►
Description
OpenShift Commons Briefing
What's New in Helm 3 on OpenShift 4 - Deep Dive
Siamak Sadeghianfar (Red Hat)
A
A
The
other
day,
CMake
who's,
a
product
manager
who
I've
been
working
with
for
quite
a
few
couple
of
years
now
did
a
2-minute
talk
on
helm,
three
and
OpenShift
and
I
decided
that
I
needed
more,
though
he's
going
to
give
us
a
deep
dive
on.
What's
next
in
helm,
3
on
open
shift
and
I'm
gonna,
let
him
introduce
himself
there'll
be
live
Q&A.
You
can
either
type
into
the
twitch
channel
or
in
blue
jeans.
B
So
I'm
gonna
talk
to
you
about
what
ham
free
brings
to
the
table
or
what
you're
doing
don't
often
ship
about
it,
hoping
to
show
you
a
little
bit
of
that
in
action,
also
toward
the
end
of
the
session
on
and
on
official
costume
that
I
have
here
accessible
for
this
session.
So,
like
very
briefly,
let
me
talk
about
what
helm
is
I
think
most
people
within
the
kubernetes
fear
know
about
and
he'll,
but
to
make
sure
it's
a
little
bit
in
knowledge.
That
was
a
package
manager
for
kubernetes
app.
B
So
you
can
describe
your
application.
It
manifests
the
kubernetes
manifest
that
your
application
requires
as
a
Hale
package
and
then
karma
tries
them
in
install
update
these
applications
and
on
any
communities
that
you
install
it's.
A
very
popular
technology
has
been
around
for
quite
a
while
I've
become
the
way
to
install
apps
really
on
on
community.
B
That
I
was
mentioning
that
when
you
describe
your
application,
those
manifests
and
you
put
them
in
a
package
that
is
called
chart
and
these
these
Yahoo
files-
you
generally
generally
parametrize
them,
so
that
he
can
configure
your
application
differently
in
different
environments
that
you
deploy
usually
within
your
development
environment.
You
would
use
a
particular
instance
of
a
database,
and
your
staging
and
product
would
be
different
ones.
C
B
Production
environment
or
staging
environment
I
have
to
somehow
share
this
with
them,
and
repository
is
employing
sphere.
These
charts
are
stored
and
they
can
be
shared
and
distributed
and
and
releases.
The
last
concept
group
they
talked
about
is
when
you
deploy
a
chart,
install
the
chart
into
cluster.
You
have
a
release
of
that
chart
you
modify
and
that
deployment
and
do
an
upgrade
of
the
your
application.
B
For
example,
you
have
another
release,
so
every
every
deployment
of
a
charge
into
your
cluster
that
becomes
a
release
which
which,
which
we'll
look
at
a
little
bit
later
as
well.
But
how
does
hell
work-
and
this
is
the
main
difference-
really
comes
from
him.
2
&
3
a
little
bit
of
history
here
that
him
too
was
not
supported
OpenShift.
We
generally
had
a
and
like
non
production.
B
We
you
or
we
did
not
recommend
customers
to
use
him
to
for
in
production
environments,
and
the
reason
for
that
is
that
him
to
rely
on
a
component
called
chiller.
That's
runs
on
the
cluster
as
cluster
admin,
so
you,
as
a
user
that
I'm
Daddy
that
has
limited
access
to
the
cluster
I'm
man
I'm
a
developer
I
have
only
access
to
the
namespaces
of
my
application
is
deployed.
I
could
ask
tiller
to
deploy
a
chart
into
the
cluster.
Is
the
developer?
I
have
limited
access.
Tiller
is
cluster
admin,
so
it
could
have
used
this
access.
B
B
So
what
it
really
happens
is
see
on
the
slide
is
that
you
have
the
helm
chart,
which
is
those
manifests
that
I
described
the
manifesto
application.
This
is
the
deployment
llamo.
This
is
your
service
channel.
The
English
object
conflict
map
and
you
have
certain
values
which
are
the
actual
values
that
you
want
to
replace
in
this
Parliament
Rhys
manifest
write
the
URL
of
the
database,
or
you
want
to
replace
the
image
tag
that
needs
to
be
deployed,
but
these
two
gets
combined.
B
The
result
of
that
is
a
set
of
kubernetes,
manifest
that
can
get
deployed
into
the
OpenShift
into
the
kubernetes
or
openshift
clusters
and
release
object
is,
is
created
and
inhale
3.
The
only
component
required
to
do
this,
for
you
is
the
helm
CLI
all
this
happening
on
the
client
side.
Nothing
is
running
on
the
cluster.
To
do
this.
For
you
in
help
there
was
still
a
running
on
the
cluster,
so
on
open
ship
there
would
have
been
into
other
components
the
drones
this
cost
or
admin.
You
pass
the
charts
to
it.
B
You
pass
your
values
to
it.
Tiller
combine
these
two
generates
the
manifest
and
deploys
them
into
the
namespace,
and
hence
the
security
issue
on
hill
3.
You
don't
have
that
anymore
I'm,
using
the
help
CLI
and
as
a
developer,
then
I
use
the
hem
CLI.
So
my
security
context
is
used.
I
only
can
deploy
components
that
I
have
access
to.
If
the
chart
includes
a
resource
that
I'm
not
allowed
to
create,
then
the
resulting
manifest
that
is
applied
to
kubernetes
and/or
OpenShift.
B
I
would
immediately
get
an
error
right
because
the
class
cluster
doesn't
really
care
that
this
manifest
is
produced
by
Hill.
It
sees
it
as
any
other
man
in
kubernetes
manifest
and
our
bike
model.
The
security
model
raised
with
immediately
complain
about
it.
So
that's
the
huge
difference
between
Hill
2
and
L
3,
and
this
has
been
a
very
positive
change.
B
Many
many
customers
of
any
users
in
the
helm
community
had
asked
for
this
wood
removal
of
color,
and
this
happen
on
version
3,
which
we
will
come
as
well
and
has
been
addressing
the
issue
that
we
had
for
a
longest
time,
which
let
us
enabled
us
to
bring
hell
to
have
three
to
our
customers
on
the
open
shape
as
well
and
on
the
slide.
You
see
also
an
image
repository
up
there,
because
all
him
does
is
that
it
converts
those
templates
and
values.
B
The
conflicts
into
a
set
of
kubernetes
manifests,
but
actual
application
is
the
images
that
you
need
and
they
still
have
to
get
pulled
from
an
image
repository
like
Kuwait,
at
I/o
or
actor
or
pop
or
somewhere
else.
So
they
get
pulled
by
those
manifests
like
any
other
Google
AIDS
mannequins.
But
if
there's
no
difference
really,
the
release
is
object.
Why
do
we
have
those
in
him?
They
they
contain
the
metadata
about
what
happens
right
so
in
the
release.
B
You
would
know
that
it
was
this
particular
version
of
this
chart
that
was
deployed
at
this
time,
and
these
are
all
the
configurations
that
are
applied
at
the
time.
So
after
you,
you
deploy
a
chart.
I
still
can
manually
use
cue,
cuddle
or
oseco
modify
this
object
or
edit
the
channels
reapply
them
outside
ahead
of
context
right.
B
So
what
else
has
changed
between
him,
2
and
M
3?
So
we
talked
about
chiller,
that's
still
the
largest
piece
of
that.
It's
a
very
positive
change.
Everything
on
hill
3
is
on
the
client
side.
All
you
need
is
the
help
CLI
and
you're
you're
good
to
go.
The
second
change
is
that
it
comes
together
with
the
removal
tool
tool.
Is
that
that
that
may
release
metadata?
That
was
mentioned,
and
this
is
managed
as
secrets
within
the
namespace
in
community.
B
So
before
him
too,
tiller
was
a
central
component
that
was
aware
of
all
the
releases,
so
they're
included
at
information
as
well.
What
releases
are
had
happened
on
this
cluster
and
chart,
and
this
was
a
central
component.
You
had
to
have
unique
release
names
across
the
entire
cluster,
which
was
a
little
bit
difficult
on
him.
Three
releases
are
just
the
secrets:
all
that
metadata
is
encoded
as
base64
and
put
it
into
a
secret
into
the
namespace
that
you
have
the
employ
to
charge.
So
again,
you
don't
rely
on
any
central
components.
B
You
everything
you
do
is
on
client
side
and
they
help
to
reuse.
The
stand
up.
Communities
objects
for
storing
the
metadata
about
your
releases
as
well,
so
you
can,
if
you're
curious,
you
can
just
use
this
cube
cuddle
and
get
the
look
at
the
secrets
within
your
namespace.
Actually,
after
you
pull
the
chart
and
decode
it
to
see
all
that
information
related
to
to
to
the
actual
release,
it's
a
it's
a
very
long,
a
JSON
file
thing
like
you're
in
the
demo.
B
I
can
show
you
that
as
well
and
the
third
point
what
said
what
else
is
new
in
him?
Three:
it's
an
introduction
of
library
charts
on
him
too.
There
was
a
need
to
share
certain
manifests
or
like
logic,
between
multiple
charts
and
did
so.
This
was
done
in
him
too,
as
well,
but
in
hill
three,
it
is
recognized
as
a
library
chart.
So
it's
a
first-class
citizen,
a
library
chart
is
a
type
of
chart
that
does
not
deploy
anything.
B
It's
only
purposes
for
other
charts
to
include
it
and
as
a
dependency,
and
it
said
it
shares
that
for
a
preferred
common
functionality
between
between
multiple
charts
that
are
related
to
each
other.
A
three-day
strategy.
Merge
is
another
thing
introduced
in
help
three.
It's
very
helpful,
especially
with
appearance
of
projects
like
sto
or,
if
you're,
using
Walt,
for
injecting
secrets
into
into
your
namespace
for
pods
in
helm
to
when
you
saw
a
release.
What
we
talked
about,
it
captures
the
metadata
when
the
chart
was
deployed
into
the
cluster.
B
Let's
say
you
a
month
later,
a
couple
weeks
later,
you
have
a
new
version
of
your
application,
a
new
image
for
your
application,
and
the
configuration
has
changed.
Also
slightly
so
you
get
a
new
version
of
your
chart
and
you
want
to
upgrade
your
applications
through
hell
to
the
new
version
of
the
charge
in
helm.
B
To
the
way
upgrade
happen
is
that
it
looked
at
the
release
metadata
to
see
what
kind
of
manifest
were
generated
for
application,
and
it
also
looked
at
the
new
version
of
the
chart
to
compare
these
two
and
adjusted
your
line,
application
to
the
new
manifest
that
are
included
in
your
chart.
This
all
looks
good,
except
that
using
something
like
Sto
then
manifests
that
are
live
on.
The
cluster
slightly
differ
from
what
is
included
in
the
release.
B
So
imagine
that
you
have
set
out
of
injection
on
your
namespace
and
you're
using
steel,
so
for
every
deployment
that
you
have
in
the
namespace
or
for
that
particular
application.
You
have
a
side
card
that
is
injected
into
a
deployment
into
the
pod
by
SEO.
The
chart
obviously
does
not
know
about
it,
so
there
is
no
trace
about
no
traces.
No
information
about
this
side,
car
the
sto
proxies
in
the
shark,
manifest
in
the
release.
So
you
have
a
release
that
doesn't
know
anything
about
a
sidecar
and
you
have
a
new
version
of
your
chart.
B
B
They
all
get
overridden
and
get
removed
when
you
do
the
upgrade,
so
it
created
a
little
bit
of
clash
there
and
there
are
other
projects
that
have
the
same
pattern
like
if
you're
involved
I
mentioned,
does
the
exact
same
thing
or
injecting
in
injecting
secret
so
pod,
the
wall,
the
wall
control
also
would
inject
a
sidecar
into
each
pod
and
inhale
mark
played
would
override
it
would
remove
the
sidecar
basically
from
your
application
and
would
create
issues
in
helm
3.
This
is
addressed
by
a
three
way
strategy
merge.
B
So
what
do
they
mean
that
every
time
you
want
to
operate
a
release
in
hell,
you
know
look
at
the
release
metadata
that
you
have.
What
manifests
will
generate
it
for
the
application
that
you
expect
to
be
on
the
cluster.
It
also
looks
at
the
new
version
of
this
chart.
What
manifest
you
want
to
go
to,
but
it
also
has
a
third
party
through
that's
why
it's
called
three-way.
It
looks
at
the
live
state
of
the
application.
B
The
live
state
of
the
objects
in
the
cluster
and
majors
all
the
three
together
instead
of
ignoring,
what's
live
on
the
cluster
and
only
look
at
the
release
and
the
new
chart
for
creating
a
new
manifest.
So
the
three-way
strategy.
Marriage
makes
sure
that
if
you,
if
your
life
changes
on
the
cluster,
it
is
to
you
as
inject
the
sidecar
or
something
else
has
made
changes,
get
to
those
objects.
They
get
preserved,
venue
and
upgrade
it
doesn't
overwrite
those
ones
next
change.
This
is
a.
We
will
look
at
a
little
bit
more
in
detail
about.
B
It
also
is
the
kubernetes
security
model,
so
three
everything
is
on
client
side.
You
are
just
generating,
instead
of
manifest
I
get
apply
on
the
under
cluster,
so
every
object
that
you
create
that
follows
the
community
security
model.
If
you
are
creating
an
object
that
your
that
your
user
account
is
not
allowed
to
you
would
you
would
get
an
issue
there,
because
the
kubernetes
would
just
not
allow
creation
of
that
object.
So
let's
say
you
are
not
a
cluster
admin,
but
you
are
creating
a
CR
D
or
a
cluster
role.
B
Cooney's
will
return
an
error
that
you
don't
have
access
to
create
that,
even
though
that
is
included
in
the
chart
and
that
that
was
possible
before
we
to
learn
because
to
learn
had
access
to
everything
in
home,
3
and
you
have
access
hell,
has
access
to
whatever
you
have
as
a
user.
You
can't
go
beyond
your
security
context.
B
The
are
the
installations
are
simplified
in
gnome
3,
there
are
more
recognized
and
the
ordering
is
simpler
to
control,
and
thus
the
artists
get
installed
before
the
rest
of
the
manifest
that
you
have
yum
hop
is
a
new
piece.
It
was
actually
has
been
around
for
a
while
now,
but
a
young
pup
is
launched
as
a
central
catalog
for
them
charts
there.
There
used
to
be
odor
resistant
as
central
repo
for
all
the
hill
charts,
with
categorization
of
what
is
this
table?
B
What
is
the
incubator
and
so
on,
but
more
and
more
inhale
repos
have
appeared
there,
like
Vietnam
eHome
repository
to
our
repository.
There
are
a
lot
of
other
ones
that
every
application
has
possibly
their
own
chart
in
separate
repo,
so
helm
hop
was
launched
as
a
central
place.
Catalog
that
indexes
chart
across
all
the
chemicals
that
exist
and
makes
it
really
easy
to
find
charts.
B
You
don't
have
to
go
check
these
repositories
one,
but
I
want
to
expect
everything
to
be
existing
in
the
central
hill
charge,
repo
that
has
been
used
for
for
a
long
time,
so
you
would
go
to
Home
Hub
and
that
would
is
easiest
to
search
there
and
it
will
send
you
to
other
people.
The
hub
does
not
post
the
actual
charts.
It's
just
indexing
from
the
other.
Existing
charging
positives
out
there
and
even
in
helm
CLI
that
default
central
repo
for
charts
is
removed
right
there.
You
said
there
is
no
preference
there.
B
You
have
to
manually
go
add
the
charge
repositories
that
you
want
to
use
and
and
install
the
charts
and
pull
charge
from
those
ripples.
There
isn't
equation
also
to
help
also
through
the
CM
I
can
always
search
in
him
harp.
If
you're
in
for
bread
for
WordPress,
it
will
tell
you
which
repos
contain
and
WordPress
charter
example,
and
the
last
bit
in
the
piece
that
we
are
really
excited
about
it
at
Red.
Hat
is
the
OCR
registries
as
hell
charge
repositories.
B
This
is
an
experimental
piece
and
the
idea
is
to
use
OCI
artifacts
for
storing
charts
as
well,
because
a
chart
repos
right
now
are
is
a
plane
like
index
ya
know,
basically
that
lists
all
the
charts
that
are
available
in
this
repo
and
all
the
metadata
around
it.
But
there
is
no
security
model.
There
is
no
clear
way
how
you
add
charts
to
this.
B
You
have
to
modify
it
basically
modify
that
handle
at
the
chart
and
it's
not
easy
for
a
developer
to
be
able
to
push
charts,
treat
or
interrogate
the
repository
using
an
austere
registry
that
would
piggyback
on
the
OCI
registery
capability
around
the
security
model.
They
push
and
pull
model
and
and
charge
would
be.
B
You
would
work
with
him
charter.
The
same
way
that
you
would,
you
would
do
with
any
other
OCI
image,
basically
so
make
it
really
simple:
to
have
security
model,
around
pushing
charts
to
report,
pulling
them
and
categorize
them
in
versioning
and
and
so
on,
and
they
have
just
recently
added
support
for
helm
charts,
as
also
artifact
in
in
Quay
as
well
is
an
area
that
is
very
similar
gene.
B
B
The
cluster
like
make
faster
decisions
would
not
have
not
because
their
admin,
so
you
might
run
into
some
of
those
issues
that
you
have
to
review
with
your
charts
to
make
sure
that
the
chart
is
not
doing
more
than
it's
expected
for
the
person
that
is
supposed
to
install
it.
So
if
the
charge
is
created
for
the
developer,
to
install
then
have
to
make
sure
it's
not
creating
objects
that
the
developer
doesn't
have
access
to,
and
that's
the
only
point.
There
are
a
couple
of
ways
that
the
migration
can
happen.
B
You
can
run
him
two
and
three
and
side-by-side
because
him
to
is
to
using
tiller
and
every
new
chart
that
you
deploy
can
use
him
three
and
use
secrets
for
the
releases
for
the
with
namespace,
so
that
would
that
would
work.
It
was
also
plugging
that
migrates,
so
we
can
like,
if
you
there's
a
window,
that
you
would
not
make
any
changes
to
the
helm
releases
that
you
have
on
the
cluster.
B
There
is
a
plugin
that
migrates
the
mirror,
if
that
exists,
some
help
too
and
extract
from
chiller
and
created
as
hell
three
releases
with
your
name
spaces,
so
that
that's
also
available
or
for
you
what
what
we
are
seeing
as
very
common
pattern,
is
to
have
that
coexist
and
gradually
move
appointments
to
him
three
and
remove
them.
Two
releases
to
a
point
that
there
is
no
release
is
based
on
him
to
anymore.
B
So
I
mentioned
that
the
security
model
is
different
in
here
three
and
in
we
have
to
review
them
if
you're
bringing
charts
from
home
to
home
three.
This
is
like
a
brief
comparison
of
how
how
the
security
model
is
different.
So
in
here
too,
you
have
the
chart
signing
provenance
obviou,
obviously
that
to
make
sure
that
the
charts
is
coming
from
the
author,
that
is
claiming
it's
coming,
and
then
you
have
certificate
management
around
tiller
to
make
sure
that
the
tiller
is
not
compromised
and
within
cure.
B
You've
had
access
management
or
you
could
control
who
has
access
to
what,
and
that
was
it
so
until
of
itself
is
had
cluster
admin
to
the
cluster.
So
if
you
pass
tiller,
everything
was
allowed
really
to
do
on
the
cluster.
Everything
the
ask
it
it
could
do.
Tiller
was
compromised
movie
to
am
3.
There
is
no
tiller,
obviously,
and
charge
signing
is
still
in
place,
so
you
have
that
provenance
control
and
the
rest
of
it
is
all
kubernetes
security
model
right.
So
you
have
communities
are
back.
B
If
that's
you
know,
we
have
hot
security
policy,
neutral
policy,
the
certificate
management,
user
management
service
accounts
and
so
on.
Everything
that
you
do
basically,
regarding
your
manifests
that
your
application
manifest
on
kubernetes
your
user
access
applies
now
to
help
three
as
well,
and
that's
really
when
we
talk
about
existing
charts
on
him
to
that's
really
the
area
that
requires
more
reviewing
all
right.
B
Otherwise,
the
manifests
are
all
fine,
but
a
lot
of
charts
going
to
access
problem
when
you
install
them
through
him
3,
because
suddenly
you
are
limited
to
what
your
user
has
access
to
your
you're,
not
poster
Adnan
anymore,
on
there
on
a
cluster.
If
your
cluster
admin,
you
wouldn't
see
any
difference,
really
any
chart
that
you
deployed
with
him
to
you
can
deploy
with
helmet
3
as
well.
B
Alright.
So
let
me
show
you
a
little
bit
what
we're
doing
as
some
screenshots
here
to
show
you
in
helm
in
authorship,
console
but
I.
Think
it's
much
nicer
to
see
it.
Why
so,
as
a
part
of
the
support
on
a
healthy
on
open
ship,
they're
also
surfacing
helm
more
and
more
within
the
open
shift
console,
especially
within
the
developer
flow,
so
inoperative
for
what
you
can
see
on
my
screen.
B
There
are
two
perspective
administer
administrator
and
developer
and
the
developer
perspective
focus
is
on
obviously
developer
workflows
and
what
they
have
started
with
is
to
add
at
the
health
charge,
within
the
developer,
catalog
in
in
open
shape.
So
if
I
go
to
the
add
flows
and
children
yellow
chart
within
the
developer,
catalog,
which
is
the
place
which
is
the
menu
the
self-service
place
for
developers
as
a
developer,
if
I
look
for
a
piece
of
software,
I
would
always
come
to
the
developer
catalog
to
find
and
deploy.
B
Remove
them
the
type
to
no
charge
can
see
everything,
maybe
I'm,
looking
for
a
dot
that
application
or
I
want
to
deploy
a
java
application.
I
can
see
different
type
of
Java,
runtimes
or
open,
JDK
and
Tomcat,
and
so
on
to
find
it
here.
So
this
is
a
self
service
or
in
developer,
wants
to
deploy,
content
or
open
ship.
It
will
come
to
a
developer,
catalog
and
helm.
Chart
is
recognized
there
as
a
new
type
of
content.
So
right
now
there
you
can
see
a
few
charts
that
are
available
and
you
can
add
more
try.
B
This
is
backed
by
a
helm,
repo,
so
any
charge
that
people
would
peel
get
poked
and
we
display
fear
and
we
are
working
toward
repository
management
really
for
developer
catalog
as
well.
So
you
would
see
the
charts
here
and
click
on
a
chart
a
little
metadata.
This
is
an
example
part,
so
it
may
be
a
little
empty
link
to
the
homepage
if
I
click
install
so
we
talked
about
chart
having
all
the
manifests
and
we
can
configure
it.
B
This
is
the
values
yeah
Mel
really
so
I
can
add
information
and
modify
the
behavior
of
this
chart
or
deployment
within
my
namespace
and
I
click
on
install,
so
that
would
take
that
chart
downloaded
from
the
repo
and
install
it
on
within
the
demo
namespace
on
my
cluster,
with
it
topology,
where
you
can
see
it's
like
deploying
right
now.
The
manifest
and
they're
gonna
bring
up
the
pot
and
the
hill
and
charts
are
recognized
with
apologies
Vale
until
a
little
bit.
D
B
It
tells
me
that
this
help
release
that
was
I
created,
it
included
and
deployment
config
manifest
bill,
config
service
images,
stream,
browse
and
so
on
and
release
notes.
If
you
charge
particular
chart
has
released
of
this,
this
chart
doesn't
have
any
release.
Notes
really
still
usually
contains
like
if
you're
provision
in
a
database,
it
would
show
that
they
use
something
here.
B
A
password,
credential
or
any
other
context,
objects
that
you
want
to
communicate
to
the
developer
that
has
deployed
in
the
chart
and
if
I
go
to
the
helm,
609
I
can
see
the
charts
are
the
releases
all
listed
there.
So
there
is
one
release
called
no
GS,
XK
I
didn't
real
name
it.
It
was
a
development
default
name
generated
for
me,
and
this
is
at
our
first
revision
and
version
of
the
chart
and
application,
and
these
are
the
releases.
B
This
information
was
this
used
to
be
within
tiller
and
now
they're
managed
as
secrets
within
within
the
namespace.
So
if
I
look
at
the
secrets
within
this
namespace,
you
can
see
that
they're
worries
and
a
type
of
secret
called
helm
and
release.
We
want
look
at
the
yamo.
It's
a
long
encoded
data
here,
it's
large
piece
of
information
that
is
encoded
in
base64
and
that's
the
rule
is,
if
you
decode
this
invested
before
twice,
because
this
is
a
secret,
you
will
see
a
large
JSON
that
includes
all
the
manifests
and
so
on.
B
You
normally
don't
do
this
I'm,
just
showing
you
two
like
how
how
this
is
different
from
hell,
but
that's
really
how
how
releases
are
managing-
and
these
are
like
regular
kubernetes
object
right.
So
there
is
no
central
piece
that
is
managing
this
and
if
you
use
him,
CLI
I
would
get
the
same
information
about
a
release.
Let's
take
a
look
to
see
if
the
charge
is
deployed.
Now
there
we
go
it
had
a
built.
This
particular
trial
chart
had
a
build
config
to
build
the
image
from
source
from
me
during
the
logs
of
the
build.
B
Let's
go
back
to
the
policy
of
you
zoomed
out
there
we
go
and
it
is
now
deployed
a
pod
is
running.
So
let's
do
something
else:
let's
go
to
the
church
to
the
release
and
I
want
to
operate
this
release
to
a
new
version
of
the
chart.
I.
Actually,
don't
don't
have
any
version
of
charge
right
now,
it's
only
the
diversion
that
we
had,
but
what
we
can
do
is
to
modify
some
some
information
about
this
discharge
and
redeploy
that
so
upgrade
is
not
only
upgrading
to
a
new
version
of
recharge.
B
So
when
you,
when
I,
do
upgrade
it
through
the
revision
of
that
bed
release
and
it
would
really
ploy
those
the
images
that
I
have
had
the
new
nipple
policies
if
I
click
on
the
release
that
I
had
now
within
the
revision
history
I
can
see
that
a
few
minutes
ago,
less
than
a
minutes
ago,
I
operated
this
particular
released
with
with
modify
my
five
values
and
the
resources
tile.
Mister
I
can
see
all
the
objects
that
has
been
generated
by
this
release.
B
So
this
is
very
handy
if
you
want
to
see
everything
that
is
related
to
your
application
to
this
release,
when
I
deployed
a
node.js
application,
I
see
everything
and
that
is
generated
and
from
there
I
can
navigate
to
those
particular
objects
for
their
release.
Go
back
to
the
region,
history
after
I
made
a
change.
I
changed
my
mind.
If
I
don't
want
the
image
to
be
pulled
every
time,
we
can
from
right
here
obviously
like
a
rollback
to
a
particular
revision
that
was
deployed
before
so
I.
Go
back
to
the
first
revision
of
this
release.
B
B
B
Charts
like
this
I've
been
products
in
the
developer
console
and
there
is
a
way
to
modify
this
list,
but
we
want
to
enable
admin
to
add
multiple
charge,
repositories
and
OCI
based
charge
repositories
and
into
openshift
console
console
as
backing
repos,
and
they
automatically
get
pulled
and
get
displayed
here
so
give
admins
a
way
to
create
a
help
chart
that
they
want
to
give
up
that
they
want
to
add
to
the
developer
catalog
and
maybe
it
make
them
available
to
their
application
teams
that
want
to
deploy
all
right.
Let
me
go.
B
Talk
a
little
bit
about
him
and
operator.
This
is
a
question.
I
get
a
lot
that
all
right,
how
you're
doing
you've
been
doing
operators
for
a
long
time,
and
there
are
a
lot
of
talks
about
operators
do
how
does
this
relate
to
here,
and
what
does
it
mean
for
open
shape
to
support
health
here
on
operators
and
I,
put
it
as
helm
and
operators?
A
lot
of
people
ask
him.
B
What's
the
difference
of
Hill
versus
operator,
these
are
really
two
different
technologies
that
solve
the
different
problems,
but
there
are
certain
little
overlap
there
in
in
operators
frame
where
we
have
five
levels
of
maturity
for
operator,
and
this
day
they
map
to
the
different
levels
updates
to
operations
that
most
organization
has
to
do.
The
first
one
phase
is
that
when
you
install
the
application,
the
second
one
is
upgrading
it.
B
The
third
one
is
that
when
you
manage
the
life
cycle
of
it
is
storage,
maybe
you
have
to
backup
the
data
put
it
in
the
story,
be
able
to
restore
that
data.
Imagine
it's
the
database
and
phase
four
is
when
you
are
collecting
metrics
about
application
that
is
deployed
and
based
on
those
metrics
and
alert.
You
make
decision
on
how
you
have
to
maybe
chart
the
data.
B
So,
and
not
all-
and
these
are
all
type
activities
that
that
IT
ops
is
doing
today-
there
are
other
applications
right.
These
are
new.
Most
archeops
are
focused
on
exactly
these
activities
activities
because
they
have
to
run
critical
software
in
production.
What
operators
do
is
that
give
a
path
to
two
teams
that
produce
software
to
automate.
All
the
way
to
the
that
highest
level
of
maturity
to
autopilot
by
encoding
that
knowledge
into
software.
That
does
that.
So
you
deploy
your
application
as
an
operator,
and
that
operator
would
install
it.
It
would
also
upgrade
it.
B
It
would
operate
the
data
and
we
backup
the
school
while
continue
in
the
database
example.
If
we
back
up
the
data
of
database
into
storage,
if
an
issue
happens,
it
would
restore
that
it
would
look
at
the
matrix.
It
would
give
you
guidelines
on
how
to
cheat
you
in
it.
If
it
would
sometimes
even
apply
at
yuning
itself,
it
will
process
the
workload,
it
would
add
more
maybe
memory
and
CPU
and
figure
out
how
to
shard
data
automatically
so
that
your
application
and
their
forms
best
right.
B
Elm,
on
the
other
hand,
is
a
really
nice
way
to
package
an
application
and
install
the
entire
focus
is
how
do
I
go
from
these
images
that
I
have
to
describe
the
application
completely
of
what
are
these
are
deployed
in
the
cluster,
and
I
can
obviously
operate
it,
but
upward
is
mostly
focused
on
communities
manifests,
and
you
all
know
that,
like
upgrade,
is
very
different
from
update.
If
you
have
an
old
database
deployed
on
kubernetes,
just
updating
the
deployment
and
to
refer
to
a
new
image
of
that
database
doesn't
really
do
anything
for
you.
B
You
have
to
look
at
a
data
exported
data,
reshuffle
it
normalize
it
imported
back.
There
are
a
lot
of
like
database
processes
around
the
operation.
So
that's
a
really
main.
Your
friends,
hey,
let's
focus
an
update,
but
operator
can
do
the
operator
on
Automation.
They
are
two
different
technology,
but
when
it
comes
to
the
install,
obviously
both
operator
and
helm
can
install
application,
but
that's
just
something
that
operators
after
two,
because
they
want
to
get
to
all
that
they
to
automation.
That
applications
require.
B
If
your
purpose
is
not
to
install
software,
their
purpose
is
to
manage
software
role.
Helm
is
focused
on
installing
topper,
and
you
see
some
operators
out
there
that
actually
use
him
to
install
the
application
and
then
use
other
mechanism
for
the
other
levels
of
maturity
that
are
required
and
keep
monitoring
the
deployed
application
deployed,
chart
they
get
metrics
out
of
a
they
modify
the
to
unit
and
so
on.
So
they
are.
B
They
are
complementary
technologies,
the
target
different
different
problems
and
try
to
like
a
different
video
of
showing
that
differences,
but
all
that
he'll
focuses
on
what
packaging
application.
Installation
and
simpler
updates
obviously
can
update
your
kubernetes,
manifest
and
operator
the
entire
focuses
on
on
kake
movie
that
are
related
to
that.
I.
Look
like
manage
services
that
you
want
to
run
your
software
as
if
it
was
a
cloud
service
as
if
it
was
a
managed
service.
B
So
you
wanted
to
automatically
upgrade
the
data
and
normalize
it
and
adapt
it
and
backup
and
recovery,
and
do
reshuffling
of
the
pods
and
influence
the
scheduling
of
the
pods
based
on
what's
happening
in
your
application
and
other
to
uni,
and
so
they
are.
They
work
together
really
well
for
the
purposes
that
they
are
created
and
for
most
of
the
software
that
you
buy
or
we
reuse
as
services
to
that
are
consumed.
B
Those
are
usually
things
that
you,
the
helm
chart,
might
be
very
good
point
to
to
start
with,
and
there
is
actually,
if
you
have
a
helmet
and
the
operator
SDK
offers
a
path
that
we
can
turn
that
ham
chart
and
create
an
operator
based
on
that
as
well
and
with
that
I'll
I'm
gonna
finish.
It
leave
some
time
for
Q&A
with
the
road,
not
that
be
half
so
hoping
ship
4.4
was
just
released
held
at
3.
A
You
did
a
great
job
and
it
was
much
better
than
the
two-minute
version
that
we
got
a
week
and
a
half
ago
internally.
So
thank
you
and
I
think
you
also
answered
with
the
last
slide.
If
you
go
back
one
slide.
The
first
question
that
somebody
asked
is
this
available
in
4.3
and
he
was
asking
in
terms
of
he's
running
I,
think
4.3
on
IBM
cloud
right
now:
I
wanted
to
make
sure
that
he
could
do
what
you're
talking
about
or
at
least
part
of
it
in
4.3.
A
So
the
distinction
between
what's
available
in
4/3,
around
helm
and
four
four
I,
think
you
tease
it
out
there
nicely
and
that
person.
Let
me
just
see
that
was
I'm
going
to
unmute
you
Carlos
Santana,
I
love,
that
name
and
if
you,
if
you'd
like
to
follow
up
with
that,
you
had
a
couple
of
other
questions.
Carlos.
E
Hi,
thank
you
for
for
the
for
the
presentation.
I
wanted
to
see
what
what's
going
on
with
the
home
tree
and
open
chef,
so
Sammy.
What
what
do
you
recommend
in
terms
of
gate?
Ups,
like
I,
saw
you
editing,
sneaky
sree,
the
llamo
directly
on
the
opposite
cluster?
Hopefully
this
is
not
a
production
cluster
right
that
you're
editing
by
hand
your
keywords
right,
but
that
section
of
the
ammo
that
you
show
you
is
that
the
values,
the
Y
ammo,
that
someone
will
put
kind
of
in
a
get
get
repo
and
they'd
have
something
like
Argo.
E
So
I
was
more
interesting.
You
mentioned
something
about
a
helm
tree
that
three-way
merge
of
taking
what
is
installed
compare.
What
is
the
new
version
kind
of
the
augur
it
make
a
method
mechanisms,
because
we
currently
using
a
get-ups
controller
like
in
this
case.
Our
goal
is
our
goal
using
leveraging
that
helm
tree
logic
to
do
that
upgrade
or
or
it's
just
a
simple
value,
stuff.
Yeah
more.
Do
you
have
any
thoughts
about
about
like
what
what
to
put
in
the
thicket
people.
B
B
That's
really
that
use
case
for
production
you're,
absolutely
right
that
all
of
that
both
the
chart
itself
and
the
values
llamo
that
has
to
come
from
a
place
that
is
version
control.
It's
very
common
that
you
keep
that
in
in
get
you
have
different
values,
yeah
Mel's
for
different
type
of
environments,
and
you
might
apply
them
through
your
CI
engine,
takedown
or
Jenkins,
or
something
else
or,
like
you
mentioned
more
of
a
a
get
ops
engine
that
syncs
your
repo
and
I
know
that
that
Argus
CD
has
that
recognized.
B
B
Think
I
didn't
mention
that
throughout
the
session,
in
addition
to
the
CLI
also
comes
with
a
client,
a
go
client
to
make
it
really
easy
for
other
tooling
to
to
provide
what
the
hell's
Eli
does
through
through
their
own
interfaces,
so
I'm
guessing
that
that's
what
our
go
CD
does,
that
is
using
the
go,
client
or
possibly
help
CLI.
So
I
wouldn't
expect
any
differences
in
the
way
that
marriage
happens.
B
When
you're
deploying
a
hill
chart
through
Argus
City
versus,
if
you're
doing
it
through
hem
CLI,
because
they
would
not,
it
would
be
I'm
I'm,
fairly
sure
that
they
are
using
one
of
the
passes
to
to
hell
to
app
to
convert,
to
chart
and
values,
yum
up
to
the
actual
manicure
they're,
not
doing
it
bad
and
so
they're,
relying
on
the
helps
you
know
I
or
they
go
client
of
the
hill.
So
you
should
have
identical
results
if
you
are
using
him
CLI
and
do
the
marriage
yourself
do
the
upgrade
yourself.
Thank.
E
B
E
E
E
It's
not,
it
doesn't
contribute
okay,
yeah
I,
don't
to
take
a
lot
of
time.
Dan,
sorry,
you've
been
warned
and
I
talk
a
lot,
but
that's
okay.
It
was
very
interesting
now.
Yeah
secrets
is
not
something
that
you
put
and
get
as
a
kind.
I
was
thinking
of
a
config
map
but
yeah.
If
it's
a
CRS
secret
I
guess
it
can
be
put
about
make
sure
that
they're
either
sill
secrets
or
there's
no
credentials
right,
and
then
you
can
sync
them
from
from
get
right.
B
So
the
secret
you
don't
really
need
to
put
this
is
this
is
just
the
mechanics
of
having
three
words.
So
every
time
you
deploy
a
chart,
the
release
object
is
stored
in
the
namespace
as
as
it
released.
So
this
is
you
wouldn't
put
in
the
indy
triple
what
you
would
get
in
a
putting
git
repo
is
your
chart
and
the
values
yeah
no
and
then
arbor
CD
your
example
installs
the
chart
into
the
clustered
and
one
of
these
secrets
automatically
gets
created
for
you
by.
E
A
D
I
work
with
AI,
co,
e
and
I
was
curious
that
we
had
done
some
work
with
a
Donal
to
call
them
it's
the
old-style
OpenShift
templates
for
Honda
and
or
small.
The
features
of
that
is,
if
you
define
one
of
those
it'll,
create
sort
of
like
this
little
web
form
and
the
console
right
for
people
to
fill
in
all
those
values
for
the
template
parameters.
D
B
Very
good
question-
and
the
actual
should
have
mentioned
this
before,
but
I'm
glad
you
brought
this
up
so
and
exactly
like
you
said
so.
This
llamo
is
it's
very
error-prone
if
you
have
to
modify
this
and
a
lot
of
charts.
So
let's
look
at
one
of
the
other
charts
that
we
have
and
keep
going
to
this
one.
When
you
look
at
the
PMO,
it
could
be
a
very,
very
large
channel,
alright
and
keeping
all
the
in
the
item
tation.
B
C
B
Has
made
this
possible
is
that
in
here
three
or
every
chart
can
contain
a
schema
or
the
values
gamma,
so
it
could.
It
would
contain
a
schema
that
would
say
for
the
there
is
a
field
called
server
name
and
the
title
is
this:
the
description
is
this:
it
accepts
strings
between
eight
characters,
200
characters,
so
you
can
easily
generate
a
form
for
that
with
validation
and
everything.
B
So
this
one
of
the
things
that
we
are
doing
going
forward,
I
didn't
have
a
timeline,
so
I'm
gonna
put
in
a
road
map
to
communicate
it
now,
but
it's
definitely
one
of
the
areas
that
you
want
to
add
and
replace
or
give
the
option
to
go
back
and
forth
between
form
and
these
values.
Yeah
Mel
in
the
yellow,
editor.
D
C
Thanks,
hey
sir,
a
very
great
presentation:
my
question
is
with
Helen
three.
Obviously
there's
an
official
support
from
open
shift
and
operators
have
been
our
favored
way
of
deployment.
So
how
would
be
the
messaging
would
be,
and
how
do
you
foresee
the
ecosystem
play
out
in
the
sense
that
do
you
think
people
will
use
help
three?
What
it's
capable
of
in
terms
of
initial
deployment
and
updates
and
use
continue
to
use
operators
to
do
what
it
does
best?
B
Question
I
definitely
see
this
as
that
people
would
pick
what
fits
their
their
uses,
and
this
is
something
that
we
are
already
seeing
like
if
you
and
if
you
look
at
I,
have
to
go
to
the
admin
console.
Look
at
the
operator
hub
and
they're
like
the
pieces
of
software
that
are
made
available,
though-
and
let
me
like
pick
like
an
example
like
the
database
and
cockroach
DB
right.
B
So
there
is
a
hell
of
charge
for
cockroach
DB
as
well,
and
I
can
use
any
CLI
to
deploy
it,
but
from
after
I
do
deploy
it
I'm
I'm,
not
an
expert
on
managing
our
course.
Db
I
know
how
to
use
it
in
my
application,
but
I
don't
really
know
how
to
manage
the
pods
make
sure
it's
running
within
development.
Environment
is
fine,
but
if
I
want
to
run
this
in
production,
I
don't
know
how
to
do
that.
B
So
and
an
operator
seems
a
lot
more
suitable
here
and
that's
why
an
operator
is
created
and
for
it
and
like
it's
relatively
adding
more
maturity
so
that
we
can
do
more
capability
around
it.
But
in
my
the
case
that
I'm
building
in
the
payroll
application
within
our
organization
or
some
other
application,
they
don't
have
a
good
example
right
now
and
this
changes
on
every
release
a
lot.
B
So
it
is
not
a
piece
of
software
that
is
consumed
by
other
development
teams
within
their
software,
but
it's
only
but
that
it
is
consumed
by
the
users
of
the
software
through
the
nib
UI
that
it
offers
right.
So
they
are
the
the
type
of
operation
that
it
needs
its.
It
varies
a
lot
from
version
to
version.
Every
change
that
you
make
is
not
simple
really
to
have
a
fixed
set
of
automation,
rules
for
how
to
manage
this
payroll
application.
B
So
in
these
cases,
making
creating
a
piece
of
software
that
can
manage
the
payroll
application
might
not
be
reasonable
because
you
have
to
constantly
modify
that
piece
of
software.
It's
used
only
once
for
one
deployment.
A
chart
might
be
a
lot
more
useful
here,
but
something
like
this
database
that
is
installed
thousands
of
times
accurate
thousands
of
cluster.
All
of
them
manage
the
exact
same
way.
B
It's
very
reasonable
to
have
an
operator
that
does
is,
instead
of
all,
those
thousand
teams
have
to
reinvent
the
wheel:
go
learn
how
to
manage
micro,
GDP
and
the
operational
develop
the
operational
capability
to
run
concurrently.
We
ended
in
in
production,
so
I
definitely
see
that
is
already
playing
out.
That
way,
that
a
lot
of
the
software
that
you
see
coming
out
as
operators,
they
already
have
a
help
chart,
but
there
was
a
need
for
them
to
automate
the
day
to
operation
that
that
people
have
to
learn
and
they
start
creating
operators
for
it.