►
Description
Road Ahead at OpenShift Panel at OpenShift Commons Gathering Red Hat Summit 2018 AMA Panel with Red Hat OpenShift Product Managers: Joe Fernandez, Kristen Newcomer, Marc Curry,
Jimmy Zelinskie, Mike Barrett - moderated by Brian Gracely (Red Hat)
A
We're
gonna
make
this
sort
of
ask
me
anything.
The
only
caveat
I'll
say
is
be
a
little
bit
mindful
of
there
may
be
a
whole
bunch
of
questions.
If
you
ask
us
super
super
deep
that
1.2
and
we
don't
have
time
to
get
through
it,
we'll
get
it
at
the
beers,
but
ask
anything
you
want
so
real,
quick
starting
the
left
mark
go
ahead.
Do
a
quick
introduction!
What
area
you
focus
on
my.
E
And
this
is
just
a
subset
of
our
product
management
team.
Not
everybody
could
be
here
today,
but
first
I'd
like
to
thank
everybody
who
stuck
around
for
the
day.
Hopefully
you
all
appreciated
the
event.
I
would
like
to
thank
all
of
our
customer
presenters.
We
had
a
24
sessions
today.
Hopefully
you
guys
liked
the
format
I
know
you
can
hear
from
Red
Hat
a
lot
you'll
hear
from
Red
Hat
all
week
we
figured
you
know
if
you
could
hear
directly
from
customers
about
what
they're
doing
what
they're
experiencing
it
would
be
a
good
outcome.
E
H
I
E
Just
amazing
to
see
the
attendants
grow
and
and
Diana
Alexa
do
a
great
job
and
everybody
else
that
works
with
them,
so
really
appreciate
the
effort
so
yeah.
So
please
raise
your
hand
if
you
have
questions
I
would
like
the
things
that
you
like
things
that
you
hate
row,
things
that
you
don't
like
things
that
you'd
like
to
see
us
work
on
new
features.
You'd
like
to
see
just
ask
us
anything.
E
We're
gonna
run
some
some
previews
and
some
betas
of
things
like
operators
and
and
even
here
at
Summit
you'll,
be
able
to
see
some
demos
of
how
the
integrated
console
is
coming
together.
I
would
say
in
311,
in
September
and
312
in
December
is
when
you'll
see
the
bulk
of
the
integrated
features
and
you'll
see
those
products
coming
together.
Our
goal
is,
by
the
end
of
this
year,
to
have
oak
core
OS,
tectonic
and
open
shift
completely
converged
all
the
critical
features,
and
that's
it
that's.
E
K
With
39,
we
have
the
introduction
of
supporting
the
cryo
runtime.
Can
you
touch
on
how
you
intend
to
cover
things
like
best
practices
for
building
containers
without
using
docker
tools,
things
like
using
build
or
whatever
else,
and
then
how
is
that
going
to
be?
How
is
that
gonna
be
reflected
in
the
overall
building
images
within
I've
been
shift
from
a
developer
standpoint,
so.
E
I'm
gonna,
let
Steve
talk
about
the
the
build
tools
here
in
just
a
second
just
the
folks
who
don't
know
so
OpenShift
ships
with
rel,
and
that
includes
the
rail
docker
runtime
right,
which
is
red-hats
packaged
version
of
the
docker
now
moby
upstream
about
a
year
ago,
we
started
working
on
an
alternate
OCI,
runtime
called
cryo
and
basically
for
a
number
of
reasons.
You
know
something
that
was
Damon
lists.
Lighter
weight.
Secure
was
specifically
focused
on
kubernetes
and
would
be
stable
for
all
upstream
releases,
but
cryo
and
docker
there
OCI
compliant
runtimes.
E
So
you
can
take
your
any
docker
container
and
run
it
on
either.
In
fact,
you
wouldn't
even
know
the
difference
if
you're
running
it
in
kubernetes
and
openshift,
because
it's
sort
of
underneath
the
covers
so
so,
in
addition
to
the
runtime,
we
have
been
working
on
a
set
of
build
tools,
things
like
like
buildin
and
so
forth.
I'll,
let
Steve
talk
about
that.
Yeah.
D
So
so
builder
itself
takes
a
similar
approach
to
the
docker
Damon,
but
just
doesn't
require
that
dr.
Damon
and
we're
doing
work
to
bring
together
the
docker
file
based
build,
so
he
can
plug
in
build.
We
already
had
a
tool,
tech
preview.
We
had
done
with
this
image
builder
tools,
which
has
other
guess,
qualities
like
that.
That
doesn't
depend
on
docker
itself
and
will
continue,
invest,
I
know
that
Google
put
out
a
Kanaka
tool.
That's
like
this.
It
takes
a
slightly
different
approach.
There's
one
things
we
talked
with
them
last
week
at
cube.
D
C
Best
practices
and
the
next
two
releases
Joe
mentioned
3.10
and
three
eleven
you'll
see
some
performance
information
of
what
we're
pumping
out
of
cryo
coming
out.
You
also
see
the
cryo
control/command
and
how
to
use
that
and
how
to
use
that
as
compared
to
pod
man
when
you're
using
these
new
runtimes
that
are
being
offered
in
kubernetes.
So
all
that's
probably
coming
out
between
what
is
it
Jim
May
June
June
in
September
yeah.
E
So
we
see
strong
standards
now
for
container
runtime
and
container
format,
with
the
open
container
initiative,
specs
having
reached
1.0
and
a
ton
of
information
in
new
build
tools
and
new
methodologies
for
for
building
standard,
OCI
images,
and
you
know,
build
a
pod
man.
These
are
some
projects
that
we've
been
investing
in
for
the
future.
To
give
you
more
options
for
that
I.
A
L
Hello
I
know
I'm
real
excited
like,
for
example,
with
the
operator
interface
for
vault
and
things
like
that.
But
maybe
could
you
talk
a
little
bit
more
about
you
know
at
a
high
level,
security
moving
forward
for
the
native
OpenShift
secrets
and
maybe
using
more
secure
our
algorithms.
For
that
you
want.
C
The
only
downfall
to
that
is
that
you
aren't
using
the
secret
API
object
in
that
case,
right,
you're
you're,
still
working
with
a
secret
bit
of
information,
but
you're
not
storing
it
in
the
secret
API
the
kms
service.
That's
coming
in
the
next
two
releases.
The
kubernetes
will
allow
you
to
say
that
in
the
secret
API
yeah.
E
So,
by
default,
we're
storing
secrets
in
at
CD
in
kubernetes
right.
So
s
CD
is
your
secrets
vault,
but
we
know
many
customers
would
prefer
to
use
a
cyber-ark
or
a
Hoshi
core
vault,
so
we
want
to
make
that
work
seamlessly
across
the
board,
whether
you're,
using
at
CD,
whether
you're
using
a
third
party
vault
solution
that
you
know
the
experience
would
be
the
same
here.
G
And
in
like
a
couple
weeks
ago,
what
core
OS
did
was
actually
open
source,
our
vault
operator.
So
previously
that
was
shipping
as
a
proprietary
operator
with
tectonic
and
now
it's
open
source
and
can
be
run
on
any
kubernetes
cluster.
So
you
can
go
out
and
install
that
today
and
start
using
like
an
automatically
managed
vault
instance
that
runs
H
a
it's,
not
the
actual
config
map,
as
they
were
saying,
but
it
is
a
you
can
think
of
it.
As
like.
An
Amazon
key
service
running
on
your
cluster
kubernetes
native
and.
F
As
you
can
hear,
hopefully,
there's
been
a
lot
of
investment
in
improving
secrets
management
in
a
number
of
different
ways.
So
just
in
case
you
didn't
know
in
ED
CD
you
can
encrypt
secrets
are
encrypted
by
default.
As
of
361,
and
some
of
the
vault
integrations
that
Mike
was
talking
about
that
as
they're
looking
at
kms
in
the
near
term,
there
are
integrations
available
using
other
methods
using
the
Flex
volume
API,
so
lots
of
investment
yeah.
E
Just
one
more
thing
on
Jimmy's
point
you
heard
about
the
operator
framework
this
morning:
you'll
be
hearing
about
operators
that
we're
going
to
be
building
for
all
of
our
platform
components.
Everything
that
runs
on
kubernetes
and
openshift
will
have
an
operator
so
that
we
can
automate
the
operations.
E
So
that's
everything
from
@cd
which,
with
tecktonik
already
had
an
operator
for
Prometheus
we're
gonna,
do
one
for
elastic
search
in
Cabana,
basically,
all
of
our
self
hosted
components
and
then
we're
also
exposing
operators
out
for
end-user
services,
so
things
that
you
would
provision
through
the
service
catalog,
but
things
that
you
want
somebody
else
to
operate
for
you
and
I
use
the
example.
This
morning
a
developer
wants
to
consume
a
database,
but
he
doesn't
want
to
be
the
DBA.
So
how
do
you
build
operations?
E
So
so
Jimmy
was
referring
to
the
vault
operator,
which
is
an
operator
that
they
built
for
the
open-source
vault
project
and
and
that's
something
that
you'll
be
able
to
try
out
on
OpenShift.
Obviously,
if
you
want
commercially
supported
vault
itself,
you
know
cyber
sorry,
Hoshi
Corp
is
a
partner.
Cyber-Ark
is
also
a
partner,
so
we're
we
don't
take
sides.
So
so
so
please
check
those
things
out
and
give
us
your
feedback.
E
M
And
I'm
looking
for
show
image
for
Artemis,
actually
mq7
and
never
God.
So
I
was
looking
for
this
image
and
I
heard
that
will
be
a
service
on
the
cluster
like
logs
and
match
keys,
and
we
have
like
a
broker
a
message
broker
as
a
service
in
the
cluster.
Do
you
know
something
about
it?
If
you
coming
on
the
next
version,
so.
E
E
We
can
dig
into
that
a
lot
of
times.
What
we
see
is
people
bringing
a
lot
of
either
community
images
or
their
own
custom
images
to
openshift
and
that's
great.
We
have
a
lot
of
than
ISV
partners
that
will
provide
supported
versions
of
those
things.
We
have
a
lot
of
our
own
stuff
in
our
portfolio,
but
that's
just
one
that
I'm
not
familiar
with,
but
we
can
follow
up
and
see
if
either
there's
a
plan
for
a
Red,
Hat
image
or
one
of
our
partners
to
have
that
as
a
supported
offering.
So
here.
N
C
So
the
there
has
been
issues
reported
with
our
disconnected
installation,
there's
just
baked
into
it,
some
expectation
that
some
things
would
be
able
to
be
pulled,
so
we've
hunted
most
of
them
down,
but
the
the
thing
that's
missing
is
the
post
install
activities
so
where
Jenkins
has
to
pull
where
NPMs
would
have
to
pull
where
Jim
servers
would
have
to
pull
kind
of
your
artifacts.
That
is
still
not
mastered,
but
we
are
in
3.10.
We
definitely
solved
all
the
other,
disconnected
issues
yeah.
E
It's
something
we're
always
working
on.
We
have
a
number
of
customers,
you
know
in
public
sector
and
in
financial
services
that
have
to
run
disconnected
installs
offline
environments
and,
as
you
can
imagine,
there's
a
lot
of
when
you're
dealing
with
you
know,
images
and
maven
repos
and
all
the
stuff
there's
a
lot
of
stuff
where
the
software
wants
to
reach
out.
But
but
we
do
constantly
evolve
those
capabilities
and
I
think
to
Mike's
point
with
three
ten
we've
made
another
set
of
enhancements
and
we
keep
looking
for
feedback
on.
E
H
E
The
question
was
around
the
the
future
of
cloud
form,
so
so
cloud
forms
is
continue
on.
There's
the
platform's
is
redheads
hybrid
management
solution.
We
also
have
open
shift
provider
in
cloud
forms
to
pull
stats
from
openshift,
but
those
stats
would
come
from
our
monitoring
agents
and
stuff
within
openshift
right.
So
so
a
couple
of
things
one
is
we
we've
gotten
feedback
from
customers
that
wanted
admin
capabilities
baked
right
into
open
chef
right?
E
So
the
tectonic
team
had
a
great
Prometheus
team
that
had
done
a
lot
of
work
around
Prometheus
monitoring,
and
so
that's
helping
us
accelerate
the
the
amount
of
monitoring
data
that
we're
able
to
provide
on
the
flip
side.
They
didn't
have
a
logging
stack.
We
had
you
know
our
log
management
sexo
can
bringing
these
things
metrics
and
logging
together
for
where
the
cluster
administrator
within
OpenShift
is
is
a
key
key
focus
day
to
management
is
a
big
theme
and
automated
operations,
but
that
doesn't
sort
of
supplant
red-hats
management
portfolio.
E
We
still
have
you
know:
satellite
and
cloud
forms
and
insights
and
ansible
very
much
part
of
the
portfolio
and
they'll
go
beyond
just
open
shift
administration
into
relaod,
ministration
infrastructure
beneath
openshift
and
beyond,
and
and
that's
kind
of
we're
just
going
to
provide
much
richer
data
within
OpenShift
and
as
feeds
out.
So
I
just.
G
Want
to
clarify
all
that
observability
functionality
and
openshift
is
for
the
cluster
itself.
Is
it
not
for
applications
running
on
top
the
cluster
focusing
on
the
cluster
health
itself
cluster
logs
itself?
You
should
not
point
all
your
applications
to
that
stack
or
else
you'll
tank,
the
cluster
and.
E
G
A
O
C
The
so
the
sig
is
back
on
track
in
the
past
couple
weeks,
if
you
guys
aren't
following
the
Federation
sig
or
the
multi
cluster
sig,
there
is
at
now
a
Federation
version
to
where
the
ideas
and
the
concepts
of
that
large
federated
control
plane
have
been
broken
up
into
CR,
DS
and
smaller
objects,
where
you
can
do
workload
and
policy
on
how
you
want
to
target
your
clusters,
you
can
also
do
a
different,
CR
ID
and
choose
to
install
it
or
not,
install
it
for
DNS.
That
would
span
multiple
clusters.
C
So
now
you
have
a
choice
of
which
components
that
you
want
to
use.
The
proposals
are
out
and
there's
also
a
proof
of
concept.
Implementation
of
one
of
the
proposals
called
fan
Ord
so
definitely
take
a
look
at
that.
That
allows
you
to
do
a
lot
of
what
you
could
have
done
in
the
previous
iteration
of
Federation.
This
will
probably
come
to
bear
it
towards
the
end
of
this
year.
In
the
middle
of
this
year,
you'll
get
cluster
registry,
which
is
a
great
step
forward.
C
You
can
like
have
one
central
API
to
ask:
where
are
all
my
clusters?
What
are
their
names,
what
secrets
are
and
then
things
of
that
nature
we
also
brought
in
some
technology
from
core
OS
Korres
was
syncing
up
at
the
project
level,
mainly
so
stuff
like
the
namespace
stuff,
like
some
of
the
config
Maps.
Not
not
the
replica
sets
or
anything
like
that,
but
if
you
wanted
a
consistent
look
and
feel
of
all
your
projects,
we
have
that
technology
coming
out
towards
the
end
of
this
year
too.
E
I
think
it's
safe
to
say
that
the
initial
kubernetes
Federation
project,
kubernetes
Federation,
one
that
OH
was
a
bit
too
ambitious
and
the
implementation
to
monolithic
in
terms
of
you
know
all
the
problems
that
was
trying
to
solve
in
the
implementation,
for
how
they're
trying
to
solve
it
right.
But
the
problem
didn't
go
away
right.
All
of
our
customers,
including
I,
think
most
of
customers
here
are
running
multiple
kubernetes
clusters.
E
Many
of
you
are
running
apps
that
span
active
active
across
multiple
clusters,
so
the
problems
that
Federation
was
meant
to
solve
around
multi,
our
management
federated
in
Grasse,
federated
deployments
and
so
forth
are
still
there,
and
so
this
is
kind
of
a.
We
always
caution
people
you
know
just
because
you
see
something
announced
in
the
upstream
or
you
watched
a
Kelsie,
Hightower
video
or
something
you
need
to
really
be
careful
in
terms
of
the
state
of
a
feature
right
if
it's
alpha
in
kubernetes
or
beta
in
kubernetes.
That
actually
means
something.
E
It
means
that
you
know
the
API
is
and
the
feature
itself
isn't
stable.
So
we,
you
know,
we,
you
know
that's
kind
of
why
we
try
to
be
clear
in
terms
of
what's
GA
and
openshift.
What's
tech
preview
and
what's
still
you
know,
kind
of
in
an
experimental
stage
upstream,
one
last
thing
on
the
the
I
think
that's
the
office
of
technology
track
at
Summit.
If
you
look
on
your
dinner,
I
think
there
is
actually
a
session
where
they're
going
to
be
talking
about.
E
What's
coming
out
of
the
now
the
multi
cluster
signal
I've
in
font.
If
you
look
up
his
name
in
the
engine,
Ivan
font
has
a
session,
including
features
this
year.
So
the
multi
one
of
these
modules
that
got
broken
out
is
the
multi
cluster
registry,
which
is
a
registry
to
store
meta
information
on
all
the
different
clusters.
That'll,
add
your
deployment
tools
and
then
there's
progress
on
in
grass
on
deployments
and
stuff.
Now,
I,
don't
know.
If
you
want
to
talk
any
more
about
the
course
yeah.
G
E
Rob
is
one
of
our
core
OS,
the
core
OS
PM
that
just
joined
our
team.
He's
gonna
be
doing
a
keynote
demo
tomorrow,
but
he
did
a
session
last
week
at
coop
con.
So
if
you
check
out
the
coop
con
site,
you'll
find
the
video
and,
if
not
just
reach
out
to
us,
we'll
send
send
you
the
video
on
that.
Alright.
A
P
E
The
question
was
around
host
options
for
open
chef
right,
so
so
open
shift
is
going
to
always
be
supported
on
Red
Hat,
Enterprise,
Linux
and
I'd
say
the
majority
of
our
customers
been
running
the
OpenShift
on
rel
because
they
want
a
traditional
rpm
managed
distro.
They
already
have
you
know
all
the
tools
and
processes
in
place.
Obviously,
core
OS
launched
container
Linux.
E
It's
about
the
automation
that
you
could
put
around
that
distribution
when
you
have
a
fully
immutable
host.
So
again,
we'll
be
talking
about
that
tomorrow.
In
my
session,
core
OS
in
Red
Hat
and
then
on
Wednesday
there's
a
specific
session,
that's
just
about
container
Linux
and
atomic
host
I
think
it's
called
the
road
ahead,
and
so,
if
you
want
more
information,
come
to
one
or
both
of
those
sessions,
we
think
they're
both
great
options.
But
we
do
see
a
lot
of
momentum
towards
full
immutability
down
to
the
host
and
a
lot
of
linux
administrators.
E
I
I
So
so
I
know
you
weren't
all
counting,
but
when
these
five
folks
came
up,
we
went
over
51
people
speaking
on
this
stage
today,
and
so
I
really
want
to
thank
all
of
you
for
sticking
with
us
and
listening
to
all
these
stories.
But
now
you
have
51
faces
to
find
in
the
hallways
of
Red
Hat
summit
to
connect
with
to
figure
out
how
you're
going
to
collaborate
with
them
to
get
lessons
learned
from
so
please
take
advantage
of
the
beer,
that's
about
to
be
poured
and
find
someone
and
have
a
good
conversation.
Thank
you.