POPULARITY
Categories
Bret and his co-host, Matt, are joined by Jason Dellaluce and Luca Guerra from Sysdig to talk about Falco, a tool I recommend for production clusters and knowing about any bad behavior on your servers. -------------------------------------★ Enroll now for my next Live course, GitHub Actions + Argo CD, scheduled for July 10-21. Go to bret.courses/autodeploy to sign up. ★------------------------------------Falco is a security tool I've mentioned multiple times on this show, because I mostly think that a low level security focused logging product is something that every production server needs. The ability to log unexpected events and behaviors on your Linux host is powerful and necessary to be able to audit what's really happening on your infrastructure outside of your app itself. Falco has been a CNCF incubating project for over four years, and I was immediately drawn to it in its early days, because it was container and Kubernetes aware and it could log and alert with default rules for everything, from someone starting a shell inside a container, to a bash history file being deleted, to a container trying to talk to the Kubernetes API. This episode will be useful for those of you new to tools like Falco and for those familiar with its basics, but also wanting to learn about newer features and use cases, which I did some learning on myself in this episode.Live recording of the complete show from April 6, 2023 is on YouTube (Ep. #210).★Topics★Falco websiteFalco on CNCFSupport this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Matt Williams - Host Jason Dellaluce - Guest Luca Guerra - Guest (00:00) - Intro (04:18) - Introducing the guests (07:19) - What is Falco? Why do we need it? (09:54) - What can Falco monitor? (19:05) - How are events logged? (32:53) - Does Falco classify alerts by severity?
Bridget Kromhout (@bridgetkromhout, Principal PM @Azure) & Ralph Squillace (@ralph_squillace, Principal PM @Azure) talk about DevOps, Public Cloud involvement with OSS communities, CNCF, WASM and OSS Communities. SHOW: 724CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Datadog Synthetic Monitoring: Frontend and Backend Modern MonitoringEnsure frontend issues don't impair user experience by detecting user-facing issues with API and browser tests with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt. CloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendSHOW NOTES:Open Source on AzureArrested DevOps PodcastDevOps DaysWeb Assembly, Docker, Containerd, and Kubernetes (YouTube)Microsoft Open SourceRevive WG-LTS · Issue #7259 · kubernetes/community · GitHubKubernetes 1.23: Dual-stack IPv4/IPv6 Networking Reaches GA Develop serverless WebAssembly apps with Spin | Fermyon • Experience the next wave of cloud computing. GitHub - jpetazzo/container.training: Slides and code samples for training, tutorials, and workshops about Docker, containers, and Kubernetes.xkcd: Dependency Topic 1 - Bridget, welcome back! It's been over 7 years since you were last on the show! Ralph, welcome to the show! Topic 2 - Bridget, let's talk about your journey. You were involved with Arrested DevOps Podcast & DevOps Days. Your career has changed a bit from the Developer Advocate path into the PM side. Tell us a little bit about that.Topic 3 - For those that aren't familiar, tell everyone about OSS @ Azure. How does Azure work with the Linux Foundation and the CNCF?Topic 4 - Ralph, let's talk about Web Assembly a bit. How did you get involved? How does Web Assembly fit into the bigger Azure architecture? How does it compare to Azure Functions?Topic 5 - We last talked about WASM probably in the summer last year. Momentum appears to have picked up dramatically judging by interest at recent KubeCon events. From your perspective, how has the space evolved and changed in the last 12 months?Topic 6 - How is Web Assembly different from the past promises of PaaS? What are some of the unique capabilities and use-cases that have evolved?FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
Guest: Michele Chubirka, Senior Cloud Security Advocate, Google Cloud Topics: So, if somebody wakes you up at 3AM (“Anton's 3AM test”) and asks “Do we need firewalls in the cloud?” what would you say? Firewalls (=virtual appliances in the cloud or routing cloud traffic through physical firewalls) vs firewalling (=controlling network access) in the cloud, do they match the cloud-native realities? How do you implement trust boundaries for access control with cloud-native options? Can you imagine a modern cloud native security architecture that includes a firewall? Can you imagine a modern cloud native security architecture that excludes any firewalling? Firewall, NIDS, NIPS, NGFW …. How do these other concepts map to the cloud? How do you build a "traditional-like" network visibility layer in the cloud (and do we need to)? Resources: Video version of this episode: LinkedIn or YouTube “Security Architect View: Cloud Migration Successes, Failures and Lessons” (ep105) “Love it or Hate it, Network Security is Coming to the Cloud” with Martin Roesch (ep113) Gartner Bimodal IT definition Ross Anderson “Security Engineering” book The New Stack blog Trireme tool CNCF site security landscape Google Cloud Firewall
Xander Grzywinski is a Senior Open Source Product Manager at Microsoft and the Kubernetes 1.27 release lead. We interviewed Xander to explore some highlights from the release, and discuss a bit about what it's like to work with the release team. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Traefik Labs Launches Traefik Hub Software Supply Chain Security Assessment: Prometheus Argo CD CNCF Spring 2023 Cloud Native Ambassadors Updates to the Auto-refreshing Official CVE Feed What's New in Red Hat OpenShift Virtualization 4.12 Azure Kubernetes upgrades and Long Term Support KubeCon SHANGHAI, CHINA is back on Sept 26-28, 2023 CFP Closes on June 18, 2023 KubeCon NA takes place on Nov 6-9, 2023 in Chicago, Illinois CFP Closes on June 18, 2023 KubeCon EU 2024 takes place on Mar 19-22 in Paris, France Introducing Sessionize: a new CFP platform for CNCF events Manage Amazon EKS Clusters with New VMware Tanzu Mission Control Features Google Cloud turned profit for the first time according to the earning call of Q1 2023 Links from the interview Xander Grzywinsk: Twitter LinkedIn Pod Security Policies KEP 753: Sidecar containers Kubernetes 1.27 Release team Kubernetes 1.27: Chill Vibes Freeze k8s.gcr.io image registry Kubernetes Vertical Pod Autoscaler Kubernetes Removals and Major Changes In v1.27 Kyverno — verify Kubernetes control plane images Kubernetes 1.27: StatefulSet PVC Auto-Deletion (beta) Kubernetes 1.27: Query Node Logs Using The Kubelet API Kubernetes 1.27: Efficient SELinux volume relabeling (Beta) Kubernetes 1.27: StatefulSet Start Ordinal Simplifies Migration Kubernetes 1.27: Introducing An API For Volume Group Snapshots Kubernetes 1.27: Quality-of-Service for Memory Resources (alpha) Kubernetes 1.27: Vertical Pod Autoscaler supporting in-place updates Kubernetes 1.27: Server Side Field Validation and OpenAPI V3 move to GA Kubernetes 1.27: More fine-grained pod topology spread policies reached beta Kubernetes 1.27: Single Pod Access Mode for PersistentVolumes Graduates to Beta Kubernetes 1.27: HorizontalPodAutoscaler ContainerResource type metric moves to beta Links from the post-interview chat GKE Workload rightsizing
Bret and Matt are joined by Chad Crowell of KubeSkills to walk through how you can contribute to Kubernetes open source. Chad started the kubeskills.com community and podcast to focus on learning Kubernetes by doing and in this episode, he's taking us through a detailed guide on how to get involved in the Kubernetes community.Although Kubernetes and other CNCF projects may seem big and complex with tons of activity, Chad helps us understand how the maturity of the projects and the community make it a much more pleasant onboarding experience for first-time contributors. We go through a wide range of resources and steps to help your first issue or pull request go smoothly.Live recording of this show from March 9, 2023 is on YouTube (Ep. #206).★Topics★Learning K8s by Open Source PDF slidesFirst Timers Only websiteK8s Contributor Community HomepageList of K8s SIGsK8s SlackOpen Sauced websiteK8s Contributors onboarding courseKube Cuddle podcast with Joe BedaLearning K8s Skills Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Matt Williams - Host Chad M. Crowell - Guest (00:00) - Intro (02:45) - Chad's Book (05:11) - Learning platforms (05:37) - Another way to learn (06:44) - SIGs (07:47) - Community or Contributor Experience SIG (10:06) - Volunteers (11:27) - For those who want to start contributing (13:50) - The different tags (14:48) - Good first issues (16:01) - Bret's first Docker fix (16:50) - Who determines the first issues? (18:37) - OpenSauced (19:16) - Finding the next steps after learning (19:59) - Dashboard to track contributions (20:42) - A very friendly community (22:30) - Who's paying for OpenSauced? (23:06) - How to build your rep on the internet (24:57) - Github Flow, Breaking it down (27:24) - Eddie Hub (28:10) - Assign yourself to the issue (28:50) - Compile Kubernetes (30:14) - Tracking the pull request lifecycle (31:44) - Changing the k8s reference issue (35:17) - Kubernetes Slack Channels (35:59) - SIG mailing lists (36:44) - Getting feedback before you do the work (38:18) - How do you give up and issue? (39:53) - Correlating issues with Slack (40:28) - Start with an issue first (41:24) - Random PRs don't go well (43:00) - Onboarding course (44:11) - Cheat sheet (44:26) - What Chad has learned from contributing (46:09) - Online resources (48:48) - Certifications and exams (50:46) - Matt's comment about a podcast (52:48) - Wrap up
Eswar Bala, Director of Amazon EKS at AWS, joins Corey on Screaming in the Cloud to discuss how and why AWS built a Kubernetes solution, and what customers are looking for out of Amazon EKS. Eswar reveals the concerns he sees from customers about the cost of Kubernetes, as well as the reasons customers adopt EKS over ECS. Eswar gives his reasoning on why he feels Kubernetes is here to stay and not just hype, as well as how AWS is working to reduce the complexity of Kubernetes. Corey and Eswar also explore the competitive landscape of Amazon EKS, and the new product offering from Amazon called Karpenter.About EswarEswar Bala is a Director of Engineering at Amazon and is responsible for Engineering, Operations, and Product strategy for Amazon Elastic Kubernetes Service (EKS). Eswar leads the Amazon EKS and EKS Anywhere teams that build, operate, and contribute to the services customers and partners use to deploy and operate Kubernetes and Kubernetes applications securely and at scale. With a 20+ year career in software , spanning multimedia, networking and container domains, he has built greenfield teams and launched new products multiple times.Links Referenced: Amazon EKS: https://aws.amazon.com/eks/ kubernetesthemuchharderway.com: https://kubernetesthemuchharderway.com kubernetestheeasyway.com: https://kubernetestheeasyway.com EKS documentation: https://docs.aws.amazon.com/eks/ EKS newsletter: https://eks.news/ EKS GitHub: https://github.com/aws/eks-distro TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It's easy to **BEEP** up on AWS. Especially when you're managing your cloud environment on your own!Mission Cloud un **BEEP**s your apps and servers. Whatever you need in AWS, we can do it. Head to missioncloud.com for the AWS expertise you need. Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. Today's promoted guest episode is brought to us by our friends at Amazon. Now, Amazon is many things: they sell underpants, they sell books, they sell books about underpants, and underpants featuring pictures of books, but they also have a minor cloud computing problem. In fact, some people would call them a cloud computing company with a gift shop that's attached. Now, the problem with wanting to work at a cloud company is that their interviews are super challenging to pass.If you want to work there, but can't pass the technical interview for a long time, the way to solve that has been, “Ah, we're going to run Kubernetes so we get to LARP as if we worked at a cloud company but don't.” Eswar Bala is the Director of Engineering for Amazon EKS and is going to basically suffer my slings and arrows about one of the most complicated, and I would say overwrought, best practices that we're seeing industry-wide. Eswar, thank you for agreeing to subject yourself to this nonsense.Eswar: Hey, Corey, thanks for having me here.Corey: [laugh]. So, I'm a little bit unfair to Kubernetes because I wanted to make fun of it and ignore it. But then I started seeing it in every company that I deal with in one form or another. So yes, I can still sit here and shake my fist at the tide, but it's turned into, “Old Man Yells at Cloud,” which I'm thrilled to embrace, but everyone's using it. So, EKS has recently crossed, I believe, the five-year mark since it was initially launched. What is EKS other than Amazon's own flavor of Kubernetes?Eswar: You know, the best way I can define EKS is, EKS is just Kubernetes. Not Amazon's version of Kubernetes. It's just Kubernetes that we get from the community and offer it to customers to make it easier for them to consume. So, EKS. I've been with EKS from the very beginning when we thought about offering a managed Kubernetes service in 2017.And at that point, the goal was to bring Kubernetes to enterprise customers. So, we have many customers telling us that they want us to make their life easier by offering a managed version of Kubernetes that they've actually beginning to [erupt 00:02:42] at that time period, right? So, my goal was to figure it out, what does that service look like and which customer base should be targeting service towards.Corey: Kelsey Hightower has a fantastic learning tool out there in a GitHub repo called, “Kubernetes the Hard Way,” where he talks you through building the entire thing, start to finish. I wound up forking it and doing that on top of AWS, and you can find that at kubernetesthemuchharderway.com. And that was fun.And I went through the process and my response at the end was, “Why on earth would anyone ever do this more than once?” And we got that sorted out, but now it's—customers aren't really running these things from scratch. It's like the Linux from Scratch project. Great learning tool; probably don't run this in production in the same way that you might otherwise because there are better ways to solve for the problems that you will have to solve yourself when you're building these things from scratch. So, as I look across the ecosystem, it feels like EKS stands in the place of the heavy, undifferentiated lifting of running the Kubernetes control plane so customers functionally don't have to. Is that an effective summation of this?Eswar: That is precisely right. And I'm glad you mentioned, “Kubernetes the Hard Way,” I'm a big fan of that when it came out. And if anyone who did that tutorial, and also your tutorial, “Kubernetes the Harder Way,” would walk away thinking, “Why would I pick this technology when it's super complicated to setup?” But then you see that customers love Kubernetes and you see that reflected in the adoption, even in 2016, 2017 timeframes.And the reason is, it made life easier for application developers in terms of offering web services that they wanted to offer to their customer base. And because of all the features that Kubernetes brought on, application lifecycle management, service discoveries, and then it evolved to support various application architectures, right, in terms of stateless services, stateful applications, and even daemon sets, right, like for running your logging and metrics agents. And these are powerful features, at the end of the day, and that's what drove Kubernetes. And because it's super hard to get going to begin with and then to operate, the day-two operator experience is super complicated.Corey: And the day one experience is super hard and the day two experience of, “Okay, now I'm running it and something isn't working the way it used to. Where do I start,” has been just tremendously overwrought. And frankly, more than a little intimidating.Eswar: Exactly. Right? And that exactly was our opportunity when we started in 2017. And when we started, there was question on, okay, should we really build a service when you have an existing service like ECS in place? And by the way, like, I did work in ECS before I started working in EKS from the beginning.So, the answer then was, it was about giving what customers want. And their space for many container orchestration systems, right, ECS was the AWS service at that point in time. And our thinking was, how do we give customers what they wanted? They wanted a Kubernetes solution. Let's go build that. But we built it in a way that we remove the undifferentiated heavy lifting of managing Kubernetes.Corey: One of the weird things that I find is that everyone's using Kubernetes, but I don't see it in the way that I contextualize the AWS universe, which of course, is on the bill. That's right. If you don't charge for something in AWS Lambda, and preferably a fair bit, I don't tend to know it exists. Like, “What's an IAM and what might that possibly do?” Always have reassuring thing to hear from someone who's often called an expert in this space. But you know, if it doesn't cost money, why do I pay attention to it?The control plane is what EKS charges for, unless you're running a bunch of Fargate-managed pods and containers to wind up handling those things. So, it mostly just shows up as an addenda to the actual big, meaty portions of the belt. It just looks like a bunch of EC2 instances with some really weird behavior patterns, particularly with regard to auto-scaling and crosstalk between all of those various nodes. So, it's a little bit of a murder mystery, figuring out, “So, what's going on in this environment? Do you folks use containers at all?” And the entire Kubernetes shop is looking at me like, “Are you simple?”No, it's just I tend to disregard the lies that customers say, mostly to themselves because everyone has this idea of what's going on in their environment, but the bill speaks. It's always been a little bit of an investigation to get to the bottom of anything that involves Kubernetes at significant points of scale.Eswar: Yeah, you're right. Like if you look at EKS, right, like, we started with managing the control plane to begin with. And managing the control plane is a drop in the bucket when you actually look at the costs in terms of operating a Kubernetes cluster or running a Kubernetes cluster. When you look at how our customers use and where they spend most of their cost, it's about where their applications run; it's actually the Kubernetes data plane and the amount of compute and memory that the applications end of using end up driving 90% of the cost. And beyond that is the storage, beyond that as a networking costs, right, and then after that is the actual control plane costs. So, the problem right now is figuring out, how do we optimize our costs for the application to run on?Corey: On some level, it requires a little bit of understanding of what's going on under the hood. There have been a number of cost optimization efforts that have been made in the Kubernetes space, but they tend to focus around stuff that I find relatively, well, I call it banal because it basically is. You're looking at the idea of, okay, what size instances should you be running, and how well can you fill them and make sure that all the resources per node wind up being taken advantage of? But that's also something that, I guess from my perspective, isn't really the interesting architectural point of view. Whether or not you're running a bunch of small instances or a few big ones or some combination of the two, that doesn't really move the needle on any architectural shift, whereas ingesting a petabyte a month of data and passing 50 petabytes back and forth between availability zones, that's where it starts to get really interesting as far as tracking that stuff down.But what I don't see is a whole lot of energy or effort being put into that. And I mean, industry-wide, to be clear. I'm not attempting to call out Amazon specifically on this. That's [laugh] not the direction I'm taking this in. For once. I know, I'm still me. But it seems to be just an industry-wide issue, where zone affinity for Kubernetes has been a very low priority item, even on project roadmaps on the Kubernetes project.Eswar: Yeah, the Kubernetes does provide ability for customers to restrict their workloads within as particular [unintelligible 00:09:20], right? Like, there is constraints that you can place on your pod specs that end up driving applications towards a particular AZ if they want, right? You're right, it's still left to the customers to configure. Just because there's a configuration available doesn't mean the customers use it. If it's not defaulted, most of the time, it's not picked up.That's where it's important for service providers—like EKS—to offer ability to not only provide the visibility by means of reporting that it's available using tools like [Cue Cards 00:09:50] and Amazon Billing Explorer but also provide insights and recommendations on what customers can do. I agree that there's a gap today. For example in EKS, in terms of that. Like, we're slowly closing that gap and it's something that we're actively exploring. How do we provide insights across all the resources customers end up using from within a cluster? That includes not just compute and memory, but also storage and networking, right? And that's where we are actually moving towards at this point.Corey: That's part of the weird problem I've found is that, on some level, you get to play almost data center archaeologists when you start exploring what's going on in these environments. I found one of the only reliable ways to get answers to some of this stuff has been oral tradition of, “Okay, this Kubernetes cluster just starts hurling massive data quantities at 3 a.m. every day. What's causing that?” And it leads to, “Oh, no no, have you talked to the data science team,” like, “Oh, you have a data science team. A common AWS billing mistake.” And exploring down that particular path sometimes pays dividends. But there's no holistic way to solve that globally. Today. I'm optimistic about tomorrow, though.Eswar: Correct. And that's where we are spending our efforts right now. For example, we recently launched our partnership with Cue Cards, and Cue Cards is now available as an add-on from the Marketplace that you can easily install and provision on Kubernetes EKS clusters, for example. And that is a start. And Cue Cards is amazing in terms of features, in terms of insight it offers, right, it looking into computer, the memory, and the optimizations and insights it provides you.And we are also working with the AWS Cost and Usage Reporting team to provide a native AWS solution for the cost reporting and the insights aspect as well in EKS. And it's something that we are going to be working really closely to solve the networking gaps in the near future.Corey: What are you seeing as far as customer concerns go, with regard to cost and Kubernetes? I see some things, but let's be very clear here, I have a certain subset of the market that I spend an inordinate amount of time speaking to and I always worry that what I'm seeing is not holistically what's going on in the broader market. What are you seeing customers concerned about?Eswar: Well, let's start from the fundamentals here, right? Customers really want to get to market faster, whatever services and applications that they want to offer. And they want to have it cheaper to operate. And if they're adopting EKS, they want it cheaper to operate in Kubernetes in the cloud. They also want a high performance, they also want scalability, and they want security and isolation.There's so many parameters that they have to deal with before they put their service on the market and continue to operate. And there's a fundamental tension here, right? Like they want cost efficiency, but they also want to be available in the market quicker and they want performance and availability. Developers have uptime, SLOs, and SLAs is to consider and they want the maximum possible resources that they want. And on the other side, you've got financial leaders and the business leaders who want to look at the spending and worry about, like, okay, are we allocating our capital wisely? And are we allocating where it makes sense? And are we doing it in a manner that there's very little wastage and aligned with our customer use, for example? And this is where the actual problems arise from [unintelligible 00:13:00].Corey: I want to be very clear that for a long time, one of the most expensive parts about running Kubernetes has not been the infrastructure itself. It's been the people to run this responsibly, where it's the day two, day three experience where for an awful lot of companies like, oh, we're moving to Kubernetes because I don't know we read it in an in-flight magazine or something and all the cool kids are doing it, which honestly during the pandemic is why suddenly everyone started making better IT choices because they're execs were not being exposed to airport ads. I digress. The point, though, is that as customers are figuring this stuff out and playing around with it, it's not sustainable that every company that wants to run Kubernetes can afford a crack SRE team that is individually incredibly expensive and collectively staggeringly so. That it seems to be the real cost is the complexity tied to it.And EKS has been great in that it abstracts an awful lot of the control plane complexity away. But I still can't shake the feeling that running Kubernetes is mind-bogglingly complicated. Please argue with me and tell me I'm wrong.Eswar: No, you're right. It's still complicated. And it's a journey towards reducing the complexity. When we launched EKS, we launched only with managing the control plane to begin with. And that's where we started, but customers had the complexity of managing the worker nodes.And then we evolved to manage the Kubernetes worker nodes in terms two products: we've got Managed Node Groups and Fargate. And then customers moved on to installing more agents in their clusters before they actually installed their business applications, things like Cluster Autoscaler, things like Metric Server, critical components that they have come to rely on, but doesn't drive their business logic directly. They are supporting aspects of driving core business logic.And that's how we evolved into managing the add-ons to make life easier for our customers. And it's a journey where we continue to reduce the complexity of making it easier for customers to adopt Kubernetes. And once you cross that chasm—and we are still trying to cross it—once you cross it, you have the problem of, okay so, adopting Kubernetes is easy. Now, we have to operate it, right, which means that we need to provide better reporting tools, not just for costs, but also for operations. Like, how easy it is for customers to get to the application level metrics and how easy it is for customers to troubleshoot issues, how easy for customers to actually upgrade to newer versions of Kubernetes. All of these challenges come out beyond day one, right? And those are initiatives that we have in flight to make it easier for customers [unintelligible 00:15:39].Corey: So, one of the things I see when I start going deep into the Kubernetes ecosystem is, well, Kubernetes will go ahead and run the containers for me, but now I need to know what's going on in various areas around it. One of the big booms in the observability space, in many cases, has come from the fact that you now need to diagnose something in a container you can't log into and incidentally stopped existing 20 minutes for you got the alert about the issue, so you'd better hope your telemetry is up to snuff. Now, yes, that does act as a bit of a complexity burden, but on the other side of it, we don't have to worry about things like failed hard drives taking systems down anymore. That has successfully been abstracted away by Kubernetes, or you know, your cloud provider, but that's neither here nor there these days. What are you seeing as far as, effectively, the sidecar pattern, for example of, “Oh, you have too many containers and need to manage them? Have you considered running more containers?” Sounds like something a container salesman might say.Eswar: So, running containers demands that you have really solid observability tooling, things that you're able to troubleshoot—successfully—debug without the need to log into the containers itself. In fact, that's an anti-pattern, right? You really don't want a container to have the ability to SSH into a particular container, for example. And to be successful at it demands that you publish your metrics and you publish your logs. All of these are things that a developer needs to worry about today in order to adopt containers, for example.And it's on the service providers to actually make it easier for the developers not to worry about these. And all of these are available automatically when you adopt a Kubernetes service. For example, in EKS, we are working with our managed Prometheus service teams inside Amazon, right—and also CloudWatch teams—to easily enable metrics and logging for customers without having to do a lot of heavy lifting.Corey: Let's talk a little bit about the competitive landscape here. One of my biggest competitors in optimizing AWS bills is Microsoft Excel, specifically, people are going to go ahead and run it themselves because, “Eh, hiring someone who's really good at this, that sounds expensive. We can screw it up for half the cost.” Which is great. It seems to me that one of your biggest competitors is people running their own control plane, on some level.I don't tend to accept the narrative that, “Oh, EKS is expensive that winds up being what 35 bucks or 70 bucks or whatever it is per control plane per cluster on a monthly basis.” Okay, yes, that's expensive if you're trying to stay completely within a free tier perhaps, but if you're running anything that's even slightly revenue-generating or a for-profit company, you will spend far more than that just on people's time. I have no problems—for once—with the EKS pricing model, start to finish. Good work on that. You've successfully nailed it. But are you seeing significant pushback from the industry of, “Nope, we're going to run our own Kubernetes management system instead because we enjoy pain, corporately speaking.”Eswar: Actually, we are in a good spot there, right? Like, at this point, customers who choose to run Kubernetes on AWS by themselves and not adopt EKS just fall into one main category, so—or two main categories: number one, they have existing technical stack built on running Kubernetes on themselves and they'd rather maintain that and not moving to EKS. Or they demand certain custom configurations of the Kubernetes control plane that EKS doesn't support. And those are the only two reasons why we see customers not moving into EKS and prefer to run their own Kubernetes on AWS clusters.[midroll 00:19:46]Corey: It really does seem, on some level, like there's going to be a… I don't want to say reckoning because that makes it sound vaguely ominous and that's not the direction that I intend for things to go in, but there has to be some form of collapsing of the complexity that is inherent to all of this because the entire industry has always done that. An analogy that I fall back on because I've seen this enough times to have the scars to show for it is that in the '90s, running a web server took about a week of spare time and an in-depth knowledge of GCC compiler flags. And then it evolved to ah, I could just unzip a tarball of precompiled stuff, and then RPM or Deb became a thing. And then Yum, or something else, or I guess apt over in the Debian land to wind up wrapping around that. And then you had things like Puppet where it was it was ensure installed. And now it's Docker Run.And today, it's a checkbox in the S3 console that proceeds to yell at you because you're making a website public. But that's neither here nor there. Things don't get harder with time. But I've been surprised by how I haven't yet seen that sort of geometric complexity collapsing of around Kubernetes to make it easier to work with. Is that coming or are we going to have to wait for the next cycle of things?Eswar: Let me think. I actually don't have a good answer to that, Corey.Corey: That's good, at least because if you did, I'd worried that I was just missing something obvious. That's kind of the entire reason I ask. Like, “Oh, good. I get to talk to smart people and see what they're picking up on that I'm absolutely missing.” I was hoping you had an answer, but I guess it's cold comfort that you don't have one off the top of your head. But man, is it confusing.Eswar: Yeah. So, there are some discussions in the community out there, right? Like, it's Kubernetes the right layer to do interact? And there are some tooling that's built on top of Kubernetes, for example, Knative that tries to provide a serverless layer on top of Kubernetes, for example. There are also attempts at abstracting Kubernetes completely and providing tooling that just completely removes any sort of Kubernetes API out of the picture and maybe a specific CI/CD-based solution that takes it from the source and deploys the service without even showing you that there's Kubernetes underneath, right?All of these are evolutions that are being tested out there in the community. Time will tell whether these end up sticking. But what's clear here is the gravity around Kubernetes. All sorts of tooling that gets built on top of Kubernetes, all the operators, all sorts of open-source initiatives that are built to run on Kubernetes. For example, Spark, for example, Cassandra, so many of these big, large-scale, open-source solutions are now built to run really well on Kubernetes. And that is the gravity that's pushing Kubernetes at this point.Corey: I'm curious to get your take on one other, I would consider interestingly competitive spaces. Now, because I have a domain problem, if you go to kubernetestheeasyway.com, you'll wind up on the ECS marketing page. That's right, the worst competition in the world: the people who work down the hall from you.If someone's considering using ECS, Elastic Container Service versus EKS, Elastic Kubernetes Service, what is the deciding factor when a customer's making that determination? And to be clear, I'm not convinced there's a right or wrong answer. But I am curious to get your take, given that you have a vested interest, but also presumably don't want to talk complete smack about your colleagues. But feel free to surprise me.Eswar: Hey, I love ECS, by the way. Like I said, I started my life in the AWS in ECS. So look, ECS is a hugely successful container orchestration service. I know we talk a lot about Kubernetes, I know there's a lot of discussions around Kubernetes, but I wouldn't make it a point that, like, ECS is a hugely successful service. Now, what determines how customers go to?If customers are… if the customers tech stack is entirely on AWS, right, they use a lot of AWS services and they want an easy way to get started in the container world that has really tight integration with other AWS services without them having to configure a lot, ECS is the way, right? And customers have actually seen terrific success adopting ECS for that particular use case. Whereas EKS customers, they start with, “Okay, I want an open-source solution. I really love Kubernetes. I lo—or, I have a tooling that I really like in the open-source land that really works well with Kubernetes. I'm going to go that way.” And those kind of customers end up picking EKS.Corey: I feel like, on some level, Kubernetes has become the most the default API across a wide variety of environments. AWS obviously, but on-prem other providers. It seems like even the traditional VPS companies out there that offer just rent-a-server in the cloud somewhere are all also offering, “Oh, and we have a Kubernetes service as well.” I wound up backing a Kickstarter project that runs a Kubernetes cluster with a shared backplane across a variety of Raspberries Pi, for example. And it seems to be almost everywhere you look.Do you think that there's some validity to that approach of effectively whatever it is that we're going to wind up running in the future, it's going to be done on top of Kubernetes or do you think that that's mostly hype-driven these days?Eswar: It's definitely not hype. Like we see the proof in the kind of adoption we see. It's becoming the de facto container orchestration API. And with all the tooling, open-source tooling that's continuing to build on top of Kubernetes, CNCF tooling ecosystem that's actually spawned to actually support Kubernetes at option, all of this is solid proof that Kubernetes is here to stay and is a really strong, powerful API for customers to adopt.Corey: So, four years ago, I had a prediction on Twitter, and I said, “In five years, nobody will care about Kubernetes.” And it was in February, I believe, and every year, I wind up updating an incrementing a link to it, like, “Four years to go,” “Three years to go,” and I believe it expires next year. And I have to say, I didn't really expect when I made that prediction for it to outlive Twitter, but yet, here we are, which is neither here nor there. But I'm curious to get your take on this. But before I wind up just letting you savage the naive interpretation of that, my impression has been that it will not be that Kubernetes has gone away. That is ridiculous. It is clearly in enough places that even if they decided to rip it out now, it would take them ten years, but rather than it's going to slip below the surface level of awareness.Once upon a time, there was a whole bunch of energy and drama and debate around the Linux virtual memory management subsystem. And today, there's, like, a dozen people on the planet who really have to care about that, but for the rest of us, it doesn't matter anymore. We are so far past having to care about that having any meaningful impact in our day-to-day work that it's just, it's the part of the iceberg that's below the waterline. I think that's where Kubernetes is heading. Do you agree or disagree? And what do you think about the timeline?Eswar: I agree with you; that's a perfect analogy. It's going to go the way of Linux, right? It's here to stay; it just going to get abstracted out if any of the abstraction efforts are going to stick around. And that's where we're testing the waters there. There are many, many open-source initiatives there trying to abstract Kubernetes. All of these are yet to gain ground, but there's some reasonable efforts being made.And if they are successful, they just end up being a layer on top of Kubernetes. Many of the customers, many of the developers, don't have to worry about Kubernetes at that point, but a certain subset of us in the tech world will need to do a deal with Kubernetes, and most likely teams like mine that end up managing and operating their Kubernetes clusters.Corey: So, one last question I have for you is that if there's one thing that AWS loves, it's misspelling things. And you have an open-source offering called Karpenter spelled with a K that is an extending of that tradition. What does Karpenter do and why would someone use it?Eswar: Thank you for that. Karpenter is one of my favorite launches in the last one year.Corey: Presumably because you're terrible at the spelling bee back when you were a kid. But please tell me more.Eswar: [laugh]. So Karpenter, is an open-source flexible and high performance cluster auto-scaling solution. So basically, when your cluster needs more capacity to support your workloads, Karpenter automatically scales the capacity as needed. For people that know the Kubernetes space well, there's an existing component called Cluster Autoscaler that fills this space today. And it's our take on okay, so what if we could reimagine the capacity management solution available in Kubernetes? And can we do something better? Especially for cases where we expect terrific performance at scale to enable cost efficiency and optimization use cases for our customers, and most importantly, provide a way for customers not to pre-plan a lot of capacity to begin with.Corey: This is something we see a lot, in the sense of very bursty workloads where, okay, you're going to steady state load. Cool. Buy a bunch of savings plans, get things set up the way you want them, and call it a day. But when it's bursty, there are challenges with it. Folks love using Spot, but in the event of a sudden capacity shortfall, the question is, is can we spin up capacity to backfill it within those two minutes that we have a warning on that on? And if the answer is no, then it becomes a bit of a non-starter.Customers have had to build an awful lot of those things around EC2 instances that handle a lot of that logic for them in ways that are tuned specifically for their use cases. I'm encouraged to see there's a Kubernetes story around this that starts to remove some of that challenge from the customer side.Eswar: Yeah. So, the burstiness is where complexity comes [here 00:29:42], right? Like many customers for steady state, they know what their capacity requirements are, they set up the capacity, they can also reason out what is the effective capacity needed for good utilization for economical reasons and they can actually pre plan that and set it up. But once burstiness comes in, which inevitably does it at [unintelligible 00:30:05] applications, customers worry about, “Okay, am I going to get the capacity that I need in time that I need to be able to service my customers? And am I confident at it?”If I'm not confident, I'm going to actually allocate capacity beforehand, assuming that I'm going to actually get the burst that I needed. Which means, you're paying for resources that you're not using at the moment. And the burstiness might happen and then you're on the hook to actually reduce the capacity for it once the peak subsides at the end of the [day 00:30:36]. And this is a challenging situation. And this is one of the use cases that we targeted Karpenter towards.Corey: I find that the idea that you're open-sourcing this is fascinating because of two reasons. One, it does show a willingness to engage with the community that… again, it's difficult. When you're a big company, people love to wind up taking issue with almost anything that you do. But for another, it also puts it out in the open, on some level, where, especially when you're talking about cost optimization and decisions that affect cost, it's all out in public. So, people can look at this and think, “Wait a minute, it's not—what is this line of code that means if it's toward the end of the month, crank it up because we might need to hit our numbers.” Like, there's nothing like that in there. At least I'm assuming. I'm trusting that other people have read this code because honestly, that seems like a job for people who are better at that than I am. But that does tend to breed a certain element of trust.Eswar: Right. It's one of the first things that we thought about when we said okay, so we have some ideas here to actually improve the capacity management solution for Kubernetes. Okay, should we do it out in the open? And the answer was a resounding yes, right? I think there's a good story here that actually enables not just AWS to offer these ideas out there, right, and we want to bring it to all sorts of Kubernetes customers.And one of the first things we did is to architecturally figure out all the core business logic of Karpenter, which is, okay, how to schedule better, how quickly to scale, what is the best instance types to pick for this workload. All of that business logic was abstracted out from the actual cloud provider implementation. And the cloud provider implementation is super simple. It's just creating instances, deleting instances, and describing instances. And it's something that we bake from the get-go so it's easier for other cloud providers to come in and to add their support to it. And we as a community actually can take these ideas forward in a much faster way than just AWS doing it.Corey: I really want to thank you for taking the time to speak with me today about all these things. If people want to learn more, where's the best place for them to find you?Eswar: The best place to learn about EKS, right, as EKS evolves, is using our documentation, we have an EKS newsletter that you can go subscribe, and you can also find us on GitHub where we share our product roadmap. So, it's a great places to learn about how EKS is evolving and also sharing your feedback.Corey: Which is always great to hear, as opposed to, you know, in the AWS Console, where we live, waiting for you to stumble upon us, which, yeah. No it's good does have a lot of different places for people to engage with you. And we'll put links to that, of course, in the [show notes 00:33:17]. Thank you so much for being so generous with your time. I appreciate it.Eswar: Corey, really appreciate you having me.Corey: Eswar Bala, Director of Engineering for Amazon EKS. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice telling me why, when it comes to tracking Kubernetes costs, Microsoft Excel is in fact the superior experience.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
Leonard Pahlke (@LeonardPahlke, CNCF Ambassador & K8s 1.26 Release Team Lead) talks about the behind the scenes activities of releasing a major open source project. SHOW: 715CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:CloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendDatadog Application Monitoring: Modern Application Performance MonitoringGet started monitoring service dependencies to eliminate latency and errors and enhance your users app experience with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirtSHOW NOTES:Start Contributing to Open Source Projects (blog)Finding Your Way Into Cloud Native (blog)Topic 1 - Welcome to the show Leonard, this is another in a series on getting involved with the community. How did you get started with the CNCF and Kubernetes?Topic 2 - What made you get started with the Open Source Software & the CNCF? If you had to recommend a path for someone to get started, would you advise them to follow the same path or a different path?Topic 3 - It appears you started through the shadow program in Kubernetes 1.23 and worked your way up to Release Team Lead for 1.26. Tell everyone a little bit about the program and your experience. Are you going to do it again?Topic 4 - I would imagine getting a new version of a large project like Kubernetes out the door is a lot of work and coordination of a lot of people. How did you handle that?Topic 5 - Not all CNCF projects are as big as Kubernetes. How are the release cycles on smaller projects handled? Less Governance, Less Community Involvement, etc.Topic 6 - You are the Co-Chair CNCF TAG Environmental Sustainability, tell everyone a little about that and your goals and motivations there.FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
Liz Rice, Chief Open Source Officer at Isovalent, joins Corey on Screaming in the Cloud to discuss the release of her newest book, Learning eBPF, and the exciting possibilities that come with eBPF technology. Liz explains what got her so excited about eBPF technology, and what it was like to write a book while also holding a full-time job. Corey and Liz also explore the learning curve that comes with kernel programming, and Liz illustrates why it's so important to be able to explain complex technologies in simple terminology. About LizLiz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She sits on the CNCF Governing Board, and on the Board of OpenUK. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, and Learning eBPF, both published by O'Reilly.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.Links Referenced: Isovalent: https://isovalent.com/ Learning eBPF: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Container Security: https://www.amazon.com/Container-Security-Fundamental-Containerized-Applications/dp/1492056707/ GitHub for Learning eBPF: https://github.com/lizRice/learning-eBPF TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Our returning guest today is Liz Rice, who remains the Chief Open Source Officer with Isovalent. But Liz, thank you for returning, suspiciously closely timed to when you have a book coming out. Welcome back.Liz: [laugh]. Thanks so much for having me. Yeah, I've just—I've only had the physical copy of the book in my hands for less than a week. It's called Learning eBPF. I mean, obviously, I'm very excited.Corey: It's an O'Reilly book; it has some form of honeybee on the front of it as best I can tell.Liz: Yeah, I was really pleased about that. Because eBPF has a bee as its logo, so getting a [early 00:01:17] honeybee as the O'Reilly animal on the front cover of the book was pretty pleasing, yeah.Corey: Now, this is your second O'Reilly book, is it not?Liz: It's my second full book. So, I'd previously written a book on Container Security. And I've done a few short reports for them as well. But this is the second, you know, full-on, you can buy it on Amazon kind of book, yeah.Corey: My business partner wrote Practical Monitoring for O'Reilly and that was such an experience that he got entirely out of observability as a field and ran running to AWS bills as a result. So, my question for you is, why would anyone do that more than once?Liz: [laugh]. I really like explaining things. And I had a really good reaction to the Container Security book. I think already, by the time I was writing that book, I was kind of interested in eBPF. And we should probably talk about what that is, but I'll come to that in a moment.Yeah, so I've been really interested in eBPF, for quite a while and I wanted to be able to do the same thing in terms of explaining it to people. A book gives you a lot more opportunity to go into more detail and show people examples and get them kind of hands-on than you can do in their, you know, 40-minute conference talk. So, I wanted to do that. I will say I have written myself a note to never do a full-size book while I have a full-time job because it's a lot [laugh].Corey: You do have a full-time job and then some. As we mentioned, you're the Chief Open Source Officer over at Isovalent, you are on the CNCF governing board, you're on the board of OpenUK, and you've done a lot of other stuff in the open-source community as well. So, I have to ask, taking all of that together, are you just allergic to things that make money? I mean, writing the book as well on top of that. I'm told you never do it for the money piece; it's always about the love of it. But it seems like, on some level, you're taking it to an almost ludicrous level.Liz: Yeah, I mean, I do get paid for my day job. So, there is that [laugh]. But so, yeah—Corey: I feel like that's the only way to really write a book is, in turn, to wind up only to just do it for—what someone else is paying you to for doing it, viewing it as a marketing exercise. It pays dividends, but those dividends don't, in my experience from what I've heard from everyone say, pay off as of royalties on book payments.Liz: Yeah, I mean, it's certainly, you know, not a bad thing to have that income stream, but it certainly wouldn't make you—you know, I'm not going to retire tomorrow on the royalty stream unless this podcast has loads and loads of people to buy the book [laugh].Corey: Exactly. And I'm always a fan of having such [unintelligible 00:03:58]. I will order it while we're on the call right now having this conversation because I believe in supporting the things that we want to see more of in the world. So, explain to me a little bit about what it is. Whatever you talking about learning X in a title, I find that that's often going to be much more approachable than arcane nonsense deep-dive things.One of the O'Reilly books that changed my understanding was Linux Kernel Internals, or Understanding the Linux Kernel. Understanding was kind of a heavy lift at that point because it got very deep very quickly, but I absolutely came away understanding what was going on a lot more effectively, even though I was so slow I needed a tow rope on some of it. When you have a book that started with learning, though, I imagined it assumes starting at zero with, “What's eBPF?” Is that directionally correct, or does it assume that you know a lot of things you don't?Liz: Yeah, that's absolutely right. I mean, I think eBPF is one of these technologies that is starting to be, particularly in the cloud-native world, you know, it comes up; it's quite a hot technology. What it actually is, so it's an acronym, right? EBPF. That acronym is almost meaningless now.So, it stands for extended Berkeley Packet Filter. But I feel like it does so much more than filtering, we might as well forget that altogether. And it's just become a term, a name in its own right if you like. And what it really does is it lets you run custom programs in the kernel so you can change the way that the kernel behaves, dynamically. And that is… it's a superpower. It's enabled all sorts of really cool things that we can do with that superpower.Corey: I just pre-ordered it as a paperback on Amazon and it shows me that it is now number one new release in Linux Networking and Systems Administration, so you're welcome. I'm sure it was me that put it over the top.Liz: Wonderful. Thank you very much. Yeah [laugh].Corey: Of course, of course. Writing a book is one of those things that I've always wanted to do, but never had the patience to sit there and do it or I thought I wasn't prolific enough, but over the holidays, this past year, my wife and business partner and a few friends all chipped in to have all of the tweets that I'd sent bound into a series of leather volumes. Apparently, I've tweeted over a million words. And… yeah, oh, so I have to write a book 280 characters at a time, mostly from my phone. I should tweet less was really the takeaway that I took from a lot of that.But that wasn't edited, that wasn't with an overall theme or a narrative flow the way that an actual book is. It just feels like a term paper on steroids. And I hated term papers. Love reading; not one to write it.Liz: I don't know whether this should make it into the podcast, but it reminded me of something that happened to my brother-in-law, who's an artist. And he put a piece of video on YouTube. And for unknowable reasons if you mistyped YouTube, and you spelt it, U-T-U-B-E, the page that you would end up at from Google search was a YouTube video and it was in fact, my brother-in-law's video. And people weren't expecting to see this kind of art movie about matches burning. And he just had the worst comment—like, people were so mean in the comments. And he had millions of views because people were hitting this page by accident, and he ended up—Corey: And he made the cardinal sin of never read the comments. Never break that rule. As soon as you do that, it doesn't go well. I do read the comments on various podcast platforms on this show because I always tell people to insulted all they want, just make sure you leave a five-star review.Liz: Well, he ended up publishing a book with these comments, like, one comment per page, and most of them are not safe for public consumption comments, and he just called it Feedback. It was quite something [laugh].Corey: On some level, it feels like O'Reilly books are a little insulated from the general population when it comes to terrible nonsense comments, just because they tend to be a little bit more expensive than the typical novel you'll see in an airport bookstore, and again, even though it is approachable, Learning eBPF isn't exactly the sort of title that gets people to think that, “Ooh, this is going to be a heck of a thriller slash page-turner with a plot.” “Well, I found the protagonist unrelatable,” is not sort of the thing you're going to wind up seeing in the comments because people thought it was going to be something different.Liz: I know. One day, I'm going to have to write a technical book that is also a murder mystery. I think that would be, you know, quite an achievement. But yeah, I mean, it's definitely aimed at people who have already come across the term, want to know more, and particularly if you're the kind of person who doesn't want to just have a hand-wavy explanation that involves boxes and diagrams, but if, like me, you kind of want to feel the code, and you want to see how things work and you want to work through examples, then that's the kind of person who might—I hope—enjoy working through the book and end up with a possible mental model of how eBPF works, even though it's essentially kernel programming.Corey: So, I keep seeing eBPF in an increasing number of areas, a bunch of observability tools, a bunch of security tools all tend to tie into it. And I've seen people do interesting things as far as cost analysis with it. The problem that I run into is that I'm not able to wind up deploying it universally, just because when I'm going into a client engagement, I am there in a purely advisory sense, given that I'm biasing these days for both SaaS companies and large banks, that latter category is likely going to have some problems if I say, “Oh, just take this thing and go ahead and deploy it to your entire fleet.” If they don't have a problem with that, I have a problem with their entire business security posture. So, I don't get to be particularly prescriptive as far as what to do with it.But if I were running my own environment, it is pretty clear by now that I would have explored this in some significant depth. Do you find that it tends to be something that is used primarily in microservices environments? Does it effectively require Kubernetes to become useful on day one? What is the onboard path where people would sit back and say, “Ah, this problem I'm having, eBPF sounds like the solution.”Liz: So, when we write tools that are typically going to be some sort of infrastructure, observability, security, networking tools, if we're writing them using eBPF, we're instrumenting the kernel. And the kernel gets involved every time our application wants to do anything interesting because whenever it wants to read or write to a file, or send receive network messages, or write something to the screen, or allocate memory, or all of these things, the kernel has to be involved. And we can use eBPF to instrument those events and do interesting things. And the kernel doesn't care whether those processes are running in containers, under Kubernetes, just running directly on the host; all of those things are visible to eBPF.So, in one sense, doesn't matter. But one of the reasons why I think we're seeing eBPF-based tools really take off in cloud-native is that you can, by applying some programming, you can link events that happened in the kernel to specific containers in specific pods in whatever namespace and, you know, get the relationship between an event and the Kubernetes objects that are involved in that event. And then that enables a whole lot of really interesting observability or security tools and it enables us to understand how network packets are flowing between different Kubernetes objects and so on. So, it's really having this vantage point in the kernel where we can see everything and we didn't have to change those applications in any way to be able to use eBPF to instrument them.Corey: When I see the stories about eBPF, it seems like it's focused primarily on networking and flow control. That's where I'm seeing it from a security standpoint, that's where I'm seeing it from cost allocation aspect. Because, frankly, out of the box, from a cloud provider's perspective, Kubernetes looks like a single-tenant application with a really weird behavioral pattern, and some of that crosstalk gets very expensive. Is there a better way than either using eBPF and/or VPC flow logs to figure out what's talking to what in the Kubernetes ecosystem, or is BPF really your first port of call?Liz: So, I'm coming from a position of perspective of working for the company that created the Cilium networking project. And one of the reasons why I think Cilium is really powerful is because it has this visibility—it's got a component called Hubble—that allows you to see exactly how packets are flowing between these different Kubernetes identities. So, in a Kubernetes environment, there's not a lot of point having network flows that talk about IP addresses and ports when what you really want to know is, what's the Kubernetes namespace, what's the application? Defining things in terms of IP addresses makes no sense when they're just being refreshed and renewed every time you change pods. So yeah, Kubernetes changes the requirements on networking visibility and on firewalling as well, on network policy, and that, I think, is you don't have to use eBPF to create those tools, but eBPF is a really powerful and efficient platform for implementing those tools, as we see in Cilium.Corey: The only competitor I found to it that gives a reasonable explanation of why random things are transferring multiple petabytes between each other in the middle of the night has been oral tradition, where I'm talking to people who've been around there for a while. It's, “So, I'm seeing this weird traffic pattern at these times a day. Any idea what that might be?” And someone will usually perk up and say, “Oh, is it—” whatever job that they're doing. Great. That gives me a direction to go in.But especially in this era of layoffs and as environments exist for longer and longer, you have to turn into a bit of a data center archaeologist. That remains insufficient, on some level. And some level, I'm annoyed with trying to understand or needing to use tooling like this that is honestly this powerful and this customizable, and yes, on some level, this complex in order to get access to that information in a meaningful sense. But on the other, I'm glad that that option is at least there for a lot of workloads.Liz: Yeah. I think, you know, that speaks to the power of this new generation of tooling. And the same kind of applies to security forensics, as well, where you might have an enormous stream of events, but unless you can tie those events back to specific Kubernetes identities, which you can use eBPF-based tooling to do, then how do you—the forensics job of tying back where did that event come from, what was the container that was compromised, it becomes really, really difficult. And eBPF tools—like Cilium has a sub-project called Tetragon that is really good at this kind of tying events back to the Kubernetes pod or whether we want to know what node it was running on what namespace or whatever. That's really useful forensic information.Corey: Talk to me a little bit about how broadly applicable it is. Because from my understanding from our last conversation, when you were on the show a year or so ago, if memory serves, one of the powerful aspects of it was very similar to what I've seen some of Brendan Gregg's nonsense doing in his kind of various talks where you can effectively write custom programming on the fly and it'll tell you exactly what it is that you need. Is this something that can be instrument once and then effectively use it for basically anything, [OTEL 00:16:11]-style, or instead, does it need to be effectively custom configured every time you want to get a different aspect of information out of it?Liz: It can be both of those things.Corey: “It depends.” My least favorite but probably the most accurate answer to hear.Liz: [laugh]. But I think Brendan did a really great—he's done many talks talking about how powerful BPF is and built lots of specific tools, but then he's also been involved with Bpftrace, which is kind of like a language for—a high-level language for saying what it is that you want BPF to trace out for you. So, a little bit like, I don't know, awk but for events, you know? It's a scripting language. So, you can have this flexibility.And with something like Bpftrace, you don't have to get into the weeds yourself and do kernel programming, you know, in eBPF programs. But also there's gainful employment to be had for people who are interested in that eBPF kernel programming because, you know, I think there's just going to be a whole range of more tools to come, you know>? I think we're, you know, we're seeing some really powerful tools with Cilium and Pixie and [Parker 00:17:27] and Kepler and many other tools and projects that are using eBPF. But I think there's also a whole load of more to come as people think about different ways they can apply eBPF and instrument different parts of an overall system.Corey: We're doing this over audio only, but behind me on my wall is one of my least favorite gifts ever to have been received by anyone. Mike, my business partner, got me a thousand-piece puzzle of the Kubernetes container landscape where—Liz: [laugh].Corey: This diagram is psychotic and awful and it looks like a joke, except it's not. And building that puzzle was maddening—obviously—but beyond that, it was a real primer in just how vast the entire container slash Kubernetes slash CNCF landscape really is. So, looking at this, I found that the only reaction that was appropriate was a sense of overwhelmed awe slash frustration, I guess. It's one of those areas where I spend a lot of time focusing on drinking from the AWS firehose because they have a lot of products and services because their product strategy is apparently, “Yes,” and they're updating these things in a pretty consistent cadence. Mostly. And even that feels like it's multiple full-time jobs shoved into one.There are hundreds of companies behind these things and all of them are in areas that are incredibly complex and difficult to go diving into. EBPF is incredibly powerful, I would say ridiculously so, but it's also fiendishly complex, at least shoulder-surfing behind people who know what they're doing with it has been breathtaking, on some level. How do people find themselves in a situation where doing a BPF deep dive make sense for them?Liz: Oh, that's a great question. So, first of all, I'm thinking is there an AWS Jigsaw as well, like the CNCF landscape Jigsaw? There should be. And how many pieces would it have? [It would be very cool 00:19:28].Corey: No, because I think the CNCF at one point hired a graphic designer and it's unclear that AWS has done such a thing because their icons for services are, to be generous here, not great. People have flashcards that they've built for is what services does logo represent? Haven't a clue, in almost every case because I don't care in almost every case. But yeah, I've toyed with the idea of doing it. It's just not something that I'd ever want to have my name attached to it, unfortunately. But yeah, I want someone to do it and someone else to build it.Liz: Yes. Yeah, it would need to refresh every, like, five minutes, though, as they roll out a new service.Corey: Right. Because given that it appears from the outside to be impenetrable, it's similar to learning VI in some cases, where oh, yeah, it's easy to get started with to do this trivial thing. Now, step two, draw the rest of the freaking owl. Same problem there. It feels off-putting just from a perspective of you must be at least this smart to proceed. How do you find people coming to it?Liz: Yeah, there is some truth in that, in that beyond kind of Hello World, you quite quickly start having to do things with kernel data structures. And as soon as you're looking at kernel data structures, you have to sort of understand, you know, more about the kernel. And if you change things, you need to understand the implications of those changes. So, yeah, you can rapidly say that eBPF programming is kernel programming, so why would anybody want to do it? The reason why I do it myself is not because I'm a kernel programmer; it's because I wanted to really understand how this is working and build up a mental model of what's happening when I attach a program to an event. And what kinds of things can I do with that program?And that's the sort of exploration that I think I'm trying to encourage people to do with the book. But yes, there is going to be at some point, a pretty steep learning curve that's kernel-related but you don't necessarily need to know everything in order to really have a decent understanding of what eBPF is, and how you might, for example—you might be interested to see what BPF programs are running on your existing system and learn why and what they might be doing and where they're attached and what use could that be.Corey: Falling down that, looking at the process table once upon a time was a heck of an education, one week when I didn't have a lot to do and I didn't like my job in those days, where, “Oh, what is this Avahi daemon that constantly running? MDNS forwarding? Who would need that?” And sure enough, that tickled something in the back of my mind when I wound up building out my networking box here on top of BSD, and oh, yeah, I want to make sure that I can still have discovery work from the IoT subnet over to whatever it is that my normal devices live. Ah, that's what that thing always running for. Great for that one use case. Almost never needed in other cases, but awesome. Like, you fire up a Raspberry Pi. It's, “Why are all these things running when I'm just want to have an embedded device that does exactly one thing well?” Ugh. Computers have gotten complicated.Liz: I know. It's like when you get those pop-ups on—well certainly on Mac, and you get pop-ups occasionally, let's say there's such and such a daemon wants extra permissions, and you think I'm not hitting that yes button until I understand what that daemon is. And it turns out, it's related, something completely innocuous that you've actually paid for, but just under a different name. Very annoying. So, if you have some kind of instrumentation like tracing or logging or security tooling that you want to apply to all of your containers, one of the things you can use is a sidecar container approach. And in Kubernetes, that means you inject the sidecar into every single pod. And—Corey: Yes. Of course, the answer to any Kubernetes problem appears to be have you tried running additional containers?Liz: Well, right. And there are challenges that can come from that. And one of the reasons why you have to do that is because if you want a tool that has visibility over that container that's inside the pod, well, your instrumentation has to also be inside the pod so that it has visibility because your pod is, by design, isolated from the host it's running on. But with eBPF, well eBPF is in the kernel and there's only one kernel, however many containers were running. So, there is no kind of isolation between the host and the containers at the kernel level.So, that means if we can instrument the kernel, we don't have to have a separate instance in every single pod. And that's really great for all sorts of resource usage, it means you don't have to worry about how you get those sidecars into those pods in the first place, you know that every pod is going to be instrumented if it's instrumented in the kernel. And then for service mesh, service mesh usually uses a sidecar as a Layer 7 Proxy injected into every pod. And that actually makes for a pretty convoluted networking path for a packet to sort of go from the application, through the proxy, out to the host, back into another pod, through another proxy, into the application.What we can do with eBPF, we still need a proxy running in userspace, but we don't need to have one in every single pod because we can connect the networking namespaces much more efficiently. So, that was essentially the basis for sidecarless service mesh, which we did in Cilium, Istio, and now we're using a similar sort of approach with Ambient Mesh. So that, again, you know, avoiding having the overhead of a sidecar in every pod. So that, you know, seems to be the way forward for service mesh as well as other types of instrumentation: avoiding sidecars.Corey: On some level, avoiding things that are Kubernetes staples seems to be a best practice in a bunch of different directions. It feels like it's an area where you start to get aligned with the idea of service meesh—yes, that's how I pluralize the term service mesh and if people have a problem with that, please, it's imperative you've not send me letters about it—but this idea of discovering where things are in a variety of ways within a cluster, where things can talk to each other, when nothing is deterministically placed, it feels like it is screaming out for something like this.Liz: And when you think about it, Kubernetes does sort of already have that at the level of a service, you know? Services are discoverable through native Kubernetes. There's a bunch of other capabilities that we tend to associate with service mesh like observability or encrypted traffic or retries, that kind of thing. But one of the things that we're doing with Cilium, in general, is to say, but a lot of this is just a feature of the networking, the underlying networking capability. So, for example, we've got next generation mutual authentication approach, which is using SPIFFE IDs between an application pod and another application pod. So, it's like the equivalent of mTLS.But the certificates are actually being passed into the kernel and the encryption is happening at the kernel level. And it's a really neat way of saying we don't need… we don't need to have a sidecar proxy in every pod in order to terminate those TLS connections on behalf of the application. We can have the kernel do it for us and that's really cool.Corey: Yeah, at some level, I find that it still feels weird—because I'm old—to have this idea of one shared kernel running a bunch of different containers. I got past that just by not requiring that [unintelligible 00:27:32] workloads need to run isolated having containers run on the same physical host. I found that, for example, running some stuff, even in my home environment for IoT stuff, things that I don't particularly trust run inside of KVM on top of something as opposed to just running it as a container on a cluster. Almost certainly stupendous overkill for what I'm dealing with, but it's a good practice to be in to start thinking about this. To my understanding, this is part of what AWS's Firecracker project starts to address a bit more effectively: fast provisioning, but still being able to use different primitives as far as isolation boundaries go. But, on some level, it's nice to not have to think about this stuff, but that's dangerous.Liz: [laugh]. Yeah, exactly. Firecracker is really nice way of saying, “Actually, we're going to spin up a whole VM,” but we don't ne—when I say ‘whole VM,' we don't need all of the things that you normally get in a VM. We can get rid of a ton of things and just have the essentials for running that Lambda or container service, and it becomes a really nice lightweight solution. But yes, that will have its own kernel, so unlike, you know, running multiple kernels on the same VM where—sorry, running multiple containers on the same virtual machine where they would all be sharing one kernel, with Firecracker you'll get a kernel per instance of Firecracker.Corey: The last question I have for you before we wind up wrapping up this episode harkens back to something you said a little bit earlier. This stuff is incredibly technically nuanced and deep. You clearly have a thorough understanding of it, but you also have what I think many people do not realize is an orthogonal skill of being able to articulate and explain those complex concepts simply an approachably, in ways that make people understand what it is you're talking about, but also don't feel like they're being spoken to in a way that's highly condescending, which is another failure mode. I think it is not particularly well understood, particularly in the engineering community, that there are—these are different skill sets that do not necessarily align congruently. Is this something you've always known or is this something you've figured out as you've evolved your career that, oh I have a certain flair for this?Liz: Yeah, I definitely didn't always know it. And I started to realize it based on feedback that people have given me about talks and articles I'd written. I think I've always felt that when people use jargon or they use complicated language or they, kind of, make assumptions about how things are, it quite often speaks to them not having a full understanding of what's happening. If I want to explain something to myself, I'm going to use straightforward language to explain it to myself [laugh] so I can hold it in my head. And I think people appreciate that.And you can get really—you know, you can get quite in-depth into something if you just start, step by step, build it up, explain everything as you go along the way. And yeah, I think people do appreciate that. And I think people, if they get lost in jargon, it doesn't help anybody. And yeah, I very much appreciate it when people say that, you know, they saw a talk or they read something I wrote and it meant that they finally grokked whatever that concept was that that I was trying to explain. I will say at the weekend, I asked ChatGPT to explain DNS in the style of Liz Rice, and it started off, it was basically, “Hello there. I'm Liz Rice and I'm here to explain DNS in very simple terms.” I thought, “Okay.” [laugh].Corey: Every time I think I've understood DNS, there's another level to it.Liz: I'm pretty sure there is a lot about DNS that I don't understand, yeah. So, you know, there's always more to learn out there.Corey: There's certainly is. I really want to thank you for taking time to speak with me today about what you're up to. Where's the best place for people to find you to learn more? And of course, to buy the book.Liz: Yeah, so I am Liz Rice pretty much everywhere, all over the internet. There is a GitHub repo that accompanies the books that you can find that on GitHub: lizRice/learning-eBPF. So, that's a good place to find some of the example code, and it will obviously link to where you can download the book or buy it because you can pay for it; you can also download it from Isovalent for the price of your contact details. So, there are lots of options.Corey: Excellent. And we will, of course, put links to that in the [show notes 00:32:08]. Thank you so much for your time. It's always great to talk to you.Liz: It's always a pleasure, so thanks very much for having me, Corey.Corey: Liz Rice, Chief Open Source Officer at Isovalent. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment that you have somehow discovered this episode by googling for knitting projects.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
Guests Smera Goel | Dotan Horovits Panelist Richard Littauer Show Notes Hello and welcome to Sustain! On this episode, Richard is at the FOSS Backstage 2023 that is held in Berlin every year. Today, Richard has two guests joining him. He meets up with Smera Goel who was featured on Episode 3 of our Sustain Open Source Design Podcast. Richard catches up with her and what has been going on the past year and a half. Smera is a Product Designer and an Outreachy Mentor for Fedora. She is also the Mentor Project Representative for Fedora, in charge of looking after the participation of Fedora in different mentorship programs such as Outreachy and Google Summer of Code. Smera works for a startup in Berlin that has some open-source offerings, and she got her job from an open-source design job board. Richard and Smera discuss mentoring mentors and mentees in the context of software sustainability. Richard's next guest is Dotan Horovits, who's the Principal Developer Advocate at Logz.io. and he tells us about his own podcast called "OpenObservability Talks." He explains the dominance of closed-source vendors in the observability space, which has led to a siloed and vendor-locked situation. They also discuss how observability is important for cloud-based web applications and large production systems and how open-source projects should have an open door to the CNCF and how collaborations between different foundations can be beneficial. Download this episode to hear more! Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) FOSS Backstage 2023 (https://foss-backstage.de/) Smera Goel Website (https://smera.notion.site/) Smera Goel LinkedIn (https://www.linkedin.com/in/smera-goel/) Fedora (https://getfedora.org/) Sustain Open Source Design Podcast-Episode 3-Smera Goel on Designing in the Fedora Project, Outreachy, and India (https://sosdesign.sustainoss.org/3) Dotan Horovits LinkedIn (https://il.linkedin.com/in/horovits) Dotan Horovits Twitter (https://twitter.com/horovits) OpenObservability Talks Podcast (https://podcasters.spotify.com/pod/show/openobservability) Logz.io (https://logz.io/hp-sandbox/) OpenObservability Talks on the podcast apps (https://podcasters.spotify.com/pod/show/openobservability) OpenObservability Talks on YouTube (videocast) (https://www.youtube.com/@openobservabilitytalks) Is “vendor owned open source” an oxymoron? (https://horovits.medium.com/is-vendor-owned-open-source-an-oxymoron-b5486a4de1c6) Open Source for Better Observability (https://horovits.medium.com/open-source-for-better-observability-8c65b5630561) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Dotan Horovits and Smera Goel.
Super excited for episode 46! Grant Asplund and Patrick Pushor are back to talk news and interview and fantastic guest in Frederick Kautz - Open Source, CNCF, and SPIFFE pro. We talk the importance of cloud-independent identity, the trend of platform vs point solution, and the collapse of Silicon Valley Bank . We hope you join us!
Paris Pittman is a Senior Program Manager at the Open Source Program office at Apple. A Prominent Kubernetes and CNCF member who served many roles with a focus on community and governance. Paris was on some key milestones for this show. First appearance was on Episode 1 and later on Episode 100. So we could not be happier to have Paris back in Episode 200. We discussed how Paris got started with community work and how the experience has been. Paris shared with us some words of wisdom on the power of working with others and the importance of moving on. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week KCD Amsterdam Retro AWS announced Data on EKS Kubecon EU 2023 “Security Village” Podman desktop released version 0.14 Keycloak joined CNCF as an incubating project Kubernetes v1.27 code name Chill Vibes was released The CNCF “Cloud Native Explorers” - Amsterdam Edition CNCF white paper on Platforms for Cloud Native Computing GKE Autopilot is now the default mode of operations for new clusters Links from the interview Paris Pittman: Linkedin Twitter Mastodon (@paris@hachyderm.io) OSCON 2016 Sarah Novotny Kaslin is a new chair of SIG contribX
KubeConEU 2023 in Amsterdam had over 10,000 attendees. What were the highlights and new trends happening in the CNCF ecosystem? SHOW: 713CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Find "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and SpotifyKeep up to data with Enterprise Tech with theCUBEUpland Software: Modern, secure fax solutions for businesses of all sizes.Digital transformation that safeguards sensitive information. Upland Software's got the goods.SHOW NOTES:Conference sessions, and keynotes are available on-demand to in-person and virtual registrants in the event platform until 5 May 2023. They will also be available publicly on the CNCF YouTube channel by 8 May. CNCF-hosted co-located events will be available on the CNCF YouTube channel within 72 hours post-event.CNCF Announcements (from vendors)CNCF Press conference recordingWhat's Next in Cloud Native roundtable Platform Engineering roundtableCNCF Envoy Documentary10,000 ATTENDEES, 58% OF THEM ARE NEW TO CNCFThank you to the CNCF for the Media pass to the event.10,000 people in attendance. Lots of energy. Showers in Europe - why? THERE'S SOMETHING FOR (MOSTLY EVERYBODY). EVERYBODY WILL HAVE A DIFFERENT VIEWPOINT ON THE SHOW.Kubernetes is mainstream for this audience. Now they are dealing with next-gen challenges beyond Kubernetes.Lots of Observability usage (and vendors)Lots of cloud cost-management (vendors), and talk that cloud providers would start pushing that message in 2023.Service mesh drew a lot of interest. Between Ambient Mesh, Ciliium Mesh and LinkerdLarge European customers seem to be slightly behind the rest of the world in terms of adoption, but they were eager to engage at this point in time. Data sovereignty (local countries) is a big concern in Europe, so it was interesting to hear how companies are dealing with those regulations.This is a strange show to get a sense from developers. WASM seems to be going through its Java phases. FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
In this episode we bring you with us to Southern California Linux Expo, or SCaLE20x in Pasadena, California. We interviewed several attendees about their experience at the conference. Featuring: Robin Phantomhive, attendee at SCaLE and community member Mofi Rahman, Developer Advocate at Google Fatima Sarah Khalid, Dev Evangelist at GitLab Bryan Behrenshausen, Open Source Program Manager at GitLab Laura Santamaria, Geek with an achievement streak at Dell Jeff Deifik, Cybersecurity at Aerospace Corp Jill Bryant Ryniker of LWDW and the Destination Linux Podcast Bill Schouten of Tux Digital and the Sudo Show Podcast Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Chainguard contributes Rekor Search Project to Sigstore Docker and Ambassador Labs Announce Telepresence for Docker, Improving the Kubernetes Development Experience Docker, Inc. Celebrates 10th Anniversary With Alliances Oracle Cloud Infrastructure to Increase the Reliability, Efficiency, and Simplicity of Large-Scale Kubernetes Environments at Reduced Costs cdCon / GitOpsCon Schedule Crossplane Security Audit Crossplane completes fuzzing security audit Improving Security by Fuzzing the CNCF landscape Report Links from the interview Destination Linux Podcast LWDW LinuxChix LA Sudo Show Podcast Tux Digital Creating a cluster with kubeadm
Gordon Radlein (@maascamp, Engineering Director at @Datadoghq) talks about the evolution of Open Telemetry (OTel), Logging, Metrics and Observability. SHOW: 706CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Solve your IAM mess with Strata's Identity Orchestration platformHave an identity challenge you thought was too big, too complicated, or too expensive to fix? Let us solve it for you! Visit strata.io/cloudcast to share your toughest IAM challenge and receive a set of AirPods ProMake Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableKubeConEU Virtual Event Registration Code: Please use the code KCEUVCCP, while supplies last.CloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendSHOW NOTES:OpenTelemetry (OSS project)OpenTracing + OpenCensus = Open Telemetry (OTel)What is Open Telemetry?Open Telemetry Slack Channel Components of Open TelemetryOpenTelemetry in DatadogTrace Collection through Open TelemetryTopic 1 - Welcome to the show Gordon. Tell us a bit about your background, and what you're focused on these days at Datadog?Topic 2 - Let's start with some basics - help us connect the dots between Telemetry and Logs and Metrics and Observability. And how does the Open Telemetry (OTel) project fit into the bigger picture?Topic 3 - Telemetry has always been a tradeoff between how much data to collect and how much data can be processed. How do you see companies using Telemetry today? Does it usually depend on the company size, or the complexity of the application? Topic 4 - How does Datadog offer Open Telemetry to customers today? Has that evolved over time, as the standard has evolved? Topic 5 - What are some of the new trends happening around Open Telemetry Topic 6 - You've been around quite a bit of very large-scale infrastructure in your career. What are some of the tips that you'd give anybody trying to build out or scale their observability environments? FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
David Flanagan is a developer, educator and technology enthusiast with a special interest for Kubernetes and Cloud Native technologies. David is the founder of Rawkode Academy, an online platform aiming at teaching kubernetes to developers. One of the popular shows on RawKode is Klustered. Where david invites people to fix broken kubernetes clusters, learn a thing or two and have a laugh Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Istio Ambient Mesh merged into the main branch Kubernetes 1.27 changes and removals k8s.gcr.io to registry.k8s.io redirect Preview support for pod sandbox on Azure Kubernetes Services Katacontainers Docker apologies for handling Free Teams deprecation Schedule for CNCF-hosted and colocated events is up Kubernetes WithOut Kubelet CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes Links from the interview David Flanagan Twitter Linkedin RawKode Academy Klustered How Spotify Accidentally Deleted All its Kube Clusters with No User Impact - David Xia You probably DON'T need a service mesh Klustered episode with Abdel and Marek Docker first release at PyCon 2013 KubeHuddle 2023 Toronto Kubernetes Failure Stories Kubelete runOnce flag Cilium Hubble Telnet Talkers Teamrock MUD's eBPF
The managers vs. workers leverage pendulum is swinging back again. Will management continue investing in IT Skills, or hollow out the IT future? SHOW: 705CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Make Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableKubeConEU Virtual Event Registration Code: Please use the code KCEUVCCP, while supplies last.CloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendDatadog Kubernetes Solution: Maximum Visibility into Container EnvironmentsStart monitoring the health and performance of your container environment with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.SHOW NOTES:Gartner's Maverick Research group - Stop investing in IT SkillsStackOverflow's survey of Emerging TechnologiesAmazon's head of HR rejects employee petition to work from home“Does IT Matter?” (book, 2004, Nicholas Carr)Hollowing Out (definition)WHAT HAPPENS AFTER THE GREAT RESIGNATION AND QUIET QUITTING?Economic changes put the leverage back into management's handsEverything gets re-evaluated when budgets get tightenedManagers look to offload accountability to external sourcesHOW TO COMMUNICATE VALUE vs PRODUCTIVITY vs COST SAVINGSMany companies look at AI as a 1:1 replacement for tasks and people vs. looking at it to augment people. Companies outsourced IT in the late 1990s and early 2000s, hollowing out IT. Will that become a new trend in the 2020s again? Today's engineers see things like low-code as not being viable, but see AI as being a way to augment their work (not replace it). Do companies know how to determine what isn't differentiated vs. requiring creativity or can create differentiation? Workers have had quite a bit of freedom of movement for the last 10+ years. Will that continue into the next decade? How much does the remote-work trend impact this?Gartner expects 75% of needed IT roles will go unfulfilled by 2030 (up from 25% in 2023)Big companies (e.g. Amazon) are pushing back on remote-work demands from workers.FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
Gleb Budman (@GlebBudman, CEO/Co-Founder of @Backblaze) talks about the evolution of cloud storage, the shift from on-prem to cloud, best practices and the rise of ransomware.SHOW: 704CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Datadog Synthetic Monitoring: Frontend and Backend Modern MonitoringEnsure frontend issues don't impair user experience by detecting user-facing issues with API and browser tests with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt. Solve your IAM mess with Strata's Identity Orchestration platformHave an identity challenge you thought was too big, too complicated, or too expensive to fix? Let us solve it for you! Visit strata.io/cloudcast to share your toughest IAM challenge and receive a set of AirPods ProMake Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableKubeConEU Virtual Event Registration Code: Please use the code KCEUVCCP, while supplies last.SHOW NOTES:Backblaze (homepage)B2 Cloud Storage (1/5th the price of AWS S3)Backblaze Blog Questions for Gleb? Topic 1 - Welcome to the show. You started Backblaze in 2007, just a year after AWS S3 launched. What made you decide to start a storage company when EMC, HP and NetApp dominated with big enterprise boxes, and S3 seemed like a weird new thing for Amazon sellers? Topic 2 - Over the last couple of years, it feels like there has been a shift in how companies think about “the cloud”. We're seeing more specialty clouds. How do you see this trend playing out in the market?Topic 3 - You've been through multiple stages of how the cloud has evolved. Where do you see us now in terms of cloud evolution, and what are some of the things you see coming on the horizon? Topic 4 - Backblaze is well known for disrupting both the cost of cloud storage, but also how storage systems are built. Given today's economic climate, are you seeing more companies demand more flexibility &/or efficiency on how they store data? Topic 5 - We continue to see ransomware attacks across all industries. Is this leading companies to rethink their backup and disaster-recovery strategies?Topic 6 - From a storage perspective, do you see bottlenecks emerging about how this appetite for more and more data will eventually run into problems?FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
March comes in like a lion, but goes out like a lamb. Let's explore 3 storylines that might have long-ranging implications for cloud. SHOW: 703CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Find "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and SpotifyKeep up to data with Enterprise Tech with theCUBECloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendMake Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableKubeConEU Virtual Event Registration Code: Please use the code KCEUVCCP, while supplies last.SHOW NOTES:Microsoft brings AI-powered Co-pilot to its productivity suiteUS Gov't looks to secure the cloud (by default)AWS' hidden anti-competitive move is hidden in plain sightTHERE'S A LOT TO KEEP UP WITH RIGHT NOWAll the good TV shows are coming out with new episodes (many the last season)The banking industry may or may not be very brittle right nowThe weather is getting better - springtime is nearMarchMadness - NCAA Basketball is happeningLEVERAGE, INTEREST RATES, RISK, TIMELINES, COMMUNICATIONS and PANICSMicrosoft bringing AI to productivity tools is going to shift the focus to more strategic thinking, but also being able to know what's right vs. just “work”Are you spending time thinking about the various ways that you can make this new easy-to-use, non-data-scientists-driven AI work in your environment? The US Gov't is trying to build a cloud strategy that is security-first. Is that possible? Will this bring up the debate about the cloud as a national utility? Security speed vs. agility speed? Corey Quinn highlights an important aspect of the cloud that isn't always obvious to people - they leverage their control of the network (inter-region and external) to shape the competitive landscape. FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
Martina Iglesias Fernández (@martina_if, CTO) & David Tuite (@dtuite, CEO of @Roadiehq) talk about the rise of Internal Developer Portals, the problems they solve, the creation of Backstage and IDP's as a SaaS service.SHOW: 702CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Solve your IAM mess with Strata's Identity Orchestration platformHave an identity challenge you thought was too big, too complicated, or too expensive to fix? Let us solve it for you! Visit strata.io/cloudcast to share your toughest IAM challenge and receive a set of AirPods ProMake Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableGitOpsCon + CDCon Registration Code: PODCAST10 for 10% offDatadog Kubernetes Solution: Maximum Visibility into Container EnvironmentsStart monitoring the health and performance of your container environment with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.SHOW NOTES:CNCF Backstage ProjectRoadie.io - Backstage as a SaaSCNCF On-Demand Webinar: Driving Adoption of your Backstage IDPTopic 1 - David & Martina, Welcome to the show. Please give everyone a brief introduction and how you got started with Backstage and internal development portals.Topic 2 - Backstage was spun out of Spotify and is now a CNCF project. What problems were developers seeing and what is the origin story of Backstage?Topic 3 - What were the immediate and long term advantages of consolidating the development experience on the Backstage platform? Topic 4 - There is always a healthy tension with development platforms. How do you balance between setting standards to consolidate and providing freedom of choice?Topic 5 - One of the common takeaways we have seen recently is that the IDP is the output product of Platform Engineering. Do you agree with this statement and what has your experience shown? Is this more about a set of common standards and automation or about a “product” such as an IDP.Topic 6 - Why does an IDP succeed or fail?Topic 7- Backstage doesn't have a reputation of being the easiest to configure or operate. Is this where Backstage as a service comes in? What are the advantages and disadvantages to Backstage as a Service?FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
This past week, Silicon Valley Bank (SVB) was closed by banking regulators. Let's understand the basics of how this happened and why it matters to the tech industry. SHOW: 701CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:CloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendSolve your IAM mess with Strata's Identity Orchestration platformHave an identity challenge you thought was too big, too complicated, or too expensive to fix? Let us solve it for you! Visit strata.io/cloudcast to share your toughest IAM challenge and receive a set of AirPods ProMake Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableGitOpsCon + CDCon Registration Code: PODCAST10 for 10% offSHOW NOTES:FDIC Creates a Deposit Insurance National Bank of Santa Clara to Protect Insured Depositors of Silicon Valley Bank, Santa Clara, California (March 10)FDIC Update on SVB Bank and Access to Deposits (March 12)Joint Statement by Department of Treasury, Federal Reserve and FDIC (March 12)HOW CAN A BANK WITH SO MUCH MONEY SHUT DOWN?Banks never hold all the money that they have on the books as depositsBanks manage a portfolio of investmentsBanks try and manage the portfolio within certain ratiosBanks have regulationsLEVERAGE, INTEREST RATES, RISK, TIMELINES, COMMUNICATIONS and PANICSBasics Part I - Systems built on Trust, Regulations to Enforce ActionsBasics Part II - What is SVB?, Deposits vs. Investments, Leverage, Interest RatesHigher interest rates increases the risk of existing investmentsValuations vs. Valuations on PaperInsurance, Diversified PortfolioCloud Analogies - Single vs. Multi-Cloud, Shared Resources Risks, Profitability of a Service, Best Practices vs. Practicality, Rising Costs (or Shortages) FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
James Governor (@monkchips, Co-Founder @Redmonk) talks about Developer experience in 2023. Topics include trends, platforms, languages and culture.SHOW: 700CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"SHOW SPONSORS:Make Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableGitOpsCon + CDCon Registration Code: PODCAST10 for 10% offDatadog Security Solution: Modern Monitoring and SecurityStart investigating security threats before it affects your customers with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.Solve your IAM mess with Strata's Identity Orchestration platformHave an identity challenge you thought was too big, too complicated, or too expensive to fix? Let us solve it for you! Visit strata.io/cloudcast to share your toughest IAM challenge and receive a set of AirPods ProSHOW NOTES:Redmonk - The developer focused analyst firm (homepage)Redmonk Programming Language RankingsMonktoberfest - Developer Conference (Portland, ME)Topic 1 - Welcome back to the show. You are a rockstar in the developer world, and maybe unknown in the infrastructure world. Tell us a little bit about your background.Topic 2 - [Developers as a Whole] In 2023, do you think about developers any differently than you did in 2018 or 2021? Do you think about developers in terms of things they get done, or the types of work they do (front-end, back-end, mobile, data-science, etc.), or something else?Topic 3 - [Trends] What are the big developer-centric trends that you are tracking or really have your interest? AI? Hosting services? Database services? WASM? Topic 4 - [Platforms] Will we ever find that PaaS pot-of-golf at the end of the rainbow, or is the dream of platforms just a unicorn? Or do we have to realize that successful platforms are all micro-platforms? Topic 5 - [Languages] Redmonk famously tracks development languages every six months. It feels like there are only two trends - what stays the same, and the language that is the new hotness. Do languages really matter? Topic 6 - [Culture] Lots of people talk about changing a company's culture to better serve the needs of developers. Do you have any examples of where that has worked, or best practices? FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
Eric Anderson (@ericmander) has a conversation with Liam Randall (@Hectaman) and Bailey Hayes (@baihay) of Cosmonic, the platform-as-a-service environment for building cloud-native applications using WebAssembly. Bailey is also on the steering committee for the Bytecode Alliance, which stewards WebAssembly. In 2021, Cosmonic donated their WebAssembly runtime, wasmCloud, to the CNCF as an open-source project. Today, Liam and Bailey trace the history of WebAssembly, and their personal paths alongside it. Subscribe to Contributor on Substack for email notifications, and join our Slack community! In this episode we discuss: How WebAssembly came together over the last decade to become the fourth standardized language of the web The moments when Bailey and Liam both realized they might be changing the future of computing Modding Microsoft Flight Simulator with Wasm modules Liam's thoughts on how WebAssembly will affect business models going forward Links: Cosmonic WebAssembly Bytecode Alliance CNCF wasmCloud Wasmtime WAMR Better together: A Kubernetes and Wasm case study Spin People mentioned: Kevin Hoffman (@KevinHoffman) Kelsey Hightower (@kelseyhightower) Guy Bedford (@guybedford) Peter Huene (@peterhuene) Chris Aniszczyk (@cra) Other episodes: Envoy Proxy with Matt Klein Suborbital with Connor Hicks
It's now been 3 years since the world was disrupted by COVID-19. How has the tech industry been impacted, changed, and altered? SHOW: 699CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Make Cloud Native Ubiquitous with Cloud Native Computing Foundation (CNCF)Join the foundation of doers, CNCF is the open source, vendor-neutral hub of cloud native computing, hosting projects like Kubernetes and Prometheus to make cloud native universal and sustainableGitOpsCon + CDCon Registration Code: PODCAST10 for 10% offCloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendSHOW NOTES:Eps.499 - Did COVID change tech?Eps.552 - Developing New Habits in COVIDRemote Work Should be (Mostly) Asynchronous (HBR)GOOD PREDICTIONS, BAD PREDICTIONS, AND MISSED OPPORTUNITIESHow long the pandemic would lastHow much this would accelerate cloud adoptionHow efficient remote work would make companiesThe future of in-person events vs. virtual eventsGOOD HABITS, BAD HABITS, AND LESSONS LEARNEDToo many companies assumed that late 2020 through early 2022 would be the new normal The cloud providers all grew very fast, but none of them launched industry-changing new services, and have since laid off peopleSaaS services did not figure out how to be more profitable, and have laid off peopleRemove work hasn't become more efficient, and it's not creating new management / teamwork / collaboration challengesWe've created very unusual and awkward human interactions, and tried to normalize themA new round of layoffs and economic uncertainty will end up creating another new set of behaviors - still TBD.FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
Emily Fox is a security engineer @Apple Cloud Services, a CNCF Technical Oversight Committee member and co-chair for a bunch of CNCF events including recently the Cloud Native Security Conference in Seattle. We had a chance to talk to Emily about the first edition of the CNSC 2023, her involvement with the CNCF community. Her role as a security engineer and some career discussions. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week KubeEdge v1.13.0 released on January 18, 2023, achieves SLSA 3 compliance SLSA 3 compliance KubeVela brings software delivery control plane capabilities to CNCF Incubator GKE Updates: Balanced compute classes are now offered in GKE Autopilot GKE Autopilot now supports exposing randomly assigned host ports for pods GKE has started offering ephemeral storage with local SSDs Added support for Windows Server 2022 nodes AWS announced the availability of AKS anywhere on Snowball Edge Devices Sysdig released their 6th annual Cloud Native Security and Usage Report. Rebooting the Cloud Native Hamburg community group KubeCon EU Amsterdam Schedule Katacoda Kubernetes tutorials shutdown LFX Internships for WASMEdge Kubernetes Community Days (KCDs): Upcoming CFP deadlines: KCD Italy CFP closes February 20 2023 (in-person) KCD Czech + Slovak CFP closes March 1, 2023 (in-person) KCD Bangaluru CFP closes March 20, 2023 (in-person) KCD Zurich CFP closes March 31, 2023 (in-person) KCD Colombia CFP closes March 31, 2023 (in-person) Check out upcoming KCDs that might be in your region: Sponsorship opportunities are available Donation Prospectus available for review KCD Israel 2023, Mar 23, 2023 KCD LA, Mar 9, 2023 KCD Pakistan (Islamabad), February 20, 2023 KCD Netherlands (Amsterdam), February 23-24, 2023 KCD France (Paris), March 7, 2023 KCD Los Angeles, March 9-10, 2023 KCD Ukraine Virtual Fundraiser, March 16, 2023 Links from the interview Emily Fox: Twitter Linkedin Cloud Native Security Con Youtube Playlist How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo eBPF CIA Triad Waterfall development Cloudcareers.dev podcast Rory McCune on twitter Software Supply Chain Security Emily Fox on SBOM Emily Fox on SDLC Shift Left Security: Best Practices for Getting Started Episode 196 with Benjamin Elder CNSC 2023 seattle guests David Wolf Eric Knauer Liz Rice Mitch Connors Josh Knarr Nick Young Taylor Dolezal Frederick Kautz on SPIFFE/SPIRE Chris Aniszczyk's Blog The Falco Project Cilium Tetragon Pixie Aviatrix Keylime Google Anthos Beyond Cluster-Admin: Getting Started with Kubernetes Users and Permissions - Tiffany Jernigan Standardization & Security - A Perfect Match - Ravi Devineni & Vinny Carpenter, Northwestern Mutual CSI Container: Can You DFIR It? - Alberto Pellitteri & Stefano Chierici, Sysdig Links from the post-interview chat Cloud Native Security Con Eu 2023 CNCF TOC
In this episode, we conclude our miniseries dealing with software supply chain security by considering the next five years in the space, what we need, and what we can hope for. Emily Fox, Aeva Black, Brian Behlendorf, Adrian Ludwig, Lena Smart, and of course Guy Podjarny, join Simon by sharing some insights on the areas in most need of attention, and where we can realistically expect to make progress in the near future. Listeners will hear about trust and tooling, downstream complexities, and qualifying security engineers, with the conversation ending on an optimistic note with an eye to the horizon. For most of our panel, the message of consistent attention and security prioritisation within organisations, as well as from governance is paramount to the health of any of these systems. So to hear it all in this final installment of our special, be sure to press play now!
Arun Gupta, VP and General Manager of Open Ecosystems at Intel Corporation, joins Doc Searls and Simon Phipps on this episode of FLOSS Weekly. Gupta has been an open source strategist, advocate and practitioner for nearly two decades, and is currently an elected chair of the Cloud Native Computing Foundation (CNCF) Governing Board, where he works with CNCF leadership and member companies to grow the cloud native ecosystem. A great discussion around open source, AI and another personal passion Gupta shares as part of his daily routine. Hosts: Doc Searls and Simon Phipps Guest: Arun Gupta Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss
Arun Gupta, VP and General Manager of Open Ecosystems at Intel Corporation, joins Doc Searls and Simon Phipps on this episode of FLOSS Weekly. Gupta has been an open source strategist, advocate and practitioner for nearly two decades, and is currently an elected chair of the Cloud Native Computing Foundation (CNCF) Governing Board, where he works with CNCF leadership and member companies to grow the cloud native ecosystem. A great discussion around open source, AI and another personal passion Gupta shares as part of his daily routine. Hosts: Doc Searls and Simon Phipps Guest: Arun Gupta Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss
Arun Gupta, VP and General Manager of Open Ecosystems at Intel Corporation, joins Doc Searls and Simon Phipps on this episode of FLOSS Weekly. Gupta has been an open source strategist, advocate and practitioner for nearly two decades, and is currently an elected chair of the Cloud Native Computing Foundation (CNCF) Governing Board, where he works with CNCF leadership and member companies to grow the cloud native ecosystem. A great discussion around open source, AI and another personal passion Gupta shares as part of his daily routine. Hosts: Doc Searls and Simon Phipps Guest: Arun Gupta Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss
Arun Gupta, VP and General Manager of Open Ecosystems at Intel Corporation, joins Doc Searls and Simon Phipps on this episode of FLOSS Weekly. Gupta has been an open source strategist, advocate and practitioner for nearly two decades, and is currently an elected chair of the Cloud Native Computing Foundation (CNCF) Governing Board, where he works with CNCF leadership and member companies to grow the cloud native ecosystem. A great discussion around open source, AI and another personal passion Gupta shares as part of his daily routine. Hosts: Doc Searls and Simon Phipps Guest: Arun Gupta Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/floss
Continuing our mini-series on supply chain security, as we deep dive into the organisational aspects of this charge and hear from a number of our experts about solutions and initiatives to better prepare for supply chain risks and visibility issues.Simon and Guy are joined by Adrian Ludwig, Aeva Black, Jim Zemlin, Emily Fox, and Eric Brewer as we start thinking about securing the supply chain as an organisation. Guypo breaking down the four fundamental steps for doing this, and how to tackle the subject of SBOMs or Software Bill of Materials. Our guests share fascinating perspectives on how these areas relate to a company's overall preparedness and particularly to the open source space. We also cover some general advice about raising security awareness at a company, so for all this and a whole lot more, make sure to join us. Next week is our miniseries finale, where we will tackle the future of software supply chain security, so make sure you tune in for that !
Benjamin Elder is a Senior Software Engineer at Google, a Kubernetes SIG Testing Chair & Tech Lead, and a Kubernetes Steering Committee member. In this episode we got to chat with Benjamin about the new kubernetes registry migration from k8s.gcr.io to registry.k8s.io. We also had an opportunity to discuss the community, the various SIG's (Special Interest Groups) Benjamin is involved with the amount of work needed to drive the project forward. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod Chatter of the week Google Developer Experts program. ChatGPT. OpenAI Case Study. Kubernetes Jobs API. Job Tracking, to Support Massively Parallel Batch Workloads, Is GA in kubernetes 1.26. Stateful apps on Kubernetes. Kelsey Hightower's take on Databases on Kubernetes twitter space. Kubernetes Resources Model News of the week Linkerd published a 2022 recap The CNCF Cloud Native Maturity Model The CNCF Cloud Native Maturity Model website Using Amazon EKS with Google Workspace identities CNCF Ambassador 2.0 program Cloud Native Security Con NA 2023 (website - recordings) The CNCF important updates for KubeCon + CloudNativeCon 2023 and co-located events Kubernetes 1.26 news: https://kubernetes.io/blog/ Eviction policy for unhealthy pods guarded by PodDisruptionBudgets:https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ Retroactive Default StorageClass: https://kubernetes.io/blog/2023/01/05/retroactive-default-storage-class/ Alpha support for cross-namespace storage data sources: https://kubernetes.io/blog/2023/01/02/cross-namespace-data-sources-alpha/ Advancements in Kubernetes Traffic Engineering: https://kubernetes.io/blog/2022/12/30/advancements-in-kubernetes-traffic-engineering/ Job Tracking, to Support Massively Parallel Batch Workloads, Is Generally Available: https://kubernetes.io/blog/2022/12/29/scalable-job-tracking-ga/ CPUManager goes GA: https://kubernetes.io/blog/2022/12/27/cpumanager-ga/ Pod Scheduling Readiness: https://kubernetes.io/blog/2022/12/26/pod-scheduling-readiness-alpha/ Support for Passing Pod fsGroup to CSI Drivers At Mount Time: https://kubernetes.io/blog/2022/12/23/kubernetes-12-06-fsgroup-on-mount/ GA Support for Kubelet Credential Providers: https://kubernetes.io/blog/2022/12/22/kubelet-credential-providers/ Introducing Validating Admission Policies: https://kubernetes.io/blog/2022/12/20/validating-admission-policies-alpha/ Device Manager graduates to GA: https://kubernetes.io/blog/2022/12/19/devicemanager-ga/ Non-Graceful Node Shutdown Moves to Beta: https://kubernetes.io/blog/2022/12/16/kubernetes-1-26-non-graceful-node-shutdown-beta/ Alpha API For Dynamic Resource Allocation: https://kubernetes.io/blog/2022/12/15/dynamic-resource-allocation/ Windows HostProcess Containers Are Generally Available: https://kubernetes.io/blog/2022/12/13/windows-host-process-containers-ga/ We're now signing our binary release artifacts!: https://kubernetes.io/blog/2022/12/12/kubernetes-release-artifact-signing/ Links from the interview Benjamin Elder LinkedIn Github Twitter Kubernetes Steering Committee Kubernetes SIG Testing Kubernetes IN Docker (KIND) Benjamin on the podcast episode 96 Paris Pittman LinkedIN Twitter Kubernetes registry move from k8s.gcr.io to registry.k8s.io Archeio is the tool used to redirect to GCR or S3 depending on the client. The design of how requests are handled. Doc detailing the background of this migration. Kubernetes SIG Contributor Experience Kubernetes Slack channel
The CNCF has a new kubernetes survey out and it has some interesting findings. We discuss several of them and our takes on them. Also, fresh back from cfmgmtcamp in Ghent, Coté talks about a new entrant in the configuration and release management space, System Initiative. As ever, with your three friends: @egrigson, @benbravo73, & @cote. Here's the original video we streamed live if you're into that kind of thing.
The CNCF has a new kubernetes survey out and it has some interesting findings. We discuss several of them and our takes on them. Also, fresh back from cfmgmtcamp in Ghent, Coté talks about a new entrant in the configuration and release management space, System Initiative. As ever, with your three friends: @egrigson, @benbravo73, & @cote. Here's the original video we streamed live if you're into that kind of thing.
Chris Aniszczyk (@cra, CTO of @CloudNativeFdn) talks about the evolution of CNCF projects, major cloud-native trends, and managing the intersection of projects, users and vendors.SHOW: 690CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:How to Fix the Internet (A new podcast from the EFF)CloudZero – Cloud Cost Visibility and SavingsCloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendDatadog Monitoring: Modern Monitoring and AnalyticsStart monitoring your infrastructure, applications, logs and security in one place with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.SHOW NOTES:CNCF HomepageCNCF End-User Technology RadarCNCF Annual Report 2022CNCF LandscapeCNCF Project Velocity for 2022Predictions for 2023 (LinkedIn)Topic 1 - Welcome to the show. Tell us a little bit of your background, and what does a CTO of a foundation like the CNCF do? Topic 2 - What does the CNCF do these days, and what should various stakeholders, partners and consumers of CNCF “things” (projects, events, training, etc.) expect from the CNCF? Topic 3 - The CNCF has a number of ways to represent technologies under its governance - Landscape, Technology Radar, etc. As the CTO, how do you think about all the different ways there are to solve problems using CNCF technologies? Topic 4 - How much do you worry about the economy slowing down, in the sense of it impacting VC funding for companies that might be at the core of projects (especially new projects). Does the CNCF need a certain amount of volume of projects to provide value, or are you mostly focused on doing good governance to the projects in front of you?Topic 5 - As the CTO of the CNCF, do you feel like there are “core” projects that need more of your attention because of how many other projects have dependencies? Or are there key concepts that you try to infuse into projects, knowing how interconnected they become?Topic 6 - Every technologist has their areas of interest. You recently did a post on your predictions for 2023 that everyone should check out. What are some of yours as you look out at 2023? Topic 7 - What are some of the new things that the CNCF is working on this year? FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
Last September, at the
Lars is big on Elixir. Think apps that scale really well, tend to be monolithic, and have one of the most mature deployment models: self-contained releases & built-in hot code reloading. In episode 7, Gerhard talked to Lars about “Why Kubernetes”. There is a follow-up YouTube stream that showed how to automate deploys for an Elixir app using K3s & ArgoCD. More than a year later, how does Lars think about running applications in production? What does simple & straightforward mean to him? Gerhard's favourite: what is “human scale deployments”?
This week we discuss digital transformation at Southwest and Delta Airlines, Shopify cancels all meetings, Salesforce's M&A strategy, and A.I. is everywhere. Plus, thoughts on bike lanes… Watch the YouTube Live Recording of Episode 396 (https://youtu.be/tmm8rH9fZEE) Runner-up Titles Work trying to get on my personal calendar Traveling with an infant =BLACKSWAN(A1:G453) Socks in a Costco Can't do the business case on savings until you loose it. Pay transparency for you, not me We don't pay for things on the Internet Semper Nimbus Privatus Rundown Dutch residents are the most physically active on earth, (https://twitter.com/BrentToderian/status/1611901297552396289) Digital Transformation Travel Edition Delta plans to offer free Wi-Fi starting Feb. 1 (https://www.cnbc.com/2023/01/05/delta-plans-to-offer-free-wi-fi-starting-feb-1.html) The Southwest Airlines Meltdown (https://www.nytimes.com/2023/01/10/podcasts/the-daily/the-southwest-airlines-meltdown.html) Southwest's Meltdown Could Cost It Up to $825 Million (https://www.nytimes.com/2023/01/06/business/southwest-airlines-meltdown-costs-reimbursement.html) Southwest pilots union writes scathing letter to airline executives after holiday travel fiasco (https://www.yahoo.com/now/southwest-pilots-union-writes-scathing-011720946.html) Southwest makes frequent flyer miles offer while lots of luggage remains in limbo (https://www.cnn.com/travel/article/southwest-airlines-frequent-flyer-miles-meltdown/index.html) Point of Sale: Scan and Pay (https://twitter.com/pitdesi/status/1602843962602975233?s=20&t=YdGNYzReSf4r1twJ1hRfbA) Work Life Shopify Tells Employees to Just Say No to Meetings (https://www.bloomberg.com/news/articles/2023-01-03/shopify-ceo-tobi-lutke-tells-employees-to-just-say-no-to-meetings) Netflix Revokes Some Staff's Access to Other People's Salary Information (https://apple.news/A--bGmZgJTQCgHQ-9QdWu4w) U.S. Moves to Bar Noncompete Agreements in Labor Contracts (https://www.nytimes.com/2023/01/05/business/economy/ftc-noncompete.html) Gartner HR expert: Quiet hiring will dominate U.S. workplaces in 2023 (https://www.cnbc.com/2023/01/04/gartner-hr-expert-quiet-hiring-will-dominate-us-workplaces-in-2023.html) Netflix revokes some staff's access to other people's salary information (https://www.marketwatch.com/story/netflix-revokes-some-staffs-access-to-other-peoples-salary-information-11673384493) SFDC Salesforce: There's no more Slack left to cut (https://www.theregister.com/2023/01/10/salesforce_comment/) Salesforce to Lay Off 10 Percent of Staff and Cut Office Space (https://www.nytimes.com/2023/01/04/business/salesforce-layoffs.html) After layoffs, Salesforce CEO still blasts worker productivi (https://www.sfgate.com/tech/article/salesforce-ceo-blasts-worker-productivity-17708474.php)ty (https://www.sfgate.com/tech/article/salesforce-ceo-blasts-worker-productivity-17708474.php) AI is everywhere Google execs warn company's reputation could suffer if it moves too fast on AI-chat technology (https://www.cnbc.com/2022/12/13/google-execs-warn-of-reputational-risk-with-chatgbt-like-tool.html) Microsoft and OpenAI Working on ChatGPT-Powered Bing in Challenge to Google (https://www.theinformation.com/articles/microsoft-and-openai-working-on-chatgpt-powered-bing-in-challenge-to-google?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Microsoft eyes $10 billion bet on ChatGPT (https://www.semafor.com/article/01/09/2023/microsoft-eyes-10-billion-bet-on-chatgpt) Wolfram|Alpha as the Way to Bring Computational Knowledge Superpowers to ChatGPT (https://writings.stephenwolfram.com/2023/01/wolframalpha-as-the-way-to-bring-computational-knowledge-superpowers-to-chatgpt/) Relevant to your Interests 2023 Bum Steer of the Year: Austin (https://www.texasmonthly.com/news-politics/2023-bum-steer-of-year-austin/) Twitter's Rivals Try to Capitalize on Musk-Induced Chaos (https://www.nytimes.com/2022/12/07/technology/twitter-rivals-alternative-platforms.html) On Organizational Structures and the Developer Experience (https://redmonk.com/sogrady/2022/12/13/org-structure-devx/) KubeCon + CloudNativeCon North America 2022 Transparency Report | Cloud Native Computing Foundation (https://www.cncf.io/reports/kubecon-cloudnativecon-north-america-2022-transparency-report/) Inside the chaos at Washington's most connected military tech startup (https://www.vox.com/recode/23507236/inside-disruption-rebellion-defense-washington-connected-military-tech-startup) Elon Musk Starts Week As World's Second Richest Person (https://www.forbes.com/sites/mattdurot/2022/12/12/elon-musk-starts-week-as-worlds-second-richest-person/) 10 Tesla Investors Lose $132.5 Billion From Musk's Twitter Fiasco (https://www.investors.com/etfs-and-funds/sectors/tesla-stock-investors-lose-132-5-billion-from-musks-twitter-fiasco/) Rackspace's ransomware messaging dilemma (https://www.axios.com/newsletters/axios-login-83146574-380f-4e37-965d-7fd79bce7278.html?chunk=2&utm_term=emshare#story2) Heads-Up: Amazon S3 Security Changes Are Coming in April of 2023 (https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/) A MultiCloud Rant (https://www.lastweekinaws.com/blog/a_multicloud_rant/) Great visualization of the revenue breakdown of the 4 largest tech companies. (https://twitter.com/Carnage4Life/status/1603012861017862144?s=20&t=HC2UuMCHBB408xae6tZpbQ) AG Paxton's Google Suit Makes the Perfect the Enemy of the Good (https://truthonthemarket.com/2022/12/14/ag-paxtons-google-suit-makes-the-perfect-the-enemy-of-the-good/) AWS simplifies Simple Storage Service to prevent data leaks (https://www.theregister.com/2022/12/14/aws_simple_storage_service_simplified/) Creating the ultimate smart map with new map data initiative launched by Linux Foundation (https://venturebeat.com/virtual/creating-the-ultimate-smart-map-with-new-map-data-initiative-launched-by-linux-foundation/) Spotify's grand plan to monetize developers via its open source Backstage project (https://techcrunch.com/2022/12/15/spotifys-plan-to-monetize-its-open-source-backstage-developer-project/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tLw&guce_referrer_sig=AQAAAAlyOmdhogtX6nuQkNHQ7mVSyci6aMv7X6QwRTvS9PHGJmjO_wjCqsJXXPKI36A9MkIclSIQoHQ_dz7wJ-WzfaYQT_clMcUijiC28ZQhEau4NOcU-70wy5m0Q9LLmtvWuQbWQQEccEbQH2Lvg4_GqfnQBYNPZWRcgpx7XMLas_2R) VMware offers subs for server consolidation vSphere cut (https://www.theregister.com/2022/12/15/vsphere_plus_standard/) Senior execs to leave VMware before acquisition by Broadcom (https://www.bizjournals.com/sanjose/news/2022/12/13/three-senior-execs-to-leave-vmware.html#:~:text=Mark%20Lohmeyer%2C%20who%20heads%20cloud,Raghuram%20announced%20in%20a%20memo) China Bans Exports of Loongson CPUs to Russia, Other Countries: Report (https://www.tomshardware.com/news/china-bans-exports-of-its-loongson-cpus-to-russia-other-countries) Dropbox buys form management platform FormSwift for $95M in cash (https://techcrunch.com/2022/12/16/dropbox-buys-form-management-platform-formswift-for-95m-in-cash/) Sweep, a no-code config tool for Salesforce software, raises $28M (https://techcrunch.com/2022/12/15/sweep-a-no-code-config-tool-for-salesforce-software-raises-28m/) Twitter Aided the Pentagon in its Covert Online Propaganda Campaign (https://theintercept.com/2022/12/20/twitter-dod-us-military-accounts/) Okta's source code stolen after GitHub repositories hacked (https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/) Workday appoints VMware veteran as co-CEO (https://www.theregister.com/2022/12/21/workday_co_ceo/) Top Paying Tools (https://softwaredefinedtalk.slack.com/archives/C04EK1VBK/p1671635825838769) Winging It: Inside Amazon's Quest to Seize the Skies (https://www.wired.com/story/amazon-air-quest-to-seize-the-skies/) CIS Benchmark Framework Scanning Tools Comparison (https://www.armosec.io/blog/cis-kubernetes-benchmark-framework-scanning-tools-comparison/) MSG defends using facial recognition to kick lawyer out of Rockettes show (https://arstechnica.com/tech-policy/2022/12/facial-recognition-flags-girl-scout-mom-as-security-risk-at-rockettes-show/) OpenAI releases Point-E, an AI that generates 3D models (https://techcrunch.com/2022/12/20/openai-releases-point-e-an-ai-that-generates-3d-models/) No, You Haven't Won a Yeti Cooler From Dick's Sporting Goods (https://www.wired.com/story/email-scam-dicks-sporting-goods-yeti-cooler/) The Lastpass hack was worse than the company first reported (https://www.engadget.com/the-lastpass-hack-was-worse-than-the-company-first-reported-000501559.html?utm_source=facebook&utm_medium=news_tab) IRS delays tax reporting change for 1099-K on Venmo, Paypal business payments (https://www.cnbc.com/2022/12/23/irs-delays-tax-reporting-change-for-1099-k-on-venmo-paypal-payments.html) Cyber attacks set to become ‘uninsurable', says Zurich chief (https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d) Google Employees Brace for a Cost-Cutting Drive as Anxiety Mounts (https://www.nytimes.com/2022/12/28/technology/google-job-cuts.html) IBM beat all its large-cap tech peers in 2022 as investors shunned growth for safety (https://www.cnbc.com/2022/12/27/ibm-stock-outperformed-technology-sector-in-2022.html) Europe Taps Tech's Power-Hungry Data Centers to Heat Homes (https://www.wsj.com/articles/europe-taps-techs-power-hungry-data-centers-to-heat-homes-11672309944?mod=djemalertNEWS) List of defunct social networking services (https://en.wikipedia.org/wiki/List_of_defunct_social_networking_services) 2023 Predictions | No Mercy / No Malice (https://www.profgalloway.com/2023-predictions/) Twitter rival Mastodon rejects funding to preserve nonprofit status (https://arstechnica.com/tech-policy/2022/12/twitter-rival-mastodon-rejects-funding-to-preserve-nonprofit-status/) TSMC Starts Next-Gen Mass Production as World Fights Over Chips (https://www.bloomberg.com/news/articles/2022-12-29/tsmc-mass-produces-next-gen-chips-to-safeguard-global-lead) Microsoft and FTC pre-trial hearing set for January 3rd (https://www.engadget.com/pre-trial-hearing-between-microsoft-and-ftc-set-for-january-3rd-203320387.html) The infrastructure behind ATMs (https://www.bitsaboutmoney.com/archive/the-infrastructure-behind-atms/) Apple is increasing battery replacement service charges for out-of-warranty devices (https://techcrunch.com/2023/01/03/apple-is-increasing-battery-replacement-service-charges-for-out-of-warranty-devices/) Snowflake's business and how the weakening economy is impacting cloud vendors (https://twitter.com/LiebermanAustin/status/1607376944873754626) Shift Happens: A book about keyboards (https://shifthappens.site/) Amazon to cut 18,000 jobs (https://www.axios.com/2023/01/05/amazon-layoffs-18000-jobs) CircleCI security alert: Rotate any secrets stored in CircleCI (https://circleci.com/blog/january-4-2023-security-alert/) Video game workers form Microsoft's first U.S. labor union (https://www.nbcnews.com/tech/tech-news/video-game-workers-form-microsofts-first-us-labor-union-rcna64103) World's Premier Investors Line Up to Partner with Netskope as the SASE Security and Networking Platform of Choice (https://www.prnewswire.com/news-releases/worlds-premier-investors-line-up-to-partner-with-netskope-as-the-sase-security-and-networking-platform-of-choice-301712417.html) omg.lol - A lovable web page and email address, just for you (https://home.omg.lol/) Alphabet led a $100 million funding of Chronosphere, a startup that helps companies monitor and cut cloud bills. (https://twitter.com/theinformation/status/1611165698868367360) Confluent expands Kafka Streams capabilities, acquires Apache Flink vendor (https://venturebeat.com/enterprise-analytics/confluent-acquires-apache-flink-vendor-immerok-to-expand-data-stream-processing/) Excel & Google Sheets AI Formula Generator - Excelformulabot.com (https://excelformulabot.com/) Has the Internet Reached Peak Clickability? (https://tedgioia.substack.com/p/has-the-internet-reached-peak-clickability) Adobe's CEO Sizes Up the State of Tech Now (https://www.wsj.com/articles/adobes-ceo-sizes-up-the-state-of-tech-now-11673151167?mod=djemalertNEWS) Researchers Hacked California's Digital License Plates, Gaining Access to GPS Location and User Info (https://jalopnik.com/researchers-hacked-californias-digital-license-plates-1849966295) Microsoft's New AI Can Simulate Anyone's Voice With 3 Seconds of Audio (https://slashdot.org/story/23/01/10/0749241/microsofts-new-ai-can-simulate-anyones-voice-with-3-seconds-of-audio?utm_source=slashdot&utm_medium=twitter) Observability platform Chronosphere raises another $115M at a $1.6B valuation (https://techcrunch.com/2023/01/10/observability-platform-chronosphere-raises-another-115m-at-a-1-6b-valuation/) Why IBM is no longer interested in breaking patent records–and how it plans to measure innovation in the age of open source and quantum computing (https://fortune.com/2023/01/06/ibm-patent-record-how-to-measure-innovation-open-source-quantum-computing-tech/) New research aims to analyze how widespread COBOL is (https://www.theregister.com/2022/12/14/cobol_research/) Companies are still waiting for their cloud ROI (https://www.infoworld.com/article/3675374/companies-are-still-waiting-for-their-cloud-roi.html) What TNS Readers Want in 2023: More DevOps, API Coverage (https://thenewstack.io/what-tns-readers-want-in-2023-more-devops-api-coverage/) Tech Debt Yo-Yo Cycle. (https://twitter.com/wardleymaps/status/1605860426671177728) How a single developer dropped AWS costs by 90%, then disappeared (https://scribe.rip/@maximetopolov/how-a-single-developer-dropped-aws-costs-by-90-then-disappeared-2b46a115103a) A look at the 2022 velocity of CNCF, Linux Foundation, and top 30 open source projects (https://www.cncf.io/blog/2023/01/11/a-look-at-the-2022-velocity-of-cncf-linux-foundation-and-top-30-open-source-projects/) The golden age of the streaming wars has ended (https://www.theverge.com/2022/12/14/23507793/streaming-wars-hbo-max-netflix-ads-residuals-warrior-nun) YouTube exec says NFL Sunday Ticket will have multiscreen functionality (https://awfulannouncing.com/youtube/nfl-sunday-ticket-multiscreen-mosaic-mode.html) (https://twitter.com/theinformation/status/1611165698868367360)## Nonsense The $11,500 toilet with Alexa inside can now be put inside your home (https://www.theverge.com/2022/12/19/23510864/kohler-numi-smart-toilet-alexa-ces-2022) Starbucks updating its loyalty program starting in February (https://www.axios.com/2022/12/28/starbucks-rewards-program-changes-coming) The revenue model of a popular YouTube channel about Lego. (https://paper.dropbox.com/doc/SDT-396--BwhY9F5kpz_BI2kkdw63ZpJ~Ag-MVMKwqqBEH5SzYKqYO2Jc) Conferences THAT Conference Texas Speakers and Schedule (https://that.us/events/tx/2023/schedule/), Round Rock, TX Jan 15th-18th Use code SDT for 5% off SpringOne (https://springone.io/), Jan 24–26. Coté speaking at cfgmgmtcamp (https://cfgmgmtcamp.eu/ghent2023/), Feb 6th to 8th, Ghent. State of Open Con 2023, (https://stateofopencon.com/sponsors/) London, UK, February 7th-8th 2023 CloudNativeSecurityCon North America (https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/), Seattle, Feb 1 – 2, 2023 Southern California Linux Expo, (https://www.socallinuxexpo.org/scale/20x) Los Angeles, March 9-12, 2023 DevOpsDays Birmingham, AL 2023 (https://devopsdays.org/events/2023-birmingham-al/welcome/), April 20 - 21, 2023 SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Industrial Garage Shelves (https://www.homedepot.com/p/Husky-5-Tier-Industrial-Duty-Steel-Freestanding-Garage-Storage-Shelving-Unit-in-Black-90-in-W-x-90-in-H-x-24-in-D-N2W902490W5B/319132842) Matt: Oxide and Friends: Breaking it down with Ian Brown (https://oxide.computer/podcasts/oxide-and-friends/1150480) Wu Tang Saga (https://www.imdb.com/title/tt9113406/) Season 3 coming next month! Coté: Mouth to Mouth (https://www.goodreads.com/en/book/show/58438631-mouth-to-mouth) by Antoine Wilson (https://www.goodreads.com/en/book/show/58438631-mouth-to-mouth). Photo Credits Header (https://unsplash.com/photos/euaDCtB_jyw) CoverArt (https://unsplash.com/photos/9xdho4stJQ8)
Marcos Nils has been into platform engineering for the best part of the last decade. He helped architect & build developer platforms using VMs & OpenStack, containers with Docker, and even Kubernetes. He did this at startups with 10 people, as well as large, publicly traded companies with 1000+ software engineers. Today we talk with Marcos about the hard parts of platform engineering.
Welcome to 2023! A new year is the perfect time to start with a fresh perspective. Given a few bare metal hosts with fast, local storage, how would you run your workloads on them? Would you cluster them for redundancy? What operating system would you choose? Steve Francis, CEO at Sidero Labs and Andrew Rynhard, CTO at Sidero Labs join us today to talk about running Talos Linux on bare metal.