Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Red Hat OpenShift / San Francisco 2018 | OpenShift Commons Gathering at Red Hat Summit / 15 May 2018
Red Hat OpenShift / San Francisco 2018 | OpenShift Commons Gathering at Red Hat Summit / 15 May 2018
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: OpenShift Commons Gathering Red Hat Summit 2018 Road Ahead @ OpenShift AMA Panel

Description

Road Ahead at OpenShift Panel at OpenShift Commons Gathering Red Hat Summit 2018 AMA Panel with Red Hat OpenShift Product Managers: Joe Fernandez, Kristen Newcomer, Marc Curry,
Jimmy Zelinskie, Mike Barrett - moderated by Brian Gracely (Red Hat)

A

We're gonna make this sort of ask me anything. The only caveat I'll say is be a little bit mindful of there may be a whole bunch of questions. If you ask us super super deep that 1.2 and we don't have time to get through it, we'll get it at the beers, but ask anything you want so real, quick starting the left mark go ahead. Do a quick introduction! What area you focus on my.

B

Name is mark curry, ALPA chef, product manager and for container infrastructure, and so that includes things like networking master node and to end provider, integration and so on.

C

My name is mike barratt I'm, also a product manager, I, look after the cord kubernetes technologies and look after pretty much the go-to market release hi.

D

Steve Spiker I, look after the user interface developer experience, continuous delivery online and dedicated and.

E

I'm Joe Fernandez I run the product management team for openshift.

F

Kirsten Kirsten newcomer focused on dev checkups and security, other PMS I'm.

G

Jimmy szalinski I am PM Inc way and everything operator is that chorus. /, Red, Hat yeah.

E

And this is just a subset of our product management team. Not everybody could be here today, but first I'd like to thank everybody who stuck around for the day. Hopefully you all appreciated the event. I would like to thank all of our customer presenters. We had a 24 sessions today. Hopefully you guys liked the format I know you can hear from Red Hat a lot you'll hear from Red Hat all week we figured you know if you could hear directly from customers about what they're doing what they're experiencing it would be a good outcome.

E

This is your chance to ask questions. Actually one last thing: I want to thank Diane, Muller and Alexa / Bay, who put this event together so big round.

H

I.

E

Think this is our sixth six one of these now.

I

It's.

E

Just amazing to see the attendants grow and and Diana Alexa do a great job and everybody else that works with them, so really appreciate the effort so yeah. So please raise your hand if you have questions I would like the things that you like things that you hate row, things that you don't like things that you'd like to see us work on new features. You'd like to see just ask us anything.

J

Thank you, okay, when can end-users can it can when can expect to see the first result or the merger between the co s GUI and the existing open shift console great.

E

So the question was the results of the merger when we're gonna start to see that so so we we did this acquisition.

E

Just three months ago now and we've been working together ever since for OS p and engineering teams for the openshift customers, you know we're doing releases every three months, so the next release is 310, which is in June as yeah June July, whatever 310 in June, we have 311 in September and 312 in December or already in June, you'll you'll be able to have some things that won't be in the product, but you'll be able to try them out.

E

We're gonna run some some previews and some betas of things like operators and and even here at Summit you'll, be able to see some demos of how the integrated console is coming together. I would say in 311, in September and 312 in December is when you'll see the bulk of the integrated features and you'll see those products coming together. Our goal is, by the end of this year, to have oak core OS, tectonic and open shift completely converged all the critical features, and that's it that's.

E

What we're operating at you know, hopefully we can get more stuff out sooner to you in the fall, and you know hopefully, there's no delays on anything, but but yeah I think 311 and 312 is when you'll see that so second half of this year go ahead. Yeah.

K

With 39, we have the introduction of supporting the cryo runtime. Can you touch on how you intend to cover things like best practices for building containers without using docker tools, things like using build uh or whatever else, and then how is that going to be? How is that gonna be reflected in the overall building images within I've been shift from a developer standpoint, so.

E

I'm gonna, let Steve talk about the the build tools here in just a second just the folks who don't know so OpenShift ships with rel, and that includes the rail docker runtime right, which is red-hats packaged version of the docker now moby upstream about a year ago, we started working on an alternate OCI, runtime called cryo and basically for a number of reasons. You know something that was Damon lists. Lighter weight. Secure was specifically focused on kubernetes and would be stable for all upstream releases, but cryo and docker there OCI compliant runtimes.

E

So you can take your any docker container and run it on either. In fact, you wouldn't even know the difference if you're running it in kubernetes and openshift, because it's sort of underneath the covers so so, in addition to the runtime, we have been working on a set of build tools, things like like buildin and so forth. I'll, let Steve talk about that. Yeah.

D

So so builder itself takes a similar approach to the docker Damon, but just doesn't require that dr. Damon and we're doing work to bring together the docker file based build, so he can plug in build. We already had a tool, tech preview. We had done with this image builder tools, which has other guess, qualities like that. That doesn't depend on docker itself and will continue, invest, I know that Google put out a Kanaka tool. That's like this. It takes a slightly different approach. There's one things we talked with them last week at cube.

D

Con and EU was sort of what it's like going forward and if you will a docker, daemon, lesser docker tooless world on and also how to leverage more of a coroner's permit us to do the build so we're continuing to evolve. That.

C

Best practices and the next two releases Joe mentioned 3.10 and three eleven you'll see some performance information of what we're pumping out of cryo coming out. You also see the cryo control/command and how to use that and how to use that as compared to pod man when you're using these new runtimes that are being offered in kubernetes. So all that's probably coming out between what is it Jim May June June in September yeah.

E

So we see strong standards now for container runtime and container format, with the open container initiative, specs having reached 1.0 and a ton of information in new build tools and new methodologies for for building standard, OCI images, and you know, build a pod man. These are some projects that we've been investing in for the future. To give you more options for that I.

A

Got one.

L

Way here.

A

In the back.

L

Hello I know I'm real excited like, for example, with the operator interface for vault and things like that. But maybe could you talk a little bit more about you know at a high level, security moving forward for the native OpenShift secrets and maybe using more secure our algorithms. For that you want.

E

Talk about.

C

Secret management in OpenShift or cgroups secret management secrets.

A

Secrets in kubernetes secrets and openshift sure.

C

So the one of the most exciting projects in kubernetes right now is a kms API, so you'll be able to attach this service that will come native and kubernetes.

C

You know it's an alpha, so you got at least two more releases to wait to the backend of whatever you happen to have at the same time, while that's baking, we are creating integrations with a lot of the vendors that you've indicated are the most popular from cyber art, hashey corp, to wherever the case may be on how that interfaces with how you create what would have been a secret.

C

The only downfall to that is that you aren't using the secret API object in that case, right, you're you're, still working with a secret bit of information, but you're not storing it in the secret API the kms service. That's coming in the next two releases. The kubernetes will allow you to say that in the secret API yeah.

E

So, by default, we're storing secrets in at CD in kubernetes right. So s CD is your secrets vault, but we know many customers would prefer to use a cyber-ark or a Hoshi core vault, so we want to make that work seamlessly across the board, whether you're, using at CD, whether you're using a third party vault solution that you know the experience would be the same here.

G

And in like a couple weeks ago, what core OS did was actually open source, our vault operator. So previously that was shipping as a proprietary operator with tectonic and now it's open source and can be run on any kubernetes cluster. So you can go out and install that today and start using like an automatically managed vault instance that runs H a it's, not the actual config map, as they were saying, but it is a you can think of it. As like. An Amazon key service running on your cluster kubernetes native and.

F

As you can hear, hopefully, there's been a lot of investment in improving secrets management in a number of different ways. So just in case you didn't know in ED CD you can encrypt secrets are encrypted by default. As of 361, and some of the vault integrations that Mike was talking about that as they're looking at kms in the near term, there are integrations available using other methods using the Flex volume API, so lots of investment yeah.

E

Just one more thing on Jimmy's point um you heard about the operator framework this morning: you'll be hearing about operators that we're going to be building for all of our platform components. Everything that runs on kubernetes and openshift will have an operator so that we can automate the operations.

E

So that's everything from @cd which, with tecktonik already had an operator for Prometheus we're gonna, do one for elastic search in Cabana, basically, all of our self hosted components and then we're also exposing operators out for end-user services, so things that you would provision through the service catalog, but things that you want somebody else to operate for you and I use the example. This morning a developer wants to consume a database, but he doesn't want to be the DBA. So how do you build operations?

E

So so Jimmy was referring to the vault operator, which is an operator that they built for the open-source vault project and and that's something that you'll be able to try out on OpenShift. Obviously, if you want commercially supported vault itself, you know cyber sorry, Hoshi Corp is a partner. Cyber-Ark is also a partner, so we're we don't take sides. um So so so please check those things out and give us your feedback.

E

Hey.

M

And I'm looking for show image for Artemis, actually mq7 and never God. So I was looking for this image and I heard that will be a service on the cluster like logs and match keys, and we have like a broker a message broker as a service in the cluster. Do you know something about it? If you coming on the next version, so.

D

It didn't catch. What image you were asking about or geology.

M

Yeah we are trying to use the Artemis use, the active Emma, q7 Archimedes.

E

Is that Artemis I'm not familiar with Archimedes and stuff there? There may be images in the community yeah.

M

Because the ODA, less official images, the 6.3 of activity, McCue and so okay, our look for in the new one, but never forgot and I heard that will be comes like a service on the closer platform yeah.

D

Let's, let's follow up with that after words, I'll take into more yeah.

E

We can dig into that a lot of times. What we see is people bringing a lot of either community images or their own custom images to openshift and that's great. We have a lot of than ISV partners that will provide supported versions of those things. We have a lot of our own stuff in our portfolio, but that's just one that I'm not familiar with, but we can follow up and see if either there's a plan for a Red, Hat image or one of our partners to have that as a supported offering. So here.

A

In the middle, hey.

N

How's it going any plans for playbook support for disconnected environments for helping gather all the prereqs docker images. All that making upgrades and patching easier, yeah.

C

So the there has been issues reported with our disconnected installation, there's just baked into it, some expectation that some things would be able to be pulled, so we've hunted most of them down, but the the thing that's missing is the post install activities so where Jenkins has to pull where NPMs would have to pull where Jim servers would have to pull kind of your artifacts. That is still not mastered, but we are in 3.10. We definitely solved all the other, disconnected issues yeah.

E

It's something we're always working on. We have a number of customers, you know in public sector and in financial services that have to run disconnected installs offline environments and, as you can imagine, there's a lot of when you're dealing with you know, images and maven repos and all the stuff there's a lot of stuff where the software wants to reach out. But but we do constantly evolve those capabilities and I think to Mike's point with three ten we've made another set of enhancements and we keep looking for feedback on.

E

You know folks there, if you're still running into stuff that that we can continue improve so so those playbook should be in the Installer and and then those enhancements will come out with each release. So.

H

Yeah I a question with introduction or future introduction of tecktonik into platfrom. What's the future of cloud form so.

E

The question was around the the future of cloud form, so so cloud forms is continue on. There's the platform's is redheads hybrid management solution. We also have open shift provider in cloud forms to pull stats from openshift, but those stats would come from our monitoring agents and stuff within openshift right. So so a couple of things one is we we've gotten feedback from customers that wanted admin capabilities baked right into open chef right?

E

They just want to be able to login to openshift and, if they're, an administrator to be able to see the health of their cluster, the health of their services- and you know, with the with the tectonic console baked in that's that's exactly what you're gonna get right.

E

So now, what you see when you log into open shift will be tied to your role and if you roll this cluster administrator you're, going to be able to see information on the health of the cluster, all those same metrics will still get fed, whether that's to our monitoring solutions like cloud forms, insights or whether that's to third-party solutions, you can hook into those Prometheus monitors and get data out of the system and then likewise, though, we're dramatically enhancing extending our Prometheus monitoring capability.

E

So the tectonic team had a great Prometheus team that had done a lot of work around Prometheus monitoring, and so that's helping us accelerate the the amount of monitoring data that we're able to provide on the flip side. They didn't have a logging stack. We had you know our log management sexo can bringing these things metrics and logging together for where the cluster administrator within OpenShift is is a key key focus day to management is a big theme and automated operations, but that doesn't sort of supplant red-hats management portfolio.

E

We still have you know: satellite and cloud forms and insights and ansible very much part of the portfolio and they'll go beyond just open shift administration into relaod, ministration infrastructure beneath openshift and beyond, and and that's kind of we're just going to provide much richer data within OpenShift and as feeds out. So I just.

G

Want to clarify all that observability functionality and openshift is for the cluster itself. Is it not for applications running on top the cluster focusing on the cluster health itself cluster logs itself? You should not point all your applications to that stack or else you'll tank, the cluster and.

E

Then, to do the operators then we'll be able to start providing more observability into the into the services through the the operator frame. Yet.

G

You'll be able to provision your own stacks similar to this specifically for your applications in an automated fashion, but we want to isolate that stack from your actual applications. So your applications don't crash the cluster.

A

The.

E

Question Diane.

A

We got, we got to run the mics and if you want to cut it after that, so up in front sorry, yep.

O

Various people have talked about having multiple clusters and deploying applications across those multiple clusters. The work on coop fed seems to have disappeared into the background. A bit a lot of people are using Jenkins. Where do you see this going sure.

C

The so the sig is back on track in the past couple weeks, if you guys aren't following the Federation sig or the multi cluster sig, there is at now a Federation version to where the ideas and the concepts of that large federated control plane have been broken up into CR, DS and smaller objects, where you can do workload and policy on how you want to target your clusters, you can also do a different, CR ID and choose to install it or not, install it for DNS. That would span multiple clusters.

C

So now you have a choice of which components that you want to use. The proposals are out and there's also a proof of concept. Implementation of one of the proposals called fan Ord so definitely take a look at that. That allows you to do a lot of what you could have done in the previous iteration of Federation. This will probably come to bear it towards the end of this year. In the middle of this year, you'll get cluster registry, which is a great step forward.

C

You can like have one central API to ask: where are all my clusters? What are their names, what secrets are and then things of that nature we also brought in some technology from core OS Korres was syncing up at the project level, mainly so stuff like the namespace stuff, like some of the config Maps. Not not the replica sets or anything like that, but if you wanted a consistent look and feel of all your projects, we have that technology coming out towards the end of this year too.

C

So those will all come together towards the end of this year. Yeah.

E

I think it's safe to say that the initial kubernetes Federation project, kubernetes Federation, one that OH was a bit too ambitious and the implementation to monolithic in terms of you know all the problems that was trying to solve in the implementation, for how they're trying to solve it right. But the problem didn't go away right. All of our customers, including I, think most of customers here are running multiple kubernetes clusters.

E

Many of you are running apps that span active active across multiple clusters, so the problems that Federation was meant to solve around multi, our management federated in Grasse, federated deployments and so forth are still there, and so this is kind of a. We always caution people you know just because you see something announced in the upstream or you watched a Kelsie, Hightower video or something you need to really be careful in terms of the state of a feature right if it's alpha in kubernetes or beta in kubernetes. That actually means something.

E

It means that you know the API is and the feature itself isn't stable. So we, you know, we, you know that's kind of why we try to be clear in terms of what's GA and openshift. What's tech preview and what's still you know, kind of in an experimental stage upstream, one last thing on the the I think that's the office of technology track at Summit. If you look on your dinner, I think there is actually a session where they're going to be talking about.

E

What's coming out of the now the multi cluster signal I've in font. If you look up his name in the engine, Ivan font has a session, including features this year. So the multi one of these modules that got broken out is the multi cluster registry, which is a registry to store meta information on all the different clusters. That'll, add your deployment tools and then there's progress on in grass on deployments and stuff. Now, I, don't know. If you want to talk any more about the course yeah.

G

Rob some ski just had to talk at coop Connie. You like a couple days ago, talking about this in more depth to if you want to watch the video of that I think is already up on YouTube yeah.

E

Rob is one of our core OS, the core OS PM that just joined our team. He's gonna be doing a keynote demo tomorrow, but he did a session last week at coop con. So if you check out the coop con site, you'll find the video and, if not just reach out to us, we'll send send you the video on that. Alright.

A

So we've got one last one here in the middle I. Don't wanna put any pressure on you, but there's about 500 people that would like a beer. So the excellence of your question is based on this. This one. It's no pressure right.

P

Now we have the option to either deploy nodes on a rail based, install or an atomic based install when tectonic is fully integrated at the end of the year. Well, we have a third option or the the tubes that one's gonna evolve so.

E

The question was around host options for open chef right, so so open shift is going to always be supported on Red Hat, Enterprise, Linux and I'd say the majority of our customers been running the OpenShift on rel because they want a traditional rpm managed distro. They already have you know all the tools and processes in place. Obviously, core OS launched container Linux.

E

That was the first product that started the company and then competitively Red Hat launched relative host, we're now bringing those two teams together and don't tell anybody but there's gonna, be announcement out tomorrow and the the new joint offering is going to be called Red, Hat core OS and it's you can think of it as the merger of atomic host with core OS container Linux, and that's going to give you a fully immutable container, optimized and fully automated host, because one of the things that we learned with from the core OS team is it wasn't just about the distribution?

E

It's about the automation that you could put around that distribution when you have a fully immutable host. So again, we'll be talking about that tomorrow. In my session, core OS in Red Hat and then on Wednesday there's a specific session, that's just about container Linux and atomic host I think it's called the road ahead, and so, if you want more information, come to one or both of those sessions, we think they're both great options. But we do see a lot of momentum towards full immutability down to the host and a lot of linux administrators.

E

Who would traditionally you know have done you know rpms or debian, managed kind of distributions really looking for that that immutability and and the benefits that it provides. So a huge.

I

Thank you to all the speakers today. If you're, if you were a speaker, could you just stand up for a minute? This is speed-dating.

I

So so I know you weren't all counting, but when these five folks came up, we went over 51 people speaking on this stage today, and so I really want to thank all of you for sticking with us and listening to all these stories. But now you have 51 faces to find in the hallways of Red Hat summit to connect with to figure out how you're going to collaborate with them to get lessons learned from so please take advantage of the beer, that's about to be poured and find someone and have a good conversation. Thank you.

I

Thanks.

E

Everybody.