A Byte-sized podcast about Containers, Cloud, and Tech. The Byte Podcast hosted by Brian Christner. He is known to turn coffee into containers, co-founder of 56K.Cloud, and can be caught mountain biking when not behind the microphone/keyboard. Each episod
In what many people consider a solved problem I raise the red flag and wave it high saying its still broke. As a long time Evernote user I was in love with Evernote for the longest time. However...over time the application became more difficult to use, UX is bad, and just became awful. I started a new quest to find a note-taking app with the following requirements: Needs templates Export to PDF and Markdown is a must Multi-platform (phone & Laptop) Write in Markdown Tagging/Labels concept Doesn't suck What I discussed in this episode:Evernote, don't recommend anymore :( - https://evernote.comGoogle Keep - https://keep.google.com/Apple Notes - https://www.icloud.com/notes OneNote - https://www.onenote.com Notion - https://www.notion.soObsidian (My favorite, just not ready yet) - http://obsidian.md Bear App (Apple Only) - https://bear.app
TheByte - https://www.thebyte.io/Traefik Training - https://www.thebyte.io/traefik-trainingCNCF Landscape - https://landscape.cncf.io/
Docker Desktop Edge Release features:In partnership with Snyk, Docker Desktop launches vulnerability scanning for Docker local images. Docker ECS plugin has been replaced by ECS cloud integration Docker UI: The Images view now has search and filter options. You can now push an image to Docker Hub using the Remote repositories drop-down menu. WSL 2 files and directories can now be mounted from the Windows Docker CLI with e.g. docker run -v \wsl$Ubuntumy-files:/my-files .... Links from the show:Docker Desktop Edge 2.3.6.0 Release Notes - https://docs.docker.com/docker-for-mac/edge-release-notes/Docker Vulnerability Scanning - https://docs.docker.com/engine/scan/ Snyk Developer Security - https://snyk.io/
About TommyTommy BackTwitter @murr3kattFounder: https://www.blockchainsource.ch/Crypto Camper Crypto camper website - https://camper.blockchainsource.ch/ Crypto camper Instagram -https://www.instagram.com/swisscryptocamper/ Rent the CryptoCamper - rent.cryptocamper.ch Rent and pay with bitcoin, call or email: +41762259496 / tommy@blockchainsource.ch
Carbon - https://carbon.now.sh/GitHub - https://github.com/carbon-app/carbonGarmin Ransomware - https://www.businessinsider.com/garmin-connect-down-after-outage-some-features-coming-back-2020-7
Arctic Code Vault - https://archiveprogram.github.com/GitHub Profile Generator - https://github.com/arturssmirnovs/github-profile-readme-generatorGitHub Blog Post Workflow Action Script - https://github.com/gautamkrishnar/blog-post-workflowMy Github updated profile - https://github.com/vegasbrianc
How to deploy containers to AWS ECS using Docker - https://blog.56k.cloud/how-to-deploy-containers-directly-to-aws-ecs-using-docker/Docker AWS ECS - https://github.com/docker/ecs-plugin Docker Azure ACI - https://github.com/docker/aci-integration-betaCompose Spec - https://www.compose-spec.io/
SUSE acquires Rancher - https://www.suse.com/c/news/suse-acquires-rancher/Istio announcement - https://istio.io/latest/blog/2020/open-usage/Open Usage Commons - https://openusage.org/IBM's response - https://developer.ibm.com/components/istio/blogs/istio-google-open-usage-commons/IBM Project - https://www.ibm.com/blogs/research/2017/05/amalgam8-istio/
All about change and introducing companies to bring the Developer Experience (DX) and Developer Portals to the forefront. Dev Portal Awards - https://devportalawards.org/Spotify Backstage - https://backstage.io/
The Remote Container extension allows developers to develop inside a container using Visual Studio Code. The extension creates a development environment based on the application you are working on and enables all Visual Studio Code features inside the container.VS Code Remote Development Overview - https://code.visualstudio.com/docs/remote/remote-overviewRemote Containers on the Marketplace - https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containersRemote Extension Pack - https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.vscode-remote-extensionpackDocker Blog - https://www.docker.com/blog/how-to-develop-inside-a-container-using-visual-studio-code-remote-containers/
Nomad - https://www.nomadproject.ioNomad Documentation - https://www.nomadproject.io/docsNomad GitHub Repo - https://github.com/hashicorp/nomadUse Case: Cloudflare How we use Nomad - https://blog.cloudflare.com/how-we-use-hashicorp-nomad/What is Nomad - A Scheduler built by Hashicorp for containers, VM's bare metal applications, and moreHow does it work? - A simple binary is downloaded and interfaces to your Container engineer (RunC, Docker, QMEU, Java, or others)What do you get out of the box - A fully functioning orchestrator with little hassle to setup Server - Scheduling, maintains jobs and clients and replication between servers Client - is where the workload runs Fully functioning Cluster Admin UI Lightweight (only 35mb) Anywhere Run batch jobs Windows Manage non-containerized applications ACL Federation of multiple regions into a single cluster
Leaning away from Kubernetes Nomad - https://www.nomadproject.io/Coinbase Odin - https://github.com/coinbase/odinCoinBase Container journey - https://blog.coinbase.com/container-technologies-at-coinbase-d4ae118dcb6cCloudflare choice to use Nomad - https://blog.cloudflare.com/how-we-use-hashicorp-nomad/Trivago travel website using Nomad for Logging/Monitorig- https://tech.trivago.com/2019/01/25/nomad-our-experiences-and-best-practices/Why CircleCI chose Nomad over Kubernetes - https://www.hashicorp.com/resources/nomad-vault-circleci-security-scheduling/
Loom - https://www.loom.com/Loom video from this episode - https://www.loom.com/share/c7080901d4bc402ebc05292f537c3940 The Byte Episode 68 - Loom — Watch VideoAutomatically generated GIF: We are seeing when using videos to respond to emails it is increasing our engagement with our customers. Also, we are starting to record my videos in response to questions rather than hosting more video calls. Loom is a great tool that increases engagement while still keeping you in control of the content.
DockerCon Videos - https://docker.events.cube365.net/docker/dockerconSome interesting takeaways from the keynote: Strategic Microsoft partnership https://www.docker.com/blog/shortening-the-developer-commute-with-docker-and-microsoft-azure/ Windows and WSL2 reach GA Now directly from Docker Desktop, you can push containers to Azure Container Instances (ACI) Docker Hub new features for Security and Teams Docker Desktop and Docker Hub has a tighter integration Snyk provides image scanning in Docker Hub My presentation - Become a Docker Power User with Visual Studio Code - https://youtu.be/sUZxIWDUicA
Episode 66**DISCOUNTS**40% Discount to Manning Publications use Code Podbyte20Charles Gehman has been building applications on AWS since 2012. He has been an architect, CTO, technical blogger, and developer for many years. He holds the certifications AWS Certified Developer and AWS Certified Solution Architect.Manning book - https://www.manning.com/books/aws-cloudformation-in-action^Website - https://www.chuckgehman.com/Twitter - https://twitter.com/charlesgehman Based in Minneapolis Originally from New York Works at Perforce - https://www.perforce.com/ Perforce is one of the original Version control systems Became a platform for DevOps tools Old motto “Version everything" Perforce is the main version control system used in the Video Game industry and 8 out of 10 Semiconductor manufacturing industries use Perforce. The one tech guy in marketing Cloud consultant MEAP program - manning.com/meap-program
Grafana - https://grafana.com/ Grafana 7.0 - https://grafana.com/docs/grafana/latest/guides/whats-new-in-v7-0/What's new? A ton! New UI New Panel Editor (Now side by side tooling on the right side) Cloudwatch as default Data provider (most popular cloud provider) Auto grid layout Inspect panel and export data Grafana 7.0 features: New Panel Editor Redesign based on community feedback. Explore New tracing UI and support for visualizing Jaeger and Zipkin traces. Enterprise Usage insights, Presence indicator, and Auth improvements. Transformations Transformations and simple Math operations for all data sources. Field overrides Automatically configure panels with data from queries. Table New Table panel. Plugins New plugins platform. Tutorials New tutorials section. Cloudwatch Support for Cloudwatch Logs in Explore and the Logs panel. Breaking change PhantomJS removed. Time zones Time zone support
Brave - www.brave.comBrave has 8.7 million monthly active users already in 2019Brave Software was co-founded by Brendan Eich, creator of JavaScript and co-founder of Mozilla (Firefox), and Brian Bondy, formerly of Khan Academy and Mozilla. Brave is active in fighting GDPR is active in fighting GDPR infringements like how Google is handling data reporting unlawful surveillance on citizens such in the UK - https://brave.com/ukcouncilsreport/ Reports on how foreign governments can serve ads which can run code on on government computers - https://brave.com/malvertising-homeland-security/ Sync between devices is still in Beta but doesn't work yet for Mac Opt-in to privacy-respecting ads Brave comes with Brave Shield which is an automatic ad and tracker blocking Brave Rewards - users can support their favorite publishers, GitHub repos, or Receive Crypto token BAT (Basic Attention Token) for viewing ads which then can be cashed out or paid forward Similar to GitHub sponsors but for the entire web
Oh My Zsh! - https://ohmyz.sh/GitHub - https://github.com/ohmyzsh/ohmyzsh/ ZSH - ( Z Shell) is an extended Bourne Shell (sh) with features from other shells like Bash, Korn Shell, and tsch (tee shell) macOS Catalina made Zsh default back in 2019 replacing Bash Oh My Zsh is an open-source, community-driven framework for managing your zsh configuration.Plugins - Git, Docker, VS Code, OSX, programming languagesThemes - customize the look and feel of ZSH
Octoverse COVID-19 Developer Report - https://github.blog/2020-05-06-octoverse-spotlight-an-analysis-of-developer-productivity-work-cadence-and-collaboration-in-the-early-days-of-covid-19/State of the Octoverse 2019 - https://octoverse.github.com/Key findings: Dev activity remains consistent if not maybe increasing Interesting stat. When COVID-19 outbreaks occur a flux in Enterprise Repo issues increases Work cadence changes - longer days and weekends Activity between first and last push and more activity on weekends. West Coast US sees a consistent increase in work volume Patterns of work indicate potential burnout More people are collaborating Merge requests are merged faster than previously. Previous 2-3 hour average and now under an hour More collaboration tools being used Active users increased from the same period last year
Open-source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.2 major players in the Open Source Home Assistant - https://www.home-assistant.io/ OpenHab - https://www.openhab.org/ Privacy first - you control your data/integrations stored locally no cloud involved unless you allow it HA - has 3 different use cases: Observe - tracks the state of all devices in your home Control - Interact with your devices via UI or mobile app Automate - set up rules to perform tasks when you leave the house or during certain times of the day The founder's vision - https://www.home-assistant.io/blog/2016/01/19/perfect-home-automation/ The perfect App is no App - home automation should blend your current workflow, not replace it Home automation should run at home Community Cookbook (Automation Examples)DEMO Link - https://demo.home-assistant.io/
Kubestack - https://www.kubestack.com/Kubestack is the open-source Terraform framework for DevOps teams that want to automate infrastructure, not reinvent automation.Developed by Phillip Strube - https://twitter.com/pst418 Director of Technology at Container Solutions Previously CoreOS and Exoscale Kubestack Overview Kubestack brings GitOps to infrastructure Scalable for even small teams to manage Decouple Applications form Infra Multi everything - cluster, region, and cloud Inheritance Model The desired configuration is set for the apps infrastructure environment. Ops inherits configuration from apps. The inherited configuration can be overwritten The ops environment serves the purpose to test and validate configuration before it is applied to the apps environment. Configuration drift risks rendering this protection ineffective EPISODE DISCOUNTSUse the discount code podbyte20 good for all our products in all formats from Manning Publications
From MVP to launch under a week was our main goal. With a little development time and features, the focus was instead on launching a product to get feedback as quickly as possible keeping most things manual. From writing the MVP requirements for launching on Product Hunt were less than one week. Launch Day Submitted to: Reddit Startups - https://www.reddit.com/r/startups/ Indie Hackers - https://www.indiehackers.com/ Dev.to - https://dev.to/ Hacker News - https://news.ycombinator.com/ Product Hunt - https://www.producthunt.com/posts/the-work-from-home-list Product Hunt we were floating around the top 12 most of the day until the US woke up then slid down to 21 at the end of the day. Stats for the day Featured on Product Hunt 215 Product Hunt votes 800+ users 25 new products submitted Typeform - https://www.typeform.com/Google Sheets - https://docs.google.com/spreadsheets/u/0/
About Docker Captain from the Original Batch of Captains Works as a Site Reliability Engineer Member of the Kubernetes SIG Release team Lives in Turin, Italy and likes hiking and skiing in the Alps Website - https://gianarb.it/GitHub - https://github.com/gianarbTwitter - https://twitter.com/GianArbTwitch - https://www.twitch.tv/gianarbProjects Kubernetes SIG Release Open Telemetry Kube Profefe Profiles applications Stores profiles in Object storage to analyze Test Containers References mentioned in the ShowSRE BookKubernetes CommunityOpen Tracing / Google Tracing
AWS announced the new container operating system Bottlerocket. Focused on security, open-source, optimized for AWS integrations, and lower costs.AWS Bottlerocket - https://aws.amazon.com/bottlerocket/Bottlerocket GitHub - https://github.com/bottlerocket-os/bottlerocketBottlerocket Roadmap - https://github.com/orgs/bottlerocket-os/projects/1Interview Deepak Sing VP of compute services at AWS - https://www.infoq.com/news/2020/04/bottlerocket-singh/Some notable features include: API access for configuring your system, with secure out-of-band access methods when you need them. Updates based on partition flips, for fast and reliable system updates. Modeled configuration that's automatically migrated through updates. Security as a top priority. Open Source - open development model enables customers and partners to produce custom builds, for example, builds that support their preferred orchestrators. Lower costs as it will be bundled with EKS and ECS in the future Optimized performance through AWS integrations 3 years support after the GA release
Tailscale - Private Networks made easy Allows you to connect all your devices using Wireguard Removes all the hassle from installing/configuring Wireguard Based on WireGaurd which is now part of the Linux Kernel SSO - Google GSuite, Active Directory Office365, OKTA, Ping Tailscale the company just received a 3Million Seed round - https://tailscale.com/blog/tailscale-launch/ Super easy to install No Config, No Firewall ports Install the Tailscale software on all machines you want to be connected. Install the software and authorize the new endpoint in the Admin console or sign in with SSO to automatically authorize And it works Admin Console Pending Authorizations Machines connected DNS - use custom DNS servers for machine lookups ACL - restrict who can access which machines on your network Tailscale the company Tailscale the company just received a 3Million Seed round - https://tailscale.com/blog/tailscale-launch/ FAQ - https://tailscale.com/kb/1062/reviewer-guide Pricing Free for personal up to 100 devices - https://tailscale.com/pricing/
AWS CDK - https://aws.amazon.com/cdk/Getting Started with CDK - https://docs.aws.amazon.com/cdk/latest/guide/home.htmlAWS CDK Construct Library - https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.htmlAWS CDK Launch - https://www.youtube.com/watch?v=bz4jTx4v-l8&feature=youtu.bePulumi - https://www.pulumi.com/Terrastack Polyglot Terraform supercharged by CDK - https://github.com/TerraStackIO/terrastack
Docker announcement - https://www.docker.com/press-release/docker-open-sources-compose-specification Docker Compose Spec - https://www.compose-spec.io/Awesome Compose - https://github.com/docker/awesome-composeKompose - https://github.com/kubernetes/komposeCompose on Kubernetes - https://github.com/docker/compose-on-kubernetes
GitHub Actions - https://github.com/features/actionsGitHub Actions Documentation - https://help.github.com/en/actionsGitHub Actions Usage Limits - https://help.github.com/en/actions/getting-started-with-github-actions/about-github-actions#usage-limitsGitHub Actions MarketplaceGreetings Action Example - https://github.com/vegasbrianc/prometheus/blob/master/.github/workflows/greetings.ymlAction Netlify Example - https://github.com/marketplace/actions/deploy-to-netlfiyDocker Action Build & Push - https://github.com/marketplace/actions/build-and-push-docker-images
Mirantis - https://www.mirantis.com/Docker Regroups - https://techcrunch.com/2020/03/10/docker-regroups-as-cloud-native-developer-tool-company/?guccounter=1 Mirantis Docker Swarm extends support -https://devclass.com/2020/02/25/mirantis-to-keep-docker-swarm-buzzing-around-pledges-new-features/Docker Roadmap - https://github.com/docker/roadmap/projects/1Docker Birthday discounts - https://www.docker.com/blog/mydockerbday-discounts-on-docker-captain-content/
Trello (Task Management) - https://trello.com/Slack (Collaboration) - https://slack.com/Whereby (Video Conference) - Stanuply (Automated Standup organizer) -https://standuply.com/Office365 - https://www.office.com/Evernote - https://evernote.comeGitLab (Project settings, project related information) - https://gitlab.com/
In this episode, we focus on some of the key messages when we are setting up monitoring. We should consider monitoring as the centerpiece of our DevOps pipeline and a single source of truth. When getting started with monitoring consider the following: Don't limit to infrastructure Run separately from the workload Set resource limits on your containers Aim for actionable information Test for failures Don't overlert yourself Start small
VS Code Docker Extension - https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-dockerWorking with the Docker Extension - https://brianchristner.io/docker-and-microsoft-vs-code/Episode 3 VS Code Docker Extension Overview Episode - https://thebyte.io/episodes/vs-code-docker-extension
Coding Coach - https://codingcoach.ioCoding Coach GitHub - https://github.com/Coding-Coach
iTerm2 - https://iterm2.comDownload iTerm2 - https://iterm2.com/downloads.html
DevDocs - https://devdocs.ioDevDocs GitHub - https://github.com/freeCodeCamp/devdocs
Lazydocker - https://github.com/jesseduffield/lazydockerJesse Duffield - https://github.com/jesseduffieldLazyGit - https://github.com/jesseduffield/lazygit
Website - http://ifconfig.co/GitHub - https://github.com/mpolden/echoip
DNS over HTTPS - https://developers.cloudflare.com/1.1.1.1/dns-over-https/How to enable DNS over HTTPS in Firefox - https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/Check your browser security - https://www.cloudflare.com/ssl/encrypted-sni/Secure DNS doesn't make us the villain - https://www.theregister.co.uk/2019/07/06/mozilla_ukisp_vallain/
Säntis Systems Summit - https://www.brianchristner.io/saentis-systems-summit-recap/RISC-V - https://riscv.org/Deploy, Configure, and Monitor Traefik - https://www.brianchristner.io/deploy-configure-monitor-traefik-prometheus-grafana/
Website - https://getbitbar.com/GitHub - https://github.com/matryer/bitbarIP Address Info - https://getbitbar.com/plugins/Network/netstats.5s.sh
Limit your Tools Article - https://www.brianchristner.io/limit-your-tech-tools/IFTTT (If This Then That) - https://ifttt.com/Zapier - https://zapier.com/Gitlab Episode - https://thebyte.io/episodes/gitlab-a-full-devops-toolLess is More Episode - https://thebyte.io/episodes/less-is-more
GitHub Sponsors Program - https://github.com/sponsorsOctoverse GitHub Report - https://octoverse.github.com/peopleMonkchips - https://twitter.com/monkchipsMonkchips Presentation - https://twitter.com/danielbryantuk/status/1133832846236364807
Website - https://apiumbrella.io/GitHub - https://github.com/NREL/api-umbrellaWho's Using API Umbrella - https://github.com/NREL/api-umbrella#whos-using-api-umbrella
Last Week in AWS - https://www.lastweekinaws.com/ Corey Quinn - https://twitter.com/QuinnyPig Rancher Rio - https://github.com/rancher/rio Helm - https://cloudblogs.microsoft.com/opensource/2019/05/21/helm-3-release/ Spotify Deleting Production K8S Cluster - https://kccnceu19.sched.com/event/MQbb/keynote-how-spotify-accidentally-deleted-all-its-kube-clusters-with-no-user-impact-david-xia-infrastructure-engineer-spotify Service Mesh Interface - https://cloudblogs.microsoft.com/opensource/2019/05/21/service-mesh-interface-smi-release/ Episode TranscriptionWelcome back to The Byte. In this episode we're going to do a KubeCon recap. KubeCon 2019. It's been a heck of a week last week. We were traveling to Austria for some customer visits, and I just completely missed out on recording some episodes. So, I'm back. And I had plenty of time to actually review all of the news coming out of KubeCon. It was an incredible amount of news. Corey Quinn, you know, from last week and AWS was actually attending KubeCon, which is great 'cause he's a really great person to listen to and understand his viewpoint on the technologies, and he really is critical on the technologies, and he several times said, "Everyone's trying to manage Kubernetes. Everyone's trying to roll their own version of it," et cetera. So he has a very interesting viewpoint on the Kubernetes world and how that's going...But the announcements out of KubeCon were... They're slowly becoming more standard releases. There are no shockers coming out anymore because the community is maturing. That's really the key message here, is the community is still growing rapidly, unbelievably, but we're starting to see, not even a plateau, but we're starting to get to a top of the curve where we're... The height cycle is not completely there yet but you can definitely see that the technology is mature enough that people are using it, and it's becoming more stable.Now some key announcements out from KubeCon... Actually, before KubeCon actually launched was BitNami, the provider of all the Docker images, and packaged software was purchased by VMware shortly before the conference. And that's pretty big news because BitNami's a nice service. I use them for several different projects, because they package together, for example, Wordpress. They document the heck out of it. They tell you all the ins and outs, where you should look, how you should operate it, how you should grow it. If you want to do high availability... And they maintain it, which is really awesome. It's a great, great product. I recommend if you ever look for an image, check out BitNami Images, 'cause they're very well documented as I said, and they're battle-tested.Another announcement out of KubeCon was Rancher launched Rio. So Rancher launched not so long ago k3s, which is the slimmed-down version of Kubernetes. Now, on top of that, they've launched Rio, which is a micro-platforms and service, based on top of k3s. So it's a micro-platform as a service, and the idea is to get closer to the edge and start bringing more services to the edge. I think it's a brilliant model, and Rancher continually surprises us on the features they keep announcing.But the real shocker here was Microsoft. Microsoft is the one that had all the announcements. First, they announced visual studio code Kubernetes 8... a new Kubernetes extension which is now all supported. It's actually a certified extension, and this is quite big. Visual studio code is now becoming the standard, and now they're really throwing their weight behind creating the toolset to actually support it.The next thing out of Microsoft camp was the virtual cubelet, Hit 1.0. That's basically a server-less Kubernetes distribution. It allows you to run Azure container instances and bringing server-less as a complete package offering within Kubernetes. I find this quite cool. I haven't played with it yet, so it's new to me as well. I'll have to dig into it a little bit more.Helm 3. Helm is obviously the de facto standard for packaging and deploying Kubernetes applications, and Microsoft announced the first alpha of Helm 3. Also a big announcement because they're throwing all their resources behind making RBAC and CRDs, they're making it part of Helm 3, which is what everyone's been asking for.Now what really shook everybody, the biggest announcement from the conference, was Service Mesh Interface, and what that is, is it's a new standard interface across all service meshes. So Istio, Envoy, it doesn't matter the service mesh, but we're going to have a standardized interface to all these. And why is that important? Because all these service meshes popped up so quickly and grew so quickly, they developed their own ecosystems, their own APIs. Now if you're a company that runs several service meshes, you also have to integrate all these different APIs. Well this new service mesh allows us to actually... The Service Mesh Interface really standardizes across all service meshes and allow us to define traffic polices, traffic telemetry, traffic management, across all these different service meshes. If you look at it, it's like standardizing the gas nozzle in cars. Every car has a gas nozzle, but if they're all different, it's a bit difficult to operate. You can obviously operate it, no problem individually, but it'd be much easier if they're all standardized. And that's what SMI is doing. It's really standardizing the Istio interface to make it easier to operate and manage.That's really the KubeCon recap. There was some great news coming out of the ecosystem. The ecosystem's continuing to grow. One of my favorites so far, what I've seen so far is my favorite talk from KubeCon is the Spotify talk, where Spotify talked about on the keynote how they accidentally deleted all its cube clusters in production. Yeah.They deleted... What'd they say, about 50 nodes or something like that? 50-node cluster, and zero user impact. They were actually trying to do a migration from one of their other cloud providers to Google Compute Engine, and it just went horribly wrong. They deleted the cluster, then it walked you through how they recovered, how long it took to recover, how a lot of scripts weren't ready and things were not in place to actually do this recovery, and how they went for it and is learning. And this just shows you the Spotify culture is all about learning and embracing failure, and I think more companies can learn from this as well. It was a brilliant talk, it's really nice to hear somebody, "Hey, we're not doing everything right. We do fail once in a while, and this is how we did it and this is what we learned."It brings us back to the Kubernetes fail stories. The same type of situation, but they're actually talking about KubeCon, and I thought that was quite nice.That's all we have for this episode of The Byte. Look forward to some more episodes coming up. I have a whole queue in my queue to get up and running, so bear with us, have a great day, and we'll see you next episode.
Phil Estes - https://twitter.com/estespContainerD - https://containerd.io/ContainerD Maintainer Michael Crosby - https://twitter.com/crosbymichaelCERN - https://home.cern/Tim Berners-Lee's First Web Browser 1993 - http://info.cern.ch/NextBrowser.htmlBirth of the Web at CERN - https://home.cern/science/computing/birth-webEpisode TranscriptBrian Christner: Welcome back to The Byte. In this episode, we're going to be interviewing Phil Estes. Phil Estes, correct?Phil Estes: Yes that's correct.Brian Christner: He is an IBM Distinguished Engineer for IBM Cloud, ContainerD maintainer, correct?Phil Estes: Yeah.Brian Christner: Member of the Technical Oversight Board for open containers, recently Cloud Native Ambassador, and home-based in Virginia. That is quite an impressive resume to be honest.Phil Estes: Yeah, yeah. Especially that I live in Virginia and do all that.Brian Christner: That tops off the cake, right? So we're here in Switzerland today, Phil is actually flying through for a conference that he's attending later this week, or tomorrow actually. And he came by and he's visiting us at Spaces here in Zurich, so that's really cool of you to join us. Now, where are you going after his?Phil Estes: So this week, got a really neat opportunity to go to CERN. Initially just was going to talk about ContainerD with interested parties there and actually, we've got few other maintainers coming in because KubeCon is next week. There was some ability to kind of add this to people's schedule. So we're going to talk some about ContainerD on Friday but then Jess Frazelle, who I've been working with way back in the Docker open source community days, she had always wanted to visit CERN. So anyway, one thing led to another and now we're both speaking tomorrow in kind of the main auditorium just what they call an IT seminar, give a talk on some topics so I'm going to talk about open source and containers. So yeah it'll be fun.Brian Christner: Now for those who don't know CERN, they trying to make a black hole with a giant particle collider. And they're actually trying to find what particles make up human beings and all the matter around us, which is quite interesting. And they probably have one of the largest IT infrastructures in the world.Phil Estes: Yeah, yeah. And actually some pretty interesting historic infrastructure. You know, they've got the NeXT first web server that Tim Berners-Lee ran, that sat at CERN and ran the first few websites. And I think when you visit their data center, you can kind of look through the glass and there's a sign hanging over a certain spot, like the first internet router was here, so it's a pretty interesting place. And like you said, an amazing amount of compute and storage because of all the experiments going on there and they're obviously very interested in cloud and modern technologies to help them kind of operate this infrastructure for the scientists and the researchers.Brian Christner: I mean that's an impressive facility and it's going to be an amazing event that you get to attend.Phil Estes: Yeah.Brian Christner: Now next up, I want to ask you about your first computer. Can you tell us way back when your first computer and what it was and what you did with this first computer?Phil Estes: Sure. Yeah, so at the time I was in junior high I lived in kind of a rural, not a tiny town but a small town in Illinois. We had the one like a local mall with like a Radio Shack and I would actually walk there after school and play around on theses TRS80 computers which were kind of the early modern PC that you could actually off-the-shelf buy. I know there was some earlier computer equipment you could buy but the TRS80 was kind of commercialized and Radio Shack was pushing it pretty hard. And so anyway, one Christmas my grandfather went in with my parents knowing that I had a strong interest in ... a TRS80 showed up with a two like five and a quarter floppy drives and I think we even had the acoustic coupler for like tape. Anyway, all the hilarious gizmos of that era of computing. And it came with Frogger, a couple of other games.Phil Estes: But I pretty quickly learned the commands for MS-DOS and got a book on Basic and thought, you know, I just want to see what I can program. So I was just writing silly programs trying to paint things on the screen, make noises. And so yeah that was my first exposure to computers and programming and I guess you could I say I never kind of lost that bug. Just the interest of trying to see what you can make it do. So yeah.Brian Christner: Nice. I mean, it's incredible when we think back to our first computers and where we're sitting today, it's always a nice journey. So now you're working IBM for quite a long time, actually I remember we discussed this and you what, about two years ago, became a distinguished engineer, or year and a half ago or so.Phil Estes: Yeah just a year ago.Brian Christner: So tell us about that journey, how you became a distinguished engineer.Phil Estes: Yeah, so the cool thing about IBM is that they have, especially as you advance in your career, there's a very clear and discreet path for technical advancement. So for example, there are websites that detail kind of the skills expected, lots of materials to help you kind of understand how to grow and find gaps where you need to work with your manager to find out okay, to be this next level on the technical ladder, I need to do these things or have this kind of scope of my visibility to the rest of IBM. And so distinguished engineer is kind of the culmination of a lot of that because it's the first sort of executive rung on the technical ladder at IBM. And there's really only one above that and it's IBM Fellow, which is a pretty significant accomplishment. There are only a hundred or so active IBM Fellows in the entire company, which if you're in a small company a hundred is a big number if you're in IBM a hundred is a very small number.Phil Estes: But yeah, so I would say that distinguished engineer is not only about being smart or being technically astute, there needs to be a breadth of something that you're seen as a leader on. And thankfully I'd say I'm lucky that containers and open source and all these things kind of came together at a time when I just happened to get involved and become known as the guy who knew about Docker and containers and then IBM decided to build kind of our cloud platform around that. And so yeah, I mean the timing was perfect for me to kind of expand my scope in IBM to be seen as a leader to where my management and those who supported me could honestly take it forward to, kind of first the Cloud Unit Review Board, and then it's actually a corporate recognition so DE is an appointment at the corporate level.Phil Estes: You know, it's not something you can sneak into, you got to have a ton of support across IBM, you got to have the right people kind of pulling for you, and so I'm just thankful I had some amazing people around me, management that brought that together. Because it's something I never necessarily thought I would reach at IBM and it's a cool thing.Brian Christner: I mean it's really an amazing achievement. I mean considering the size of IBM, I don't know how many employees, must be a hundred thousand-Phil Estes: 400,000.Brian Christner: 400,000.Phil Estes: Worldwide.Brian Christner: So I mean, it's a small, smallest percentage of actually become distinguished engineers. So I mean, that's really an accomplishment. Now you mentioned the open source and how you started with Docker, let's talk a little bit about ContainerD and how you got involved in ContainerD.Phil Estes: Yeah, so I was working on Docker, the open-source project, obviously 2014, 2015 into 2016 it was hugely popular as an open-source project. It was also under a lot of stress from just the amount of people wanting to kind of give their input, make their mark on Docker, you know, whether it's vendors or independent people. It was being pulled in a lot of directions and of course Docker the company also had specific ideas and strong opinions on Docker the open-source project. And it was causing some tension, Kubernetes Swarm, that was kind of a big excitement in 2016. And ContainerD really came out of a set of discussions with many players at the time, you know, there'd been some public calls for we just need a stable core run time, that's not opinionated, that we can all build on. Docker can continue to build their platform, people that love Kubernetes can build on it.Phil Estes: So ContainerD, you know again, came out of Docker. Michael Crosby had a huge hand in kind of putting that together. It originally showed up in 2016 as kind of a management layer over runc, which is the OCI layer that also appeared that year. But it was really late that year that, through my involvement with Docker and talking to Solomon (Docker Founder) and all the people at Docker, that we really agreed this is something that should be outside of Docker, should be in CNCF or wherever you guys think is best. And so, you know, early 2017 it was donated to the CNCF. And so again, I felt like it just made sense for IBM to continue involvement to get even more involved in ContainerD than we had in Docker because we built, again, our cloud platform around Kubernetes and having ContainerD as this core runtime across all our platform, which we use Cloud Foundry, which has a container runtime. We have functions and service platform which now uses ContainerD.Phil Estes: So it's become kind of this underpinning underneath all these layers of [inaudible 00:10:17], you know containers as a service. So yeah, that's kind of the history of how it came to be and why IBM decided that it made sense for us to be involved and why I continued as a maintainer there to be that connection point between IBM product and the open-source side of ContainerD development.Brian Christner: I mean, ContainerD, I mean within IBM is becoming the standard, but also outside of IBM, I mean Google, Amazon, everybody is relying on ContainerD as the runtime. Is that correct? I mean, how do you see that going forward?Phil Estes: Yeah, I mean I feel like our adoption has been phenomenal and the cool thing is because, and again I can't take credit for this, Michael Crosby, Stephen Day, Derek McGowan, they had lived through the entire Docker development lifetime and ContainerD was almost a chance to rethink a few pieces to make sure that the abstractions were really, really clean. And so now what's cool to see is it's not just about Docker using ContainerD or Kubernetes using ContainerD, but like AWS Firecracker or gVisor or you know all these kind of new ideas about container isolation. ContainerD just happens to be a perfect vehicle for bringing new kind of ideas around containers and isolation that don't necessarily have to live on top of Kubernetes or the Docker engine.Phil Estes: So yeah, I think because of that you're seeing, you know, wide adoption. Alibaba Cloud, I like to point at them because they're using it like everywhere in their cloud. They've built their own Pouch Container open source project that sits on ContainerD, that's like a Swiss Army Knife of runtime and registry interactions. And so I think all these things clearly show that it's simple to use, very extensible, and people love how simple it is to start with ContainerD.Brian Christner: I have to agree with that. I mean it's extremely easy to use, it's understandable, it's documented well. Now for next up for ContainerD, where do you see the direction heading for ContainerD?Phil Estes: Yeah, you know I think we never want the scope to have this creep of becoming another huge monolithic engine that has every contraption. So we've tried to build in pluggability, we've resisted PRs that want to add a lot of new function directly in it because like the Firecracker team built all their functionality as plug-ins. Most of their code doesn't need to be in ContainerD, so that's the way we see ContainerD growing in functionality is not by us adding function but the pluggability and extensibility allow that outside of the core project.Phil Estes: So really the core project, stability, performance, better Windows support, which the Microsoft team is working on for our next major release. Again making sure this runtime layer, it allows, not just runc, but all these other variants of Kata Containers and Nabla and gVisor, to have the best possible kind of support for how they use the platform. You know things like multiple containers per VM like we had to shift around the API to make sure that was well supported. But yeah, outside of that I don't see us having major functional additions other than making sure ContainerD stays ... The reason people like it, it maintains that simplicity and usability.Brian Christner: I mean that's something that's very important in today's age is that not always do we need to keep adding features, sometimes just stable products is what we need. And so that's a brilliant way to go about it. And the last question I have about ContainerD is how can people contribute? So even if you're not a developer, I mean where do you recommend starting with ContainerD if someone wants to get involved?Phil Estes: Yeah, so I think, you know a lot of the last few months have been busy with some releases and also because we maintain compatibility and release cycles. You know, something we never were able to pull off in Docker is having multiple lines of support, you know, bug fixes or being backported. So that keeps the maintainers fairly busy. So I think anyone who wants to come in and kind of start to look through ways the documentation may be lagging, code, that's always a huge area. We have a website that just has basic information that could be extended with a lot more examples, especially these plug points, like smart people from AWS just came in a figured it out, but I'd be great to have clear documentation. Like how would I add a plug-in to do this? So those are non-development areas that could always use extra hands.Brian Christner: Absolutely. Now I want to kind of transition this into the next phase, is like conferences. Now you're kind of like a professional on the conference circuit and what're your tips for conferences? I mean, you attend a lot of conferences, you see a lot of them, so I mean, what can you ... And you're going to KubeCon next week, you're going to CERN. Do you have any tips for people and like submitting CFPs to conferences?Phil Estes: Yeah, I mean CFPs, I've always found, you know just to be honest, I found to be tough because it's ... Especially if we're talking about at KubeCon level or even DockerCon, where there's significant contention over a number of slots that are small and a number of submissions that can be extremely large. And I've even been on review teams for DockerCon, for KubeCons, for other smaller conferences, and you know it can be overwhelming to try and think how do I pick the best talks because the numbers are so large, there are lots of great ideas. So I think some of the best insight that is not necessarily just from me, I've heard it from others as well, is because people are busy, reviewers especially, you have a sentence or two to grab their attention. So, not that you want to over promise, but you need to pack those first few sentences with like what's the real value you're going to give to people coming to this talk. Because a lot of people spend a lot of time kind of with backstory and it's like people just don't have the time to get to where you're going. So yeah.Brian Christner: It's really like fire sale or as a resume, you know, you really want to catch somebody with a cover letter and just really pull them in.Phil Estes: Yeah.Brian Christner: Now, since you're also going, what are some conference concepts that you really enjoy, that you've seen? Like open spaces or like at DockerCon we saw like a, what was it, they open space that you can submit talks to on the side. I mean, that's kind of a new concept that's taking over conferences. Do you see anything else grabbing attention?Phil Estes: Yeah, so like you're saying, I think Hallway Track is an old term of just standing around in the hall that's been formalized, we've seen at conferences like a DockerCon. Which is really valuable. I mean, I think there's a slight bit of abuse of ... Like you see a lot of sales pitches being put into Hallway Track like, you know, come let me tell you about our product. Which is fine, I mean people can self select out of that obviously. I think the other thing, again, that is at DockerCon but I've seen other similar ideas around it is just connecting people because it's very interesting, like you said, when I attend a conference that's my community, so to speak, it's a ton of fun because I'm going to see a lot of people I know.Phil Estes: When I go to a conference that's not necessarily ... You know I was just at CraftConf in Budapest last week, which is a huge cross-industry conference, and so it's not a bunch of container people. And it is a different feeling to walk in and like oh man I don't really know anybody, how do I connect? And thankfully if you're a speaker, sometimes there's a speaker event where you start to mingle. But anything that a conference can provide to connect people in, like, at DockerCon, it's very specific, the Pals program. I think that anything like that to try and help people that their company may have paid good money for them to be there and yeah if they feel disconnected they may just go back to their hotel and really miss out on connecting with people or listening to the talks. So I think that's area conferences, especially really large conferences, it's overwhelming for like a total newbie.Brian Christner: I mean I feel that also, I mean the talks are amazing but the talks are always online so if you miss something you always go online, but I find the networking and talking to people actually building things, I mean you get just tons of value out of this.Phil Estes: Yeah. And, you know, I guess being an introvert of sorts myself, I was never in to kind of walking the booths of like an expo hall, but I've learned, and I've sort of forced myself to learn, that's a great way to actually find out what's happening in the industry. Because people at those booths would love to tell you, you know maybe it's a product pitch in some sense, but it can be really valuable to kind of get a pulse for what people are ... If it's a container conference, what are different people doing with containers, what's the view on security, and what people think about the value of containers for industry such and such, you know finance or. So that's another way, it takes a kind of stepping may be outside your comfort zone at times but just strolling around an expo haul and connecting with people there.Brian Christner: That's a great tip, thank you very much. Well, that's all the time we have for this episode. We really appreciate Phil coming on our first interview of The Byte and we wish him success at CERN and KubeCon. Any last words you want to tell us?Phil Estes: No, it's sort of becoming a habit to stop in Zurich, sadly Brian always sees me right after an international flight when I'm still a little out of sorts, but it's always cool to be welcomed here and go off to some other beautiful place in Switzerland. But yeah, thanks for having me.Brian Christner: Absolutely, thank you, Phil.
Website - https://github.com/mlabouardy/komiserEpisode TranscriptWelcome back to The Byte. In this episode, we're going to talk about Komiser, K-O-M-I-S-E-R. I'm most likely saying that incorrectly, but hey, we're going to run with it. Komiser is actually an Amazon Environment Inspector, and they claim it actually can support a Google GCP and Azure as well.Now, this open-source project is quite amazing. I mean it's a Docker run command, you can run it on Linux, Windows, Mac OS or run it in a Docker container. One command you're up and running and then you access your localhost and you have a beautiful dashboard. I mean it's really, really nice, intuitive. You see a dashboard of your Cloudcast, your IAM Users, your current bill, regions, alarms. And as you scroll around you can go onto compute and you can actually see individual functions as well as services within Amazon, for example. So you can see Lambda Function and locations, errors, how many ECS clusters, how many ECS tasks, EKS clusters and you can really dive down into details; network security, so it's like an all in one dashboard for your Amazon Environment. So it gives you a lot more transparency than the Amazon dashboard does actually, and it's quite easy to do, easy to use.So once you get it up and running, you actually have to create an IAM user within Amazon, attach a policy to it then give this dashboard your credentials. This allows it to actually see your environment and basically explore the different services that are running. It is extremely intuitive, I mean I was really impressed with how well the dashboard is put together, and it's clean, you know you have alerts, you can see service limits and AI. I mean I'm walking around the dashboard as I'm discussing with you and I'm incredibly impressed, and it is open-source; I mean there should be a product and if you go to the Komiser website it appears they have the open-source version and they have an enterprise which it has, the enterprise version has recommendations engine, RBAC, alerts, reporting and premium support.I really feel this product is on track to become like a real SAS solution; it's that well finished. It provides really intuitive information. They claim it's to really cover your bills so, you know, uncovering hidden costs, monitoring increase in spending, you know, impactful changes and customer recommendations; and what they highlight, their features, you can basically analyze and manage a Cloudcast; your usage, security, governance, all in one dashboard. And it visualize across all your used services so you can really see where you can adjust your pricing or your services to really take advantage of the cloud the best way.Vulnerabilities that can put your Cloud Environment at risk and, as I said before, it interfaces to Amazon, GCP, and Azure. They listed it on Product Hunt; It appears it got some traction on Product Hunt as well. Got about 88 upvotes so it's not so viral or anything but I really believe it's well put together and if you look at the documentation, it is also quite well put together, you can see the different providers, they have their own SAS offering, their tutorials and on the GitHub page, if I click back here, at the GitHub, you can see that they have about 1600 stars so it's, I mean, it's fairly good, I mean, it's very active, it's a clean dashboard. I'm going to start using it for our environments and start giving it a real go and see how it's going. I have it running locally and I have it connected to my personal Amazon account just to see how it all works and I'm quite impressed in the level of completeness in this UI, it's well put together. So that's all for this episode. Komiser, give it a try. Have a great day.
Windows Subsystem for Linux (WSL 2) - https://devblogs.microsoft.com/commandline/announcing-wsl-2/ WSL 1 It was a Windows wrapper emulating Linux translating Linux API's to the Windows Kernel File system drivers were about 20x slower than native Couldn't use Linux drivers Linux API's not fully implemented WSL 2 Faster boot times Full Linux kernel running in a lightweight VM Docker containers will run natively File system performance Episode TranscriptionWelcome back to The Byte. In this episode, we're going to talk about Windows Subsystem for Linux.Last week, the Microsoft Build Conference released some amazing news surrounding Windows Subsystem for Linux. Now, if you don't know what the Windows Subsystem for Linux is, it is ... Version one is essentially a ... it was a Windows wrapper, so it's like emulating a Linux, translating the Linux APIs instead of Windows kernel. And Microsoft made its own translation. It was really kind of ugly because it didn't incorporate everything. Not all the Linux APIs were implemented. The file system access was like 20% slower than actually native Linux distributions. But it was a start, right? I mean, as a first go at actually having Linux running on Windows.Now what was interesting is the Microsoft Build Conference, which is all the developer news that's coming out for the Microsoft world, they announced WSL 2. So Windows Subsystem for Linux version two. Now instead of it being an emulation of Linux, it's actually a full Linux kernel running inside a lightweight VM. And this is amazing news. I mean it's almost to the point where I'm gonna sell my MacBook and go get a Surface Book. That's the kind of news it is. What does that mean for developers? First off, it's going to be faster boot times because previously it had to load the Windows kernel and then you had to load the Linux emulation APIs and all that stuff. So it took a while for the version one load. Version two is going to be a VM. It's going to be a lightweight VM. Similar how-to Docker for desktop runs. It's going to be the same type of concept. It's just going to start up, and it's going to be there. It's going to be a full Linux kernel, so it's going to have all the capabilities that we're used to in Linux and of running on Windows, which is really quite amazing.What does that mean? It means we can run Docker containers natively on Windows as a Linux container. I mean this is an amazing announcement. I mean now we have the full capabilities of Linux on a Windows machine. And as a developer, I mean this is something I've been looking forward to for a long time. Because the user experience on Microsoft running Docker has always been not 100%, because sometimes the containers run, you have some emulation issues ... And now that we have a full Linux kernel running, there are no excuses at all that it won't work. And we can actually do things like ... The file system performance is also going to be much better now because we're running it natively so that 20% loss that we were experiencing before WSL 1 ... WSL 2 is going to be a native file system performance.Additionally, we're going to notice a lot of different features so we can run Linux libraries, all the drivers that weren't working previously ... So all the drivers will work. The Linux API will be as advertised. We can go into the Microsoft store and pull down certain versions. So if you want, Ubuntu, if you want Red Hat or whatever version you want, you can actually bring that down and have your own flavor of Linux running. So there's a lot of possibilities here. Obviously, I haven't played with it. I'm a Mac user, but I have been developing more and more on Windows. So it's something that's very interesting to me. I'm actually really considering getting a Surface Book now because you know my MacBook, I have that lovely keyboard that sticks all the time. So my E is like, "eee" and my W's "www". So it's really annoying. I went to the MacBook store and ... I went to the Apple store and I told them, "Hey, I would like to replace it."They said, "Yeah, no problem. Just leave your laptop with us for four or five days." I'm like, "Can have a replacement?" "No, you need to purchase a replacement." So obviously I wasn't happy with that news, and I know a lot of people are switching over to Surface Books or just Windows laptops in general. And I think this will be my transition.Now I have a full Linux kernel running. We're expecting it to be available sometime in June. So once it's available, I'm going to do a full test on it and see exactly what we can do, run containers on it, make sure it actually runs as advertised, and I'll report back to you. But Windows Subsystem for Linux version two, it's going to be running native Linux. It's going to be in a small VM and it's going to be running as advertisers ... We've seen it before.So what does everyone think? Send me some comments. Email me. Tell me what you think about this announcement and what it means for the Windows developer community as well as existing Mac users. Because I know the new MacBook Pros, a lot of users are looking for an alternative and this might be the bridge to move over to Windows .Let me know what you think. Have a great day and we'll see you in the next episode.
Website - https://github.com/coreos/clairSaaS Vendors mentioned in this episode: Aqua Security NeuVector Twistlock Episode TranscriptionWelcome back to The Byte. In this episode, we're going to talk about Clair, a vulnerability Static Analysis tool for containers. Before we get started I want to see a raise of hands who runs containers in production? Now, keep your hand up if you scan your images that are running in production. Now, this is a question I ask in workshops to various banks, and big customers that you would think would be doing this, and it's shocking. If we were all sitting in one room, I would imagine only 20% of us would still have our hands up saying we run production containers, and we scan these containers... Scan the container images.Now, Clair is actually a brilliant tool. It's was developed by CoreOS, which was acquired by Red Hat, which Red Hat was acquired by IBM, but it's still going. I mean, it's still active, which is brilliant, because it's an awesome tool. Now, typically in the enterprise world, and the small-medium enterprise, I mean, different segments, you have different options, right? I mean, typically, if you are going to do container security, you're going to go with some sort of SAS solution, one of the big vendors, and we're talking about Aqua Security, NeuVector, Twistlock. I mean, just to name a couple of them.But, Clair is actually the open-source version, and obviously, it is open source. I mean, you're not getting any SLAs, or anything like that, but it does a great job, and what it does, I mean, it actually does Static Analysis and Vulnerability Scanning of your container images. How that works, it regularly downloads the metadata from various sources, stores them in a database, and then, compares the metadata versus your images that are running. This then provides you a notification, or lets you know, "Hey, this particular image has vulnerabilities, and I'll notify you, and I'll keep notifying you until you..." Like siren's notification.Additionally, we can also integrate Clair into your CICD pipeline, which allows us to, as we build container images we can actually, as it's pushed to a Registry, Clair then fires up, scans the image, and then, provides you like a report about them, if there are any vulnerabilities inside this image. It integrates into your CICD pipeline, it integrates into various container registries, it has configurable notifications, so we can then push notifications to slack, or email, or whatever notification system you want to use, Permit To Use, for example. You can go to the Alert Manager. It has a lot of different possibilities there. It does integrate quite well to a bunch of different type of platforms, so if you go into the documentation on Clair OS, GitHub page, you go to Integrations you can see it obviously integrates into the CoreOS Registry.It integrates into all sorts of different projects. You can look through it. As I said, it's an open-source project. If you're not doing container scanning now, I would highly, highly recommend you use Clair, that at least you have something, right? Because, many times people are not doing any scanning, and it's better to do something, so at least you know, hey, do I have a heart bleed running around in my production systems? Do I have any vulnerabilities that are like super, like red alert? It's good to know at least baseline where I'm sitting. I would recommend Clair if you're not running any security system. If you have the budget I would definitely go for an enterprise solution, Aqua, NeuVector, Twistlock, or just to name a couple of them, but there's a lot of options out there.Security starts sooner than later. I mean, the sooner you can integrate this into your CICD pipeline the better off you are. Give it a try, github.com/coreos/clair. It's a great tool. We've used it for a couple of projects. We're quite happy with it. I mean, obviously, for what you pay for, right? But, at least you're getting some sort of security put in place. This is step one. Obviously, there are a lot more best practices you can incorporate into your building of images, as well as the security in your container environment, but at least with Clair, we have some sort of reporting and availability... Ability to actually scan your images.Give it a try. Clair has great documentation. It's being used quite regularly. it's also being updated quite frequently as well. That's all I have for this episode. Have a great day. We'll see you next time.
Website - https://k8s.af/Henning Jacobs Head of Dev Productivity Zalando- https://twitter.com/try_except_ Nordstrom - 101 to crash your cluster Target Cascading Failures Moonlight Skyscanner Zalando Monzo public Post Mortem Episode TranscriptionWelcome back to The Byte. In this episode, we're going to be learning about Kubernetes failure stories, and I'm not talking about Kubernetes as a product failing, but more actually clusters failing in production and lessons learned, so postmortems.A gentleman by the name of Henning Jacobs, Head of Development Productivity at Zalando, and his Twitter is @tryexcept, which is pretty cool, his mission was actually to learn from other companies and how other people actually dealt with issues and documented these issues and what was their next steps in finding the way forward, and I guess his motivation was from KubeCon 2017 and Nordstrom, giant retailer in the US, talked about 101 ways to crash a cluster, which is quite interesting, and he took it upon himself to start making a public repo and GitHub to list all the failures that he could find and start listing them out and publicly telling people what happened and how to resolve these issues.Companies, such as Zalando is one of them, Skyscanner, Target, Nordstrom, Toyota, Monzo, AirMap, there's a list of about 20, 25 stories, very, very good. The stories that I took a look at just for me, Target was one of the big ones. Target's an American retailer, and they talk about how their cascading failure from logging side cars caused so many elections in Consul, it actually took Consul offline, so the logging was actually congesting the mesh traffic so much that Consul couldn't even register a new note. This is a major deal. This is a production system, major, major retailer, and it just goes offline. It has a cascading effect because as more services kept trying to elect, it just kept going further and further down the rabbit hole of chaos, and the fix was actually to enable encryption on the Consul, which then threw out all the bad messages. It's a really cool story.Daniel Woods, the gentleman in charge of architecture at Target, detailing exactly what happened, their steps to remedy it, and what their plan is in the future to get away from these types of problems.The other story is Moonlight, and moonlight is like moonlighting for jobs. It's like a job portal, quite interesting. This was actually another failure story where the scheduler was assigning multiple pods with high CPU on the same node, and then this node actually went into kernel panic, and it crashed the node, and the scheduler then took these same pods again and tried to reschedule them on another node, and just crashed the next node, and you can see it just kept cascading and getting worse and worse as more and more nodes went offline. It became so much an issue that it just huge issue at this production level. What fixed it was setting some anti-infinity rules and then the nodes started repairing themselves. Again, a great postmortem on this, as well.Skyscanner, I don't know if you know Skyscanner or not. It's one of these apps where you can track airplanes and see what's going on, quite a cool app. Well, this one was a new flag was available in the templating. They implemented it, and it just took, rescheduled all their pods. This is quite major. One flag change basically took down their production environment, pretty bad. They didn't catch it at testing. They did all their research on it to see what was actually this flag was doing, and it slipped through the cracks. They fixed it. They actually opened up a GitHub issue pull request, and they fixed it, they documented it, and they detailed it out.As I was looking through these issues and I was researching everything, GitHub actually went offline. I don't know if it's a coincidence or not, but quite interesting.Nonetheless, we can learn a lot from these postmortems. I'm a big fan of postmortems. It comes from the SRU world, Site Reliability Engineering from Google, and how we learn from these, and it's from others. When people share their stories, we understand. Hey, when this happens, this what we should look for and resolve these issues.Zalando, actually Henning Jacobs is from Zalando. He actually wrote his failure stories, which was pretty recent, where core DNS went offline, and a single application actually starts querying DNS, and every DNS lookup resulted in 10 queries, so you can see it cascaded overnight. It just kept on going further and further down the rabbit hole, once again because it just exponentially starts taking DNS services offline. One application was basically doing a denial service to their entire cluster. Their fix was basically better monitoring and more isolation of the services.I highly recommend you take a look at this Kubernetes failure stories even if you don't use Kubernetes. It's great how they write these postmortems, how they document everything and keep everything public. Some companies even actually make a GitHub issue and publish the issue and how it's actually running. That's quite interesting, as well.Give some feedback. Look at it, and learn from others' failures and how we can better work as a community, learning from our failures and communicate to the rest of the community how to do better.That's all for this episode. We'll see you next time.
Website - https://www.portainer.io/Episode TranscriptionWelcome back to the byte. In this episode, we are going to talk about Portainer. Portainer is a user interface for Docker Standalone, Docker Compose, or Docker Swarm. It now runs on Windows 1803 and above, or Linux. So essentially, you can manage Linux workloads, or Windows containers, which is a new feature. This is extremely helpful. We use it for a couple of our projects. I use it also privately for a few of my Swarms that I am running, and it works incredibly well. Very stable has all the features I'm looking for. Let's walk through the different features.Now, to get up and running, it's one Docker run command which launches the dashboard, and the templates, and the manager. Now, every node you want to manage in your Swarm, you have to deploy an agent. It's basically a service task that runs, and you register it back into the dashboard, and then you have visibility of what's going on. Now, in the dashboard, you can actually see Stacks, Services, Volumes, Networks. It's essentially everything we're really interested in when we're managing a Swarm cluster.We can also look at ... We have application templates, and here we have an application. We can say, for example, "Is it a container template? Is it a Swarm stack? Is it a composed stack?" And we can use existing applications, or we can actually create our own stacks, and make it available for our users, which is quite helpful. Think of it as a kickstart for your developers. You can make a Python, with an Nginx, and all the monitoring logging, and all best practices, already baked in. So all your developer has to do is stand it up. Very helpful.You also have the Stacks. And Stacks allows us to manage a Swarm Stack, take control of it. We can update it, we can add more services, et cetera. It's very helpful. We can create and manage Stacks. It's very essential. Let me just going through the interface. You go "Add Stack". It has a web editor. You can actually copy and paste the code right in here, or you can upload YAML, or you can actually grab the YAML file from a Git repository. So, all very helpful ways to deploy a Stack.We can also manage things like Services, Containers, Images, Networks, and Volumes. It really covers all the things we're really interested in. A couple of things I didn't write down was also configs, so we can actually look at the configurations, the secrets. So we can do secret management. And within the Swarm itself, I can actually see a cluster visualizer. And this actually comes from the open-source part of Docker. The Docker example of application app had the cluster visualizer, and that's actually incorporated in-house. So we can see per node, what's running in per node, containers, et cetera.Now, what's quite interesting, and that's quite new, is the user management perspective. Previously, it was all local users. So local users and groups, and now they actually have local users or LDAPs. You can integrate it to your LDAP. And now, which is very new, is now external authentication, to like and OAuth integrator, which is really cool. So you can actually integrate directly with GitHub, GitLab, twitter, et cetera. Whatever your providers are.Now, I find it's extremely easy to manage. I use it for my monitoring demos and etc, because I want to see what's going on. I want to see Images, I want to see Networks. And within Networks, for example, I can go in here, and I can manage Networks. In Services, I can scale Services up and down. And I can actually click on a Container, and I can see, I can stop it, I can kill it, restart it, add additional Containers, and then I can actually see within the Container configurations, I can add commands, entry points ... Everything in the command-line is also here. I can also change the Login driver, restart policies. It has all the features in the command-line, but just visually. So for teams that are not quite familiar with the command-line, or comfortable with the command-line, it's a great place to start because it allows you to understand exactly how are things working?Additionally, it's great for operations teams, because they can see right away, from one user interface, one Swarm, multiple Swarms, how everything's running, and it's quite easy to manage. Like I said, give it a try. Portainer.io. I'm a big user, a fan of this operation. Their business model is on support, so they support how many endpoints, and endpoint like I mentioned before, is actually just an API that's exposed. It's how many APIs are exposed. That's how they're making money at the moment. So have a look. It's open-source. It's really well maintained. They're adding features all the time, and it's a great service. Portainer.io. We'll see you next time. Have a great day.
Microsoft Visual Studio Code - https://code.visualstudio.com/Live Share Extension - https://marketplace.visualstudio.com/items?itemName=MS-vsliveshare.vsliveshare-packPatrick Chanezon - https://twitter.com/chanezonEpisode TranscriptionWelcome back to The Byte, just made it back from San Francisco, struggling with a little jet lag. I'm sure everyone understands this. In this episode, we're going to talk about Microsoft Visual Studio Live Share. Live Share is a code collaboration tool which allows us to invite people to Microsoft Visual Studio Code, to actually review our code, actually interact with the code. So we can actually see multiple different cursors moving, and we can invite people to our server, we can share our terminals. I mean we can really do a lot of information. We can do a lot of collaboration with this.Now typically people use screen sharing, or talk over the phone, or sending screenshots, and I find Visual Studio Live Share is actually much more collaborative. Because you can actually spawn a call within Live Share. So you can actually have a Skype call going, while you're doing Live Share, and you can actually do live debugging, you can do a collaboration, you can do actually code review. And I quite like it, personally, for doing training. Teaching people how to use something remotely. They can log in, they can see the link, they can actually interact with the code, they can see what I'm doing, how I'm executing things. So it brings a whole new use case to collaboration with editors.Now Live Share is just an extension within Microsoft Visual Studio Code. And you install it like any other extension, you go to extensions, search for Live Share, install it. And you have to connect it to some sort of authentication provider. So I connected mine to GitHub, it's owned by Microsoft anyway, so no problem. And from there, you can then collaborate with people. It installs an additional extension, and then at the bottom of the screen, you see your name usually, your GitHub name. And in here, you can invite others with a link, you can share terminals, you can share servers, and you can stop the collaborations sessions. And you see like little icon next to it, it's like a team icon. And you see how many people are actually viewing your code simultaneously.Now once you have it up and running, I mean it's quite cool, because you can invite somebody in. And they see your code, and you can see everyone's cursor, where everyone's working, you can see the debugging. And I find it quite helpful. I've used it a couple of times where people say, "Oh no, you know this docker composed file or whatever is not running." And we start up a session, I look at it, and like okay, walk me through exactly what you're doing, let me see. And you can identify right away what's going on. And you can actually interact with it, and jump in the terminal, and they see exactly what you're typing, etc. So it actually is a great learning tool. I find it's a great learning tool.Now some of the common use cases, which people say they're using Live Share for is often you see quick assistance. I'm having an error, can you help me? Office hours, I want to demo my project, how about like mob programming, like pair programming, coding competitions, hackathons, school group projects, developer streaming, then interactive education. And I find interactive education is probably the best use case for the Live Share because I see it as really a learning tool. And I'll give you an example, at DockerCon, Patrick Chanezon actually did his session with Live Share. And he invited someone from I to think the UK, and DockerCon was in San Francisco. He called them up with Skype and said, "Hey, we're going to do this really quick." They interacted with Live Share, they were doing actually Kubectl commands, via Live Share, sharing the terminal. And it was really amazing. I mean this is the first time I've seen it in a conference, someone actually doing collaborative editing with the editor. So it was really nice.Other use cases, code reviews, and technical interviews. Maybe someone wants to show you what they're working on and walk you through the code and how it works, which is also quite interesting. Then you can share it with multiple people, you don't have to be in the same room. Especially since we're getting into more of a remote type of context. More people are working remotely. This is really helpful to see the code and understand what their thought process is when they're looking at the code. Because someone just sends you a GitHub link, that's great. But when someone can walk you through the code, interactively, and highlight the different sections, this changes the whole aspect of how the code lives, an how it communicates different people.So I'm using it quite often and I'm going to use it more for my training sessions. I'm going to kick out some workshops, and I'm going to actually do everything through Microsoft Live Share. So people can actually interact, they can see exactly what's going on, then they can try it on their terminals to see what's going on as well. So it's learning by doing a type of thing, but it's very easy to identify exactly what I'm doing, what step I'm in, and it's clear. I actually find it a little bit easier than attending workshops, because you see the code, you see how I'm typing, you see how I'm interacting.The only limitation I find is you definitely need two screens. So you can work on one screen and view the other screen. Now I'm going to start using this more and more, I've used it a couple of times already. I see tons and tons of use cases for it. I highly encourage everyone to go check it out. I mean just go to Microsoft Visual Studio Code, install Live Share, connect it to GitHub. And then within the Live Share client, I mean right when you click your name, you can just copy the link, drop it into Slack, you can email it to anyone. And once this other person clicks this link, they connect to your session. It is that easy. And then you can do Skype calls, or you can do Hangouts, however, you want to talk. So you can have a call going while you're doing the live share.Give it a try, I mean it's very, very helpful. You can see a ton of use cases out of it. I mean to try it out, give me some feedback. Let me know what you think of it, like I said, in DockerCon they demoed it, they demoed part of the session using it. So I can see more and more use cases coming along. And I can see this type of collaborative workshops, code reviews, and just collaboration on projects generally should increase. So we're getting away from screen sharing, we're actually all using the same terminal, same code base, and view exactly what's going on at the same time like we're all sitting in the same room.Well, that's all for this episode, Microsoft Visual Studio Live Share, give it a try. Have a great day and we will see you next time.