hopefully okay. Actually, you reminded me uh if you are, if you want to help out and make microsoft adopt, fedora coreos faster.

A

There is a voting here.

B

A

Yes, so if you can vote to this issue,.

B

Only seven votes.

D

B

D

Vote now put the link.

B

In we should provide this link somewhere in slack.

E

B

I don't understand what happens uh valid. I think we are, we are um the hour is over.

E

It is the the the only thing you can go on a little bit longer if you need, if you think, you'll get the azure one up it. Just uh the live stream will will stop so don't yeah. The blue jeans will continue on forever. So.

A

B

I don't, I don't think that it will be ready in a in a couple of minutes to take. I think my my expectation is, it will take another, maybe 15, 15 minutes from now on.

E

Are you out there walid? Would you like a last chance to proof of life on azure.

A

Hi hi there. Yes, I am here. uh I I shared the link on the chat. Basically, this is an application uh from um graham shipley, uh an excellent hacker. Okay, so, basically, should I start sharing my screen.

E

Yep, go for it and.

A

Okay, world wide.

E

West app, I remember, grant shipley doing this favorite ways to waste time and.

A

Yes, so basically I'm killing bots. So here it is basically I killed the boat and it's been recreating it very fast and the developer experience you can see. The monitoring is really good, and so this is for this project, the wild west.

A

So the dashboard is up. I like this. This is like this. This is last week release this is table release and I, like it, it's it's perfect. I didn't need to do the the batch shop. Everything looks fine, so all the operators are working. Fine.

A

uh You can see the memory, it's really not utilized. Still, you can see the network transfer, you see the number of node six nodes and I can click on them and see that it's the javascript cluster we created earlier.

A

What else do you want to see and from operations point of view, it tells me that I can update there's one release after this, so I guess, if I click again, let's see there's only already stable after that one.

E

Okay, I think that would take.

A

It depends, uh it depends really.

E

Yeah in saudi arabia right now, that's the real question but yeah. How late is is it after midnight? Now, where are you.

A

It's yeah five minutes after midnight.

E

Yeah we're keeping you up, um I think that's a very good proof of life, um even though the update is failing. I I think you might um might uh let it go. Did the vsphere one complete.

A

I deleted it, so we thought that that's uh that's it so we deleted it. Okay, I'm sure I can bring it up again. I'm trying the automated one for v3 really. I want to get this thing up. Yes, okay, so the update failed.

A

Change: okay: this is still very early release. I mean it's not tested very well yet this is last week and the update is like two or three days ago, only yeah. So nobody is playing this game.

D

E

It's I think it's at this point. I've been up since.

D

uh Somebody's playing, I can see.

A

I can see that yeah I can see, but.

E

um Yeah here I'll hit I'll hit you up a little a few more times here oops, but I think it's, uh I think, we've hit the end of our um energy, for demos and and for the day, and I'm really.

C

E

You could do that, and this is this is a great slide too, for all of the. If you go to full full view, it in full production that presentation a great way to end the day here, um killing pods, because there's no better way to pass the time when you're at kubecon over the next few days. uh Killin pots is probably what a lot of people are going to be doing.

E

And yes, this has been a wonderful day and I really appreciate um the openstackers for getting up early out there in australia you for staying up late uh charo, for you know, sticking in there from the beginning of the day, it's been pretty pretty wonderful.

E

um If you want to hear more, I highly encourage you to check out okd.io and join the okd working group, because you'll get announcements of new events tomorrow there is actually a an okd working group meeting on the fedora calendar, which I think I'm going to share my screen. Just for half a second here and take over.

E

um Did I leave oh see there? I am I'm shooting you down. um Okay, working group is meeting and I'll move this over and then the fedora calendar grab that link if you're interested.

E

This is um a great way to um subscribe to this calendar I'll, put the link in here and you will get all the info tomorrow, we'll be online again just for an hour um while we run through I'm so totally amazed at how many and all of the demos completed, I think the only one was the ipa over head. I think we just ran out of time debugging it, but um we did manage to put in a live issue into okd, so kudos to everybody.

E

um Thank you very, very much for your time and um I'm looking forward to seeing a lot more of you all um in the coming months. um I I know I heard from a few folks here who are looking forward to deploying it in production. So as you do that um okd and production, we want to get your feedback. We want to hear your war stories. Hopefully they'll not be war stories, but um and as always, updating the docs and sharing the slides to all of this stuff is key.

E

So openstackers, if you can share your slide deck with me, that would be awesome and I will endeavor to get this the all the videos up by the end of day tomorrow. But I look forward to seeing you all online tomorrow as well for kubecon.

E

So um if you're looking for us, I should be in the red hat slack channel somewhere um and there are tons of good talks coming live at kukan tomorrow and the next day so stay tuned, and we will hook up at the working group meeting tomorrow and let everybody go back to their days and that's then probably one of the most fun days and easiest working group events. I've ever done because I made everybody else: do the work so I'll love. It.

D

And we'll do it again so take care all right take care. Thank you. Thank you very much. Thanks.

D