►
From YouTube: OpenShift Commons Briefing #88: Helm and Monocular on OpenShift with Adnan Abdulhussein (Bitnami)
Description
Monocular is an open source search and discovery front-end for Helm Chart repositories. Monocular has a web-based UI for managing Kubernetes applications packaged as Helm Charts. It allows you to search and discover available charts from multiple repositories and install them in your cluster a single click.
You can see it in action over at https://kubeapps.com, but running it in your own cluster gives you a neat way to create and manage Helm Chart installations inside your cluster. In this briefing, Adnan Abdulhussein of Bitnami will walk us through running Monocular on an OpenShift cluster.
A
Although
I
everybody
welcome
again
to
another
openshift
Commons
briefing
this
time
with
another
new
member
bitNami
who've
been
around
for
a
long
time.
They
just
joined
the
open
ship
Commons
recently
and
Adnan
did
a
wonderful
blog
post
on
monocular
on
OpenShift
on
probably
two
months
ago
or
so,
and
then
read
it
with
keen
interest,
because
anything
OpenShift
always
pops
up
on
my
radar,
and
it
was
very
well
done
and
I
thought
that
it
was
timely
too,
because
he
talked
about
helm
and
using
hell
monocular
and
nothing.
A
Should
we
get
a
lot
of
questions
about
that
so
I'm
gonna?
Let
none
talk
about
using
both
of
those
things
on
OpenShift
and
introduce
himself
and
there'll,
be
some
Q&A
in
the
chat,
then
I'll,
try
and
answer,
but
we'll
save
most
of
the
Q&A
for
the
very
end
and
won't
go
live
then
at
the
end.
So
without
any
further
ado,
and
then
thank
you
for
joining
us
and
take
it
away.
Thank.
B
You
for
having
me
done
so
everyone
I'm
here
to
talk
about
helm
and
marker
on
open
shift,
and
if
you
haven't
heard
of
helm
briefly,
it's
a
package
manager
for
kubernetes
and
monocular
is
kind
of
a
counterpart
in
that
way,
in
that
it's
a
web
UI
for
kind
of
browsing,
helm,
talk
repositories
so
before
we
kind
of
get
into
that,
just
a
quick
kind
of
background
on
who
bitNami
are
so.
If
you
haven't
heard
of
us,
our
kind
of
main
kind
of
mission
is
to
make
applications
very
easy
to
use
on
any
platform.
B
So
if
you're,
you
know,
we
have
a
long
history
of
making
applications
easy
to
install
in
VMs
in
the
cloud
and
recently,
we've
been
doing
a
lot
in
the
container
container
ecosystem
and
kubernetes
and
we've
been
developing
some
solutions.
We
have
a
range
of
containers
now
for
the
different
applications
in
our
catalog,
and
we've
also
been
working
on
some
pretty
awesome,
tooling
to
to
make
applications
easier
to
run
on
kubernetes.
B
So
if
you've
heard
of
things
like
tubeless,
which
is
the
serverless
framework
for
kubernetes,
we've
also
been
doing
some
stuff
with
case
on
it
and
Cuba
config
and
we're
also
pretty
heavily
involved
in
what's
going
on
with
helm
and
in
particularly
monocular
as
well,
so
Who
am
I.
I
started
out
at
bitNami
almost
three
years
ago
now
and
initially
doing
mostly
web
development,
stuff,
rails,
kind
of
stuff
and
I
kind
of
shifted
over
to
DevOps
start
things.
B
So,
I
think
for
about
two
years
now,
I've
been
working
on
containers
and
and
kubernetes
and
along
the
way,
I've
become
a
core
maintainer
of
helmand
communities.
Charts
and
I've
also
recently
joined
the
sig
apps
group.
There
are
special
interest
groups
for
applications
with
kubernetes
and
become
a
co-leader.
So
if
you're
looking
for
me,
I'll
probably
be
somewhere
around
those
community.
So
you
can
probably
find
me
there.
B
So
community's
resources
are
hard
to
manage
I,
think
anyone
who's
used
kubernetes
and
has
had
to
manage
a
bunch
of
llamó.
Probably
knows
this.
So
when
we
started
out
with
helm,
we
wanted
an
easier
way
to
manage
and
share.
These
manifests
make
it
really
easy
for
other
people
on
my
team,
or
you
know,
even
outside
my
team
externally,
to
to
pick
up
something
and
just
use
that,
but
also
you,
you
kind
of
need
to
tweak
the
definitions,
a
bit
and
change
a
port
here
or
change
a
secret
or
a
password
for
different
environments.
B
So
that
was
something
that
wasn't
very
easy.
You'd
have
to
do
a
nasty
said
script
in
cube
metaphors
to
do
that,
and
you
also
can't
easily
manage
lifecycle
of
your
application.
So
you
can
manage
the
state
of
each
kubernetes
resource
deployment
a
service,
but
you
can't
manage
these
things
as
a
whole,
so
that
was
also
kind
of
a
missing
feature
of
kubernetes.
B
So
that's
kind
of
what
brought
on
this
idea
of
helm,
which
is
a
way
of
logically
grouping
applications,
packages
and
kind
of
giving
a
package
manager
interface
over
that.
So
something
like
apt-get
or
yom
that
you
may
be
familiar
with
so
packages
in
helm
are
called
charts
and
these
are
again
just
application
definition.
So
they
consist
of
metadata
about
the
chart,
your
cube,
Nettie's
definitions
and
resources
and
there's
also
some
configuration
via
devalue.
B
So
you
in
this
slide
here
I
have
a
diagram
of
what
a
chart
package
actually
looks
like,
so
you
can
kind
of
see.
There's
this
templates
directory,
where
I
think
most
of
the
stuff
is
going
on.
You
have
your
kubernetes
resources,
your
llaman
files
and
then
there's
some
other
metadata
and
things
about
that.
B
B
So
the
helm,
client
on
your
computer
will
connect
tiller,
VG
RPC
and
until
it
will
make
requests
to
the
cube
Nettie's
api,
as
you
can
see
in
this
diagram,
so
for
Attila
to
be
able
to
go
and
install
and
update
resources,
it
needs.
Cluster
admin
acts
cluster
admin
privileges,
though
this
a
little
bit
of
fun
that
you
need
to
do
with
with
our
back
permissions
here
to
get
that
to
work.
There
is
a
question
of
whether
tiller
really
needs
cluster
admin
privileges.
B
So
for
those
of
you
who
are
probably
more
interested
in
the
security
requirements
for
this,
you
might
want
to
figure
out
a
way
to
run
it
with
less
privileges.
But
it
really
comes
down
to
how
you
end
up
using
helm
and
tiller
if
you're
using
helm
to
create
namespaces
or
doing
other
stuff
that
generally
needs
cluster
admin
privileges.
Then
you're
gonna
have
to
bump
up
the
privileges,
but
if
you're,
if
you're
able
to
just
stick
to
a
specific
namespace
and
just
create
very
few
resources,
then
you
don't
necessarily
need
all
those
beverages.
B
So
it
really
depends
on
on
what
charts
you're
building
and
what
choice
you're
trying
to
install
so
how
it
was
really
easy
to
grab.
You
can
just
grab
it
on
github
or
install
it
with
with
homebrew.
So
if
you're
in
a
Mac,
you
can
just
do
that.
So
there's
the
link
here
for
the
helm
releases
page.
We
can
go
and
grab
it
and
to
get
started.
All
you
need
to
do
is
run
the
helm,
init
command,
so
I'll
go
ahead
and
show
this
or
you
can
all
see
you.
B
B
So
I'm,
just
adding
the
cluster
or
cluster
admin
to
the
service
account
until
ur
yeah
now
do
I
have
this
I
can
go
ahead
and
run
sorry
hell
minute
and
pass
it.
The
service
account
killer
and
this
will
get
installed
in
the
cube
system
namespace.
So,
if
I
take
a
look
at
what's
running
there,
let's
wait
for
couldn't
get
running
and
now
I
can
run
a
home
version
and
and
suggest
successfully
able
to
connect
the
killer.
That's
awesome
so
now
I
can
go
and
install
a
chart
from
the
repository.
B
So
if
I
run
search
here,
I
can
see
what
charts
I
have
available
to
me
in
a
kind
of
jarring
way.
But
you
can
see
here:
I
have
the
stable
repository,
which
is
what
comes
baked
out
by
D
by
default
with
home
I've.
Also
added
a
few
other
repositories
have
added
the
incubator
repository
here.
I've
added
the
monocular
repository,
which
we'll
see
in
a
moment
and
I've
also
got
this
to-do
app
that
I've
been
working
on
so
I'm
gonna
go
ahead
and
store
my
to-do
app.
B
And
you
see
that
helm
has
created
a
release
for
my
for
my
application
and
it's
called
this
release:
jumpy
peacock,
so
how
more
similar
to
soccer
and
all
the
other
cool
things
nowadays,
home
comes
up
with
a
kind
of
fun
name
to
give
my
release.
If
I
don't
give
it
a
name
myself,
it
also
prints
out
what
resources
are
available.
What
resources
it's
gone
it
installed.
B
So
my
to-do
application
here
has
a
service
and
a
deployment,
and
that's
gonna
configured
an
external
IP
for
that
and
then
there's
this
notes
section,
which
I
kind
of
briefly
mentioned
it's
kind
of
like
a
way
to
document
your
chart
and
have
a
way
to
just
provide
your
users
some
next
next
steps
to
get
them
running,
so
I
can
actually
just
copy
these
commands
here
and
then
I
can
go
and
access
this
in
my
browser
and
I
should
be
able
to
access
my
to-do
out
right.
So
I
can
add
a
little
item
here,
monocular!
B
Well,
so
that's
that's
helm!
Really!
You
can
see
if
I
run
hell
nest
here
and
there's
a
couple
of
commands
which
give
me
some
information
about
the
state
of
my
application.
So
I
can
see
that
it's
again,
this
jumpy
peacock,
it's
revision,
one
this
when
it
was
last
updated-
and
this
is
the
version
of
the
chart
it's
on
and
which
namespace
its
installed
in.
If
I
want
to
get
back
this
information
at
any
time,
I
can
simply
you're
on
helm
status
and
be
we
I
get
all
that
information
back.
B
So
we've
seen
that
hell
makes
managing
and
appointing
communities
apps
a
lot
easier.
There
is
kind
of
still
something
missing.
It's
it's
difficult
to
discover
what's
available.
If
you
saw
I
did
that
helm
search
command
and
there
was
this
wall
of
text
of
things.
It
wasn't
really
easy
to
see
what
was
actually
available.
B
So
this
is
where
monocular
comes
in
and
actually
what
you're
seeing
here
is
the
public
version
cube
apps,
calm
and
let's
go
ahead
and
take
a
look
at
this
so
cube
at
SOCOM.
Is
you
can
kind
of
see
it
as
a
ruby,
gems
or
NPM
j/s
or
docker
hub,
but
for
kubernetes?
So
all
of
these
things
you
know
ruby,
gems
NPM.
They
all
have
command-line
tools
that
allow
you
to
manage
the
the
packages
that
are
installed
on
your
system
and
how
was
kind
of
the
equivalent
of
that.
B
So
there
needed
to
be
an
equivalent
of
NPM,
jeaious,
org
or
ruby,
gems
or
doc.
Hub
and
I
think
this
is
where
monocular
kind
of
really
shines.
So
one
cube
apps,
lock
on
you.
Can
you
can
go
there?
It's
live.
You
can
see
a
list
of
all
the
charts
that
are
available
and
these
are
pulling
out
of
the
stable
and
incubator
repositories
from
the
the
official
kubernetes
jars
repository,
which
you
can
see
the
sorcerer.
B
B
B
B
B
B
B
So
we'll
see
you
have
two
we'll
see
a
demo
of
this
in
a
second
and
so
the
way
to
install
monopolies
in
your
cluster.
It's
via
a
chart.
You
saw
that
I
had
the
monocular
repo
when
I
did
helm
search
and
there
was
a
monocular
chart
was
in
there.
So
I
can
go
ahead
and
run
helm,
install
monocular,
monocular.
B
So
the
monocular
shot
defines
this
different.
These
different
configuration
options
for
monocular
itself,
so
the
first
one
is
the
UI
back
in
host
name,
which
is
basically
just
telling
monocular
the
UI
component,
the
monocular,
where
the
API
is
and
I
have
kind
of
similar
thing
with
the
API
here,
where
I've
configured
it
to
allow
requests
from
the
monocular
local
domain.
So
this
is
just
setting
up
the
the
two
domain
name,
something
to
use
but
kind
of
more.
B
Interestingly,
here
I
have
set
up
some
repos
that
I'm,
using
with
monocular,
so
here
by
default
you
get
disabled
and
incubator
repositories,
but
I've
gone
and
added
an
extra
one
here,
which
is
my
my
to-do
app.
This
to-do
application
that
I
was
working
on
and
the
repository
for
that
is
hosted
here
using
github
pages.
So
you'll
see
this
looks
a
lot
like
the
output
that
you
see
from
helm,
reaper
lists
as
well,
so
you
can
see
the
stay
born.
B
B
B
So
monocular
has
a
back-end,
that's
written
in
go
and
this
is
responsible
for
indexing
chart
repositories.
So
each
of
the
false
views
that
you
define
they'll
go
and
spin
off
a
job,
every
15
minutes
to
go
and
fetch
the
index
and
virtual
charts
and
then
it'll
go
and
process
all
that
metadata
and
saw
that
in
monocular,
and
it
then
exposes
this
via
a
JSON
API
that
is
used
by
the
front
end.
So
the
front
end
will
talk
to
the
API
brideís
jason,
vidas,
restful,
json
api
and
consume
data.
B
B
A
B
So
monocular
is
just
the
web
UI
on
top
of
the
red.
The
repository
and
the
repositories
are
they
can
they
can
be
very
simple.
I
can
actually
show
you
the
one
that
I'm
using
for
monocular
actually,
so
it
basically
is
any
HTTP
server
that
can
have
that
can
host
an
index
or
Yammer
file
and
then
the
actual
packages
of
Charles
themselves.
B
Yeah
tell
us
more
clearly
answering
a
question.
Was
the
correct
sacrifice
to
the
demigods
okay?
So
we
have
the
kind
of
you've
seen
this
before
on
cube
app,
so
calm
and
you
have
the
pretty
much
the
same
thing
running
in
faster,
but
it
actually
does
there's
an
extra
tab
here
deployments.
So
this
is
where
the
in
cluster
experience
gets
a
bit
interesting.
So
if
I
go
over
here
to
deployments,
you
can
see
what
I've
already
installed
in
my
cluster
and
I
have
my
monocular
shot,
which
I
just
deployed
and
also
my
to-do
application.
B
My
jumpy
peacock
is
here
as
well,
and
I
can
go
into
this
and
I
can
see
again
similar
to
running
helm
status.
I
can
see
what
resources
have
actually
been
installed.
So
there's
a
service
here,
and
it
shows
me
the
X&Y
P
and
also
the
appointment
as
well
and
I
can
go
right
now.
I
can
only
delete
this
deployment,
but
the
plan
is
to
add
further
actions
such
as
scaling
out
a
deployment
and
being
becoming
more
of
a
management
over
over
charts.
B
B
If
I
go
back
to
the
to
do
chart
here,
you
can
see
I
have
my
Reed
B
and
which
explains
how
to
go
and
install
it,
but
over
here
on
the
left,
instead
of
just
seeing
a
helm,
install
command
I
actually
get
a
button
here
where
I
can
actually
go
and
deploy
this
chart
just
from
the
UI.
So
if
I
go
ahead
and
click
this
I.
B
But
if
I
run
a
helm
list
here,
you
also
see
that
I
have
the
new
innocents
parrot
chart
installed
as
well.
So
so
that's
actually
one
of
the
nice
things
about
helm
is
that
the
because
the
the
state
of
your
applications
are
stored
in
the
cluster,
no
matter
who
goes
and
installs
a
chart,
whether
it's
me
running
the
helm,
install
command
here
or
I.
Do
it
a
monocular
or
a
co-worker?
Does
it
you
can
all
get
the
same
state
just
by
querying
the
server
in
the
same
way
that
you
can
do
with
the
kubernetes
api?
C
B
What's
next
from
monocular,
I
think
the
biggest
thing
that
we've
started
to
think
about
now
is
authentication
and
authorization.
So
this
would
be
so
right
now.
Basically,
anyone
who
has
access
to
my
monocular
instance
could
go
and
install
any
chart.
They
wish
wish
to
so
it'd
be
great
to
have
a
way
to
authenticate
them,
either
against
the
kubernetes
api
or
just
within
monster
monocular
itself,
and
and
have
them
have
the
right
authorization
to
to
be
able
to
install
jar.
There's
also
some
catalog
features
which
are
particularly
nice.
B
So
I
think,
for
the
public
version,
the
key
babcom,
so
things
like
being
able
to
rank
charts
and
rate
them
and
categorize
them
and
different
categories
that
people
can
find
things
easier
for
home
deployment
manager
management
I
was
I,
did
mention
that
you
know
there's
some
things
that
we
can
improve
there
in
terms
of
being
able
to
customize
the
deployment
and
upgrade
options.
So
when
I
installed
a
chart
by
the
command
line,
I
passed
in
some
options
via
this
config
yamo
file,
so
it'd
be
great.
B
So
this
would
tell
you
if
your
if
the
containers
you're
running,
have
any
cv
issues
and
if
there's
an
upgrade
available
for
that,
also
possibly
integrating
with
something
like
cublas.
So
you
can
install
functions
as
well
as
charts.
Some
things
go
well
with
together,
like
the
dominio
chart,
which
is
a
kind
of
like
an
s3
bucket
store.
Has
events
that
you
can
trigger
and
cube
lists
can
listen
to
those
events
and
do
particular
things.
So
there
can
be
some
interesting
integrations
between
the
two
so
a
little
bit
on
the
helm
community.
B
We
have
over
170
contributors,
which
is
awesome,
and
it's
almost
two
years
old
now
and
if
you
want
to
get
involved,
we
have
a
slack
channel
on
in
the
cube
Nettie
slack,
which
is
called
helm.
Actually,
it's
now
called
helm
users
and
helm
dev,
and
we
have
public
dev
meetings
Thursdays
at
9:30
Pt.
So
what
happens?
There
is
each
maintainer.
B
Sorry,
the
core
maintain
has
go
through
a
stand-up
of
things
that
have
been
happening
during
the
week
and
then
we
open
the
floor
to
anyone
who
who
has
any
questions
or
wants
to
discuss
anything
regarding
helm
and
then
we
also
have
weekly
updates
and
demos
at
the
sig
apps
meetings,
which
are
Mondays
at
9:00
a.m.
so
helm,
is
under
the
sea
gaps,
umbrella-like,
charts
and
monopoly
as
well.
B
So
we
often
give
updates
during
those
meetings
on
what's
been
going
on
and
finally,
we
are
looking
for
country
is
for
monocular
and
helping
us
take
it
to
the
next
level.
So
if
you're
interested,
you
know,
it's
all
open
source
at
kubernetes,
helm,
slash
monocular,
please
check
it
out
and
help
us
out.
A
Well,
thanks
there's
a
couple
of
questions:
Jonathan's
been
asking
quite
a
few,
and
so
he
asks
the
original
one
about
the
repository
and
questions,
and
would
you
just
clarify,
would
you
install
helm
on
your
host
PC
or
in
the
VM
running
mini
shift
and
I?
Think
the
beginning
of
the
demo
clarified
that,
but
if
you
could
just
we
iterate.
B
Yeah,
so
you
you
could
install
helm
in
in
your
mini
shift
vm
if
you
wanted
to
but
I
think
typically,
people
just
install
it
on
their
home,
PC
and
the
way
helm
communicates
with
tiller
is
through
the
cube
config.
So
it'll
read
your
cube.
Config
set
up
a
a
port
forward
to
the
tiller
pod
and
then
communicate
over
to
your
PC
from
there
and.
A
B
Yeah,
that's
actually
pumping
that
we're
definitely
looking
at
in
the
home
community
as
a
whole,
so
I
think
one
of
the
glaring
issues
when
it
comes
to
security
right
now
is
that
tiller
has
again
Custer
admin
access
and
everything
goes
through
tiller
right
now,
so
there
is
no
tiller,
doesn't
really
abide
by
role
based
access
control
per
user.
So
there's
no
way
for
you
right
now
for
you
to
install
char
as
your
user
it'll
always
be
installed
as
as
tillers
global
access.
B
So
so
we're
definitely
looking
at
figuring
out
how
we
can
get
tiller
to
to
install
things
as
the
user
in
cube,
config
I
think
that's
kind
of.
Do
it
the
way
that
we're
looking
at
going
about
it
either
via
impersonating,
the
user
or
passing
on
the
token
for
that
user
and
setting
up
a
home
client
and
installing
it
there's
actually
a
great
issue
with
lots
of
kind
of
back
and
forth
comments
on
on
that
in
the
in
the
helm,
issue
queue
I,
think
it's
I
think
it's
called
well
probably
find
it
here.
B
We've
also,
actually,
we
discussed
it
in
the
last
dev
meeting.
So
if
you're,
if
you
are
interested
in
asking
about
this
I,
think
that's
probably
the
best
place
to
click
on
and
ask
about
it
and
also
share
your
ideas,
because
I
think
we
still
haven't
figured
out
exactly
how
we
want
to
get
this
working.
B
A
A
Let's
see
if
I'm
gonna
try
and
unmute
Jonathan
and
asked
asked
the
question
directly:
Jonathan,
hey.
C
Thanks
guys
that
this
is
this
is
really
exciting.
I
just
I
was
curious
because
you
kept
showing
when
you
demo
monocular
itself
and
also
the
to-do
app.
There
was
a
big
list
of
configurations
which
I'm
used
to
with
with
OpenShift
templates
about
you
know,
essentially
things
that
turn
into
environment
variables
and
the
docker
containers
and-
and
so
it
sounded
like
on
your
to-do
list,
was
a
way
for
for
you
to
allow
users
to
configure
those
values
before
they
deploy
something
and
I'm
wondering
how
you're
doing
that
now.
C
B
So
so,
right
now
in
monocular,
we
basically
installed
a
chart
without
any
values.
So
generally
that
means
that
they
pick
up.
Well
always
that
means
they
pick
up
the
default
values.
So
if
I
go
to
something
like
WordPress
here
again
and
take
a
look
but
take
a
look
at
the
configuration
here,
usually
all
charts
will
have
good
defaults
so
that
it
so
that
a
simple
you
know
helm,
install
stable,
slash
word
for
us
will
work
out
the
box.
B
It's
only
sometimes
some
more
complex
scenarios
or
where
you're
trying
to
do
something
more
interesting,
where
you
actually
want
to
go
and
change
things.
But,
for
example,
you
know
the
the
password
here
is
it's
a
random
10
character
string
so
that
that's
a
that's
a
example
of
a
good
security
for
other
things.
Here,
like
the
email
or
the
first
name.
B
B
You
see
there's
this
set
flag,
and
this
allows
me
to
set
each
of
these
configuration
variables.
There's
also
the
values
file,
which
is
what
I
use
with
monocular,
which
just
allows
me
to
provide
a
llamó
file
instead
of
having
each
one
on
the
command
line.
But
if
I
wanted
to,
for
example,
change
the
WordPress
files,
I
could
do
something
like
stables,
install
stable
class
WordPress
I
set
WordPress
password
equals.
A
Anyone
else
have
questions,
give
it
a
few
seconds
here.
I
think
it
was
a
great
introduction
both
to
helm
and
enter
the
monocular
project
and
might
encourage
everybody
to
take
a
look
at
both
of
those
things
and
maybe
attended
one
of
the
sig
meetings
and
listening.
It
sounds
like
there's
a
lot
of
good
work
going
on
and
great
ideas
floating
about
in
that
space.
So
if
you
have
the
time,
they
definitely
need
the
feedback
and
your
input.
A
So
thanks
Adnan
for
coming
today
and
telling
us
about
this
and
I
look
forward
to
another
and
follow-up
or
two
on
other
helman
related
in
package
management.
Related
topics
as
well
so
it'll
be
interesting
to
see
where
all
this
goes
in
terms
of
the
Service
Catalog
work
and
templates
on
open,
shipped
and
I.
Don't
you
know
know
this
since
they're
really
kind
of
interesting
to
see
this.
As
this
whole
space
evolved.