►
Description
OKD4 on oVirt Bare Metal Deployment
Justin Pittman (Red Hat)
OKD4 Live Deployment Marathon
August 17th, 2020
Day Zero Kubecon EU 2020
A
B
A
B
Does
everyone
see
that
screen
share
yeah.
B
Okay,
so
just
as
a
background,
because
a
lot
of
different
people,
I've
worked
since
the
linux
2
2.0
days
on
various
different
linuxes.
B
And
currently
I
do
work
at
red
hat
and
I'm
focused
on
openshift,
but
I
have
played
with
okd
just
outside
of
my
work.
So
that's
the
the
background
here
and
just
to
give
you
a
background,
I
always
like
to
show
you
know
what
what
who
you're
talking
to
so
we
have
some
furry
friends
here,
and
the
story
I
like
to
to
say
is:
I
was
flying
for
work
up
to
toronto.
B
This
is
before
covid
and
my
dog
thought
was
very
jealous
that
I'd
be
flying,
so
she
chewed
my
passport
and
if
any
of
you
had
tried
to
look
into
the
details
of
flying
with
damaged
ids
damaged,
ids
are
no
good,
at
least
in
the
us.
The
tsa
does
not
accept
them,
so
I
had
to
do
a
same-day
passport
replacement.
B
B
I
I
jokingly
told
diane
that
my
overt
lab
was
was
down
last
week
and
so
for
hardware,
replacements,
and
so
for
a
moment
I
actually
went
to
a
packet
if
people
are
familiar
with
packet.net
they're,
an
equinox
company,
they
have
excellent
bare
metal,
so
I
temporarily
spun
up
over
it
in
packet
because
they
provide
pretty
cheap.
It
was
about
two
dollars
for
the
size
instance
that
you
would
need.
B
B
I
don't
get
paid
for
for
a
packet,
I'm
just
letting
you
know
this
didn't
work
for
me.
However,
for
overt,
because
of
the
way
that
overt
needs
to
do
networking,
there's
certain
packet
does
bonded
network
interfaces.
B
I
can
actually
show
you
that,
just
so
you
know
and
and
can
be
aware,
so
these
interfaces
get
bonded.
So
I
wasn't
and
overt
needs
to
have
a
a
vm
guest
network,
so
I
wasn't
able
to
go
this
route.
I
had
to
abandon
it,
so
I
had
to
go
back
to
using
and
and
quickly
spinning
up
my
own
hardware
lab
that
I
have
so
that's
what
I'm
showing
you
here.
This
is
not
on
packet.
B
B
So
it's
a
version
4.3.10
if
over
this
is
a
a
centos
7
based
overt
so
and
it's
actually
launch
it's
actually
launching
okd
right
now,
that's
what's
going
on
in
the
background
here,
so
we'll
get
to
this
in
a
minute,
but
I
just
wanted
to
show
you
if
you
want
to
try
this
see,
there's
a
second
master
going
up
for
okd.
B
B
We're
going
to
slim
it
down
a
little
bit
today,
but
but
this
lab,
for
example,
doesn't
have
the
minimum
requirements
that
okd
is
supposed
to
have,
but
let's
get
into
it,
so
I'm
going
to
have
to
actually
rewind
because
I
have
a
deployment
running
so
can
you
can
anyone
see
the?
Is
the
text
large
enough
on
that.
B
I
feel
you
okay,
so
I
made
it
a
little
bit
bigger,
so
there's
a
deployment
currently
running,
but
I
want
to
actually
destroy
this
cluster
because
today
we're
supposed
to
be
live,
deploying
okd4
right
and
I
want
to
destroy
it.
Also,
to
tell
you
a
couple
caveats
that
you'll
have
to
have
to
know
about
okd
for
in
order
to
get
it
running
on
your
overt
virtualized
system.
B
So
the
first
is:
if
you
go
into
the
documents
so
that
the
documents
let
me
make
that
screen
bigger
as
well,
the
documents
for
okd
have,
if
you
switch
to
version
oh
see,
this
is
already
wrong.
I'm
on
the
wrong
installer.
That's
the
open
shift,
installer
so
get
to
the
right
installation.
Dock.
There
we
go.
B
B
It's
under
docs,
okay,
dot,
the
usual
stuff.
So
we're
going
to
step
through
this
today,
I
do
want
to
share
with
you
the
diagram
of
what
this
is,
if
you're
familiar
with
any
other
virtualization
environment
vsphere.
B
A
B
Yes,
yes
for
sure
for
sure,
so
let
me
I
hate
to
destroy
a
cluster,
but
let
but
let's
do
it
so
I'm
actually
gonna
cancel
out
of
this
install.
Now,
if
you're
curious
about
what
my
what
I
was
doing
there
you
can
see,
I
was
doing
an
open
shift.
Install
the
installer
still
called
for
free
for
okd
is
called
openshift,
even
though
we
get
it
from
the
okd
build.
B
Release,
but
that
doesn't
matter,
I
just
wanted
to
show
you
what
it
was
now
I
needed
to
destroy
this
cluster,
and
so,
let's
see,
if
that's
actually
in
the
dock,
about
the
the
specific
way
to
destroy
the
cluster.
I
always
try
to
go
by
the
document,
because
if
you
reference
something,
then
people
always
ask
okay,
so
is
it
going
to
doc?
No,
it's
not
going
to
document
that
oh
wait
there.
It
is
destroy,
destroy
bootstrap
but
not
destroy
cluster
okay.
Anyway,
it's
destroy
cluster.
B
Oh,
no,
oh
sorry,
it
probably
wants
me
to
tell
it
that
the
durr,
so
I
created
a
directory
test
three,
and
so
it
probably
just
wants
me
to
specify
test
three.
Oh,
I
bet
I
did
not
keep
my
install
yaml
did
I
so
I
may
not
be
able
to
destroy
this
cluster.
Let's
see,
okay,
there
it
goes
so.
I
used
this
directory
to
install
because
I
had
several
different
test.
Installs
running
that
had
issues.
B
B
So
it's
cleaning
out
these
vms
that
okd
was
created
on
and
it's
actually
leaving
one
around
it's
leaving
this
bootstrap
and
you
can
destroy
that
with
the
bootstrap
command
you
if
you
want
to
do
it
that
way.
Sometimes
I
just
destroy
the
vm.
B
B
This
tip
vm
is
interesting.
I
don't
recall
it
in
a
previous
install
anyway.
Okay,
so
let's
go
through
the
installation
and
what
you
need,
let's
actually
run
through
the
whole
document
to
install
to
overt.
So
we
can.
We
can
get
to
any
issues
that
don't
make
sense
to
folks.
B
B
For
example,
they
recommend
230
gig
on
the
docks
of
disk
space,
I'm
running
less
than
that,
but
I'm
doing
thin
pull
so
in
the
virtualized
world
for
storage,
you
can
do
a
thin
pool
back
to
vms
and
get
around
some
of
these
hefty
install
requirements.
They
also
recommend
28
cores,
that's
pretty
reasonable.
They
do
recommend
here
at
least
112
gig
of
memory.
B
So
those
are
the
basic
requirements.
You
can
go
to
the
main
kind
of
dashboard
of
overt
and
you
can
see
that
we
meet
most
of
those
requirements.
I
have
140
some
gig
of
free
memory
and
I
have
about
200
gig
of
storage,
so
we
might
just
barely
be
squeezing
by
on
the
storage
back
to
the
dock
and
what's
required,
it
gets
into
step
four.
B
It
doesn't
really
make
a
whole
lot
of
sense
in
the
document,
but
I
I
I'm
gonna
step
through,
because
I
want
you
to
to
know
the
whole
process
and
you
know,
ask
questions
if
you
if
the
process
doesn't
make
a
whole
lot
of
sense,
so
this
this
curl
command.
What
they're
doing
is
they're
just
trying
to
get
a
access
to
this
engine.
This
manager
engine
for
over
they're
just
trying
to
get
a
local
certificate
out
of
it.
So
what
I'm
going
to
do
is
I'm
actually
going
to
install
from
my
local
box
here.
B
So
this
is
just
my
laptop.
That's
not
running
anything
special,
but
you
know,
let's
start
from
scratch.
How
about
I
do
that?
Let's,
let's
just
make
a
new
directory
we're
going
to
do
live
okd4
install!
B
Let's
just
go
into
that
and
the
first
command
it
had
was
that
see
this
is
the
the
docs
do
this
wrapping,
so
the
first
command
that
they
have
is
to
try
to
get
the
rest
api
in
order
for
you
to
download
the
pim.
Now
I
don't
want
to
show
you
my
password,
so
I
I
hope
you
understand
that
I
already
did
this,
but
the
bigger
point
is
to
understand
that
there's
this
api
endpoint
that
you'll
need
to
connect
to
right.
B
That's
the
bigger
point
so
that
api
endpoint
is
right
here
and
I
could
I
could
try
to
do
that
with
a
curl.
If
I
did
something
like,
let
me
get
rid
of
this
url
here
and
append
the
api
on
the
beginning
and
then
ignore
security,
and
then
it's
going
to
prompt
me
or
a
password
right
and
see
it's
going
to.
Let's
see
if
it
will.
Let
me
do
it
this
way.
I
think
it's
going
to
require
an
authenticate
okay
hold
on.
A
B
Oh,
you
don't
like
the
yeah,
the
transparency.
A
B
No
worries,
okay,
so
I
did
do
the
curl
command,
but
I
didn't
include
the
password,
which
is
security's
sake,
so
you
can
see
all
this
gibberish
is
what
the
api
returned
and
that's
what
you
want
to
see.
You
want
to
make
sure
that
your
command
works,
but
this
is
the
first
thing
that
you'll
notice
is
that
over
by
default,
has
this
admin
at
internal
that's
needed
for
the
api
in
in,
and
that's
not
clearly
documented.
B
So
if
you
bump
into
that,
just
just
make
sure
you
have
the
at
internal,
it
is
in
our
document
on
okd's
website,
but
just
make
sure
now
the
next
things-
and
this
verifies
that
whatever
you're
installing
from
has
access
to
that
overt
manager,
that
you
should
already
be
able
to
access
now.
The
next
steps
are
where
you
will
make
sure,
there's
some
free
ip
addresses
on
your
network.
B
You
will
need
to
have
three
ips
at
minimum.
Those
are
used
for
the
dns,
the
internal
dns,
that
the
oak,
the
overt
okd
uses
okd
uses
on
overt.
It
is
for
ingress,
that's
the
second
ip
is
for
ingress
and
the
third
ip
is
for
the
api,
the
kubernetes
api.
So
those
are
the
three
ips.
You
just
need
to
make
sure
that
they're
not
used,
and
you
know,
there's
an
arp
command
to
make
sure
that
they're
not
used.
B
The
second
thing
is
to
make
sure
your
dns
has
got
the
two
entries
that
are
required
now,
so
there's
been
some
changes
in
which
dns
entries
are
required,
and
this
may
have
been
talked
about
a
little
bit
in
the
previous
discussions,
but
it's
been
ramped
down.
We
used
to
require,
for
example,
and
some
installs
still
require
ncd
entries
and
dns,
but
the
overt
install
does
not
require
that.
B
It
just
requires
these
two,
so
I
put
in
my
ones
that
I'm
going
to
use
are
called
api.okd4.lab.
B
Let's
see
if
that's
going
to
return.
Yes,
so
that's
the
api
and
obviously
and
dns
has
this
a
record
entry.
So
this
is
a
nice
test.
Now
I
had
some
issues
with
the
dns
server
that
I
I'm
using
for
the
apps
or
what's
used
as
the
ingress.
B
I
don't
think
it's
resolving
correctly.
I
tried
to
fix
this
earlier,
so
we're
going
to
see
if
my
dns
server
is
cooperating
or
we
might
have
to
stand
up
a
new
dns
server
to
complete
the
installation,
but
those
are
the
only
two
dns
entries
that
are
required.
So
that's
good,
the
the
third
one.
It
makes
a
note
that
you
don't
actually
have
a
dns
entry
for
it
because
it
becomes
the
dns
server
for
the
cluster.
B
Next
is
the
the
the
the
install
dog
jumbles
around
so
now
we're
back
to
the
overt
manager,
the
curl
command
that
we
issued
before
and
now
we're
actually
going
to
get
the
certificate
from
it.
So
you'll
notice
that
there
is
a
certificate,
because
this
is
an
https
connection
and
that
api
back
to
overt
is
going
to
be
communicated
by
the
okd
installer.
B
So
we're
going
to
have
to
trust
that
certificate
somehow
because
it's
going
to
be
interactive.
So
what
the
installer
is
saying
is
you
need
to
download
that
pim
or
the
certificate
in
a
pen
format?
So
that's
what
this
does
here
and
if
I
just
redo
my
previous
command,
this
shouldn't
require
a
password.
So
I'm
going
to
redo
my
curl
command,
I'm
going
to
get
rid
of
the
password.
It
shouldn't
need
a
password.
B
Oh,
oh,
I
did
not
close
my
quote
sorry
about
that.
There
we
go
so
now
we
have
the
pen
file
and
that's
it
looks
pretty
normal
there.
It
is
now
the
installer
will
take
care
of
injecting
that
into
the
authentication
mechanism
for
forever
I'll
get
to
that
in
just
a
second,
because
that
can
cause
you
a
a
heck
of
a
lot
of
pain
if
it
doesn't,
if
you
don't
get
the
pen
file
correct
the
for
this,
for
this
self-signed
cert,
and
then
we
changed
some
file
permissions
for
that
file.
B
B
B
B
So
now,
what's
happened
is
the
local
search
on
this,
this
box
that
I'm
going
to
install
from
my
laptop
locally
trusts,
the
overt
manager,
so
that
was
that
whole
process
and
you'll
see
I'll
explain
in
the
installer
where
that
fits
in,
and
why
you
need
to
do
that.
Then
the
next
part
is
an
ssh
key.
Now
the
ssh
keys
are
used
mostly
by
folks,
if
you're
familiar
with
okd
or
openshift,
it's
used
to
log
in
to
the
actual
nodes.
B
So
as
the
core
user
stuff
like
that,
so
the
installer
needs
it
to
be
injected.
I
did
this
process
before,
but
we
can
do
it
again
if
you
think
that
you
need
it,
but
this
is
a
standard.
Ssh
generate
a
new
key
pair
run
the
agent
locally
and
then
the
installer
can
pick
it
up.
I'm
not
going
to
run
through
that
because
I
think
most
of
us
probably
understand
ssh
and
how
to
do
it.
But
the
point
is
either
use
a
key
or
create
a
new
key
for
the
installer.
B
Sure
running
my
agent
still
yep,
I'm
still
running
my
agent,
my
ssh
agent,
locally.
Okay.
So
that's
a
lot
of
the
prep
work.
We
covered
the
ssh.
We
covered
the
certificate
for
the
overt
manager.
We
covered
the
dns
entries
and
recovered
the
ip
addresses,
that's
kind
of
like
the
prep
work.
Now
we
get
into
the
okd
installer
you'll
you'll
get
the
installer
from
the
standard
releases,
so
you
can
go
to
any
of
them
that
are
listed
here
as
assets
on
the
main
okd
releases,
and
I
already
installed
this.
B
I
downloaded
this,
but
it's
the
4.5
for
linux
is
the
one
I
installed.
So
I
put
that
down.
I
put
that
in
a
previous
directory.
I
was
using
that
okd4
demo,
I
believe,
is
where
I
dropped
it.
Let
me
make
sure
yep,
so
I'm
just
going
to
quickly
move
it,
so
I
don't
have
to
wait
for
my
slow
internet
connection,
open
shift,
install
and
move
into
the
current
directory,
and
just
so
folks
can
verify
that
it
is
what
it
is.
B
Then
there
it
is
4.5
okd
right
built
on
the
12th
so
five
days
ago,
all
right
and
you'll
want
the
ins,
the
cli,
but
we'll
do
that
later.
All
right
so
got
it
already
got
it
locally
and
I
don't
need
to
antarctic.
It's
already
unloaded
now
the
pull
secret.
Now
this
one's
a
little
odd
okay.
B
So
when
you
click
on
I'm
gonna,
click
on
this
link
in
the
dock
in
a
new
private
you'll
be
prompted
for
a
login.
That's
what
okay!
So
what
do
you
do?
I
don't
know
of
a
way
around
this,
even
though
it
redirects
you
to
a
red
hat
site,
you're
trying
to
install
okd,
okay,
well,
the
the
way
that
I
have
found
the
easiest
way
to
get
around
this
is
go
to
the
developers.redhat.com
site.
B
Sorry,
if
the
url
is
not
big
enough,
but
press
login
at
the
developers.redhead.site
and
create
a
new
login
like
log
in
with
your
github
account
or
something
that
will
create
a
developer
account
for
you
at
red
hat,
and
it
will
work
with
this.
Pull
secret
so
again
go
to
developers
create
an
account
and
log
in
with
that
account
to
get
the
pull
secret.
B
B
Well,
if
your
cluster
is
disconnected,
there's
nothing,
that's
being
communicated
between
the
two,
you
can
run
okd
and
open
shift
disconnected,
but
the
way
to
generate
a
pull
secret
for
you.
We
have
to
have
an
account
in
order
to
do
that.
B
If
you
have
any
more
questions,
just
ask
one
of
us:
okay,
so
I
already
downloaded
my
pull
secret,
I
put
it
into
a
different
directory.
I
think
it
was
that
previous
directory
okd
for
overt
downloaded
yep,
I
downloaded
a
pull
secret
and
that
pull
secret
is
valid,
for
I
can't
remember
24
hours
or
it
might
be
a
couple
days.
I
can't
remember
so:
I'm
just
going
to
reuse
it
from
this
morning,
all
right.
So
now
you
have
the
pull
secret
and
you
have
the
open
shift,
okd
installer
from
okidi
4.5.
B
B
B
B
Sits
there
and
errors
fatal
something
about
terraform,
can't
get
authentication
to
some
admin
internal,
but
you'll
notice
the
admin
internal
again.
So
it
makes
you
think,
oh
it
can't
communicate
with
over.
There
must
be
something
wrong
with
my
overt
cluster.
No,
this
is
just
a
dock
bug.
So
if
I
re-run
the
command.
B
So
it
actually
pulls
in
some
information
and
it
automatically
detected
the
cluster
name
now.
The
reason
I
can
tell
it's
communicating
with
overt
is:
if
we
were
to
go
back
over
to
the
manager
of
ubert
and
we
would
look
at
clusters,
that
is
the
name
of
the
cluster,
so
the
openshift
installer
is
pulling
information
out
of
overt
and
let's
look
at
storage.
What
is
the
name
of
oops?
Sorry?
What
is
the
name
of
my
storage?
B
Let's
look
at
domains
for
storage,
aha,
hosted
storage,
so
the
open,
the
okd
openshift
installer
is
communicating
with
overt
and
we
can
tell
because
it's
dynamically
pulling
this
information
out.
But
the
real
question
is
because
I'm
going
to
cancel
out
of
this
install
the
real
question
is:
why
did
this
failure
message
happen?
And
it's
all
because
of
this
document
telling
you
to
use
sudo,
don't
do
it
and
after
we
get
install
working,
I'm
gonna,
I
think
I'm
just
gonna.
Do
a
dock
book
live
with
us?
Don't
don't
do
sudo,
it's
gonna
bypass
it.
B
I'm
gonna
show
you
exactly
what
it's
bypassing
so
here's
here's
the
bug,
the
oh,
the
the
okd
installer
needs
to
access
over
somehow
the
way
that
it
accesses
it
is.
It
creates
this
file
under
a
hidden
directory
in
your
home
directory,
dot,
overt
and
then
over
it
that
comes
from
the
installer.
The
okd
installer
doesn't
come
from
overt.
B
Let
me
see
if
I've
got
an
old
one
here
to
show
you.
I
don't
want
to
show
you
my
new
one,
because
it's
got
the
a
password
in
it.
So
I'll
show
you
an
old
one,
and
just
so
you
can
see
the
contents
of
it.
B
B
You
can
see
in
this
file
it's
actually
literally
calling
that
api
endpoint
it's
got
the
username
and
password
and
it
has
a
cert
bundle,
all
generated
from
the
the
okd
openshift
installer
and
for
a
while.
The
only
reason
I
knew
this
was
an
issue
is
for
a
while.
There
was
a
separate
bug
well,
where
this
file
wasn't
being
created
or
people
were
complaining
that
they
had
multiple
overt
clusters
and
data
centers
and
they
weren't
connecting
to
new
ones.
B
B
So
if
you
have
any
issues
connecting
to
your
over
cluster
for
the
installer
blow
away
that
directory
and
try
a
open
shift
install
with
the
create
instead
of
the
create
cluster,
here's
here's
what
I
would
recommend,
I
would
recommend
the
create,
install
config
instead
of
cluster
it.
This
is
good
anyway.
B
B
B
B
Oh
that's
the
pool
secret.
I
need
to
copy
my
cert
bundle
just
copy
the
cert
bundle
that
it
copied
down.
I
need
to
get
into
the
right
directory
live,
okay,
install
now
you
can
see
that
we're
actually
using
some
stuff
see.
I
need
to
copy
and
paste
this
cert
that
we
downloaded
again.
I
I
know
it's
part
of
the
local
trust,
but
this
is
what
it
needs
so
two
empty
lines
at
the
end.
This
is
a
little
weird.
B
B
Admin
internal
is
the
standard
unless
you've
changed
it
and
then
I'm
going
to
enter
my
new
password
and
voila,
you
can
see
home
lab
cluster
being
accessed,
so
these
prompts
these
last
five
prompts
are
creating
that
over
yaml
so
that
it
can
communicate
with
over
absolutely
critical,
and
I
think
another
thing
to
document
may
be
to
help
people
through
this
process.
If
they,
if
they
have
issues
here,
the
does
that
make
sense
any
questions
about
how
the
installer
is
accessing
overt.
A
Not
bore
anybody
to
tears,
we're
all
just
thrilled
at
your
enthusiasm
earlier
question
mike
asked,
and
we
may
you
may
have
answered
it,
but
about
the
storage
requirements
that
he's
always
seen.
Each
node
should
have
120
gigabytes.
B
And
he
comes
120
gig
per
node,
I
think,
is
what
he's
referring
to
right
yeah,
so
how?
How
much
of
that
is
actually
used
on
a
node
I've
gone
down
and
I
think
I've
seen
as
little
as
maybe
30
gig
actually
used.
So
if
you
set
up
the
vms
as
thin
pool,
then
you
can
gradually.
B
You
know
that
over
will
work.
You
can
grow
that
disk
over
time.
That's
the
nice
part
of
that
and
you
don't
have
to
thick
provision
120
gig
for
each
node,
but
yeah.
It's
a
bit
of
a
heavy
heavy
requirement
for
those
nodes.
But
yes
to
get
to
get
full
support
from
red
hat.
It's
supposed
to
be
120
gig,
but
for
okd
yeah
use
what
you
what
you
have.
A
We've
been
having
emphasis
today
a
little
bit
on
the
cheap
side
of
things:
okay,
the
cheapest,
whether
it's
digital
ocean
or
a
cheap
version
of
aws.
It's
been
a
running
theme,
so
thanks.
There
was
also
a
little
bit
of
conversation
about
the
whole
secret
use
and
charo
was
mentioning
that
he
used
his
clay
dot
io
account
for
that
and
then
christian.
Okay,
that
you
don't
actually
need
full
secret.
A
You
can
use
fake.
I
think
we
did
that
in
one
of
the
other
demos
we
just
fake
it
out.
B
C
So
I
think
the
usual
quay:
if
there
are
public
images,
they
don't
need
a
pull
request,
a
post
secret
and
they
pull
secret.
You,
you
have
to
add
into
the
installer,
really
is
just
for
pulling
the
images
from
red
hat
and
in
the
case
of
okd
everything's
on
quay.
So
you
don't
need
it.
So
you
can
really
use.
D
C
One
you
can
use
because
we
haven't
disabled
the
functionality
in
our
installer
fork,
because
we
didn't
diverge
from
the
ocp
installer
too
much.
You
can
really
use
anything
in
there.
It
just
has
to
be
a
proper
json
blob
with
like
field
off
and
then
one
auth
field
yeah.
What
chara
just
pasted
in
the
chat,
but
it
could
be,
you
know
it
could
be
offs,
it
could
be,
and
then
you
know
fake
could
be
anything.
Then
it
has
to
have
another
field
off
and
in
there
it
could
be
anything
again.
So
yeah.
B
Just
I
I
got
you
so
so.
Do
you
inject
that
pull
secret
into
like
the
install
config,
yaml
and
and
it
could
be
just
a
standard
quite
io
like
if
someone
were
to
go
in
with
with
quite
io,
they
just
use
it.
C
Oh
yeah
yeah.
Definitely
you
could
put
in
your
quay.io
one
there
and
then
you
could
even
pull
if
you,
if
you
change
the
payload
references
to
a
private
image,
you
could
use
that
with
it.
Okay,
but
you're
not
required
to
put
it
in
or
to
put
in
a
valid
one
for
the
okd
use
case,
because
all
of
our
images
are
actually
publicly
pullable.
D
Without
it,
okay,
yeah
wow,
the
face
secret,
didn't
work
for
me
for
mirroring
the,
and
it's
been
a
while,
since
I
tried
it
with
the
fake
one
again.
So
maybe
it
does
work
now.
But
that's
why
I
started
using
my
free
quad.io
account
you.
You
can
actually
generate
a
kubernetes
pull
secret
from
your
profile
and
your
quay.io
account
and
those
are
free
to
set
up.
C
D
No,
the
push
was
to
my
sonotype
nexus,
so
so
yeah
I
did
have
to
include
a
a
secret
for
my
sonotype
nexus
too,
so
that
it
could
push
the
images
into
the
local
registry.
C
Okay,
I
yeah
I'd
have
to
investigate
why
that
didn't
work,
but
that's
actually
kind
of
an
open,
an
open
thing
right
now
we
have
to
clean
up
a
little
bit
because
it's
first
of
all,
it's
annoying
to
to
have
to
put
that
in
there
the
fake
one,
if
it's
not
really
used
or
needed.
If
you
put
in
the
the
normal
red
hat,
pull
pull
secret
there
okd
will
actually
send
telemetry
to
red
hat
as
well.
It's
not
a
lot
of
data,
but
it's
like
a
bit
of
data.
C
B
So
so,
at
least
on
the
on
the
red
hat
side,
I
can't
say
entirely
what
what's
possible,
but
for
like
super
secure
customers
who
don't
want
any
phone
homing
at
all,
one
way
to
not
do
the
telemetry
is
we
have
an
entirely
disconnected
restricted
cluster,
so
that
involves
not
only
the
the
install
is
mirrored,
but
then
they
might
have
a
proxy
that
intercepts
any
outbound
requests
that
the
cluster
is
making
and
then
it
can't
go
back
to
quay
or
red
hat
at
all.
B
So
that's
that,
but
you
had
you
have
to
extract
everything,
the
openshift
installer
and
everything
from
the
mirror.
You
can't
I
saw
some
people
that
were
doing
it
and
they
saw
things
still
going
phoning
home
it's
because
they
didn't
extract
everything
from
their
local
mirror.
I
did
notice
something,
though,
mike
mike
rusherford
said
that
I
asked.
B
Would
the
registry
red
hat,
I
o
images,
you
wouldn't
have
access
to
those
red
hat,
specific
images,
and
that
is
that
is
true.
You
can
enable
that
back
into
an
okd
cluster,
you
could
inject
a
red
hat,
username,
password
or
token
back
into
the
cluster,
and
you
would
have
access
to
the
red
hat
images
but
yeah.
The
registry.redhead.or
images,
I
think,
would
would
you
wouldn't
have
access
to
that
without
a
lock.
C
Yeah,
that's
right
and
that's
also
the
reason
we
don't
currently
support
the
the
bare
metal
ipi
path,
because
we
don't
have
public
images
for
those
they're
all
rail-based.
So
you
need
that
pull
secret
and
yeah
we've
been
trying
to
get
the
the
api
the
bare
metal
folks
to
to
release
something
either
on
top
of
centos
or
fedora
to
make
that
install
path.
Work
as
well,
but
yeah
there's
a
few
limitations.
You
won't
be
able
to
pull
any
any
operators
from
red
hat
or
anything
without
the
red
hat,
pull
secret.
B
There's
another
question
diane.
I
don't
want
to
take
over
your
no
that's
okay
scanning
of
the
chat,
but
there
is
a
ask
about:
can
you
just
do
overt
insecure
and
then
don't
have
to
worry
about
the
ca
cert
so
a
couple
of
months
ago,
back
in
the
okd
4.4
beta
days,
I
did
try
that
and
if
I
remember
correctly,
it
still
didn't
work.
The
installer
would
still
fail
out.
I
don't
remember
exactly
where
it
would
fail,
but
it
it.
B
I
don't
know
if
that's
something
to
do,
and
maybe
they
changed
it
in
the
okd
4.5
and
they
fixed
it.
So
all
of
it
you
could
retry
that
it
is
an
option,
but
it
did
not
work
for
me.
B
All
right,
so
I
have
10
minutes,
which
means
we.
We
must
have
an
install
okay,
so
I'm
going
to
move
forward.
Okay,
so
we're
going
to
select
the
storage
and
I'm
actually
going
to
select
this
over
management.
That's
not
what
you're
supposed
to
do,
but
I
currently
have
an
issue
in
this
lab
with
the
the
typical
vm
subnet
anyway.
B
We'll
get
it
around
that
now.
These
are
the
three
ips
that
are
need
to
be
reserved
that
I
talked
about
earlier.
So
I
know
what
those
are
off.
The
top
of
my
head,
they're
in
the
10
and
api,
is
actually
let
me
make
sure
I
I
said
I
knew,
but
I
I
probably
don't
really
remember
was
there.
Did
I
see
this.
B
B
B
I'm
using
it
in
this
lab,
I
just
have
pf
sense
running
with
it
with
unbound
as
the
dns,
and
I
obviously
made
a
change
right
before
I
went
live
with
you
all.
So
apologies
about
that.
Okay,
we
send
it
okay,
while
that
restarts
let's
move
forward
because
that's
the
ip
that's
going
to
have
to
be
is
the
one.
B
B
Okay,
d4
is
supposed
to
be
the
cluster
name,
and
here
we
go
with
the
the
pull
secret.
I'm
actually
going
to
use
my
actual
pull
secret
that
I
got
but
nice
that
we
have
these
options.
That's
really!
I
want
to
try
the
quay.io
option,
so
that's
not
to
have
to
log
in
to
red
hat.
Thank
you
for
that.
That
was
awesome.
Okay,
I'm
going
to
insert
that.
Oh
wait.
What
oh,
I
had
a
typo,
so
we
have
some
validation
going
on.
Well,
that's
good.
B
B
B
Well
I'll
at
least
get
the
vn
starting
up
an
overt
that
that
that
should
happen.
That
shouldn't
be
a
problem
all
right,
so
it
generated
our
install
config
oops
will
work
right
voila.
So
now
what
I
want
to
do
is
just
start
now,
the
the
reason
I
showed
you.
That
is
because
I
wanted
you
to
see
that
it
really
did
create
this
hidden
directory.
That
you'll
want
to
just
verify
the
contents
of
so
that
you
can
get
your
over
working.
But
now
I'm
going
to
run
the
openshift
install,
create
cluster
using
our
directory.
B
B
B
A
B
A
B
B
B
C
B
A
There
you
go
and-
and
you
know
what
that's
almost
a
great
way
to
end
a
a
live
demo
on-
is
filing
an
issue,
because
it's
a
wonderful
community
thing
to
do,
and.
B
A
That's
okay,
so
we
may
bring
you
back
again
to
do
this.
A
B
C
A
So,
while
he's
doing
that,
I
will
make
a
pitch
again
in
the
chat.
So
if,
if
you're
listening
in
today-
and
you
want
to
get
involved
in
the
okd
working
group-
please
you
can
go
to
okd.io
and
find
all
the
links
there
too.
But
you
can
also
just
go
direct
to.
A
The
groups,
google
groups
for
okd
working
group
and
join
in
there
and
post
any
questions.
That's
also
where
I
will
be
posting.
The
links
as
the
videos
from
today
go
up
so
there's
another
reason
to
join
there
and
then
the
fedora
calendar
is
the
other
place.
You
can
go
to
find
out
when
we
are
meeting
to
chat
about
stuff
and
to
work
on
things
collaboratively
with
the
fedora
community
and
others.
C
Yeah,
maybe
I
can
say
a
few
words
on
on
our
road
map
again
right
now,
because
I'll
have
to
drop
soon
but
yeah
as
long
as.
C
Figuring
out
things
so
yeah.
A
C
It's
just
hooking
into
we
want
to
collaborate,
and
we
we
really
do
want
to
collaborate
as
the
working
group
with
not
only
the
fedora
community.
But
all
the
communities
that
are
interested
in
are
all
the
individuals
that
are
interested
in
joining
in.
C
And
so
what
we've
planned
is
to
work
closely
with
the
with
the
operator
sdk
team
to
and
and
all
the
the
people
that
develop
the
operators
to
get
them
to
release
their
operators
in
a
way
that
it
works
on
okd
and
also
we
want
to
revive
well
that
is
again
fedora
a
little
bit
more
fedora
specific,
revive
the
container
special
interest
group
in
fedora
to
make
more
fedora
based
containers,
which
will
obviously
run
well
on
fedora
core
os
and
make
those
the
bases
for
some
operators
too,
and
so
anything
any
any
community.
C
You
can
think
of.
Please
do
invite
them
to
our
working
group
meetings
and
also
individuals
that
may
want
to
contribute
we're
really
interested
in
in
growing
this
in
a
collaborative
way
and
just
in
general,
making
making
what
we've
been
showing
today
even
more
seamless.
So
it's
we're
already
at
a
really
great
point
where
all
these
platforms
work
very
very
similarly,
so
the
installation
process
is
almost
the
same
on
all
of
them
and
we
really
want
to
get
that
even
more
make
that
even
more
seamless
and
just
yeah
improve
on
on
all
all
the
things.
C
So
that's
just
me
saying
again:
please
join
the
working
group
and
bring
your
folks
as.
A
Well,
and
and
mike
you
are
asking
about
the
the
container
sig
meetup,
I
haven't
seen
any
action
on
that.
I
have
been
on
vacation
for
a
couple
of
weeks,
so
I
haven't
looked,
but
we
were
going
to
try
and
spin
that
group
up
again
or
get
them
to
spin
themselves
up
again,
so
we
could
participate
with
them
so
I'll
check
back
in
with
them
and
see
if
we
can't
get
something
going
with
the
fedora
container
sig
group.
B
It
is
working
so
the
vms
for
the
masters
are
coming
up,
they're,
so
they're
booting,
core
os
and
they're
starting
the
bootstrap
had
already
come
up,
and
I
also
filed
that
duck
bug
so
right
under
time.
A
B
Thank
you
all
for
for
giving
me
a
couple
of
minutes
to
to
share
this
with
you,
and
it
really
is
awesome
to
to
see
the
progress
here.
I
mean
we
really
didn't
even
have
much
to
install
without
until
4.4.
So
this
is
really
awesome.
A
So
there's
one
last
question:
for
you
from
aaron
he's
asking:
is
the
lab
storage
on
ssd.
B
B
If
you
click
on
this
etcd
back-end
performance
requirements,
there'll
be
a
link
to
some
testing
that
some
ibm
folks
did
and
what
the
kubernetes
folks
said
for
requirements
and
the
general
consensus.
Is
you
can't
get
to
that
kind
of
speed
with
without
at
least
ssd
or
nvme
good
question?.
A
Taking
on
the
challenge
today,
we've
got
a
new
challenge
coming
up
here,
I'm
just
going
to
pause
the
recording
for
a
second.
So
we
can
have
this.