Red Hat OpenShift OKD Working Group, 20 Mar 2021

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: OKD Home Lab Deployments -3 Approaches | OKD Working Group 2021 03 20

Description

OKD Home Lab Deployments - 3 approaches

Guest Speakers:
Sri Ramanujam (Datto)
Craig Robinson (Red Hat)
Vadim Rutkovsky (Red Hat)

OKD4 using ER-X, NAS w/ Ceph using 1 master and 1 worker
Productionesque OKD4 Homelab-3 masters, 9 workers, with Rook+Ceph
Vadim's Home Lab

from OKD Working Group Testing and Deployment WorkShop
2021 03 20

https://okd.io

A

Alrighty, so I thought we could do this in a sort of format that like where we look so over here. I pulled up the bare metal cluster installation instructions. This is a full document that goes over. Basically everything you could ever possibly think of to get an okd cluster going from scratch on bare metal bare metal upi I should specify- and over here uh is my sort of explanation of my setup and supporting infrastructure that I have.

A

This is uh in that repo that mike mckeon is maintaining so that'll be available on his repo and then eventually, I think in the main, open shift, okd repo once everything's sort of straightened out- and I thought we could just go through and sort of go through everything here and I'll show you what I did in my home lab to fulfill the requirements. Like you know, network connectivity is a really big one.

A

A bunch of us were talking about that during the the set the stage session earlier stuff about like csrs and creating infrastructure and I'll show you the um the terraform scripts and the bash scripts and and the stuff that I have set up to get all that going and as we go along.

A

uh You know if you have any questions pop them in the chat and uh craig feel free to interrupt me literally at any time, and just like ask me the questions and I'll answer them and then, whenever I get through that, you know we can talk about. uh You know other home lab setups or uh you know if the dean wants to come on. I think he's in here, maybe he'll pop away later. If he wants to come back and sort of talk about his home lab setup.

A

I don't know if you're going to talk about that in the single node stuff as well bidding but yeah.

A

So uh without further ado- uh let's I think um I don't know I I can go first or you can go first it I think I mean so long as I'm talking I'll go and then you can talk about your setup afterwards, video. I think that yep mine's not much better. It's just more completely documented. I think so without any further ado. Let's get going um so over here! I uh you know these are the resources I'm using basically to get the setup going?

A

The bulk of it is these big three, relatively big hyper-converged hypervisors they're, all identical boxes that I've sort of built up over the course of a couple of uh maybe a year or so. As you know, I decided to get more and more overkill with my setup.

A

They have a ryzen 5 3600, so that's 12 virtual cores right there 64 gigs of ram each one of them comes with three four terabyte hard drives: two 500 gig ssds that I raid one together for redundancy and then the boot disk for each other hypervisor is just some random little budget. Nvme uh m2 drive that I that I just sort of stuck in there, because that's not the important part and all of my supporting infrastructure is mostly run off of this one nook that I had laying around gathering dust small little intel core.

A

I threw with 16 gigs and uh slapped a little 500 gig ssd in there. So the bulk of the of the sort of the expense of this is all in here, because this is way overkill like for any workload any individual person ever could have.

A

But you know what that's what makes it fun my hypervisors are each hosting an identical workload. So this is the way I planned it out. Originally, I was gonna. Have the size of cluster? Be three control plane nodes, one on each hypervisor and then nine worker nodes split three three three on each hypervisor, so my control plane nodes. I gave them four vcpus 10 gigs of ram and a very small 50 gig root disk.

A

They don't really need much more than that for what I use them for, and the worker nodes get eight cpus and 16 gigs 50 gigs of root disk, and then I also pass in one of the four terabyte hard drives to each one. This will get used later to set up the the rook plus ceph cluster, for the distributed storage for all of the container workloads, and then the bootstrap node, which is very temporary, is just another vm that gets spun up four vcpus, eight gigs 120 gigs of root disk.

A

That only stands up for maybe about half an hour when you need to first set it up.

A

A

So like that kind of takes care of the required machines requirement over here, I read this and I was like okay, let's see how far I can push it uh the boom. You know the control plane. You'll. Note, I'm oh wait! Let me zoom in on this, so people can see it so the control plane here uh you'll note that I'm really sort of going not as hard on storage as the recommendations say, but that's okay, because log rotation is a thing and so far I haven't run out of disk space.

A

Yet uh the compute nodes, I'm over provisioning and the control planes I'm kind of under provisioning. That's also okay, mainly because the it as you'll see. I have all my nodes up over here. Where are they right here? Is that showing up at all hopefully but like they don't run out of memory very much as it is, so it all works out in the end for something like this, where it's totally overkill anyway, um the main important thing that you know took me ages to get going was the the networking stuff?

A

Oh dear lord, the networking stuff where's network connectivity requirements. No is it somewhere in here.

A

There there are networking requirements for user provision infrastructure.

A

This section of the docs took me, maybe like a week of just reading and experimenting to fit to get it all sort of straightened out what is necessary and what isn't necessary.

A

uh It goes into a lot of detail on like what ports need to be reachable from what subnets, and I suspect that is so that you know people who have actual real network topologies can uh set up their routing rules correctly, whereas I'm just on a flat home network. Everything can talk to everything else.

A

So a lot of this, actually, you can just straight up ignore which is really great, if you're in a home, lab setup that isn't too complicated or doesn't have too many weird vlan stuff uh things going on, and then uh the the really important thing that these docs don't actually mention for whatever reason, and hopefully after this uh somebody maybe it'll be me- will remember to make it a pr or something up to the docs repo is that um the nodes during their initial bootstrap need uh ptr records, set up for them to figure out their host name from dhcp and dns.

A

If you don't have that, then they all come up with the same hostname and then the cluster doesn't come up at all so yeah and as vadim says, the docs do take like a whole bunch of proxies and meters and all this sort of stuff into into account. So they look really complicated, even though I think for most deployments at least in a home lab skill, probably more than that, you don't really need to worry about most of it and then the important thing is just to have a load balancer.

A

So the docs talk about all of this and talk about the ports and the stuff you need, and they also say you know you have a separate ingress load, balancer most people, I think, run the api load balancer and the ingress load balancer, or at least I do just as the same vm. It's a.

A

I just have a very tiny little vm that only runs a shape proxy two vcpus 256 megs of ram as little disc as I could get away with giving my little ubuntu install and a very, very straightforward, itchy proxy config that I will show you later.

A

I adapted mine from the config file, that's generated by the ocp4 helper node ansible playbook, which is a this ocp4 helper node. I think during the main stage a few people made sort of references to it, but this is what it is.

A

It is a bagel ansible playbook that sets up an all-in-one node that has all of the sort of supporting infrastructure that you need to run a full openshift for cluster, so the dns, the load balancer web server serves as a bastion dhcp pixie, for you know, bootstrapping the fedora core os or you know, red hat core os machines, nfs tftp.

A

So like this thing, you just point this at a vm. It will set up to run all of it really helpful, but for a lot of people's home labs. I don't know that it is if, if you can figure out a way to get it all into your environment, it work it'll work really really well, but if you already run your own dhcp or you run your own dns, then parts of it become less helpful.

A

uh In my case as it turned out, I really only needed the uh h8 like the api and ingress load balancer parts, so I just spun that out as its own tiny little vm and after once you have, and then the other half of it is is the uh port allocations and all the various sort of dns things that you need.

A

I don't know where in the docs there it is user provision dns requirements, so all these dns records you can actually set up once before you even you have to set them up before you even try to start deploying a cluster. The good thing is after you set them up once you don't have to touch them ever again. So that's what I did.

A

I just set them up once and, as I experimented with like getting the actual cluster up and running, these are all just sort of one time things you have to do and then you can set them in a corner so like, as I said, because I am incredibly overkill.

A

My I my dhcp and dns is both managed by active directory. So I have a full ad domain running in my home lab environment and I use that for dhcp dns and like authentication and ldap and stuff.

A

So I have all of the I have my dhcp reservations set up. I know it's really small you'll just have to take my word for it, because I can't I don't know if I can make it bigger without sort of making it weird.

A

So like you can see all my dhcp reservations here and scrolling further down.

A

uh All of my sort of like the api and api in to all the various sort of things like these two are pointing at my load. Balancer, the everything gets it all the dhcp static reservations get put here, so I just set this up once maybe like ages and ages and ages ago, and it all just works and then especially the xcd uh records the a records and also crucially, the srv records.

A

This is too big there. Crucially, the srv records are the actual some of the more important parts for this, which is, I think, they're in here. Yes, the srv records for the ncb server ssl stuff- I don't know why they're necessary, but the documentation assures me that they are- or at least they were when I first set all this up back in the okd four three four four days um also very helpfully uh this didn't. This actually didn't used to be there when I set up these records, but they had an example.

A

uh They have an example zone database now, so that helps to serve as a instructive example and see here the ptr records that did not used to be called out by name, but now they are it's very helpful. Oh yeah and dns ptr records. Look at that.

A

So once you have all of the records and your load balancer and all that stuff in place, you can actually get around to deploying them. So I I believe that the actual open shift, install program bundles in the terraform uh terraform and the terraform lever provider to actually do this for the ipi based deploys. So I just broke that out and I use that I I have a whole bunch of terraform.

A

uh I don't know what they call it modules I think playbooks somethings for each of my hypervisors and the bootstrap, and they all take care, and so I have a module in here that sets up the bootstrap, the master and the worker node, and I have a module just for making sure that I can download and push the fcos base image to to the vms to boot off of and then each one of these uh you know will take care of setting up the appropriate number of masters and the appropriate number of workers based on variables that I pass in.

A

So it's all very sort of pluggable- and I have like this file tf vars- that I can use for just ssh into everything and set it up. I'm not running anything very fancy on the hypervisors themselves, just bare libert.

A

I did seriously consider running an openstack, but that would have been too much even for me. This was already overkill enough as it was. I thought the bootstrap of course gets its own separate one, so I can put it up and tear it down separately from the rest of the infrastructure. um I'm sort of running through it. We after I go and vadim goes.

A

uh You know there will be time for for people watching to ask more details on all of this, but that takes care of basically getting everything into place, especially this section about creating f cos machines. uh The documentation itself, talks about you know you want to do a pixie install or an iso install if you're, deploying to vms a pixie install is probably a little bit too much. If you don't already have a pixie environment set up that you can just use for this.

A

I think just you know doing a bare cue cow 2 or having like an lvm thing with fcos sort of dd onto it and then just booting it with ignition, because qmu can pass that in directly and ignition works with that. Just fine and that's honestly, my preferred approach.

A

What else needs to happen? And then so? The bulk of my orchestration is actually done with a um with a script. Here called: do the thing: dot sh, it's a great, it's a fantastic script, and so it takes. I I it's very specialized for just my environment, but it gives you an example of just like here's everything that needs to happen.

A

So I download the latest okd release. I download the latest core os release and then I create the manifest right here. So I have an install config.yml. Let me pull that up very quickly. Here's my install config.yaml, really really simple. You know my base domain for upi. You always set the work replicas to zero mastery.

A

I set to three because that's how many I have I give it a name set cluster network service network network type, my uh pub key, so I can ssh another nodes if I need to and a fake pull secret, which I don't think it's necessary anymore, but it used to be- and I just have been too lazy to get rid of it, and so from here I create my initial configs.

A

I use terraform terraform has been configured to point at the ignition configs that are generated by the install I terraform apply, and then uh I wait for the bootstrap to complete, and so that's.

A

This is what uh you know we were talking about earlier, like in stark contrast of 3.11 sort of you know, giant pile of ansible playbooks that I don't know if any of you guys are familiar with that, but it was it took a long time and could fail it any part of it, and you always had no idea why it failed or what you could do about it.

A

This is way easier because it's kind of a binary it either worked or it didn't like. If this doesn't work, you there's really don't worry about it. Take the vms down, try again and if it doesn't work three times in a row, ask for help. It's great you don't have to, as as somebody just trying to use it and get it going, there's so much less. That is environment specific. That could go wrong with this setup, and that's very, I think I.

B

Think that's part of the whole reason they did open shift. Four from three, I forgot one of the yeah just to chime in one of the meetings I had intended. They said that they had something like 11 000 support tickets.

B

It generated just off of the different setups from folks using a different, open shift, 311 setup. So then, now that this is a little bit more immutable, that's the whole reason. You know it makes a whole lot simpler. So all right, that's all my charming carrot. Yeah.

A

No for sure for sure, and then after that I take down the the the bootstrap uh after the bootstrap's up woohoo, I sleep for 20 seconds, which is actually too much uh for so I just give aj proxy time to realize that my bootstrap is out of the rotation, because I am incredibly lazy and nope.

A

My port 9000, please so here's my h, a proxy and all of its glory is detail so, like I just leave the bootstrap in the aha proxy and uh I use the tcp check and it just doesn't route anything to it. It's great, I don't have to think about it. This is again more like static configuration that I get to just set up once and leave forever. It also takes care of figuring out where my ingress replicas are, which is great. The machine, config server, stuff and all just it's all.

A

Wonderful, aha proxy is truly a beautiful piece of software, um so I sleep for 20 seconds to get a load balancer out of the rotation and then I sleep for another 10 minutes, because something is happening here and I don't know what it is, and so this is kind of the downside of uh having sort of very opaque it either works or doesn't set up.

A

I really have no clue why I have to wait 10 minutes here, but I know if I don't, the api server will sometimes refuse to work like I will make an oc call and it will come back and the api server will just say. No, I'm sorry, I don't know who you are go away. I don't know why. But if I wait 10 minutes it doesn't happen.

A

So in the interest of just having a run, it walk away, come back an hour later and your clusters up kind of script. I just sleep 10 minutes whatever, and then I do this specifically to annoy the team. I uh sit in a loop and just approve all the initial worker certs, because I trust the vms that I spun up. 10 minutes ago and well, the dean has repeatedly told me, and it is good advice- do not trust infrastructure that you just spin up in the cloud to be from yourself he's right.

A

I don't know how that could happen really, but he's right. That is a possibility. It's not a possibility in my setup behind my tv here, so uh I I just spin in a loop until I get all of my workers approved and then once that's done, I label some stuff for uh the rook step deployment. That's the other big thing that I do. The four terabyte disks that I use are all they I just pass in the renders to each worker vm and then each worker is actually running a ceph osd on it.

A

So I have basically one worker per ceph osd, so I have nine discs in there. So a nine node os uh ceph cluster. So this is all labeling, some chassis for uh seps topology stuff, so that it does spread those placement properly, but- and so actually right about here- I didn't want to point out after after this step after the workers are approved, the csrs are approved and they all report ready into the cluster as of right here, technically the okd setup part is done.

A

um That's the fun part everything after this point so about halfway through my scripture. Everything after this is just like post deployment configuration or day two setup, I think, is the as the docs call it somewhere near post installation configuration so like act right after that. Everything like the cluster is up and it is technically usable. It's not very helpful to use it at this point because there's no like container storage. The registry is not deployed.

A

Nothing like that, but technically it is up and it could run workloads at this point and that's very cool to think about. So after that I I do some housekeeping kind of things. I patch the ingress controller for my wildcard cert that I use for internal stuff, and so then I have to wait for the ingress to restart itself and then the mcd reboots all the nodes. For some reason, I don't know why. I think it's probably to get the ca certificate stuff in there.

A

uh So then I just wait for that to finish packed up a little for loop here to wait for that to finish, and then uh once that's done, I set up my ldap authentication, as I said, I'm using active directory.

A

So I just have a little ldap yaml that just sets that up and then, after that I set up rook and rook because of some fantastic work done by literally everyone on the rook on the rook side of things is almost easier to set up than okd itself, which is incredible, because I've also set up set clusters by hand or with the fanciable playbook, and that was what a battle so having.

A

This is like such an amazing thing that I can just literally oc apply a couple of ymls just from github and it'll come up, a cluster will come up. It's incredible. It's amazing! I cannot recommend it enough like if you have gotten to the point where you can stand up an okd cluster or even really a kubernetes cluster in general, and you just have some spare disks, give them to kubernetes put rook in it. Life is so much better. It all just works. It's incredible! It's amazing!

A

So I just I set up my storage classes and my and my pools and stuff and that's kind of a tangential thing. I can go into more detail about it if anybody's interested and then I just wait for the cluster to come up the set cluster to come up and then, after the theft cluster is up.

A

I tell the uh I tell the registry to go, use it, and so it goes and just makes its a pvc for itself. I wait for that to bind I patch the registry, so it does the external route I send. I configure metal lb, which is the other half of the magic here that allows home labs to just be super super super overkill and cool, because load balancers are basically the only way to.

A

uh As far as I understand with my, I will admit, incomplete knowledge of the kubernetes ecosystem in general. If you have something that can't be routed through your inquest controller, non-http traffic or something like that, um then basically, the only way you you can get it out is by a load, balancer or a node port.

A

um I didn't really want to do node ports, but they were. I was using them as my only option for a while, until I discovered metal lb, which is basically it makes you feel like you're running in a real data center, because it will just use like arp to broadcast around like advertise for a random ip and it'll just redirect traffic to it, and it works really really well. I would recommend everybody to just deploy metal lb anyway.

A

Just so you have access to some to like load, balancer type services, and then I configure my monitoring uh I have I have I it like. Openshift comes and like okd comes with all this monitoring, so I just I have a little helper program that I will pull up. It's just a tiny little thing written in rust. I actually have it linked from my uh from my okd deployment configuration guide here. It is just a small program.

A

I wrote that it's just a little web server that waits for alerts from the alert manager and we'll just post them to discord. So I have basically my own ad hoc single person, monitoring and alerting setup. All thanks to okd. I shudder to think how much work it would be to set up the kubernetes mix-ins and do all of the prometheus stuff manually from a vanilla, kubernetes cluster. So this is honestly a huge value. Add for okd in my book that I get such comprehensive, alerting for free.

A

I've got an alert for everything from hey the ntp service isn't running in here, and your clocks are out of sync too. Your xcds are slow to uh you know: hey you've got a pdb up. uh You know, during updates, like rook, sets up pdb's for the set clusters to make sure that the club that the uh rebalancing is settled like it's really really comprehensive and it all just works, and it's amazing. It's amazing and that's the final thing.

A

I disable the samples operator because I'll never use it and then, after that, I'm done and so this process. All of these steps end to end takes maybe an hour and a half two hours on my infrastructure and it's totally repeatable.

A

I could take the cluster down right now and spin it up again and two hours later we'd be right back where we started, and so then, at the end of it I have a 12-node completely overkill home lab cluster, in which I run basically everything a whole bunch of stuff that I used to just run and have bespoke random vms. I now just run here and I have crime jobs for backups. I'm you know running all kinds of weird things.

A

I, as an experiment, set up an authenticated smb share, so I'm running a domain join samba as a pod staple set inside of this cluster. That's really fun like it's been, it's been all it took a while to get here. uh You know, because I I had a single, I had a single machine sort of.

A

I think it was three note: okay, uh openshift origin, 311 cluster that I started with and then, when okd4 came along, I sort of was very eager to hop on the train and sort of make the home lab as big as I wanted it to be, and but now after a lot of overkill, I'm in a really cool place, and so that that's kind of a quick overview of my totally totally unnecessarily overkill home lab setup. Here's some just software, I run in it completely not worth the amount of resources I've thrown at this.

A

But who cares? That's not the point uh and with that I think I I. I think that.

B

Was asking for a link to the the repo that you've been showing it's? It's also private. Unfortunately,.

A

It's yeah, it is private, because there are secrets all over it right, like uh the the this is half of it. The other half is services, which is where I have all of my uh like. I deploy all my workloads with ansible playbooks so like I have a role for each sort of name space that I run stuff in. So these are all the services I'm running and like there are secrets all over here, so I unfortunately can't make it public. I can pull this.

A

I can pull the the scripts out that I'm using there's nothing too uh weird in there. I will definitely think about pulling the scripts out and adding them to uh the deployment configuration guides. As an example, that's a good thought, but I can't show you the scripts as they are now because secret secrets all over here, it's a private repo. I don't know just so that I didn't have to worry about it. Yeah link to the deployment configuration.

B

A

Awesome yeah that'll, that's my fork of it and it'll all be merged into the main one, el mico or mike mcq, and then, hopefully, afterwards, that'll just all end up in the main okd repo yep. So that's that's my stuff. How do I unshare there? We go.

A

So that that's my completely and utterly overkill home lab setup, and I think the deem's also got a much more tame normal type setup. Yes,.

C

C

um Do we wait for questions, or should I just jump in.

A

um I don't know honestly it whichever way you want to do it, I don't know if there will be, maybe we can go through both of our setups and then uh we'll take questions. Yeah.

C

Okay, so I'll share my screen and we'll look into my setup. So, first of all do not am I mute it? No, no first of all do not repeat this at home it runs a single master, meaning you probably won't be able to update.

C

uh Second of all, it's very very slim and like three stuff on the resources. I have a machine with 20 gigs of ram and the other one is default laptop with eight gigs of ram. You won't be able to run there much, but as an example of how low uh getty can go that kind of works, uh so the pinnacle. The part of my core part of my stuff is my router, which is a standard edge router from ubiquiti. Here's a picture you can enjoy my insane cabling skills.

C

It provides me with phdp and I have all the hosts pinned to their particular mac address and somehow it also manages the dhtp in a way that the hosts get their host name automatically.

C

I don't know networking that much. I didn't use any ptr records and such, but somehow it just works.

C

Another part is that the router has dns mask embedded, but the ui is terrible.

C

This is why I've set up an ad guard home here, because I can set up a tls dns over tls and that would stop uh pushing my isp to the limits because for some reason it hates udp and I can also define my own custom hosts here. All of them are pointing to my load balancer machine effectively, and so that's that uh that's the router next comes my storage box, which is here it has nfs. It has a single node, sev cluster.

C

Also don't do this ever, but I need it because nfs is so bad that for for sql, basically it doesn't work with it entirely. So I had to host a simple block storage so that I could use csi and run some software which uses skill lights.

C

This host also runs a typical hd proxy, also copied from the helper node, which has a very, very standard. He proxy template next come the actual host. I have just two of them and I initially provisioned a laptop which is now my compute node. I started it with as a bootstrap node. It has eight gigs of ram, it's barely close to what the bootstrap needs. If you have a chance to get a 16 gigs of ram, that would save you a lot of time and I also upgraded the default ssd disk to something m2.

C

Also pretty small.

C

Because the yet cd was happy but was showing quite a huge latency during upgrades, because this is the time where you pull a lot of images, start new containers, and I said he was very unhappy about that. uh Yeah pictures, um it's just the box, uh that's my self uh dashboard. Also don't do that, but since I have like I'm using 20 gigs of it for the storage, I don't experiment on this cluster. It's just actual production.

C

So that's more than enough for me and that's the view of my oh giddy stuff. I run quite a few projects there, most notably the most helpful operators, probably the pipelines, because what I can do is that I can change things on the console. Unlike the git ops approach, I change things in the console and periodically. I think, every couple of hours the script runs and saves all the manifests using oc item inspect.

C

It saves all the cluster versions, operators node status, all the all m operators, I'm using inspects all the projects I have access to, because I'm not much interested in default. Openshift projects remove some nonsense from it.

C

I don't care about particular parts. I don't care about events, um I strip the boring stuff from the ammos generations of link and so on and finally, it gets committed, saved and pushed into my internal guitar instance. So, every couple of hours, a new comment is created. I can see what has changed in that cluster and I should trip that out. It's boring and I should rip that out too and so on and so forth.

C

So it helps me track back of what has broken and kind of restore the state of my cluster back to whatever I had especially a particular application breaks down.

C

Another useful operator is snap scheduler that helps me create snapshots of my pvcs here. Do I have access to it yeah, so I use ceph as a csi.

C

Volume then nope no snapshots, maybe I this user doesn't have no and every couple of hours or days it creates a new snapshot. So if something breaks in the application itself, we can easily roll it back as a pvc and replace next comes a wonderful piece of software called loki and grafana, which stores all the container logs almost effortlessly. I think it uses 150 mac and each promoter agent uses 70 mac, which is nothing but I can do searching by logs, for instance,.

C

And this one is force.

C

Okay, um the biggest downside of this setup is that since it's a single node, it's incredibly hard to update all the operators would work fine until it stumbles on machine config, because machine config has a setting that no more than one master node can be down at all times, and I only have one so. What I have to do is to make it reprovision it back to original.

C

I'm fetching the masters machine, config annotate it with the desired config notion that note as if it has already upgraded and tell machine config daemon to upgrade it to reprovision it the whole stuff. It doesn't work out of the box because it also tries to install necessary os extensions like uh qml agent and and most importantly, network manager obs. So I have to cancel it in the middle and if the node doesn't come back, I have a small heart attack because I would have to fix it.

C

uh This has bit me quite a few times so use it at your own risk.

C

um Installation yeah, that's covered upgrading.

C

This is very dangerous, but the the whole issue is supposed to be fixed in 4-h. So I'm really waiting for this to land and stable, uh useful software yep. This graphana is provided by the graphene operator, which takes care of all the data sources, the dashboards um and can upgrade graphene from one version to the other. By just changing one setting in the operator, snap scheduler covered tickets around also covered useful software, your own git server, home assistant, great stuff to control, uh smart home appliances or just collects all the information in one single piece.

C

A bit more than to keep passwords vino is an s3 like storage.

C

I don't think I mounted it anywhere in my apps, but certainly possible with different csi stuff uh next cloud, a terrible php application, but it does the job syncs. The files across multiple devices navi drone is a great music server which follows the air sonic protocol, miniflux hair accessory there and a lot of iterated stuff like method, synopse and pleroma, and the wallaboc is a great application to keep the pages and read them later, and I think that's probably all I've got.

A

Two two very different extremes there. I, like it.

B

Yeah, that's awesome: hey uh vadim. Did you have a link to that um page? You were just looking at on github.

C

C

Yeah, there's also play requests to send three basically.

B

That's what it was: okay.

B

B

That would be a good time. I guess to ask if there were any questions for either either home lab.

A

Or we can just say here and nerd out about how cool all this is, because this is very cool.

C

um Looking at your script street that yeah touching stuff in the middle of the deploy.

C

I think it can be worked around rather the proper way to implement this is to pass manifest to installer. It has a special folder where.

B

C

Would put stuff and tell it to keep applying like yeah this one.

B

C

When you change the wild card, I think it makes your oh yeah since you're patching a proxy that certainly makes the mcd lay a new file. So instead of getting one consistent config in the beginning of the boot, it gets it in the middle. So it makes the movements that should say that.

A

That definitely will save me some time yeah. I didn't. I didn't realize that everything I I to be fair. I have not really looked at all of the yamls in there and tried to figure out what they're doing so, like everything all of the uh cluster configs. All of that stuff gets laid out in that folder. First cool.

C

Rather, it get mixed in into what the openshift installer generates right and either you there is a create, create manifest command to lay them out. I think yeah.

A

I think I run them both because I actually do have to set the master schedule schedulable true to false, not that it doesn't. It doesn't break anything anymore, but I'm unreasonably paranoid about running random workloads on my masters.

A

So I think I yeah, I think I played with it and it almost broke everything. So I.

C

I put it right, they all get merged into one in the end, so there are two ways to approach this either generate and do said or create your own wait. No, maybe it won't work with a schedule or conflict. There has to be only one or maybe it would so. The other option is you lay out just the master schedule change into its own yaml file.

C

Openshift controller merges them as if it was changed in the beginning and generates the ignition file. So from that point it looks as if it was has been there forever.

A

So I could, I can make a whole file that just like sort of is a patched subset of this yaml put it in that folder and it would- and so I guess long as I named it afterwards, it would it would merge it.

C

Yeah again, it's only possible if you have it. Statically like there is.

D

A

C

Yeah yeah, but.

A

Everything I'm doing is totally totally static.

C

A

Proxy stuff certainly should save you like a lot of time. Yeah most most of the time here is just, um and this will also answer the question. Dan just asked what provider I'm using the uh libert terraform provider. I think that's what it's called this guy.

A

This, I also believe, is what gets built in is one of the providers that gets built into the openshift install itself for use for the libert ipi deploys. So this this provider is extremely handy. It handles doing the ignition it handles. Disconfiguration network configuration the whole smash. It's it basically does almost everything and they also provide an xslt escape hatch to configure bits of the liver xml that it doesn't quite know how to do yet so extremely flexible tool.

A

That's what I run against, so I just have it set up like each one of my: uh where is it inside terraform, here so library, library, three and library, four, those are the names of the three hypervisors library. Two is the knuck, which gives you any of the ordering of how all this stuff got set up.

A

um So, library, library, three and library four are each of the hypervisors, and in here I have a I have a main and so like host equals var.hose, so they all just set up and it will deploy a master and three workers with all of the config file and then each of the modules in here I'll just look at the master one as an example right. So this is. um This is all using uh the lib, the resources provided by that provider.

A

Libvard ignition look for volume, look for domain, and so like this all just gets uh these files I get passed in by up top it's it's kind of confusing to sort of see it all in one place. Let me go up here and I'll show you so like, for example, this this con, this content thing. So this is where the ignition file comes in and that's var.ign file.

A

I actually specified that up here in in the per hypervisor config, and so that I set a dot.configmaster.ign which, in turn is where the openshift install binary spits out its ignition files.

A

So once I run all of that, I just pass it here: the provider ships it to the hypervisor sets it sets qmu up to use it and then from there it all just proceeds as if normal super super convenient saved me having to set up a whole pixi server for the temporary purpose of deploying these vms, like the docs recommend- and I think that's probably something we could- we could tell people if they have an entirely virtualized environment that to use a provider like this.

A

I don't know how helpful it would be in a generic sense, because upi is literally everything, and this is kind of provider specific. But.

C

I'm very nervous about recommending people what to do because yeah they should know what they want, and all we can give them is a bunch of options like this is why we're collecting all right guys and I think, focusing on some particular way like use terraform. That's not the right way to do that.

A

Yeah, I I get that, but just an example of what you can do with terraform and patience like most most. I think the longest part of this uh unfortunately is waiting for uh the fedora coro is download, and then I I actually have an lvm library set up to like chop it out. So I have to like uh turn the qcow 2 that comes down from the f cos thing into a raw and then take that raw dd uh four times for one master, three workers to three separate lvm things.

A

That actually is what takes the longest. Unfortunately- and I don't think, there's a way around that, oh well, but mo actually setting everything up is fairly quick, just gut measurement. I.

C

Wonder if you have access to cluster api like when you set it up, you don't get any machine sets right.

A

No, I I no machine sets or anything, because I would need the uh the liv vert thing. So I that would be another approach, but I don't know how flexible the the livf machine operator is going to be that's something to look at, but I definitely have it's interesting. I've seen the project, I'm sort of keeping an eye on it, but for now deploying it statically is the way to go, especially because I need to it's a very static configuration. It's only ever going to be these 12.

B

A

And they're going to be set up exactly just so, so I don't like the health checks would be the thing that would be super helpful to have from the machine set. I don't really need the auto scaler. I have no use for it, but the machine health checks would be cool.

C

The health checks are basically implemented for sport instances. It doesn't make much sense. It really weird work, but yeah. If you don't have an auto scaler, then having the whole machine set. Cluster api, I think, is probably even a bigger oval cable, which is a challenge.

A

Yes, I'd be I'd, love to figure it out and so like yeah. These are all just auto generated, but they're all here I don't know what to do with them, but it shows me them.

A

Yep, the main part is the nodes. I some it's funny here, like you know all of this and like all of my all of my ram legitimately, all of it goes straight to uh how do I do it yeah nodes or I guess I can go to projects right and I can sort and go legitimately. All of my ram goes to goes to seth. I have no idea what it does with it. To be honest, I should I don't, but yeah 45 gigs, basically 44 gigs straight to ceph, it's half the reason.

A

I had to go this wide in the first place, because when I tried to set up smaller sev clusters, they just ended up eating all the ram on the host itself, and I had no room left to run actual workloads.

C

Does it go to actually with these or something or the golang part.

A

Yeah, it's it's all to the osds. I oh please. Oh all right. It's happening.

A

This this view always takes a while in the project view I wish. I knew why, if this is also probably because my ncd cluster is slower than it should be, but.

C

I think I've seen.

A

C

Related to its console bug, it shouldn't take longer.

A

C

A

I'll go straight to the pod view, then that'll work, so all of them all of the osd's are at the top and they all they're all very uniform, but they all sort of go up to around four to six gigs and then kind of sit there.

A

I have no idea why I suppose seth is doing something with the memory.

A

Everything else is kind of tolerable, the mons and the and the mds is for the for the sapphifes, but in in general, because uh because rook is upstream of, uh I think ocs these days, they have special openshift support in the upstream rook project. So I get to set up uh the I get the the pdb support, which is very helpful, especially during rolling cluster upgrades, which is possible and works pretty much flawlessly with a multi. With this multi-master setup.

A

I have so kudos to everybody on the okd team for that the openshift team, because that can't have been easy, um but the pdbs are really really cool because uh the rook operator will set a pdb as it reboots worker node so or and it from its view nodes with osds on them. So it'll reboot, one of them, wait for it to come back up and then wait for the the ceph cluster itself to settle and stop rebalancing before it reboots the next one.

A

So my cluster upgrades take longer than they should because it's not just a quick vm update, but on the other hand I don't lose the I don't like get my data availability interrupted at all, which is very, very, very cool.

C

Yeah, the consistency and disruption are the principle of the upgrades. The time is not rather we care about control, plane upgrades. This is super important and workload disruptions if it takes you years to upgrade sad, but you can move on, you can still keep on upgrading and the worker names will catch up. So that's the trade-off. We have to make.

A

No, it I totally get it and it, and I'm just. I just wanted to point out that it works like extraordinarily well it all like in the pdb sort of fit on with it nicely. It's like little things like that that I'm thinking how would I set this up with like a vanilla kubernetes, especially like these, these views here with the monitoring where, where is where is the world's best dashboard?

A

Here it is world's best dashboard.

A

um Neil are my scripts public. Sadly, no there are secrets all over them or all over this repo in general, like actual secrets, like my private key and stuff that I use everywhere, so I can't make this repo public. I can try to pull out the scripts, but they're not really.

A

I I don't think they'd be helpful for anybody who isn't me, because they are very, very very specific to my uh hardware topology as it were, but I can definitely you show them as an example or annotate it or something in the in the in the configuration guide that I have here and sort of do that uh have have I experienced density slowness, dan's asking.

A

uh Do you believe that's a config problem or inherent to the hardware, I'm using I'm pretty sure it's my hardware. I honestly this is like the weirdest issue.

A

I think I've ever ever seen, because it's weird because two of my nodes, every now and again, they'll be like hey lcd, is running slow and then it just resolves itself a few seconds later and then the third one is just rock solid, and so that's what the world's uh worst dashboard likes to show me a lot, because um the distinct durations here like you'd, see four of them are up in, like the fifth like the the re too high, and then one of them is in like the six millisecond four millisecond and the other one's like a 100 milliseconds at 90 milliseconds, it's identical hardware.

A

I have no idea they're, all like almost the same spec. I think nothing different is the motherboard very, very weird, see and like now that I'm using it these both spike up and the third one is just fine. I have no clue.

C

Yeah, that's all I mean the leader, the etsy leader would have a worse thing. Duration of course, but two.

B

C

Them it's a bit odd.

A

It it is weird uh I haven't figured out any rhyme or reason for it. I've seen that some things like there's some, the back before I sort of leaned off of there. There was a time when, like um oc, get cluster versions was consistently like hello.

A

uh It takes 60 seconds for oc, get cluster versions, and I was like that's weird so there there are some oddities about etcd and what it's running on and it doesn't seem inherently related to disk usage because they're they're nice ssds. They if I go, look at them with uh iostat or something they're, fine, but that's sort of troubleshooting for another time. Neil.

A

Could I split out the secrets into a bash file to source or something perhaps I am- I am kind of thinking about uh figuring out some way to sort of full like to pull in the secrets from a separate private repo and then have all this stuff up public so that people can reference it. um I might. I might put some more effort into doing that. It's just not been mostly on my radar, but if people are interested I'll, I can definitely make the effort over a couple of weekends to do.

A

So yep diane's also chiming in like please do. I certainly will make the effort yep.

A

Anything else anybody have a prospective idea to set up their own homeland doesn't have to be overkill.

C

What if, since you're using three hybrid there's? What if you set up an lkd as a bare metal there, you can have a schedulable, you can have schedulable masters and then on top of them you would set up cuberd and run okd clusters within that.

C

I think four, seven or four eight has a native keyboard integration. No clue.

A

Yes, but it I think you just have to sort of enable it. There is a section in the docs about it. If memory serves somewhere down here,.

C

I don't know it wasn't.

B

Installation somewhere.

C

Yeah but the the problem is, it would be very tie all your machines into effectively one hypervisor, so it might be not that reliable but more fun, stuff.

D

A

Yes, definitely something very interesting to play with, but one of my primary goal here was to just see how highly available could I get something that wasn't running in somebody's cloud. Like the reason I I'm using active directory, which is a complete tangent, is because active directory is basically the only thing I could find that does transparent, dhcp, failover, back and forth.

A

So after the first time that my dhcp server decided to crap out for some reason- and I woke up one morning and nothing could get a dhcp address. I was like this sucks and ad was the only thing I found that can transparently fail over dhcp management to another computer and then fail it back to the to the first one when it comes back and so that that's actually a lot of the reason why I'm using ad, even though it is in itself incredibly overkill.

C

Interesting, I haven't heard of a lot of dhcp failure stories, but.

D

A

The vm itself crapped out, unfortunately, and so it took dhcp with it.

A

A

C

Okay, folks, I have to drop, um I think, I'll I'll rejoin in a couple of hours to see if some questions need answering, but if something left and answered, let's keep it in slack, we'll get back to that. Okay have a great evening.

B

Bye-Bye yep later.

A

We can continue chat in here or if anybody else has any questions. Neil dan, I know you guys- and I know you've heard my stories about this before, as we were setting it.

A

Up other than that, craig, I don't know, got anything else. I got nothing.

B

Good stuff, it's pretty awesome home lab there, I'm impressed for sure. You spent a lot.

A

Of time it's too much time, I think, because I I think, neil and I actually first started with an okd like single machine. Three node cluster like uh not okay, openshift, origin 311.. So like I first started this path in when was it neil 2018 2019 somewhere around there and it's just yeah 2018 and it's so this is.

A

This is a three-year in the making home lab, and I think I finally got it to somewhere, where I can sort of use this as a base to ex to play with, because everything before was just like getting it going and then, as soon as you got it going, it would break and then you'd have to do it again.

A

B

A

I've been telling them that for ages, but of course, now's not such a good time to be buying consumer hardware.

A

A

It is it's incredibly dumb now stop by all my stuff used.

A

I think that might be the only way to do it, but even the used market now is starting to get like people are starting to understand that, like prices are inflated, so they're like even on ebay stuff is going up now and a lot of and the other part of it is. I actually built like.

A

I actually built my boxes from scratch, because if they're sitting just a few feet away from me, I can't have like big rack mounts or like the dell power edge type things be too loud, so unfortunately, no one's really selling their old gaming pc chassis, and if so, they make me pay too much for the graphics card.

B

Yep yeah, if you come across a 730 or 370 you let.

A

B

Know I'm still rocking my 1080.

A

I'm running a r9 390 from five years ago. This was the year I was supposed to upgrade man yeah, you picked a bad year.

A

I thought hey five years. That's enough use out of one graphics card, nope.

A

But yeah these scripts, I mean neil neil- has been badgering me for ages to get the to get these to polish them up and bring them out publicly but or to turn this repo public, but like especially in here like, and I think it's worth looking into, like the the just the flexibility of the ansible playbooks. I know the guys who were who are who are maintaining the oh, the ansible collection uh for like the the k and s module and then some community.okd operators on top, but they dropped by.

A

um They dropped by the working group a few meetings ago to talk about their work there, and so I've actually been using the ansible stuff really heavily uh since way before they they showed up simply because, like I'm more familiar with ansible than I am with like helm, templating, because, like all of the config maps and stuff you'll note, it's just, it looks like a config map or like a normal kubernetes yaml file. But I I think the ginger templating is more powerful and flexible than helm templates, which are it's just text interpolation.

A

It's not it's a little bit too iffy from for my purposes.

A

I I just I prefer ansible, uh because I know how to use them, because I think the templating is more powerful and it also makes it really easy to it because of ansible sort of focus on just being able to reapply the same thing and it'll incrementally make progress. It's super easy to. If you mess something up, it'll stop right there and you just fix it and it'll keep going, whereas with helm like.

A

I know, kubernetes itself has the capability to do that, but I can also mix in other types of configuration if I need to into one of these playbooks so that that's also super powerful enough to script it uh with. I can just use an ansible to do everything. I don't have to worry about a bash script that has to also help and then maybe a little playbook for something else that I need to set up.

A

It's really nice to be able to standardize on one thing and ansible has the most flexibility so like I, I deploy everything through um through uh through ansible and one of the neat tricks. I actually found which I don't recommend anybody ever do for a real production workload unless they really know what they're doing, but it's super helpful in a home lab environment where you, where you don't have to care, is that hold on. Let me go find a good example.

A

I think yeah, the media stuff is full of it uh right here so like what I do is I I have okb. Has the image streams have the capability to monitor an upstream uh tag for changes and when the tag changes, it'll, pull it in and that's super helpful. So what I do is I just set up a build config that triggers on type image change from.

A

So I set up a tag here, that's just upstream, and that looks at wherever the upstream docker image is, and whenever that changes it triggers the build config to do a new build and then the deployment config and then that bill config pushes it to a tag. That's only used internally, oh shoot, I'm not you're right dan. I'm sorry.

B

Dang you're on.

A

Such a roll, I.

B

Didn't want to interrupt, I was following you.

A

No, no, please interrupt me so, as I was saying, this is a very neat trick for home lab deploys to just keep your the stuff running inside up to date without any manual intervention whatsoever and the key and the key is that openshift image streams and image stream tags can just keep it can auto, will automatically pull an upstream uh docker image repository for changes to a tag on an upstream image so like here. I have this image stream tag called internally jacket upstream. So this is a tag in the internal registry.

A

Jacket upstream is monitoring the the github container registry tag jacket latest up up in the up on github's infrastructure and it'll, pull that for changes and any time it changes. It'll, pull that down locally and send and trigger an image change, update, which gets picked up by the build config, which will then, uh which can then rebuild the image stream tag.

A

And then I say: okay do a build based, let up stream image and push it to an image stream tag called jacket latest. That's just an internal one and then down here. My deployment config is watching the jacket latest tag and it will trigger a redeploy.

A

uh Every time that every time a build succeeds so once you set all that up so long as there is an upstream tag that you know sees changes whether it's a latest or a version tag or something like that, every time it changes without any thinking or manual management. On my part, it will literally just push and redeploy, and it's wonderful so like. If I go to builds here for media, you can see like a whole bunch of stuff.

A

So, like you know, here's the you know, you'd see this one's up to 33 and it just does it randomly whenever it sees an update. Whatever time of day, I believe by default the they pull every 15 seconds, which is aggressive, but I can't change it so we're stuck with that and uh the deployment configs, or rather the pods down here you can see like all of the various deploy pods from all the various versions.

A

It just happens. I don't have to think about it and, like you'll note like this one here, these two didn't work for whatever reason, so it just stayed on five and I have to go figure out. Why that didn't work, but whatever, but honestly, that's really really powerful and to get that in a vanilla, kubernetes distribution would be I'm. I can't even really think of a good way to do it. Out of the box, like you'd, have to cobble together two or three different things, like maybe an argo cd or there's a thing.

A

I've heard that people use in smaller, like k3s setups called watchtower. They can do something similar, maybe that one only works by monitoring the local docker demon. It would be a pain to get that working, but with with openshift and okd. It's just basically done for you really really handy, and it's just one of those things like a lot like to me, the biggest things that just make my life easier.

A

Like a lot of the a lot of the toil around maintaining a big distributed system like this, whether it's for product or for personal use, it's just setting up the sort of automating sort of little toil tasks. You know getting monitoring, getting alerting, figuring out what to monitor figuring out what to alert on setting up like automated image deploys for the things that you know you can set it up for things like that, all that sort of just day-to-day sort of blah stuff- that's not really interesting or fun, but has to get done anyway.

A

Okay, just does for you. I have really comprehensive monitoring like and I get that for free they're, using as far as I can tell the upstream kubernetes mix-in uh monitoring stuff and that all just gets deployed and it works, and then it monitors the worker nodes themselves for disk space ntp. Anything I could think of I've seen alerts for all of it. Just while playing around super helpful, uh it makes me feel, like I'm a badass, and it frees up my time to worry about, like actually like doing more complicated things with my workloads.

A

It's a it's a good springboard to jump off of rather than I think most of my time would have been spent sort of setting up all of that supporting infrastructure. It's just more stuff that I have to set up to. You know, get to a level of confidence in what I'm running and a lot of the times.

A

People don't just just don't set any of that up and, like you know, they get surprised when their stuff fails, and you know, while that's okay in a home, lab environment, it's not okay in production, so that sounds spot on.

A

That's just you know my two neat tricks, you know run a rook run a ceph, it works. It is by far, I think, the easiest way to get a set cluster deployed of any really thing anyway. Yes, it assumes you have a kubernetes cluster somewhere, but once you do, ceph is like laughably easy. I don't know how they did it. I suspect black magic.

B

Daniel has an interesting question.

A

When people ask you why in the world, would you run kubernetes in your home lab? What's your favorite example of a workload that kubernetes makes easier for you, I think, honestly, the the monitoring um just being able, because um it's really difficult to set up proper, proper, like sort of monitoring and metrics management for internal stuff, to the point where a lot of people don't do it so.

A

That is kind of an open.

B

A

B

I don't know if I can.

A

Okay, if someone asked.

B

Me if they, why would they run openshift in their home lab? I'm not so sure I could give an answer. That would say it's worth it running open shift in your home lab for an application or a set of applications.

B

A

B

It into home, lab and see other folks running in their home lab to help understand open shift, and maybe I maybe I answer this question.

A

B

I use it more as a learning tool in the in the lab, as opposed to running like actual work.

A

Yeah, I I I think if, if you already want to run cooper, the the people who would want to run kubernetes in their home lab or the sort of people who are already sort of the sort of people who are sort of messing around with docker swarm, or you know, manually, setting up docker composers for everything that they're running like all their sort of mishmash of internal little home, laby type programs.

A

Those people, I think, would be well served to move to kubernetes, simply because it gives you a lot of stuff for free that you either didn't know you were missing or knew you were missing, but didn't really feel like setting up things like log rotation. Things like uh you know, ready checks, things like uh failover. If, if one of your you know random little knuck boxes, fails you know, will your workloads, like you, lost everything running on that box?

A

uh It's a it's a it's a platform as much as it is a a tool more than it is a tool. So when I it kubernetes doesn't it makes it makes my workloads easier to run, but the nice thing about it is that the the nice thing about kubernetes is that any workload that you are already sort of managing yourself with docker. You now don't have to really manage you just put it in there and it'll run and it'll be there.

A

You can get to it and that's really powerful, because it makes it super easy to just throw new things in there, because all of these home lab type things are giving people options to run it as a docker container these days, and so it just makes it really easy to just take what they give. You chuck it into the cluster, and it's just there like.

A

I at this point I'm able to deploy new stuff in maybe minutes to hours, which is no better or worse than it would have been with compose, except I get so much more for free stuff. That ordinarily would have taken me more hours or maybe even days, to set up for each individual application and uh neil's following up yeah.

A

If you, if you have okd on top of kubernetes the best because like if you, if you if I were to make a crude comparison to linux, distributions right, vanilla kubernetes is like arch or gen2, it's a it's a base. It moves quickly and you are meant to bring your own sort of opinions and workflows and put them on top of it. Right.

A

Arch boots, you up to a to a console, login screen, you're supposed to install your programs, your workloads, your whether you want gnome or kde or something okd, is trying to be more like the ubuntu. They already bring their opinions about stuff, but they make it fit together. Very well, so the ubuntu or fedora of of the sort of kubernetes world and for people who just want everything out of the box to get stuff done.

A

I think okd is a fantastic option if you're already committed to looking into kubernetes, especially once the single node cluster stuff comes out. So people don't have to you know, set up multiple machines to make it all go nicely, and but they'll still get the advantage of updates and that's the other thing I don't have to update any part of this setup. Manually, it'll just say: hey, your cluster is going to be update and it'll. Take care of updating the the containers is running and the underlying base os.

A

That's so big. I don't have to remember to ssh into everything once a month and run apt-get update or something it. It just happens for me and it's all tested. I wonder how many.

B

People are using braille as their base os on their worker nodes in openshift4 and, and I also wonder if they they realize how much they're missing out right.

A

I know right because I figure uh archos right red hat core os probably has some there's something similar to it. For ocp, like we've got a fedora core os here I don't have enough money to pay red hat for yeah.

B

No, I mean, I don't know yeah, you could use the archos, it's going to be the immutable deal right, but you can use like straight up rail like really and then then you won't have that over the air.

A

You mean like right: oh right, that's not really how many people are running well, just use.

B

Our worker nodes as israel and not and not use coreos I mean I wonder if they know what they're missing out.

A

I really hope I for I, I suppose ignorance is bliss in that case, maybe they're happy or not, knowing because they might be kicking themselves if they realized how much they would get out of the box if they just sort of let the community or upstream handle that forum, because it is honestly amazing right, like just I'm thinking about like as soon as fcos puts out arm builds, I'm switching all my raspberry pi's to use that to use as in containers, because it just the management is so hands-off with it right.

A

You only need to go into it. If you notice something is broken, otherwise, it'll just keep chugging away. You don't have to do any toil like so much. I think that that that's the word I use, I don't know if anyone else like toil is just like the sort of maintenance stuff, it's sort of a chore, it's sort of like. uh I don't want to do it. It's boring, but I gotta.

A

So much easier, that's the thing like yeah! It took me a while to get all this set up, but I mean I this was.

A

I got this basically locked in january february of last year somewhere around there, and uh that was back in the okd for four four five-ish days and ever since then, I've just been able to upgrade and redeploy clusters yeah for three, so I've been able to upgrade and redeploy this cluster over and over and over and over and I've been able to bring it back exactly as it is every time and that's amazing, just being able to work with you know, can just infrastructure they. I don't have to worry about tearing like what happens.

A

If I tear it down, what am I going to lose? Do I have all my configuration this kind of forces you to do everything sort of properly, which is you know, that's helpful in and of itself like this is all I need. This will set up the exact same workload that I had it'll bring everything in it'll restore from backups. It all just works, and once you have your pattern figured out. One way you can just do it forever.

A

Yep so well, I wouldn't I I can't recommend you know running. I I honestly wouldn't recommend running your own kubernetes in a home lab even on arpeggios, or something like that, there's just too much extra stuff.

A

You need to worry about to make it actually usable and there's a lot of there's a lot of hidden things that you don't really think about, because kubernetes is big and complex and there's a lot of little things that could break that you'll never know about, because kubernetes is really good at keeping going even when half of it is actually broken. That's the one thing I have noticed very good at that.

A

Gotta give them props, but you'll never know that anything's broken until everything falls over and that's happened to me before when I've just been testing out a k3s, because I was that's where it kind of. I did a sort of side four into seeing.

A

If vanilla k3s was, it was a good option for me and in some ways it was, it was quicker to stand up and use less resources, but I never had the confidence in it that I could like put stuff on it, and it would stay running two weeks three weeks, four weeks later, a lot of times it never did. This okd cluster has been up for I think, a couple of months now uh through various uh version upgrades works. Fine, I I I'm pretty sure I'd be able to keep it up forever.

A

At this point, yeah neil neil mentions that his vanilla, k8s cluster keeps falling over and I think that's just because like there's that it because it doesn't come with anything other than the bare minimum, you need to put your own monitoring stack into it. You need to put the kubernetes monitoring mixins in and collect them, and then that'll that'll definitely tell you what you're doing wrong neil, but you have to know to do that. You have to put them in there. You have to set up something to collect them.

A

You have to set up something to look at what the what the prometheus has collected. It's a whole deal.

A

I just get all of that and it just works and the cluster's up and it's stable and it's fine very, very.

A

Helpful and my programs just update themselves, without even with I don't even notice because of you know the whole sort of deployment stuff.

A

Wait until the single node clusters come out, neil then you'll have somewhere to run it because it'll just be any old vm that you want.

A

I don't know, that's the one thing I I kind of want to know how they're going to do rolling updates on the single nodes, because this thing as vadim was mentioning earlier. It was like it'll update a master, but the fcd cluster needs quorum, so it knocks one out updates it knocks the next one out, updates it knocks the third one out, updates it, but with a single note cluster, I don't know how they're gonna do it, maybe they'll just I'm sure it'll be some measure of hackery.

B

I do not, you know, I saw the game in his demo, he showed some code and I didn't quite understand it, but.

A

B

Like it might allow him to do an update.

A

Yeah his thing he because he knows how everything sort of fits together he's. Definitely he's he's hacking, something together in the ammo to trick the machine config damon into thinking it already did the upgrade by just overwriting a yaml file.

A

Then he uh tells it to pivot and reboot, because normally the the machine config demon, my understanding of it anyways the machine config daemon is the thing, gets its orders from the machine config operator and the operator is keeping track of who's rebooted and when and like what state everybody's in and then, as that works, it'll instruct individual machine config daemons to do the os tree piping and reboot process.

A

So the machine config operator is like I've only got one master, so I can't reboot it no matter how much it wants to so it'll just sit there, and so he's tricking the machine config operator into thinking that it can that the machine config damon has already rebooted, and then he just manually kicks the reboot and, as he points out, that's it'll, it almost probably will never work out correctly.

A

So yeah neil mentioned, maybe it'll require user notified reboots. I think that probably makes sense, it'll probably be like hey. I did as much the upgrade as I could click this button to reboot like that would be the best case scenario.

A

I don't know if we'll have that for four or eight, but I'm sure that's probably where they want to get.

A

A

Yeah, I wonder if there's a way to just.

D

Hey there, how are you guys doing.

A

Good, you finished all your demos.

D

Up awesome, yes, yeah did you get any feedback on what we should be updating in the um documentation and uh yeah so sri? I heard.

B

D

Was lis I've been jumping in and out of the different sessions, and I heard that you had lots of secrets in your scripts and was so cust accustomed to what you're doing so. I knew that all the time.

B

She heard that part.

D

I did you know that that that would be the part that I jumped in.

B

That's awesome.

D

A

Yeah, no, I definitely I I. I think that you know I it's possible for me to split all of that to, like you, know, sort of pull out the stuff, that's specific to my setup, or at least have that script in. I think I want to have it eventually in the okd repo, just as like here's an example of what you can do and I I'll flesh out the stuff, I'm writing up for mike mckeon's into that. Oh.

D

And I I it's probably killing neil right now that he's not on stage, um because I'm not sure if we can add him in to do that, I'm not quite sure if we can invite him but um yeah. So I would love to see um maybe today uh his meals in three different sessions. That's what I like about it see. That's that that's that's that's!

D

So um what I would love to see you do today is at least um put make a uh a pull request for a stub for your um for your documentation into el nico's um repo- um and you know just say this- is a holding pattern and a link to any of the. Maybe just put the additional resources that you had um that you've shared with people.

D

I think I I saw a few things get shared in there in that stub and get that in there as a holding pattern for this approach to that, and um I didn't yeah so and and craig if that background is real on your behind your chair, I love that it.

B

D

B

Are panels from amazon.

D

B

I'm in a basement- and it looks really bad yeah, so I ended up framing it up and putting these up to make it look a little bit more professional.

D

You look just like rock and hipster ops awesome and I'm in my um partner's basement in the art supplies because, uh as we all know, I have no internet at my house. That's why I paid for fiber optic.

D

B

D

Like this and uh yeah, do you have sound proofing with those um those panels.

B

No, I think it makes acoustics worse.

D

Oh helpful, um so I I know you did a blog post craig um and I I I haven't uh looked at el maiko's repo lately, but I'm wondering if there's a if you've entered it, could make a stub for the stuff that you've done to link out there so that we have access.

B

To that the the most recent one I've got is for four or five, and I'm in the process of writing a four seven so, but also a lot well. I've got you here. I've been using medium to post my uh my gosh just because it's a little bit easier, but I was curious if you had any other suggestions of a better way to do it. That's maybe as easy.

D

B

D

B

I saw your kitty blog option.

D

Yeah we do and- and that's pretty good, if you, if you're fine with markup, which I think you are um that's an easy way to put it there- I'm not sure you're gonna get the same traffic as medium, and I kind of like medium too. What I'm not a proponent of is documentation by blogging, though I think for some of this stuff. You know it is one-off kind of thing. So, if you can, if you did it in medium, we could put a stub blog in the okd.io blog that link back out to your medium.

D

That's what I would suggest so that you drive some traffic back and forth, but also to think about in the way that you're documenting it you're writing this blog. What about it? um Can we put into the deployment guide um for home labs and you know how we and- and I don't have a real opinion about it? It's just that I would like those deployment glides um to be updatable and maintainable so like when we go to 4-8 and that sort of stuff that someone could pull at an issue and do it so.

B

I think a lot of it is that you know the guys that the other guys that you're talking about are complete like they should they show the steps. They say you need to do this this and this this, but they don't actually take the time to show you how to do that, because you're really kind of supposed to have already known how to do that, and the only difference is in my guys as I go through and show that stuff, which is kind of a pain honestly.

B

But it helps folks who are learning who, I think, a lot of folks kind of come to okd and then and then go to ocp eventually, which is why I did it that way. But I'll definitely do that I'll. Ask.

D

That would be great, and you know, even today, what I'm trying to do is just get people to make to that. Take that first step and pull you know make a pull request to put the stub in for it. You know sort of commitment, halfway commitment um to getting that there. So if you can take the time and do that today, I'm looking to see who's, there's six people with and three of them are us.

D

So um I'm wondering about the other folks who are here kareem and um daniel and neil neil who's floating back and forth, so maybe just um daniel and kareem. What different?

D

What is the the major difference between your home lab or your um fantasy island, home lab and craig and sris? You know how: how different are you guys from that and it does that deserve yet another home lab blog post um with instructions.

B

What one thing that came out today watching vadim showed his home lab and it was kind of interesting to see you know because vadim is on, like this whole other level, and it was interesting to see his home lab and it was interesting to see sheree's home lab and it's just uh to get to get to go through and look at how everybody has something different set up. It's like okay! Well, I like that part.

B

Oh maybe I can use that it would be kind of a cool um demo just to have everyone kind of show off their home lab at one time or another. I don't know, maybe it's. What do you think she just is that yeah.

A

Well, I think it's like the perfect amount of geeking out because, like there's so little documentation just out there in general for kubernetes, just like you see a bunch of people like here's, how I got kubernetes running on my raspberry pi's and like there's, no one who sort of is like hears, wacky stuff right and like both vadim and I are different sort of spectrums of wacky he's got he's going wacky in one direction, I'm going wacky in another direction.

A

I think it'd be very, very interesting to see how wacky everyone can sort of push their okd deployments. I think a lot of us probably have something that's weird in one way or another, so it would be super geeky, but it would be very, very cool.

D

Yeah and- and I think one and I think you you hit the nail on the head- that I think the home lab approach is where people learn and where they're experimenting daniel's got his he's, not even running okd. Yet so he's got a single machine um going.

D

So when daniel, when you get yours going, um I expect a blog post, at least out of you um and coming to the okd working group and um and we'll we'll do that and then, if yours is significantly different than craigs or shrees and vadim's, I'm I'm really interested in having all four or multiple home lab configurations linked into the um in into the into the deployment guide, because I think that's the one of the many value propositions for okd is helping people get their home lab, set up, learning um and and getting and getting some experience with this, um and I think the the issue for me has always been is that um diy kubernetes was great.

D

But then I could never do anything after that. So.

B

um Yeah, no, I could get it.

D

Installed it was running yippee, but I couldn't get. I really couldn't get an app running on it um and you know- and I wasn't even trying on a raspberry pi, so um that was yeah and then then I run out of time because um that's kind of the whole.

A

Thing we were actually just talking about that, but uh before you came in it's just like running kubernetes by yourself, you get it up, it's almost nothing. You have to put everything into it. Still nobody will tell you what it is and then your cluster will fall over because something went wrong or you didn't configure something quite right or some piece of the hardware fell over and you have to throw it away. Do it again, it's a pain.

D

It's pain but, and- and I don't want kubernetes to be painful for anybody, even if they're, not a red hat customer, I want everybody to have a good experience because it just you know when people have bad experiences with stuff. That just says: okay. Well, I'm gonna go over and do something totally different, and then we get all this. We don't get their feedback. We lose them from the communities that we're supporting. So that's that's kind of it and and I'm old school I've been um on openshift team for a very long time.

D

I just hit my eight years working on openshift, which is, and I came on board because I love the promise of platform as a service. I I I was a heroku addict that went in um I even did I worked on cloud foundry and at activestate for a little while and then came over to um open shift land, and for me the nirvana is that wonderful, dev experience that we were promised um and then going to kubernetes was kind of um yeah poor cloud foundry.

D

um I know- and I and I appreciate what cloud foundry has done and where they're going and all of that, so this is not really me slamming them um that that more what I'm I'm interested in is getting back to that early days, promise of platform as a service so- and I think what we are doing with okd- is getting us close to that. It's still what you guys had to do today, much more complicated than I wanted.

A

But you know the the nice thing about it is. I was able to point out that I was going when I was going over my script. Originally, I was able to point at a point maybe about halfway through and be like at this point. The cluster is technically set up. Everything on top of here is customizations for my particular environment.

A

So I think it's a lot better. It's a lot better than my old kubernetes scripts, which were based on, I think k3s, and this was like maybe two or three years ago, and those were just it was not pretty. It was not pretty what I had to do to get k3s going. I I think k3s is better now, of course, but still okay is by far a nicer experience.

D

So um I know we're all here chatting, but um I don't want to keep you guys away from your weekend longer than you need to be so um thinking. We have come to a an imminent closure of this conversation. So if you um leave speakers and if no one, daniel or anyone else- and you want to go over to another session- maybe go hang out with the single node cluster people, who are still probably bootstrapping something and just slowly merge into whatever the final session is that people are still yabbering on.

D

um Well, we'll we'll do that now and I will say thank you and you should find an invite to um join us at kubecon eu in your inbox sometime next week. If you haven't already um done that.

B

Hey thanks for.

A

Putting this all together, yep! Thank you. Diane.

D

All right take care thanks, guys jump to another session.

B