►
From YouTube: OpenShift Commons Gathering 2019 Santa Clara OpenShift 4 Operators All the Way Down Ali Mobreem
Description
OpenShift Commons Gathering 2019 Santa Clara
OpenShift 4.0 - Operators All The Way Down!
Ali Mobreem (Red Hat)
A
Hi
everyone,
my
name-
is
Ollie
mo
berm
I'm,
one
of
the
product
managers
on
the
OpenShift
team
here
and
today's
talk.
I
will
be
talking
about
how
we
actually
use
operators
and
open
shift
for
ourselves.
So
in
overshift
4
we
have
three
major
work:
streams:
the
day
to
operations,
the
immutable
infrastructure
and
operator
framework.
We
bring
these
three
classes
of
work
together
to
kind
of
bring
you
an
Orchestrator
platform
that
will
be
something
similar
to
like
eks
or
aks.
But
the
nice
thing
about
this
is
this
is
actually
a
hybrid
cloud
experience.
A
You
could
run
this
managed
communities,
experience
locally
on
your
on-prem
or
in
any
cloud
provider,
so
you're
not
locked
into
any
vendor.
So,
let's
kind
of
dive
into
a
little
bit
about
like
the
day
2
operations.
This
is
all
about
automation,
starting
from
automation
from
the
Installer.
We
have
a
new
installer
with
a
one-click.
We
could
install
a
brand
new
cluster
for
you
enable
AWS
it
takes
about
20
minutes
it'll,
go
provision,
everything
that
you
need
everything
from
your
creative
EPC
to
your
ec2
notes,
the
load,
balancers
one
click
and
you'll.
A
A
The
next
big
piece
of
work
is
the
mutable
infrastructure.
This
is
the
stuff
we
getting.
We
got
from
core
OS,
so
we
have
a
brand
new
operating
system,
real
core
OS.
It's
designed
to
give
you
over.
There
updates
something
something
that's
very
important
for
us,
because
we're
doing
this
immutable
stack,
we're
actually
discouraging
people
from
like
SSH
into
nodes.
What
happens
at
that
point
is
if
you
ssh
into
node,
we
will
taint
it.
It's
all
about
trying
avoid
getting
snowflakes
or
configuration
drift.
A
The
third
big
piece
of
this
is
the
operator
framework.
We
have
improved
SDK
and
the
testing
tools,
as
Rob
just
showed
you
guys,
but
one
of
the
big
things
is
here
is
we
actually
operator
ties
the
cube
stack
and
the
fishiest
Afghan
we're
really
all
in
on
the
operator
framework
and
pattern.
Another
cool
thing
we
have
is
the
operator
hub,
which
will
let
you
guys
discover
additional
and
optional
Red
Hat
services
that
you
could
go
ahead
and
bring
down
and
or
ISP
partners
they'll
be
able
provide
their
manage
services
as
that
as
well
through
there.
A
The
last
component
on
here
that's
important,
is
OLM
and
that's
the
operator
lifecycle
manager
and
that
will
allow
you
to
go
ahead
and,
for
example,
if
you
have
your
service
there,
you
can
now
get
over
there
updates
to
your
services
as
well.
So
we're
really
going
for
that
manage
kubernetes
experience,
including
all
additional
services
that
go
on
top
of
that
and
between
all
these
three
work
streams.
This
is
how
we're
gonna
get
you
there
and
I
kinda
want
to
talk
about
a
little
bit
about
the
past.
A
How
we
used
to
do
things
before
you
had
to
go
ahead,
install
your
OS.
You
had
to
go,
configure
it
and
then
install
open
shift
3.
On
top
of
it.
That's
a
lot
of
manual
steps,
there's
room
for
configuration
drift,
there's!
That's
how
you
get
snowflakes.
We
realized
quickly
that
we
had
to
bring
bring
it
together
and
how
important
bringing
everything
from
the
the
OS
to
openshift.
Together
this
way,
you
can
roll
everything
out
in
a
very
consistent
fashion,
so
you're
not
going
to
give
you
a
configuration.
A
Drift,
you're
gonna
have
a
very
stable
and
reliable
system
here.
So
I
kinda
wanna
talk
about
what
immutable
infrastructure
is.
It
means
it's
not
repeatable.
It
means
it's
now
auditable.
So
now,
if
you
want
to
just
scale
up
more
nodes,
it's
a
couple
in
the
in
the
system
and
you
could
scale
five
notes
very
easily.
The
other
nice
thing
is
audible.
All
that
configuration
for
each
of
these
knows
it's
actually
stored
within
the
system.
A
A
So
another
important
thing
here
is
think
about
this:
isn't
a
management
think
about
this
as
day
365
right,
your
admins
gone,
new
person
comes
in,
they
don't
have
to
worry
about
how
am
I
going
to
spin
up
another
five
notes.
It's
all
within
the
system
and
the
system
will
do
that,
for
you
all
right,
so
I
want
to
introduce
something
new
here.
We
have
a
couple
of
new
cluster
API
objects.
Think
of
this
almost
as
like
deployment
replicas
set
and
pods,
but
now
it's
machine
deployment
and
machine
set
and
machines.
A
A
I
mean
UI
guys
so
I
kinda
want
to
give
you
guys
a
couple
screenshots
of
what
the
new
UI
it
looks
like
for
for
dotto,
as
you
notice,
there's
a
new
machine
section
on
the
left
hand,
side
and
currently
I'm,
showing
you
guys
the
list
of
machines.
The
nice
thing
here
is:
you
can
see
that
there's
three
masters
currently
and
then
there's
three
workers
you'll
see
what
region
they're
in
and
the
availability
zone
that
they're
in
as
well
now.
Here's
a
set
list
of
machine
sets
interesting.
A
Takeaway
here
is
you're
not
going
to
see
any
map.
We
treat
the
Masters
a
special,
so
you're
not
allowed
to
create
a
machine
set
for
that,
because
we
don't
want
you
to
auto
scale
up
and
down
here.
Your
master
set.
Another
interesting
thing
here:
you'll
see
is
some
of
the
machines
are
set
to
zero
and
that's
because
you
put
the
desired
state
in
this
in
this
cluster
as
I
wanted
three
workers.
The
machine
operator
then
roll
it
out
to
the
first
available
Regents
availability
zones
and
put
it
out
there
for
you
automatically
alright.
A
So
here
we
got
a
possible
cluster
architecture
at
the
top
left.
You
have
the
control
plane,
those
are
m3
extra
larges
and
then
you
have
some
high
CPU
systems
for
your
logging
and
monitoring,
but
then
you'll
notice
that
both
workers
and
routing
have
em
five
larges.
Why
they
separated
out
well,
they
could
have
different
configurations:
different
security
settings,
for
example,
the
routing
is
actually
accessible
by
external
traffic.
A
So
you
may
want
to
have
additional
security
configurations
set
on
it,
so
you
could
go
ahead
and
find
these
different
types
of
machine
deployment
types,
I
kind
of
showed.
You
guys
the
worker,
the
login
monitoring
routing,
but
you
can
also
create
a
machine
to
appointments
for
special
GP.
You
say
you
want
to
run
some
type
of
AI
or
machine
learning.
You
could
spin
these
up
and
you
could
use
tanks
and
Toleration
to
actually
move
the
correct
workloads,
the
correct
know,
type
or
machine
deployment
type.
A
It
also
says
special
security
special
anything,
so
you
could
define
your
word.
Machined
appointment
set
some
of
the
nice
things
about
this.
Is
you
could
scale
each
deployment
type
independently?
The
desired
state
is
managed
by
the
cluster.
You
get
auto
scaling
for
free
now.
Also,
if
you
do
a
configuration,
change,
you'll
get
a
rolling
machine,
config
updates
throughout
all
those
different
node
types.
A
So
now
we
have
over-the-air
updates
I
kind
of
wanted
to
show
you
guys
a
new
screen.
We
have
it's
the
cluster
setting
this.
This
is
one
of
two
areas
where
you
could
go
ahead
and
update
your
cluster.
You
can
either
do
it
for
our
cloud,
LP
chef,
comm
or
you
could
do
from
here.
You
can
see
all
the
available
channels.
A
Rollout
is
available,
and
then,
at
that
point
you
guys
could
pick
in
a
good
time
for
yourselves
to
update
your
cluster.
That
way,
something
else
I
wanted
to
show
you
guys
on
here
is
the
we
now
offer
you
the
update
history.
So
you
have
a
history
of
how
your
cluster
has
been
modified
throughout
time.
The
next
tab
over
is
the
the
global
configurations,
so
we've
kind
of
surfaced
all
these
configurations
via
the
operator
and
we're
showing
them.
Here.
You
have
everything
from
authentication,
DNS
your
image
registry
infrastructure,
ingress,
ooofff,
there's
a
screen
with
OAuth
there.
A
That
shows
you
how
to
go
ahead
and
modify
the
identity
provider
and
add
a
new
one
there.
This
leads
to
the
actual
cluster
operators,
we're
all
in
here.
We've
moved
everything
into
an
operator
and
you'll
see.
This
is
where
you'll
get
the
list
of
all
those
operators.
You'll
see
the
status
of
each
you'll,
see
any
messages
coming
back
from
the
operator
here
and
you'll
see
what
exactly
the
version
is.
So
one
of
the
cool
things
is
like.
A
If
you
go,
the
the
update
page,
you'll
you'll
see
a
live
transition
here
of
things
getting
updated,
say
as
the
the
operators
are
getting
rolled
out.
If
an
error
happens,
you
can
see
which
operator
failed,
it'll
pause
the
rollout
and
then
it'll
roll
back
to
the
previous
version
for
you.
So
we
definitely
don't
want
to
mess
your
cluster
up
and
we
have
a
safeguards
in
there
for
that.
A
So,
as
you
see,
every
every
part
of
the
stack
is
going
to
be
right
here.
So
these
are.
These
are
all
the
operators
that
we
currently
use
ourselves
kind
of
a
recap.
For
the
day
to
our
operations
we
use
three
different
types
of
operators,
really
the
machine
operator
to
manage
and
grow
your
machines
and
add
notes
to
the
system.
The
cluster
operator,
which
is
all
the
underlying
COO
and
open
shift
services
that
we
have,
and
then
we
also
the
update
order
operator
that
manages
your
upgrading
of
the
cluster.
A
So
essentially,
those
operators
are
the
core
of
the
system
we
have
something
like
in
Rob
talked
about
earlier
is
operator
hub.
We
have
two
versions
of
operator
hub
one's
going
to
run
locally
in
your
cluster
one
one
is
the
operator
hub
do
which
you
could
bring
down,
sir
as
well.
The
nice
thing
here
is
the
admin
gets
the
kind
of
pick
and
choose
what
operators
are
going
to
be
visible
to
the
the
users
and
developers
on
the
system,
and
we
have
several
types
of
operators
here
as
the
Red
Hat
products,
ISP
partners
and
community.
A
So
this
is
where
you
could
bring
in
more
manage
services
into
the
system,
because
the
operators
we
now
have
an
operator
power
to
UI
extensions
right.
So,
for
example,
one
of
the
biggest
complaints
we
had
was
open
ship
was
bloated,
so
we've
actually
slimmed
it
down
to
the
core
components.
For
example,
if
you
want
to
support
virtual
machines,
you
could
go
ahead
and
get
that
CMV
operator
enable
it
as
Qbert
you'll
now
get
a
native
experience.
You'll
see
all
your
VMs
right
there.
A
Next
to
your
pods
same
with
metering
and
chargeback
you'll
get
a
native
experience
there
as
well
for
monitoring
you
have
our
Prometheus
and
your
Fonda
dashboards.
So
what
we
did
there
was.
We
actually
took
some
of
that
experience
made
it
native
brought
it
in
natively
in
Tioga
shipped
itself,
and
then
it.
But
if
you
want
to
do
some
more
advanced
stuff
you
we
gave
you
links
back
to
the
dashboard,
so
you
go
further
monitoring
activities
that
you
may
need
to
do.
A
We
also
have
some
external
app
launcher,
so
some
some
products
already
have
really
great
UI
user
experiences,
for
example
service
mesh,
husky
ollie.
So
if
you
come
in
and
you
enable
a
service
mesh,
we'll
give
me
an
external
link
to
jump
into
there
they're
using
her
face
within
context.
So
the
last
thing
I
want
to
show
you
guys
is
the
developer.
Catalog
we've
kind
of
combined
everything
we
have
so
now.
You're
gonna
have
a
one-stop
shop
of
operators,
service,
catalogs
brokers,
source
damage.
Think
of
this,
as
almost
kind
of
like
your
your
app
store
right.
A
So
these
are
all
the
items
available
to
your
developers
that
they
can
access
and
then
take
advantage
of.
So
here's
a
visual
of
what
I
consider
like
the
next
generation
of
a
enterprise
kubernetes
right,
starting
from
the
bottom
of
the
stack
you
have
the
the
Red
Hat
operating
system.
Then
you
have
layered
on
its
core
Nettie's
and
then
you
have
the
automated
operations.
Essentially,
all
the
operators
suffer
adding
operator
framework,
the
OLM
operator
hub.
A
A
Some
some
of
these
items
are
optional
and
you
could
kind
of
like
again
pick
and
choose
from
up
here
what
you
want
to
bring
into
the
cluster.
You
got
application
services.
So
all
the
Red
Hat
middleware
is
available
service
mesh
functions,
Kay
native
any
applications
that
I
use
have
to
offer
you'll
be
able
to
pull
those
in
as
well
and
then
you're
gonna
have
the
developer
services
that
I'll
give
you
dev
tools,
pipeline,
CI,
CD
and
IDE
functionality
there.
A
So
we've
actually
I
feel
like
we've
done.
The
team's
did
an
amazing
job
of
getting
up.
We
shift
for
where
it
is.
We
would
love
for
you
guys
to
come
and
try
it
out.
If
you
go
to
try,
be
chef,
comm
you'll
be
able
to
get
the
developer
preview
and
it's
flawless
to
AWS.
Today,
a
couple
items
I
wanted
to
tell
you
about
that,
though
you
probably
don't
want
to
do
this
on
your
production,
counted
as
a
developer,
every
preview
and
then
the
second
is
you're.
Gonna
need
a
your
ad
ability.
A
Aws
accounts
going
to
need
a
decent
amount
of
access,
so
make
sure
you'll
have
that
because
you'll
be
creating
VP
sees
load,
balancers
security
groups,
all
that
good
stuff.
Here's
the
command
line
that
you're
going
to
get
from
when
you
go
to
try
that
open
ship
comm
I
wanted
to
share
this
with
you
because
say
before
you
want
to
create
the
cluster
you'll
kind
of
want
to
see
what
it
does
here.
A
A
couple
commands
that
will
show
you
all
the
configurations
and
if
you
kind
of
look
under
the
hood
to
see,
what's
going
to
actually
be
deployed
to
your
AWS
account,
but
whenever
you're
ready,
the
command
is
just
create
cluster
and
in
about
20
minutes
or
less
you'll
have
a
cluster,
and
if
you
want
to
ever
clean
it
up,
just
run
the
destroy
command
and
that'll
clean
it
up
for
you
automatically
as
well,
and
that's
a
lot
for
you
guys
today.
Thank
you.