►
From YouTube: Deep Dive into Red Hat OpenShift on AWS (ROSA) Andrew Cathrow OpenShift Commons Gathering KubeCon NA
Description
Deep Dive into Red Hat OpenShift on AWS (ROSA)
Andrew Cathrow (Red Hat)
OpenShift Commons Gathering KubeCon NA
November 2020
Join Red Hat's Andrew Cathrow for a deep dive into Red Hat OpenShift on AWS.
466760 Deep Dive into Red Hat OpenShift on AWS
A
Hi,
my
name
is
andy
catherine.
Today
I
want
to
talk
to
you
about
red
hat,
open
shift
service
on
aws,
what's
also
known
as
rosa
before
I
get
started
a
little
bit
about
me,
so
I'm
the
senior
director
of
product
management
looking
after
managed
services
for
openshift
on
the
right.
You
see
a
little
texas
flag.
So,
as
you
can
tell
from
my
accent
I'm
from
san
antonio
and
the
two
red
hat
fedoras,
there
is
because
I'm
a
boomerang.
A
This
is
my
second
time
at
red
hat
after
a
five
year
gap
so
glad
to
be
back
in
the
community.
Then
your
important
technical
stack
so
fedora
on
my
laptop
bash
python,
unashamedly,
vim
and
slightly
ashamed
of
chrome.
So
my
content
details
are
here
any
questions
about
the
slides.
Afterwards,
please
reach
out
to
me
on
email
or
twitter,
so
red
hat,
open
services,
that's
kind
of
not
something
you
expect,
so
we're
going
to
dig
into
that.
A
A
A
A
A
If
we
can't
operate
at
scale
and
reliably,
then
how
can
we
expect
our
customers
to
so
our
sres
work
closely
with
support
and
engineering?
It's
one
big
team,
so
we
get
to
give
that
feedback
back
into
engineering
to
improve
the
product.
When
we
operate
and
manage
service,
it's
not
a
different
open
shift.
It's
the
same,
open
shift
banner.
Is
that
you're
going
to
be
running
if
you
deploy
it
yourself,
but
this
virtuous
cycle
means
that
you
get
the
benefit
of
our
operational
expertise,
our
experience
and
together
we
build
a
better
product.
A
So
I
mentioned
two
reasons.
The
first
again
is
to
let
us
deliver
better
software
to
our
customers,
but
the
second
is
to
let
our
customers
deliver
better
software
to
their
customers.
So
if
you
can
spend
more
time
working
on
innovation,
development
and
less
time
working
on
operations,
that
means
it's
going
to
improve
your
products.
You
don't
want
to
spend
time
at
two
o'clock
in
the
morning
on
a
saturday
to
do
an
upgrade
or
to
respond
to
alerts
at
11
pm
on
a
thursday
night
right.
A
A
So
one
of
the
great
things
to
me
about
openshift
is
it's
openshift,
no
matter
where
you
choose
to
run
it,
whether
you
choose
to
run
on-prem
on
ibm's
cloud
on
azure,
google
aws,
it's
the
same
version
of
kubernetes
right,
it's
the
same
stack
on
top
with
prometheus
grafana,
etc.
So
the
same
stack
with
the
same
life
cycle,
the
same
developer
tools,
the
same
operational
procedures,
no
matter
where
you
run
openshift
sure
kubernetes
is
kubernetes
right
and
every
cloud
vendor
has
their
own
native
service
with
upstream
kubernetes.
A
But
it's
a
different
version:
different
patch
version,
a
different
life
cycle
and
that's
just
kubernetes.
You've
got
to
put
everything
on
top
to
build
your
application
platform.
You
need
more
than
just
the
orchestration
layer,
but
with
openshift
everything
comes
in
the
box.
Sure
you
can
take
out
components,
not
use.
Our
logging
use
their
own
different
monitoring,
but
you
have
everything
in
the
box:
pre-integrated
supported
together,
life-cycle
and
managed
together.
A
So
you
choose
where
you
want
to
deploy,
and
nowadays
everyone's
hybrid,
whether
that's
some
on-prem
someone
a
public
cloud.
Maybe
you
have
multiple
clouds
that
you're
running
on
you're
going
to
have
more
than
one
environment.
If
we
can
give
you
consistency
with
openshift,
it's
going
to
improve
your
developer
on
operational
efficiencies,
so
with
openshift
you
can
pick
to
deploy
and
manage
yourself
or
you
can
ask
ours
or
one
of
our
many
partners
to
manage
that
for
you.
A
So
if
you're
running
on
azure,
for
example,
there's
the
aro
azure
red
hat,
open
shift,
offering
that's
shortly,
managed
and
supported
by
microsoft
and
red
hat
ibm
runs
what
was
known
as
rocks
rather
openshift
kubernetes
service.
Now,
red
hat
openshift
in
ibm
cloud
on
google,
on
aws
we've
had
red
hat
openshift
dedicated
and
we're
going
to
talk
in
a
few
minutes
about
the
new
reddit
openshift
service
offering
so
dedicated.
A
I
want
to
talk
a
bit
about
this
because
our
new,
rather
openshift
service
on
aws
is
really
built
on
top
of
dedicated,
so
it's
a
great
foundation
so
dedicated
offers
a
open
shift.
Four
previously,
because
we
have
three
environment
is
fully
managed
for
you.
You
pick
your
platform.
Is
that
google
or
aws?
A
Is
it
going
to
be
your
account?
We
deployed
to
or
an
account
that
we
create,
and
then
we
manage
and
bill
you
for
infrastructure,
which
reason
do
you
want
multi-ac
single
z
manage
to
openshift
cluster,
monitor
ocm
and
we
do
all
the
management
for
you.
It's
not
a
managed
control
plane.
It's
managed
everything
so,
whether
it's
the
workloads,
the
upgrades,
if
something
goes
bump
in
the
night
at
two
o'clock
in
the
morning,
something
breaks,
an
alert
is
fired.
We've
configured,
alerting
we'll
respond
to
that
alert
for
you
or
do
the
mitigation.
A
A
Is
it
going
to
work
who's
going
to
fix
it
if
it
doesn't
right,
so
our
entire
fleet
is
typically
not
more
than
six
or
so
weeks
behind
what
ocp
has
sometimes
less
is
available
typically
the
same
week
as
an
fcp
release,
but
we
keep
our
customers
in
a
window.
We've
got
an
n
m
minus
one
release
philosophy
to
give
you
time
to
test,
but
you'll
have
an
always
patched,
always
updated,
fully
managed
stack
now
to
build
our
ship
dedicated
and,
of
course,
everything
we
build
is
on
top
of
open
source.
A
A
So
it
has
three
resources
that
it
manages
it
has
cluster
deployment.
So
in
the
kubernetes
principle,
declaratively
describe
cluster
that
we
will
deploy
machine
pools
where
we
have
a
notion
of
managed
worker
ports
on
mars
in
marginalized
cluster
and
sync
sets
which
allow
us
to
deploy,
managed
resources
to
the
clusters.
Think
about
having
you
know,
a
master
set
of
kubernetes
objects.
Maybe
it's
operator
configurations,
maybe
it's
config
maps
that
are
deployed
on
each
of
the
clusters,
so
we're
managing
that
essentially
from
hive.
A
A
So,
as
I
mentioned
earlier,
we
have
an
offering
on
aws,
it's
really
a
traditional
software
service.
So,
like
you
would
have
with
any
other
red
hat
product.
You
would
call
your
local
account
team.
You
got
a
demo,
they
give
you
a
quote.
You
do
a
purchase
order,
there's
an
invoice!
You
get
the
software
you
deploy,
not
exactly
rapid
right.
If
you
want
to
deploy
a
new
cluster,
you
want
to
onboard
new
customers
in
the
region.
If
you
haven't
got
subscriptions
already,
there's
going
to
be
a
lag
right,
it's
2020!
A
A
A
So
if
you
want
to
deploy
a
cluster
right
now,
you
want
to
run
it
for
three
or
four
hours
to
do
a
test
because
you're
testing
something
on
4
5
13.
How
does
it
look?
I
want
to
do
some
destructive
testing.
You
create
a
cluster
you
deploy
it.
You
burn
it
down
as
soon
as
you
want
you'll
be
billed
only
for
the
work
and
those
you're
deploying
from
that
bishop
subscription
point
of
view
for
as
long
as
you
run
them.
A
So
if
it's
just
for
an
hour,
it's
just
for
an
hour,
so
flexible
billing
that
will
be
billed
on
your
aws
bill,
so
just
as
if
any
other
service
and
integrated
into
aws
support,
call
us
call
aws
or
we'll
work
together
in
terms
of
user
experience,
so
you'll
find
today.
This
is
in
a
preview,
so
you
won't
find
it
in
the
console.
But
we
have
a
preview
program.
A
So
today
we're
going
to
be
in
ocm
or
lscli
or
working
with
our
partners,
aws
on
creation
through
the
edibles
console
we're
adding
better
integration.
If
I
am
your
ldc
and
4.6
pod
based
identity,
that's
been
integrated.
We're
working
on
the
ability
to
sign
on
to
this
manners
cluster
using
your
im
credentials.
A
So
we're
going
to
start
off
on
my
terminal
window,
so
I'm
running
fedora
and
I
have
a
command
line
tool
called
moba
ctl
moa
ctl
is
our
tool
for
managing
the
clusters.
Now
that's
going
to
be
renamed
in
the
future.
We
recently
changed
the
name
from
a
managed
openshift
service
to
red
hat
openshift
service
on
aws
roses.
So
by
the
time
you
get
your
hands
on
this
you'll
be
typing
rosa,
no
more
ctl,
so
most
ctl
is
our
tool
for
provisioning.
A
A
Let's
have
a
look,
so
I've
logged
in
it's
got
my
default
region,
which
is
a
east
one
and
there's
a
login
command
that
could
use
and
log
out
to
log
in
and
out
of
ocm,
but
from
here
everything
I
do
on
this
service
and
the
command
line
is
going
to
be
communicating
back
to
to
ocn
to
do
the
work.
A
Let's
have
a
quick
look
at
ocm,
so
the
commands
I've
got
running
here,
so
I'm
gonna
look
at
create,
so
I'm
gonna
create
a
cluster,
let's
decide
where
I'm
gonna
deploy
that
and
let's
look
at
what
version
I'm
to
deploy.
A
A
A
A
A
A
A
You'll
see
here
now
there's
a
few
details
of
the
blank,
the
external
id,
the
api
url
we're
not
going
to
see
that
until
the
cluster
is
created.
Let's
have
a
quick
look.
So
if
I
do
a
describe
cluster,
give
it
the
name
or
the
id
I'll
see
those
details
while
it's
being
provisioned
or
see
the
status
so
right
now
it's
preparing
the
account.
A
Account
so
here
we
have
got
one,
that's
in
the
ready
state.
It's
already
been
deployed
this
morning
and
one
that's
pending,
that's
running,
so
I'm
going
to
leave
that
one
that's
running
to
go
in
the
background.
I
should
have
actually
let
me
just
pop
over
here.
Let's
see
in
ocm,
I
should
see
that
as
well,
so
I
now
see
I've
got
one
cluster
now
installed
on
one.
That's
installing
state.
A
A
A
A
So
if
I
look
at
my
command
line
options,
I
have
a
create
idp
I'll
pass
it.
The
name
of
the
cluster,
call
the
id
and
put
into
interactive
mode.
That
will
now
allow
me
to
attach
an
idp
so
whether
it's
going
to
be
github,
google
lab
open
id,
etc.
I
can
go
through
those
flows
to
create
one
now
I
already
have
one.
So,
let's
have
a
look,
so
let
me
do
more.
A
I
also
have
the
ability
to
create
an
admin
user
which
will
create
an
admin
user
outside
of
the
there's
this
idp,
to
allow
you
to
log
into
the
console.
If
you
don't
yet
have
an
idp,
you
can
configure
so
the
way
that
would
look,
I
would
say
I
would
create
admin
and
pass
the
name
of
the
cluster
and
then
it
would
create
a
cluster
admin
user
and
a
portal
generated
secure
password.
A
So
if
you've
seen
dedicated
before
very
similar
view,
I
get
to
see
the
resource
utilization.
You
know
any
monitoring
any
alerts
to
the
firing.
The
configurations
for
the
idp
again,
I
can
go
in
the
command
line
or
I
could
go
into
oc
enter
that
configuration
from
a
networking
point
of
view.
If
I
wanted
to
take
this
public
service,
make
it
private
so
move
to
a
private
kubernetes
api.
A
Likewise,
with
my
application,
router
single
click.
To
do
that,
I
can
add
more
application
routers
on
support.
It
allows
me
to
set
the
contact
so
there's
no
opt-in
for
management.
The
moment
you
create
a
cluster
here,
it's
going
to
be
managed
by
us,
so
our
sres
will
have
seen
this
class
that
come
up
they've
now
been
monitoring
it.
Any
communication
that
we
need,
we
can
go
through
support
and
we
have
notification
emails.
We
can
send
you
as
well.
A
Maybe
it's
not
just
me
who
wants
to
get
the
emails.
You've
got
different
users
groups,
admin
teams
who
want
access.
You
can
then
add
notification
contacts
here,
so
they
can
get
these
the
appropriate
alerts.
Maybe
something
questions
that
we
have
about
the
cluster.
Maybe
notifications
about
issues,
upgrades,
etc.
A
We've
got
one
more
tab
that
you'll
see
earlier
in
december,
where
we
have
the
upgrade
schedule,
it's
a
user
interface
to
allow
you
to
schedule.
When
you
have
your
upgrades
free
clusters,
so
you
could
pick.
You
know
that
I
want
to
upgrade
every
week
or
I
want
to
upgrade
to
4
5
13
a
week
on
saturday
at
2
o'clock
in
the
morning,
so
the
rather
than
going
through
tickets
that
we
do
today
we're
adding
a
ui
with
full
automation.
A
So
you
can
point
and
click
and
schedule
your
upgrades
see
the
status
of
upgrades
what's
being
scheduled.
A
So
what
does
this
look
like
when
it's
running?
This
is
probably
the
most
disappointing
part
of
the
demo,
because
once
it's
installed,
it's
just
openshift.
There's
nothing
different!
Here!
There's
no
special
features
for
on
this
mana
service
other
than
the
fact
that
two
o'clock
in
the
morning
we're
the
one
who's
getting
the
call
with
the
ones
who
are
doing
the
upgrades,
the
patching,
the
monitoring
we're
the
ones
who
are
handling
the
sre
work.
It's
still
the
open
shift
that
you
know
there
may
be
some
extra
guard
rails
we
put
in
place.
A
For
example,
we
have
some
mission
controllers
in
place
to
block
some
sensitive
operations,
so
we
don't
want
you
destroying
the
control
plane
node,
since
we
have
an
sla
and
we're
managing
those.
We
want
to
make
sure
that
those
stay
up
other
than
that
it's
going
to
be
the
openshift
you're
used
to
in
terms
of
how
we
do
this
and
we've
got
some
links
in
the
slides,
but
the
tooling
that
I
showed
now
is
it's
rather
the
course
is
open
source.
A
A
So
if
you
want
access,
there's
a
couple
of
of
links
with
an
faq
at
the
end
of
the
presentation,
also
my
email
is
there
spam
me
we'd
love
to
get
more
people
on
board.
All
that
we
would
ask
that
you
bring.
A
Is
an
amazon
account
that
you
could
use
because
we're
not
going
to
pay
for
your
infrastructure
and
to
be
able
to
give
feedback
on
the
service,
so
we'd
love
to
have
more
people
getting
hands
on
and
trying
this
again
very
quick
and
easy
just
to
spin
up
the
cluster,
I
mean
spin
up
the
class
at
the
cost
of
a
latte
right,
30
cluster
rubber
running.
A
So
we
can
let
pop
back
into
the
command
line,
see
where
we
are
okay,
so
that
second
class
is
installing.
So
let's
have
a
quick
look,
so
I
can
ask
for
the
logs
the
install
log
for
the
cluster
and
I'd
be
able
to
see
that
log.
It's
the
same
log.
You
could
also
see
in
ocm.
So
if
you
really
want
to
watch
the
install
going
through,
you
can.
A
Other
commands
that
we
have
so
you're
going
to
need
to
have
the
oc
command
right.
Otherwise,
how
halibut
is
the
cluster
short
of
the
gui?
A
So
we
have
an
option
to
download
the
operation
client
so
whether
I'm
running
this,
whether
it
should
be
on
fedora
or
on
another
linux
or
on
windows
or
a
mac,
we've
got
the
same
features
in
the
cli.
It's
going
to
download
the
clients
for
you.
A
We
can
edit
cluster
resources
one
of
the
interesting
commands
we
have,
which
maybe
doesn't
sound
interesting
to
you,
but
from
an
srv
to
your
certainly
used
to
us
is
verify
so
if
you're
going
to
deploy
openshift,
there's
lots
of
permissions
that
are
required.
Obviously,
so
one
of
the
things
that
we
can
do
is
we
can
verify
whether
it's
the
permissions
or
the
quota,
so
openshift
client
that
we
have
the
clients
installed
permissions
before
I
kick
off
the
install
we
actually
validate.
A
You
have
enough
rights
to
do
everything
you
need
to
deploy
for
us
to
manage
openshift
for
you
and
for
quota
in
a
similar
fashion,
we're
going
to
make
sure
that
you
have
enough
credit
to
deploy.
What
we
don't
want
to
happen
is
halfway
through
an
install.
We
find
out
that
you
run
out
of
virtual
cpus
that
you
can
use
for
instances.
A
A
A
I
want
to
pop
over
to
this.
Now
we
have
a
link
on
the
last
slide.
So
if
you
want
to
learn
more
so
we
we
announced
this
one
where
we
in
the
relationship
with
aws
earlier
this
year,
there's
a
sign
up
to
learn
more
link.
If
you
click
here,
we'll
contact
you
and
you
can
request
to
join
the
on
the
private
beta
program.
Again,
you
can
email
me.
The
other
link
that
we're
going
to
have
in
the
last
part
of
the
slides
is
to
mower
ctl
to
the
github
repo,
so
everything's.