►
From YouTube: AMA with Red Hat Engineers, Data Scientists & Product Managers at OpenShift Commons Gathering 2021
Description
OpenShift Commons Gathering 2021
AMA Session: Live Q/A with Guest Speakers & Red Hat Engineers, Data Scientists and Product Managers
Moderators:
Diane Mueller (Red Hat), Stu Miniman (Red Hat)
Guest Speakers:
Annette Clewett (Red Hat) | Clayton Coleman (Red Hat) | Karena Angell (Red Hat) | Christian Hernandez (Red Hat) | Hugo Guerrero Olivares (Red Hat) | Sasha Rosenbaum (Red Hat) | Audrey Reznik (Red Hat) | Andrew Block (Red Hat) | Peter Hunt (Red Hat) | Aakanksha Duggal (Red Hat) | Oindrilla Chatterjee (Red Hat)
OpenShift Commons Gathering 2021
https://commons.openshift.org/index.html#join
A
Before
we
start
that
just
want
to
big
thank
you
to
diane
and
the
whole
team
that
helped
put
this
together
and
we're
going
to
have
as
diane
mentioned.
Also,
we've
got
some
of
the
lightning
panels
after
there's
still
more
swag,
there's
actually
a
raffle,
so
hope
you
will
stay
for
all
of
that,
but
do
want
to
open
it
up.
First
for
the
audience
here,
as
we
said,
we've
got
if
there's
any
of
the
sessions
that
you
ruminated
on
a
little
bit
and
want
to
ask
some
follow-up
questions.
A
A
B
A
C
So
clayton
coleman,
I
used
to
be
the
open
shift
architect
and
now.
There's
there
are
a
plethora
of
leads
in
architects
and
I've
kind
of
stepped
up
a
little
bit
to
look
at
problems
across
the
whole
ecosystem,
and
you
know
openshift
is
built
on
linux,
it's
built
on
top
of
openstack
and
virtualization,
and
public
clouds
and
private
cloud.
C
So
I
spend
a
lot
of
my
time
kind
of
in
that
space
that
stu
mentioned,
of
trying
to
think
about
how
we
can
do
more
to
support
the
pieces
coming
together
and
so
kcp
and
some
of
the
stuff
I
talked
about
earlier
today
is
an
attempt
at
least
to
look
at
patterns
that
we
all
are
hitting,
and
actually
you
know
the
the
real
call
to
participation
is.
You
know,
come
find
me
today
in
this
meeting.
C
If
you
have
questions
about
patterns
that
you'd
like
to
see
more
broadly
applied
patterns
that
you
noted
that
are
important
to
you,
you
know
there's
a
whole
host
of
things
that
come
up
every
time.
I've
had
a
conversation
with
anyone
about
this
topic
and
it's
kind
of
that
part
of
open
source,
which
is
it
really
is
important
for
people
to
say
what
they're
doing,
because,
frankly,
everyone
doing
this
stuff
is
much
better
at
it
and
knows
the
trade-offs.
C
C
A
D
D
E
I'm
gonna
just
remove
my
mask
because
it's
hot
and
difficult
to
speak
up,
but
hey
everyone,
I'm
oindra
chatterjee.
I
work
as
a
data
scientist
in
the
team,
ai
center
of
excellence
within
the
office
of
the
cto
at
red
hat,
and
we
work
on
various
emerging
trends
in
ai
and
ml
within
our
team,
and
I
spent
the
past
year
working
on
building
ai
and
ai
ops
tools
for
ci
cd
data,
while
building
these
solutions
and
tools
on
openshift.
F
Hello,
everyone,
I'm
akangsha
duggal
and
I'm
also
a
data
scientist
in
the
ai
ops
team.
At
the
eye
center
of
excellence,
I
am
based
in
boston
and
I've
been
working
on
the
ai4ci
project.
That
is
a
tool
that
helps
you
monitor
your
ci
cd
processes
and
I'm
also
a
data
scientist
who
leverages
all
the
open
source
and
platforms
that
red
hat
provides
us
as
data
scientists.
G
Hi,
hello,
everyone,
my
name
is
hugo
and
I'm
part
of
the
product
team
that
it's
part
of
the
applications
group
so
we're
doing
all
the
workloads
on
top
of
openshift
from
kafka
to
api
management.
Have
you
seen
in
the
in
the
previous
session?
So
if
you
have
any
questions
on
running
your
applications,
your
integration,
your
apis
and
on
kubernetes
and
openshift,
just
let
us
know.
H
Hey
everyone
andrew
block,
I'm
a
distinguished
architect
with
red
hat
consulting.
I
work
with
customers
across
the
globe
to
implement
container
solutions,
openshift
anything
so
over
the
course
of
time.
I've
probably
seen
it
the
good
and
the
bad.
So
if
you
have
any
questions
come
on
over
and
I'm
happy
to
have
a
chat
with
you.
I
J
Hi
folks,
kirsten
newcomer,
I
lead
the
security
pillar,
product
management
team
that
includes
red
hat,
advanced
cluster
security.
So
we
focus
on
ensuring
that
openshift
is
hardened
by
default,
that
we
provide
automated,
give
you
the
ability
to
automate
compliance
with
security
and
regulatory
controls
with
the
compliance
operator
continuously
investing
working
closely
with
the
cto's
office
on
things
like
key
lime
for
attestation,
sig
store,
also
with
andy
block
on
sigstor
kind
of
making
it
easier
to
add
signing
into
the
cicd
process.
J
Oh
okay,
it
was
the
other
room,
so
tons
of
stuff,
plus
runtime
security
working
upstream
with
kube
security
sig,
also
as
they
work
to
replace
pod
security
policies,
we're
going
to
continue
to
support
security
context
constraints
in
openshift,
but
also
work
to
with
things
like
opa
gatekeeper,
kyverno
and
as
the
community
evolves.
The
pod
security,
which
is
the
new
name
for
what's
going
to
replace
pod
security
policies,
drives
me
nuts,
we'll
be
working
on
that
too
run
time,
behavioral
analysis,
deep,
observability,
all
sorts
of
stuff
coming
your
way
come
find
me.
K
Hi,
I'm
karina
angel,
I'm
on
the
openshift
product
management
team.
I
cover
cloud
packs
which
are
ibm
is
one
of
our
largest
partners,
so
it
kind
of
covers
a
lot
of
areas
and
the
lessons
that
we've
learned
in
implementing
and
running
cloud
packs
on
openshift
have
really
helped
the
rest
of
the
product,
so
you'll
find
areas
just
across
openshift
that
are
just
better
for
what
we
have
learned
with
cloud
packs,
and
I
also
cover
some
upstream
work.
Open
cluster
management
talked
about
earlier
today,
that's
going
into
sandbox
for
cncf
coop
vert.
K
B
Hi,
I'm
danielle,
I'm
technical
marketing,
major
most
likely
developer,
advocate
error
head
and
I
spend
a
lot
of
time
to
evangelize.
The
kubernetes
navy
application
like
a
quarkx
in
spring
booth
and
also
like
a
data,
agree
something
like
that
on
kubernetes
and
apprenticeship,
of
course,
and
also
I'm
responsible,
cnc
ambassador
and
specifically
this
cube
kubecon.
I'm
responsible,
serverless
track
chair,
so
I'm
specialized
the
serverless
and
the
service
mesh
to
integrate
the
cloud
away.
Application.
A
Yeah,
that's
it!
Thank
you
daniel!
So
let
me
see
we
actually
got
a
question
from
the
virtual
diane
fed
into
us
from
hopkins.
I'm
waiting
for
her
to
type
it
in,
so
I've
got
a
pieces,
but
just
real
quick.
As
I
told
you
at
the
beginning,
my
name
is
stu
miniman.
I
joined
red
hat
one
year
ago
today,
I'm
on
the
openshift
product
marketing
team.
I
do
lots
of
executive
meetings
meet
with
our
customers.
I
was
an
analyst
for
a
decade,
so
I
do
a
lot
talking
to
our
press
and
analysts.
A
If
you
would
attended
this
show,
I
was
one
of
the
hosts,
the
cube
basically
since
they
started
that
a
decade
ago,
so
exciting
times
everyone
here,
one
of
the
nice
things.
If
you
made
it
here
in
person,
is
we
have
a
little
more
bandwidth
to
meet
and
talk
and
go
a
little
bit
deeper.
As
clayton
said,
this
is
like
the
hallway
track
that
we've
all
been
missing
and
you
get
to
do
it
like
all
week
and
that's
mostly
who
showed
up
here.
A
So
we
really
appreciate
you
all
coming
also,
if
you
know
people
that
are
looking
for
jobs,
red
hat
is
hiring
there's
a
a
hiring
social
thursday
morning.
If
you
hadn't
heard
about
it,
please
let
them
know
like.
I
know
the
technical
marketing
team
we've
actually
got
like
five
like
more
associate
level
positions,
open
and
yeah,
yeah
and
right
product
management
and
engineering.
There
are
a
lot
of
openings,
so
it's
good
times.
Please
look
them
up
and
just
find
anybody
at
red
hat.
A
J
J
We
have
to
kind
of
do
relative
reasonably
relative
alignment
between
rel
releases
right,
rel,
core
os
is
built
from
rel
binaries,
so
open
shift,
4.8
uses
rel
8.4,
binaries
4.9
will
also
use
8.4.
Binaries
4.9
is
coming
out
any
day
and
then
acm
has
aligned
their
releases
with
openshift
releases.
So
just
as
kube
has
gone
to
three
times
a
year,
so
will
openshift
and
acm
releases,
typically
about
two
weeks
after
that.
J
I
F
J
L
Hi,
so
this
might
be
a
slightly
tough
questions,
but
you
know
you
have
enough
people
so
a
few
a
few
years
ago
before
the
world
change.
I
remember
the
big
discussion
was
kubernetes
is
boring
and
you
know
this.
I
always
knew
that
was
kind
of
bs,
because
there's
so
much
to
do
and
for
me
I
see
three
areas
and
I
want
you
guys
to
talk
about
specifically
what
we're
you
know.
Red
hat
is
trying
to
do
so.
L
One
is
like
multi-tenancy
and
scaling,
and
obviously
you
talked
about
some
of
it,
but
I
haven't
seen
anything
done
around
multi-tenancy
so
that,
instead
of
having
everybody
solve
multi-tenancy
themselves
for
large-scale
sas,
it
can
be
part
of
the
system.
Another
one
is
security
and
obviously
there's
a
lot
of
discussion
on
security,
but
one
that's
sort
of
hard.
Is
this
code
signing
chains
right
like
six
store
and
so
on?
L
And
that's
certainly
you
know,
hopefully
something
that
that's
already
in
the
line
and
last
thing
is
ease
of
use
because
every
single
customer
I
talk
to-
and
I
talk
to
hundreds
everybody
says
how
difficult
it
is
once
you
don't
have
any
enough
experience.
Obviously,
right
so
those
two
areas,
if
you
can
speak
to
them,.
C
Yeah
so
I'll
take
the
first
one
real,
quick,
so
multi-tenancy
is
one
of
those
things
that
I
mean
even
before
kubernetes
before
any.
Even
before
we
had
namespaces
right,
a
red,
hatter
helped
drive
the
design
of
namespaces
in
cube
quota
limit
ranges.
We
spent
a
lot
of
time
on
security
context
constraints,
pod
security
policy
evolved.
C
The
thing
that
federation
lacked
was
any
real
concept
of
how
you
break
apart
the
individual
problems
so
that
you
can
evolve
those
independently
and
I'll
give
an
example
here.
So
if
you
have
70
clusters,
you
have
70
different
versions
of
operators:
software
api
life
cycle-
you
can
automate
those
to
bring
them
into
alignment,
but
each
one
of
those
is
a
unique
failure
domain
and
that's
how
cube's
designed
what
I'd
like
to
see-
and
I
think
what
we're
kind
of
gearing
up
is:
there's,
there's
small
efforts,
medium-sized
efforts
and
big
efforts.
C
C
You
need
to
decide
who's
going
to
test
it
first,
how
do
you
test
it
close
to
production?
How
do
you
roll
that
out
roll
that
out
in
a
controlled
fashion?
What
happens
when
someone
is
using
one
field,
one
very
specific
combination
of
behavior
and
you
break
it.
What
are
the
metrics
that
tell
you?
You
just
broke
10
of
your
fleet,
15
of
your
applications.
What
if
that
issue
only
emerges
later?
How
do
you
work
backwards
from
that
event?
C
So,
there's
a
lot
of
problems
inside
a
cube
cluster
crds
extension
of
cube
we're
never
we're
never
going
to
support
tenancy
within
a
cluster
of
apis
different
apis
for
different
namespaces,
because
it's
a
fundamental
characteristic
of
cube
and
that's
partially.
What
kind
of
drove
that
higher
layer
question
is
we
can
take
those
concepts
we
can
take
a
chunk
of
apis
with
namespaces
and
rbac
and
all
that
magic
with
the
existing
cube
apis,
and
we
can
break
it
up
into
little
pieces.
C
I
think
that's
one
of
the
ingredients
that
we
need
to
have
available
of
the
ability
to
say
I
might
have
ten
thousand
teams,
a
hundred
thousand
teams
and,
like
your
question
about
scale,
is
you
know,
increasingly
organizations
run
the
gamut
they
might
have
one
team
or
they
might
have
a
hundred
thousand
teams
and
cube
solves
a
part
of
that
problem
in
open
source.
A
lot
of
us
actually
recreate
those
same
problems
over
and
over
again.
How
do
we
hand
out
resources
to
teams?
How
do
you
give
people
access
to
cloud
account?
C
C
We
would
I'd
really
like
to-
and
this
is
a
key
part
of
our
investigation
in
kcp-
is
try
to
break
those
little
chunks
up.
So
you
can
say
I
get
an
api
space
that
feels
cube-like,
that
I
can
do
all
the
things
in.
I
can
add
new
apis,
but
those
are
mine.
Then
I
can
go
to
the
next
level
scale
them
out.
That's
like
the
big
change,
but
below
that
would
be
okay.
Well,
then,
that
would
help
us
in
acm
that
would
help
us
in
argo.
That
would
help
us
in
ci.
C
How
do
you
give
people
access
to
new
types
of
apis,
like
maybe
you
get
part
of
the
api
for
pipelines,
but
not
the
other
part?
We
don't
have
a
lot
of
tools
to
control
access
above
a
cluster
and
so
there's
an
element
of
investment
in
that
area,
and
you
know,
as
we
go
down
further
in
the
stack,
there
will
be
implications
to
it,
but
I
really
do
think
that
you
can't
build
multi-tenancy
into
cube,
as
it
is
without
breaking
too
much
of
what
we
do.
J
I
think
that
yeah
that's
a
great
summary
and
also
we're
also
investing
in
separation
of
control,
plane
and
data
plane,
which
is
another
significant
area
that
enables
serious
multi-tenancy
right
and
give
give
our
large
customers
the
ability
to
have
a
control
plane
that
can
manage
multiple
cluster
data
planes.
So
existing
multi-tenancy
is,
as
clayton
said,
there
are
limitations
to
what
we
can
do,
but
there's
still
a
lot
there.
J
H
Read
my
mind,
you
read
my
mind
so,
as
you
know,
six
stores
and
projects
that
red
hat
is
being
you
know
actively
involved
in
from
a
product
management
side.
You
know
kirsten
will
certainly
attest
to
that
we're
doing
a
lot
of
work
within
red
hat,
to
bring
a
lot
of
those
tools
into
our
ecosystem,
so
in
the
future
you're
going
to
start
seeing
more
of
those
part
of
the
product
itself,
everything
from
the
fundamental
red
hat
enterprise,
linux,
core
os
layer,
all
the
way
up
through
openshift
container
platform
as
well.
H
H
C
Ease
of
use
is
one
of
the
hardest
problems,
I
think,
which
is
what
are
we
trying
to
make
easy
and
one
of
the
things
we
often
notice
is
there's
so
many
different
ways
of
making
things
easy,
openshift,
actually
from
the
very
beginning,
was
about
trying
to
streamline
that
different
process.
That
was
paz
was
really
an
attempt
to
make
the
first
experience
simple
and
to
keep
it
at
that
high
level.
Virtually
reality
is
a
lot
messier
and
the
paths
that
we
ended
up
with
is
this
wealth
of
different
choices.
C
You
know
some
people
may
want
to
trade,
tecton
or
argo
for
jenkins
or
a
more
opinionated
build
flow.
A
focus
for
us
will
be
trying
to
bring
together
an
experience
that
makes
the
application
development
story
that
we're
all
using
a
little
bit
more
effective
and
well
integrated,
but
I
think
there's
some
real.
I
think
there's.
C
This
is
a
hard
problem
that
is
a
combination
of
the
the
need
for
capability
within
our
ecosystem,
combined
with
every
additional
bit
makes
things
more
complex,
and
it's
where
those
things
intersect,
that
it
really
gets
hard
is
you
know
the
power
of
a
tecton
pipeline.
You
know
techno
pipelines
are
pretty
darn
powerful,
but
they
can't
do
everything
when
you
need
to
cross
out
of
that.
How
much
do
you,
abstract
pipelines
for
your
organization-
and
I
think,
we're
always
looking
at
this?
K
I'm
going
to
add
to
that
so
with
each
release
we
have
a
lot
of
product
managers
and
a
lot
of
engineering
teams
right
just
covering
the
entire
platform,
with
each
release
as
kubernetes
is
maturing
as
openshift
continues
to
mature.
That
gives
the
teams
opportunities
to
further
make
it
simpler
right,
because
hard
is
easy.
K
Sounds
like
anything
thank
you.
Thank
you
and
easy
is
actually
very
difficult.
So
yeah,
like
I
said,
like
each
release,
every
team
is
looking
at
this
and
you
can
see
it
with
each
time,
like
four
nine,
when
you
start
playing
with
it,
you'll
see
like
there's
different
aspects
that
are
easier.
I
talked
earlier
about
how
argo
like
just
the
ui
is
just
simplifying
the
different
uis
and
not
having
to
go
different
places
to
do
things
yeah
and
it's
that
across
the
entire
platform.
A
A
A
J
I'm
sure
we'll
weigh
in
so
one
of
the
things
we
talk
about
internally.
A
certain
amount
is
that
is
the
state
of
vulnerability
scanners,
which
is
is
frankly
a
challenge
right.
One
one
of
the
things
folks
are
dealing
with
is
an
overwhelming
amount
of
vulnerability,
data
that
comes
out
of
scanning,
an
image,
etc,
and
so
there
are
a
couple
of
angles
to
take.
One
is
for
the
developer.
J
Yes,
you
want
to
use
image
scanners
on
your
on
your
images
that
are
stored
in
your
registry,
ideally
a
certified
image
scanner
so
that
you
get
red
hat
data
if
you're
using
a
red
hat
base
image
as
part
of
your
custom
build,
you
know,
that'll
give
you
data
that
links
to
fixes
as
well,
but
it's
still
overwhelming
so
so
there's
a
supplement
you
can.
You
can
look
at
like
if
you
can
scan
leverage,
something
like
red
hat,
advanced
cluster
security
or
some
of
our
other
security
partners
that
give
you
runtime,
behavioral
analysis
and
runtime
context.
J
I
mean
you,
don't
want
to
wait
until
then,
but
leverage
that
data
leverage
use
it
on
your
test.
Cluster
right,
don't
wait!
Till
production
use
those
tools
in
your
test
cluster,
so
you
can
see
which
vulnerability
which
which
pods
are
actually
exposed
to
the
internet.
If
that,
if
it
were
going
to
be
exposed
to
the
internet
right
and
and
contextualize,
and
get
a
little
bit
more
information
to
help,
inform
your
focus
and
and
do
some
risk
assessment.
H
I
work
with
a
lot
of
development
teams
at
different
organizations,
and
one
of
the
key
challenges
I
see
is
they're
just
getting
into
containerization.
Still
I
mean
some
of
us
in
the
room,
they've
been
doing
containers
for
many
years.
Some
organizations
still
are
at
their
infancy
or
pretty
young
in
them.
The
challenge
we
see
is
that
you
involve
the
security
team
too
late,
which
is
where
you
caused
your
developers
to
bang
their
heads
on
the
desk
multiple
times,
because
they
will
spend
hours
and
hours
developing
the
best
code.
H
Ever
it
works
fine
in
development
et
cetera.
They
don't
actually
turn
on
scanning
until
they
hit
towards
production,
and
they
realize,
oh
all,
that
you
know
time
that
I
wasted
building.
My
container
perfectly
has
a
vulnerability
because
I
did
x,
y
and
z
incorrectly.
If
you
tell
them
ahead
of
time.
Using
tools
like
pearson
mentioned,
ide
plug-in
scanning
tools
make
it
easier
for
developers
to
become
self-sufficient
as
well
as
self-aware,
so
they
can
better
themselves
because
anything
they
can
do
to
get
the
process
down
faster.
C
C
Ids
is
a
great
place
for
it.
Can
you
move
the
problem
to
a
closer
to
the
actual
person
who's
affected?
Sometimes
that
means
that
the
net
annoyance
is
actually
higher
than
one
security
person
who's
at
the
end
of
the
day.
Trying
to
make
things,
but
it
scales
better
and
ultimately,
that
frees
that
security
person
to
go
deal
with
the
actual
problems
like
real
vulnerabilities,
improving
the
process.