Common term for an artisan/craftsman
POPULARITY
Msgr. Roger J. Landry 2025 Leonine Forum National Conference: “A Time To Build” JW Marriott, Orlando, Florida January 3, 2025 To listen to an audio recording of this morning’s conference, please click below: https://traffic.libsyn.com/secure/catholicpreaching/1.3.25_Rib_of_Adam_Rock_of_Peter_1.mp3 The Outline of the talk was: Introduction on the theme of the conference, “A Time to Build.” Following the Tekton […] The post The Rib of Adam, The Rock of Peter: Family and Church as the Building Blocks of Society, 2025 Leonine Forum National Conference, January 3, 2025 appeared first on Catholic Preaching.
As a follow-up to last week's show, in which host Martin Tanner described his text debate with uninformed, evangelical, anti-Mormon critic Iain Sharp, Host, Martin Tanner suggests two books for listeners interested in more information comparing and contrasting Latter-day Saint Christian beliefs with those of Evangelical Christians: "Are Mormons Christians?" and "How Wide the Divide." BYU Professor Stephen Robinson authored both books. Next, Martin gives a brief sketch of early Christian beliefs about Christmas, including, when Jesus was born, information about about Mary and Joseph, and, Jesus's vocation as a Tekton (craftsman). Martin discusses Jesus's earthly family, and then traces the belief in a Second Coming of Jesus to Acts 1:11 and 1 Thessalonians 4:16-17. The "Son of Man" described in Daniel chapter 7, was the annointed one, or Messiah, to early Christians. Jesus most used phrase to describe himself was "Son of Man," 30 times in Matthew, 14 times in Mark, 25 times in Luke, and 12 times in John.
Gabe has led more than $50mm of multi-family investments in metro Denver, across more than 500 apartment units in Denver, Lakewood and Aurora. Gabe is also the co-manager on over $25mm of multi-family investments (164 units) in Los Angeles.On this episode, Jake & Gabe discuss: Going from Wall St. into Real EstateBuilding Generational WealthRaising CapitalExecuting Value-Add Strategies Links:Gabe on TwitterTekton Group Connect & Invest with Jake:Follow Jake on Twitter: https://twitter.com/jwurzakTake the Hospitality Investing Masterclass: https://learn.jakewurzak.com/Learn How to Invest with DoveHill: https://bit.ly/3yg8Pwo Topics:(00:00:00) Intro(00:01:48) Going from Wall St. into Real Estate(00:09:38) The desire to create generational wealth(00:11:14) Balancing raising capital while building wealth in assets(00:14:26) What are some key principles you abide by to protect you against being a forced seller?(00:20:15) Waiting for the Fat Pitch(00:25:46) Can you define sub-institutional real estate and what are some market inefficiencies you see around the asset class?(00:30:43) How do you find deals?(00:34:07) A walkthrough of a deal that closed 2 weeks later(00:39:01) How do you execute quickly on your value-add strategy?(00:43:03) What's the structure of your fund and why did you decide to have a fund?(00:47:48) What did you learn from the first and second funds that you'll implement in the third?(00:59:18) Have you thought about deals that you never want to sell?(01:02:28) What have you learned from your worst deal?(01:06:23) Getting tenant feedback for Capex(01:08:26) Gabe's philosophy around 3rd party managers(01:12:15) What are your goals over the next 3 years?(01:17:12) What is your favorite hotel?
12 The word of God is alive and active. It is sharper than any sword that has two edges. It cuts deep enough to separate soul from spirit. It can separate bones from joints. It judges the thoughts and purposes of the heart. 13 Nothing God created is hidden from him. His eyes see everything. He will hold us responsible for everything we do.
Last week we discovered the triangular shape of Jesus' life. This week we seek to pattern our lives off of Jesus' life. As Jesus was UP, IN, and OUT, Grace 242 is called to Being, Making, and, Multiplying Disciples. Scripture Reading: Acts 2:42-47
Avalonia XPF This episode of The Modern .NET Show is supported, in part, by Avalonia XPF, a binary-compatible cross-platform fork of WPF, enables WPF apps to run on new platforms with minimal effort and maximum compatibility. Show Notes And keep in mind that, not to bash OWASP and the top ten at all because I'm a big fan of OWASP, but people always tell me like, "yeah, I'm OWASP compliant," and that's the biggest BS, to be honest. Because a top ten could not like, it should be an awareness piece and you should work from it. And there are better ways of dealing with that. But I think a security scorecard should never be a goal. It should be a means to reach the goal, to have better understanding, right? And hopefully they can change stuff and be more expressive. — Niels Tanis Welcome to The Modern .NET Show! Formerly known as The .NET Core Podcast, we are the go-to podcast for all .NET developers worldwide and I am your host Jamie "GaProgMan" Taylor. In this episode, Niels Tanis returned to the show. He was previous on the show back in episode 69 - The Risks of Third Party Code With Niels Tanis - which was released back in February of 2021. I asked Niels to back on the show to talk more about securing the software development supply chain and SBoMs (Software Bills of Materials). Yeah, that makes sense. It's funny. So I think when I started out talking about supply chain, and there were some tools that have been introduced to do SBoM data, and then you also come into an area called provenance, which tells more about the build and about "this build server was used. And I've run on GitHub actions, or I run on a GitLab instance, or I have stuff done differently," right? Maybe even the Redhat one: Tekton, that kind of thing. And based on that, I'm producing an SBoM. And I did a talk and I concluded with that, "it's like, these are cool tools, you need to look into it." And then somebody at the end asked me the question, "and the what? You have all the data? And then what?" I said, "yeah, that's solid question because that will be the next step." And it's funny that you mentioned it as well. So over the time, I think it was around already when I started out talking. But there's a project that Google created called Guac. — Niels Tanis So let's sit back, open up a terminal, type in dotnet new podcast and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-6/building-secure-software-unveiling-the-hidden-dependencies-with-niels-tanis/ Useful Links Getting started with Tekton Guac NDC in London NDC security Vercaode BinaryFormatter serialization methods are obsolete and prohibited in ASP.NET apps Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET Charles Lamb - To Be Creative, Don't Think So Hard Log4j vulnerability - what everyone needs to know Google SALSA CycloneDX Open Source Security Foundation ossf/scorecard: OpenSSF Scorecard securityscorecards.dev Newtonsoft.Json Open Source Insights What deps.dev has to say about OwaspHeaders.Core nielstanis/Fennec.NetCore: Fennec.NetCore Metalnem/sharpfuzz: AFL-based fuzz testing for .NET AFL) libfuzzer Five years of fuzzing .NET with SharpFuzz CodeQL SonarCube Cargo Vet Common Vulnerabilities and Exposures defintion OpenVas RLBox Emscripten Extending Webassembly to the Cloud with .NET Microsoft Build 2023 - Hyperlight Bytecode Alliance Wasmtime CyberBunker WasmCon 2023 Talks Playlist XKCD - Dependency Connecting with Niels: on Mastodon his website Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in touch: via the contact page joining the Discord Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.
CI/CD is not a villain. GitOps is not some kind of Kubernetes way of sneaking around it. In fact, GitOps falls under the CI/CD umbrella. Marcus Noble joins the show today to talk about how he uses a Kubernetes-native, open-source CI/CD framework called Tekton to test Kubernetes cluster creation, configuration, and deletion based on changes... Read more »
CI/CD is not a villain. GitOps is not some kind of Kubernetes way of sneaking around it. In fact, GitOps falls under the CI/CD umbrella. Marcus Noble joins the show today to talk about how he uses a Kubernetes-native, open-source CI/CD framework called Tekton to test Kubernetes cluster creation, configuration, and deletion based on changes... Read more »
CI/CD is not a villain. GitOps is not some kind of Kubernetes way of sneaking around it. In fact, GitOps falls under the CI/CD umbrella. Marcus Noble joins the show today to talk about how he uses a Kubernetes-native, open-source CI/CD framework called Tekton to test Kubernetes cluster creation, configuration, and deletion based on changes... Read more »
Jesus the “Tekton” from Nazareth | Pastor Michael Mattis Let us know what you think or send us your questions by visiting the site, or simply commenting below. We're glad you're here! Scripture & Literature References: Matthew 13:55 & Mark 6:3, Matthew 7:24-27, Luke 6:47-49, Isaiah 28:14-18, Ezekiel 33:29-33 --------------------------------------------------------------------------------- CONNECT: Website ► http://www.SaltboxChurch.com Podcast ► https://podcasts.apple.com/us/podcast... Instagram ► https://www.instagram.com/saltboxchurch/ Facebook ► https://www.facebook.com/saltboxchurch/ Yellow Truck Coffee Co. ► https://www.yellowtruckcoffeeco.com/ ---------------------------------------------------------------------------------
Kip McKenzie, CEO of Tekton Research, shares the organization's evolution from a single site to a network of 25 sites, highlighting their commitment to professionalism and growth within the clinical research landscape. Kip discusses the significance of site voices in driving successful clinical trials and their innovative personnel development strategies and highlights the Tekton University learning management system. Gain insights into their effective engagement with local universities for workforce development and goals for continued collaboration with the clinical research community.
Gabe has led more than $50mm of multi-family investments in metro Denver, across more than 500 apartment units in Denver, Lakewood and Aurora. Gabe is also the co-manager on over $25mm of multi-family investments (164 units) in Los Angeles. On this episode, Jake & Gabe discuss: Going from Wall St. into Real Estate Building Generational Wealth Raising Capital Executing Value-Add Strategies Links: Gabe on Twitter Tekton Group Connect & Invest with Jake: Follow Jake on Twitter: https://twitter.com/jwurzak Take the Hospitality Investing Masterclass: https://learn.jakewurzak.com/ Learn How to Invest with DoveHill: https://bit.ly/3yg8Pwo Topics: (00:00:00) Intro (00:01:48) Going from Wall St. into Real Estate (00:09:38) The desire to create generational wealth (00:11:14) Balancing raising capital while building wealth in assets (00:14:26) What are some key principles you abide by to protect you against being a forced seller? (00:20:15) Waiting for the Fat Pitch (00:25:46) Can you define sub-institutional real estate and what are some market inefficiencies you see around the asset class? (00:30:43) How do you find deals? (00:34:07) A walkthrough of a deal that closed 2 weeks later (00:39:01) How do you execute quickly on your value-add strategy? (00:43:03) What's the structure of your fund and why did you decide to have a fund? (00:47:48) What did you learn from the first and second funds that you'll implement in the third? (00:59:18) Have you thought about deals that you never want to sell? (01:02:28) What have you learned from your worst deal? (01:06:23) Getting tenant feedback for Capex (01:08:26) Gabe's philosophy around 3rd party managers (01:12:15) What are your goals over the next 3 years? (01:17:12) What is your favorite hotel?
Martin Kenneth Lopez es fundador y managing director de Tekton Labs, una empresa de consultoría en tecnología y desarrollo de software con más de 15 años de experiencia brindando servicios a múltiples industrias a lo largo de EE.UU y LATAM En el 2022, empezó The Boring Holding, una empresa que invierte y crece negocios tradicionales o “aburridos” al apalancarlos con tecnología y mejores prácticas de negocio. Kenneth es además Director en Endeavor Perú. Conoce más de Tekton Labs: https://www.tektonlabs.com ------------------------------------------------------------------- En Era Digital escalamos tu negocio con nuestra Agencia Integral de Growth Marketing
This interview was recorded for the GOTO Book Club.gotopia.tech/bookclubRead the full transcription of the interview hereMauricio Salatino - Author of "Platform Engineering on Kubernetes" Thomas Vitale - Software Architect & Author of "Cloud Native Spring in Action"RESOURCESMauricio@salaboylinkedin.com/in/salaboysalaboy.comThomas@vitalethomasgithub.com/ThomasVitalelinkedin.com/in/vitalethomasthomasvitale.comDESCRIPTIONPlatform Engineering on Kubernetes accelerates development of cloud-based systems with vibrant open source tools of the Kubernetes ecosystem. You'll use powerful open source projects like Helm, Tekton, Knative, and Crossplane to automate your projects from testing through delivery. Learn how to package services, build and deploy services to a Kubernetes cluster, and combine different tools to solve the complex challenges of CD in a cloud native environment.* Book description: © manning.comThe interview is based on the book "Platform Engineering on Kubernetes".RECOMMENDED BOOKSMauricio Salatino • Platform Engineering on KubernetesMauricio Salatino, Mariano De Maio & Esteban Aliverti • Mastering JBoss Drools 6Thomas Vitale • Cloud Native Spring in ActionDavid Farley • Modern Software EngineeringDave Farley & Jez Humble • Continuous DeliveryGene Kim, Jez Humble, Nicole Forsgren, Patrick Debois & John Willis • The DevOps HandbookForsgren, Humble & Kim • Accelerate: The Science of Lean Software and DevOpsJohn Arundel & Justin Domingus • Cloud Native DevOps with KubernetesTwitterLinkedInFacebookLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket: gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily
We'd appreciate you filling out our audience survey, so we can continuously work on providing relevant content to our listeners. https://www.thefortpod.com/survey Gabe is responsible for all aspects of the investment process including deal origination, due diligence, financing, investor relations, dispositions, and refinancings. Gabe works closely with the Head of Renovations on building repositioning and the Chief Operating Officer on asset management and property management. Gabe believes that a deep understanding of market and economic fundamentals are key to pricing real estate assets and leverages his 25 years of investment analysis to understand and forecast the risks and cash flows of investing in metro Denver real estate. Gabe has led more than $50mm of multi-family investments in metro Denver, across more than 500 apartment units in Denver, Lakewood, and Aurora. Gabe is also the co-manager of over $25mm of multi-family investments (164 units) in Los Angeles. On this episode, Chris & Gabe discuss: ➡️ His investing principles ➡️ What he learned from years on Wall Street ➡️ Why he chose sub-institutional MF ➡️ How he underwrites opportunities and creates value ➡️ Current market discussion and Tekton's plans for the future Additional Resources
For additional notes and resources check out Douglas' website.IntroWas Jesus a "carpenter" (Mark 6:3, Matt 13:55)? Tekton = builder. "Carpenter,” esp. in our culture, has a certain prestige. But not so much when someone tells you, “I'm in construction. I'm a manual laborer.”Jesus was more likely a stonemason. Wood is not the usual building material in Palestine – stone is much more common. As a builder he would have worked with others. He also may not have been as well-off as we might think. (After all, consider how few possessions he had at the end of his life.)He was not born into privilege; he had to work for a living. James wasn't wealthy, either. If anything, he stood on the side of the underprivileged.James 2:5-7James urges us not to privilege the rich. Often they are rich only because they are underpaying, entrapping, or otherwise exploiting the poor.Of course not all poor people will be saved, and not all rich people will be condemned.But the Scriptures heavily favor the needy, pity the plight of the poor, and call us all to take responsibility.Irony: cozying up to the very people who are exploiting you!The rich typically use the law to gain wealth, keep it, and make it grow—and keep it away from others.Further:Q&A 1616: “Are James's remains in the church of Santiago de Compostela in Spain?”N.T. Character Study on James, the brother of the Lord.A book on the ossuary of James, by Hershel Shanks and Ben Witherington III, The Brother of Jesus: The Dramatic Story and Meaning of the First Archaeological Link to Jesus and His Family (San Francisco: HarperCollins, 2003).Next: The Royal LawNote: For days 11-40 of the series, you will need to log in (with username and password), even if you are a paid subscriber. If you are not currently a subscriber, you can sign up here.
We've Always had the Christmas Story Wrong. Dr. Jeffery Chadwick. Joseph and Mary moved to Bethlehem to build a house and live there to fulfill ancient prophecy. They were not ‘Taxed” but were enrolled or registered as residents of Bethlehem. Jesus was born in a cave or grotto. Joseph carved the stone trough or manger. Joseph and Jesus were skilled construction workers, Stone Masons, Craftsmen and/or Builders. Not wood workers. And more… Part 1–Introduction of Dr. Jeffrey Chadwick, Census, taxes, or prophecy?, Tekton or carpenter, Betrothal, Joseph builds a home in Bethlehem, Herod's temple as place of revelation, Jesus's name is prescribed and is the Son of God, Joseph marries Mary, Taxes or enrolled and registered, Where did Joseph and Mary live in Bethlehem?, Guest room or cave?, Manger in stone. Part II– Dr. Jeffrey Chadwick. The Wise Men, The faithful examples of Joseph and Mary, Stone Manger: The Untold Story of the First Christmas, Joseph was a tekton and the name Cephas, “His name shall be called Wonderful”, A spiritual and political Messiah, Philip and the Ethiopian Jew, Jesus as Deliverer and will bring salvation, Christmas joy and gathering. Dr. Jeffrey Chadwick explores the possibilities of census, housing, and manger traditions in the ancient Levant. Note- this selection is a condensed version of the podcast. To watch the entire, visit the links listed. Christmas Part 1 • Dr. Jeffrey Chadwick • Dec. 19 - Dec 25 • Come Follow Me https://youtu.be/MfyRLvSyax4 Follow Him Podcast with Dr. Hank Smith and Co-host John Bytheway 59.9K subscribers 49,621 views. Premiered Dec 14, 2022. Old Testament Are there parallels between Jesus's birth in a cave, resting in a stone manger, his burial in a tomb, and his resting place on a stone? Dr. Jeffrey Chadwick explores the possibilities of census, housing, and manger traditions in the ancient Levant. Please rate and review the podcast! Show Notes (English, French, Spanish, Portuguese): https://followhim.co/old-testament/ Apple Podcasts: https://podcasts.apple.com/us/podcast... Facebook: https://www.facebook.com/followhimpod... Instagram: https://www.instagram.com/followhimpo... Spotify: https://open.spotify.com/show/15G9TTz... Part 1–Introduction of Dr. Jeffrey Chadwick, Census, taxes, or prophecy?, Tekton or carpenter, Betrothal, Joseph builds a home in Bethlehem, Herod's temple as place of revelation, Jesus's name is prescribed and is the Son of God, Joseph marries Mary, Taxes or enrolled and registered, Where did Joseph and Mary live in Bethlehem?,Guest room or cave?,Manger in stone. End of Part 1– Christmas Part 2 • Dr. Jeffrey Chadwick • Dec. 19 - Dec 25 • Come Follow Me https://youtu.be/ACgc80QfLyI Follow Him Podcast 59.9K subscribers 27,850 views. Premiered Dec 14, 2022. Old Testament Dr. Chadwick continues to explore the historical significance of archaeological and historical findings and the spiritual significance of the life and birth of Jesus Christ. Please rate and review the podcast! Show Notes (English, French, Spanish, Portuguese): https://followhim.co/old-testament/ Apple Podcasts: https://podcasts.apple.com/us/podcast... Facebook: https://www.facebook.com/followhimpod... Instagram: https://www.instagram.com/followhimpo... Spotify: https://open.spotify.com/show/15G9TTz... Part II– Dr. Jeffrey Chadwick. The Wise Men, The faithful examples of Joseph and Mary, Stone Manger: The Untold Story of the First Christmas, Joseph was a tekton and the name Cephas, “His name shall be called Wonderful”, A spiritual and political Messiah, Philip and the Ethiopian Jew, Jesus as Deliverer and will bring salvation, Christmas joy and gathering, End of Part II–Dr. Jeffrey Chadwick Free New Testament online study guide for 2023- Come, Follow Me—For Individuals and Families: New Testament 2023 https://www.churchofjesuschrist.org/study/manual/come-follow-me-for-individuals-and-families-new-testament-2023?lang=eng
Robert Miller is the chief engineer and owner of Tekton Engineering. Robert is a passionate leader with the desire to help his team reach their potential. Follow them on Instagram or find them on their website.Instagram: https://www.instagram.com/tektonengineering/Website: https://www.tekton-eng.com/
Dan Lorenc is Founder & CEO of Chainguard, the platform to secure your software supply chain. Chainguard supports many popular open source projects such as Sigstore, SLSA, and Tekton. Chainguard has raised $55M from investors including Sequoia and Amplify Partners. In this episode, we discuss the importance of market education when creating a new category of software, assessing market timing when launching your company, some of Chainguard's unique content strategies, and more!
Tekton is a family-owned hand tool company that questioned conventional assumptions in its industry by building a direct-to-consumer channel. It sees benefits in running a vertically integrated model that goes from making wrenches all the way to fulfilling orders. In this episode, Dirk and Kelly speak with brothers John (CEO) and Jeff (CMO) on why and how they built out a new channel, without hiring outside help. They went full MACH using an in-house tech team out of Grand Rapids Michigan.
Cet épisode marathon sera découpé en deux morceaux pour éviter à vos oreilles une écoute marathon. Dans cet épisode on y parle Brian Goetz, Bian Goetz, Brian Goetz, usages des threads virtuels, OpenAPI, Kubernetes, KNative, copilot et Tekton. La deuxième partie couvrira des sujets d'architecture et de loi société et organisation ainsi que les conférences à venir. Enregistré le 8 juillet 2022 Téléchargement de l'épisode LesCastCodeurs-Episode–281.mp3 News Langages Peut-être une nouvelle syntaxe spécifique aux Records Java pour tordre le cou aux builders Brian Goetz discute de l'idée d'avoir une syntaxe spécifique pour les records pour facilement créer un record dérivé, potentiellement avec des valeurs par défaut, mais en paramétrant certains champs Point shadowPos = shape.position() with { x = 0 } Cela évite de créer la notion de paramètre par défaut dans les constructeurs ou les méthodes Il y a l'article Data Oriented Programming de Brian Goetz, sur InfoQ projet Amber amène des changements qui combinés permet de faire du data oriented programming en Java et pas que du OOP OO combine état et comportement (code) OO est super utile pour défendre des limites (programme large en des limites plus petites et plus gérable) mais on s'oriente vers des applications plus petites (microservices) data oriented programming: modélise data immuable et le code de la logique métier est séparée records -> data en tant que classe, sealed classes -> définir des choix, pattern matching -> raisonne sur des data polymorphiques algebraic data: hiérarchie de sealed classes dont les feuilles sont des records: nommées, immuable, testable (pas de code) Un nouveau JEP pour intégrer une Classfile API Le JDK inclut déjà des forks de ASM, de BCEL, et d'autres APIs internes, pour manipuler / produire / lire le bytecode Mais l'idée ici c'est que le JDK vienne avec sa propre API officielle, et qui soit plus sympa à utiliser aussi que le pattern visiteur de ASM par exemple La version d'ASM intégrée était toujours en retard d'une version (problème de poule et d'oeuf, car ASM doit supporter la dernière version de Java, mais Java n+1 n'est pas encore sorti) Lilian nous montre à quoi va ressembler les Record Patterns de JEP 405 Apache Groovy et les virtual threads, et aussi Groovy et le Deep Learning Paul King, qui dirige actuellement le PMC de Apache Groovy, a partagé récemment plusieurs articles sur le blog d'Apache sur des intégrations intéressantes avec Groovy Groovy et sa librairie GPars pour la programmation concurrente et parallèle s'intègre facilement avec les Virtual Threads de JEP 425 / JDK 19 https://blogs.apache.org/groovy/entry/gpars-meets-virtual-threads Groovy avec Apache Wayang et Apache Spark pour classifier des Whiskey par clusterisation KMeans https://blogs.apache.org/groovy/entry/using-groovy-with-apache-wayang Et aussi Groovy avec différentes librairies de Deep Learning pour la classification https://blogs.apache.org/groovy/entry/classifying-iris-flowers-with-deep Le jargon (en anglais) de la programmation fonctionnelle, si vous avez rêvé d'avoir sous la main la définition de foncteur, de monoïde, et j'en passe avec des exemples en JavaScript des pointeurs vers des librairies fonctionnelles en JavaScript des traductions dans d'autres langues et d'autres langages de programmation Librairies Spring Boot 2.7 SpringBoot 2.7 Spring GraphQL 1.0 Support pour Podman Gestion de dépendance et auto configuration pour Cache2k nouvelle annotations pour Elasticsearch et CouchBase dernière versions avant SpringBoot 3 qui changera plus de choses. Recommande de migrer une version a la fois. Support pour 2.5 à fini (upstream) Quarkus 2.10.0 Travaux préliminaires sur les threads virtuels de Loom Support non-blocking pour GraphQL Prise en charge des Kubernetes service binding pour les clients SQL réactifs CacheKeyGenerator pour l'extension de cache quarkus-bootstrap-maven-plugin déprécié et remplacé par quarkus-extension-maven-plugin (uniquement utile pour les développeurs d'extensions Quarkus) Nouveaux guides: Using Stork with Kubernetes OpenId Connect Client Reference Guide Using Podman with Quarkus Les différences entre OpenAPI 2 et 3 Introduction de la notion de lien pour créer des relations entre Response et Operations, pratique pour faire des APIs hypermédia La structure du document OpenAPI a été -un peu simplifiée, en combinant par exemple basePath et schemes, ou en rassemblant les securityDefinitions Des améliorations sur les security schemes, autour de OAuth et OpenID Plus de clarté dans la négociation de contenu et les cookies La section des exemples de Request / Response devrait aider les outils qui génèrent par exemple des SDK automatiquement à partir de la description OpenAPI Un support étendu de JSON Schema Introduction d'une notion de Callback, importante pour les APIs asynchrones, en particulier les WebHooks je me demande si ils ont l'intention d'embrasser AsyncAPI ou su la partie asynchrone d'OpenAPI 3 a pour objectif de faire de la competition Infrastructure N'utilisez pas Kubernetes tout de suite ! Kubernetes, c'est bien, mais c'est un gros marteau. Est-ce que vous avez des gros clous à enfoncer ? Ne commencez peut-être pas avec l'artillerie lourde de Kubernetes. Commencez plutôt avec des solutions managées genre serverless, ce sera plus simple, et au fur et à mesure si votre infrastructure a besoin de grossir et dépasse les fonctionnalités des solutions managées, à ce moment là seulement évaluer si Kubernetes peut répondre à votre besoin Choisir Kubernetes, c'est aussi avoir la taille de l'équipe qui va bien avec, et il faut des profils DevOps, SRE, etc, pour gérer un cluster K8S L'auteur suggère grosso modo que ça dépend de l'ordre de magnitude de la taille de l'équipe : avec quelques personnes, préférez des solutions type Google App Engine ou AWS App Runner, avec une dizaine de personne peut-être du Google Cloud Run ou AWS Fargate, avec moins d'une centaine là pourquoi pas du Kubernetes managé comme Google Kubernetes Engine, et si vous dépassez mille, alors peut-être vos propres clusters managés par vos soins et hébergés par vos soins sur votre infra ca impose d'utiliser les services du cloud provider? Parce que la vie ce n'est pas que du code maison. C'est la mode de dire de pas utiliser K8S : https://www.jeremybrown.tech/8-kubernetes-is-a-red-flag-signalling-premature-optimisation/ (mais bon, vu le nombre de fois où il est pas utilisé à b Knative Eventing Devlivery methods on peut faire de la delviery simple 1–1 sans garantie on peut faire de la delivery complexe et persistante en introduisant la notion de channel qui decouple la source de la destination. on peut repondre a la reception d'un message et pousser la réponse dans un second channel mais ca devient compliquer a gérer quand on rajoute des souscripteurs il y a la notiuon de broker qui definit: des flitres, un channel (automatique) et la capacité de répondre les triggers sont un abonnement non pas a un channel mais a un type d'évènement spécifique Cloud AWS is Windows and Kube is Linux pourquoi utilisez Kube qui etait pas stablewa lors qu'AWS offre tout AWS forcé d'offrir EKS MAis pourri Lockin AWSIAM Pourquoi AWS serait le windows economies d'echelles de faire chez soi kube devient rentable une certaine taille de l'organisation besoin alternative a AWS (bus factor) on voit le Kube distro modele arriver Google data center Paris Outillage IntelliJ IDEA 2022.5 EAP 5 amène des nouveautés Frameworks and Technologies Spring 6 and Spring Boot 3 Support for new declarative HTTP Clients in Spring 6 URL completion and navigation for Spring Cloud Gateway routes Experimental GraalVM Native Debugger for Java Code insight improvements for JVM microservices test and mock frameworks Code insight improvements for Spring Shell Improved support for JAX-RS endpoints Support for WebSockets endpoints in HTTP Client Support for GraphQL endpoints in the HTTP Client UI/UX improvements for the HTTP Client Improved navigation between Protobuf and Java sources Kubernetes and Docker Intercept Kubernetes service requests with Telepresence integration Upload local Docker image to Minikube and other connections Docker auto-connection at IDE restart Docker connection options for different docker daemons GitHub copilot est disponible pour tous (les developpeurs) 40% du code écrit est généré par copilot en python (ca calme) gratuit pour les étudiants et les développeurs OSS Revue de Redmonk décrit copilot comme une extension d'intelligence ou auto complete mais qui « comprend » le code autour premiere fois pas une boite de cette taille et à cette échelle l'avantage de copilot en terme de productivité, de qualité de code, de sécurité et de légalité En gros, c'est encore à voir. Mais la qualité impressionne les gens qui l'ont testé ; sécurité pas de retour d'un côté ou de l'autre sauf que les développeurs humains ne sont pas des lumières de sécurité :D GitHub pense que GitHub n'est pas responsable de la violation de code vue que ce sont des machines et des algorithmes qui transforment: cela a l'air d'etre le consensus des avocats GitHub dit qu'on est responsable du code qu'on écrit avec copilot Et implicitement GitHub dit que la licensure du code « source » ne se propage pas au code generé. Et là, c'est pas clair et de la responsibilité de l'utilisateur, mais la encore les avocats sont plutot ok moralement c'est probablement pas ok mais bon et il y a débat autour des licenses copyleft notamment LGPL 1% du temps, code copié verbatim de > 150 caractères Question sur le code non open source sur lequel GitHub Copilot s'appuie mais en gros le marcher s'en fout un peu des licences Risque de reputation de Microsoft la question c'est quand / si les gens seront prêt à accepter cet usage Gradle publie sa roadmap Historiquement, la société Gradle Inc ne publiait pas vraiment de roadmap officielle Outre les tickets que l'on pouvait voir dans Github, cette fois ci, une “roadmap board” est visible et disponible pour tout le monde, et pas seulement pour les clients Tekton est groovy (mais non, il n'utilise pas Groovy !) Un grand tutoriel sur Tekton Une brève histoire de CI/CD (avec un contraste avec Groovy utilisé dans Jenkins) Un aperçu des grands concepts de Tekton, avec ses tâches et ses pipelines (Task, TaskRun, Pipeline, PipelineRun) Comment installer Tekton Les outils CLI Un exemple concret d'utilisation Sortie de Vim 9, surtout avec VimScript 9 des changements incompatibles entre VimScript 8.2 et 9 font qu'il était nécessaire de passer à une version majeure mais l'ancienne version du langage reste supportée pour compatibilité avec la nouvelle, les utilisateurs peuvent s'attendre à des performances x10 voire x100 ! le langage devient pré-compilé, au lieu d'être interprété ligne par ligne l'idée était d'avoir un langage plus proche de ce qu'on trouve dans JavaScript, TypeScript ou Java Conférences De la part de Youen Cette année Codeurs en Seine, c'est le 17 novembre et le cfp est ouvert N'hésitez pas à amener un peu de JVM dans l'appel à orateur. (ca commence à se faire rare). Pour rappel : codeurs en seine c'est 1000 personnes autour des métiers du développement dans une des plus grande salle de Rouen, le kindarena. Nous contacter Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Faire un crowdcast ou une crowdquestion Contactez-nous via twitter https://twitter.com/lescastcodeurs sur le groupe Google https://groups.google.com/group/lescastcodeurs ou sur le site web https://lescastcodeurs.com/
https://go.dok.community/slack https://dok.community/ From the DoK Day EU 2022 (https://youtu.be/Xi-h4XNd5tE) With the advent of microservices in Kubernetes, individual developer teams now manage their own data, middleware, and databases. Automated tests and CI/CD pipelines have to be revisited to include these new requirements. This session will discuss and demonstrate how to use Kustomize and Tekton to provide Kube-Native automated workflows taking into account new parameters such as database operators, StorageClass and PVC. In this talk, Nic is also going to provide some insights on how to optimize Tekton to work with multiple workspaces and overcome some of the affinity limitations. The demonstration will focus on building a comics cards web application using a flask-based frontend and leveraging postgreSQL as the database. It will cover the automation of multiple lifecycle stages: - local laptop testing automation on K3S with Kustomize - production deployment using Flux, Tekton and the Zalando PostreSQL operator Nicolas is an experienced hands-on technologist, evangelist, and product owner who has been working in the fields of Cloud-Native technologies, Open Source Software, Virtualization, and Datacenter networking for the past 17 years. Passionate about enabling users and building cool tech solving real-life problems, you'll often see him speaking at global tech conferences and online events, spreading the word, and walking the walk with customers and users.
Show Notes Neal comes back to to talk DevOps with Brandon. As usual when Neal and Brandon get together, they plan on a 20-30 minute discussion and it nearly goes on for an hour. I hope you enjoy, we weren't finished either so watch out for part 2 of the DevOps series. Links: Destination Linux Network (https://destinationlinux.network) Sudo Show Website (https://sudo.show) Sponsor: Bitwarden (https://bitwarden.com/dln) Sponsor: Digital Ocean (https://do.co/dln) ArgoCD (https://argoproj.github.io/) Tekton (https://tekton.dev/) Jenkins (https://www.jenkins.io/) DevOps Definition (https://devops.com/definition-devops-masses/) Datto Careers (https://www.datto.com/careers/) Follow Neal on Twitter (https://twitter.com/Det_Conan_Kudo) Follow Neal on Fosstodon (https://fosstodon.org/@Conan_Kudo) Support: Sudo Show Patreon (https://sudo.show/patreon) Sudo Show Sponsus (https://sudo.show/sponsus) Sudo Show Swag (https://sudo.show/swag) Contact Us: DLN Discourse (https://sudo.show/discuss) Email Us! (mailto:contact@sudo.show) Sudo Matrix Room (https://sudo.show/matrix) Follow our Hosts: Brandon's Website (https://open-tech.net) Chapters 00:00 Intro 00:42 Welcome 01:43 DigitalOcean Ad 02:42 Bitwarden Ad 03:22 Main Content 54:04 Outro Special Guest: Neal Gompa.
Concluindo o episódio do encontro de Jesus no templo, São Lucas relata que partiu com eles e voltou para Nazaré. Praticamente toda a vida de José parece ter se desenrolado aqui em Nazaré. E o que o habitante de uma aldeia remota como Nazaré pode esperar da vida? Trabalho e nada mais que trabalho; todos os dias, sempre com o mesmo esforço. Então, no final do dia, recuperar as forças e começar a trabalhar novamente no dia seguinte. Assim passou a vida de José em seu retorno do Egito, aliás idêntica ao que tinha sido antes, desde o fim de sua infância. Ele provavelmente morreu antes de Jesus começar a vida pública. Em Nazaré, porém, ele foi lembrado ainda mais tarde, e as referências evangélicas especificam que ele foi lembrado sobretudo por sua condição de trabalhador. Quando Jesus começou o seu ministério, tinha cerca de trinta anos e era filho, como se acreditava, de José (Lc 3,23). Assim São Lucas, depois de ter dedicado um breve relato ao batismo de Jesus, abre os anos da vida pública com sua genealogia. Um pouco mais adiante, por ocasião da visita que Jesus fez a Nazaré - e que rendeu parcos frutos pela incredulidade de seus conterrâneos -, ele relata o comentário do povo espantado com a sabedoria de suas palavras: é ele o filho de José? (Lc 4,22). Desta vez, São Lucas preferiu recordar José, enquanto foi Mateus quem mencionou a Virgem: Não é filho do carpinteiro? Sua mãe não se chama Maria? (Mt 13,55). São Marcos ecoa Mateus: Não é este o carpinteiro, o filho de Maria? (Mc 6,3). Note-se que o termo "carpinteiro", muito utilizado nas traduções, não é o mais adequado para designar José, nem, aliás, Jesus. Tekton, no original grego com uma palavra que na opinião mais difundida se traduz por "artesão ". José era, portanto, um artesão, um trabalhador que ganhava a vida com as mãos para si e para seu povo. A identificação da profissão de José com a de carpinteiro deve provavelmente ser rastreada até São Justino, que ele mesmo a usou em seu Diálogo com Trífon. E existe um apócrifo que conta a história de José o carpinteiro. Dada a sua autoridade e o fato de ter escrito no século II, não é de se admirar que, a longo prazo, a tese tenha prevalecido. O termo usado pelo texto grego pode, no entanto, designar tanto o trabalhador que trabalha o ferro quanto o que trabalha a madeira. Santo Ambrósio se expressou por um ferreiro José, e teve alguns seguidores. Afinal, uma hipótese não exclui a outra, se considerarmos que Nazaré não era uma cidade grande o suficiente para contar, por assim dizer, trabalhadores qualificados: como acontece em povoações pequenas, ao invés de se especializar era costume aprender a resolver problemas cotidianos, para satisfazer as necessidades mais imediatas das pessoas comuns que viviam no bairro; em uma palavra, várias coisas tinham que ser compreendidas. Há também quem traduza o termo grego como mestre construtor, construtor de casas, e alguns autores antigos - sem muito fundamento, na verdade - dizem que José era ourives. --- Send in a voice message: https://anchor.fm/locus-mariologicus/message
A detailed analysis of the Historical Jesus as carpenter. Become a Premium Subscriber: Monthy: $3 Yearly: $25 $50 $100 $250Support the podcast by purchasing from Amazon HERE. The post The Backyard Professor: 025: The Gospel of Mark’s Jesus as Tekton: Carpenter appeared first on Mormon Discussions Podcasts - Full Lineup.
A detailed analysis of the Historical Jesus as carpenter.
In our latest #TechTalks episode, Zoe Cunningham is joined by Christie Wilson, software engineer at Google, to explore the importance of continuous delivery, how it started as continuous integration during the 90s, and how to use it now to improve your work. PLUS... Visit our website to enter our competition below for a free copy of book: https://tinyurl.com/continuous-delivery-CD (ends 24/12/21) Christie Wilson is a software engineer at Google, with over a decade of experience dealing with complex deployment environments and high-criticality systems. She is a frequent speaker on CI/CD at conferences including KubeCon, OSCON, QCon, and PyCon. At Google, she built internal productivity tooling for AppEngine, bootstrapped Knative, and created Tekton, a cloud-native CI/CD platform built on Kubernetes. She is the author of her new book, Grokking Continuous Delivery.
Alle Firmenwagenfahrer kennen ihn, den Reifenservice. Viele private Autofahrer nutzen ihn, damit auch sie das zweite Paar Reifen im Sommer bzw. Winter irgendwo lagern können. Welche Erfahrungen Dirk gemacht hat, erzählt er ausführlich und Spass gemacht hat es ihm nicht. Dominic hat auch eine lustige Geschichte zum Thema erzählt und alle die je einen Reifenservice in Anspruch genommen haben, könnten bestimmt auch eine Geschichte beitragen. Dominic hat sich auch den Zapfenstreich reingezogen und wir huldigen Angela Merkel für ihren Dienst. Und dann stellt er die Frage, ob ein Priester oder ein „Gläubiger*in“ an Ausserirdische glauben darf, soll oder muss. Parallel gibt er preis, dass das Wort des Jahres Wellenbrecher ist. Die Guckempfehlungen der Woche sind „Cowboy Beebop“, „Unzensiert - Bushido, meine Wahrheit“, Marie-Agnes Strack-Zimmermann bei Chez Krömer, „14 Summets“ und „Arcane“ sowie „Der Spion“ mit Cumberbatch. Achso, und eins macht Dirk nicht - die Augen von Dominic küssen. Abonniert uns auf: Apple Podcasts: https://podcasts.apple.com/de/podcast/ist-doch-wurscht-wie-der-podcast-heisst/id1500941965 Spotify: https://open.spotify.com/show/2jORFqugpKOkmyL8EnZK6r?si=vQ_hvXKwQbehIdiwez03Dw Youtube: https://www.youtube.com/playlist?list=PLHug0m47v3pz67oMLWUu7aqkIGb5DCAmV #istdochwurschtwiederpodcastheisst #produktivität #biohacking #biohack #corona #coronavirus #biotech #mainz #chicago #filme #serien #bücher #podcastlife #podcasting #podcaster #applepodcasts #podcastmovement #podcastjunkie #hawkeye #wheeloftime #hubermanlab #cowboybebop #arcade #bushidounzensiert #bushido #zapfenstreich #chezkrömer #derspion Photo by Tekton on Unsplash
Following several days fun waterfowl hunting together in Saskatchewan, Canada, Ramsey Russell meets with Joey D'Amico of Tekton Game Calls, who recently quit the 9-to-5 grind to chase his dreams. Where'd D'Amico grow up, how's hunting Canadian Prairies contrast with hunting South Carolina's Sparkleberry Swamp? What lead him to pursue his dreams full-time? Where's the name Tekton originate and what's it's importance to D'Amico? Like walking to the truck with a strap-full of ducks swaying on your shoulder, this episode leaves you feeling good. Please subscribe, rate and review Duck Season Somewhere podcast. Share your favorite episodes with friends! Business inquiries and comments contact Ramsey Russell ramsey@getducks.com Podcast Sponsors: BOSS Shotshells Benelli Shotguns Kanati Waterfowl Taxidermy Mojo Outdoors Tom Beckbe Flash Back Decoys GetDucks USHuntList It's really duck season somewhere for 365 days per year. Follow Ramsey Russell's worldwide duck hunting adventures as he chases real duck hunting experiences all year long: Instagram @ramseyrussellgetducks YouTube @GetDucks Facebook @GetDucks.com
Cloud Security News this week 21 October 2021 It's a month full of conferences and as promised we are back with our 2nd episode this week to bring you the cloud security highlights from KubeCon. In this episode we will share some of our team's favourite from Kubecon 2021 North America If you aren't quite familiar with the wonderful world of Kubernetes, there are a few weird and wonderful open source acronyms in today's episode. TUF refers to The Update Framework, SPIFFE refers to Secure Production Identity Framework for Everyone SPIFFE, SPIRE is the SPIFFE's Runtime Environment). Now that we are all across cool Kube words - lets into the talks Starting off with the talk from Andrew Martin, Co-Founder of Control Plane and Author of Hacking Kubernetes and Kubernetes Threat Modelling. He spoke about Kubernetes Supply Chain Security - he showcased work to build a Kubernetes Software Factory with Tekton and Deep dived on signing and verification approaches to securely build software with (TUF) SPIFFE, SPIRE and sigstore Ian Coldwater from Twilio; Brad Geesaman & Rory McCune from Aqua Security Duffie Cooley from Isovalent combined forces to share with the community how they do security research or hacking Kubenetes clusters using a recently discovered Kubernetes CVE (Common Vulnerability and exposure) - Their talk was called Exploiting a Slightly Peculiar Volume Configuration with SIG-Honk Matt Jarvis from Synk shared what to do if your container has a huge number of Vulnerabilities - how to prioritise them and remediate them in his talk My Container Image has 500 Vulnerabilities, Now What? Talking about containers and Vulnerability scanning If you want to know about how vulnerability scanners work, their blind spots and how to implement a practical risk based approach to remedy vulnerabilities that really matter to your organisation - check out Pushkar Joglekar's Keeping Up with the CVEs: How to Find a Needle in a Haystack? If you find yourself asking “How do I access my S3 bucket in AWS from my GCP cluster?” Brandon Lum & Mariusz Sabath, IBM may have the answer for you in their talk Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak where they talk about a proposed shift in the perspective of workload identity from being “platform specific” to “organization wide” using SPIFFE/SPIRE and the new SPIFFE Tornjak project. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Cloud Security News this week 21 October 2021 It's a month full of conferences and as promised we are back with our 2nd episode this week to bring you the cloud security highlights from KubeCon. In this episode we will share some of our team's favourite from Kubecon 2021 North America If you aren't quite familiar with the wonderful world of Kubernetes, there are a few weird and wonderful open source acronyms in today's episode. TUF refers to The Update Framework, SPIFFE refers to Secure Production Identity Framework for Everyone SPIFFE, SPIRE is the SPIFFE's Runtime Environment). Now that we are all across cool Kube words - lets into the talks Starting off with the talk from Andrew Martin, Co-Founder of Control Plane and Author of Hacking Kubernetes and Kubernetes Threat Modelling. He spoke about Kubernetes Supply Chain Security - he showcased work to build a Kubernetes Software Factory with Tekton and Deep dived on signing and verification approaches to securely build software with (TUF) SPIFFE, SPIRE and sigstore Ian Coldwater from Twilio; Brad Geesaman & Rory McCune from Aqua Security Duffie Cooley from Isovalent combined forces to share with the community how they do security research or hacking Kubenetes clusters using a recently discovered Kubernetes CVE (Common Vulnerability and exposure) - Their talk was called Exploiting a Slightly Peculiar Volume Configuration with SIG-Honk Matt Jarvis from Synk shared what to do if your container has a huge number of Vulnerabilities - how to prioritise them and remediate them in his talk My Container Image has 500 Vulnerabilities, Now What? Talking about containers and Vulnerability scanning If you want to know about how vulnerability scanners work, their blind spots and how to implement a practical risk based approach to remedy vulnerabilities that really matter to your organisation - check out Pushkar Joglekar's Keeping Up with the CVEs: How to Find a Needle in a Haystack? If you find yourself asking “How do I access my S3 bucket in AWS from my GCP cluster?” Brandon Lum & Mariusz Sabath, IBM may have the answer for you in their talk Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak where they talk about a proposed shift in the perspective of workload identity from being “platform specific” to “organization wide” using SPIFFE/SPIRE and the new SPIFFE Tornjak project. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:
Guest Dan Lorenc Panelists Eric Berry | Justin Dorfman | Richard Littauer Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Today, we have a very special guest, Dan Lorenc, who is a Staff Software Engineer and the lead for Google's Open Source Security Team. Dan founded projects like Minikube, Skaffold, TektonCD, and Sigstore. He blogs regularly about supply chain security and serves on the TAC for the Open SSF. Dan fill us in on how Docker fits into what he's doing at Google, he tells us about who's running the Open Standards that Docker is depending on, and what he's most excited for with Docker with standardization and in the future. We also learn a little more about a blog post he did recently and what he means by “package managers should become boring,” and he tells us how package managers can help pay maintainers to support their libraries. We learn more about his project Sigstore, and his perspective on the long-term growth of the software industry towards security and how that will change in the next five to ten years. Go ahead and download this episode now to find out much more! [00:01:09] Dan tells us his background and how he got to where he is today. [00:03:08] Eric wonders how Docker fits into what Dan is doing at Google and if he can compare Minicube and his work with what the Docker team is trying to drive. He also compares Kubernetes to Docker and how they relate. [00:06:13] Dan talks about if he sees a shift of adoption in the sphere of what he's seeing, and Eric asks if he feels that local development with Docker is devalued a little bit if you don't use the same Docker configuration for your production deploy. [00:08:49] Richard wonders in the long-term, if Dan thinks we're going to continually keep making Dockers, better Kubernetes, or at some point are we going to decide that tooling is enough. [00:10:35] We learn who's currently running the Open Standards that Docker is depending on and Dan talks about the different standards. [00:12:13] Dan shares how he thinks the shift towards open standards in particular with Docker, influences open source developers who are in more smaller companies, in SMEs, in medium-sized companies, or solo developers out there who may not have the time to get involved in open standards. [00:13:45] Find out what Dan is really excited about in terms of Docker, with standardization or in the future that will lead to a more sustainable ecosystem. [00:15:17] Justin brings up Dan's blog and a recent post he just did called, “In Defense of Package Managers,” and in it he mentions package managers should become boring, so he explains what he means by that. [00:18:01] Dan discusses how package managers can help pay maintainers to support their libraries. [00:22:03] Richard asks Dan if he has any thoughts on getting other ways of recognition to maintainers down the stack than just paying them. He mentions things that he loves that GitHub's been doing recently showing people their contribution history. [00:23:46] Find out about Dan's project Sigstore and what his adoption looks like so far. [00:26:35] Richard wonders if Dan thinks it's a good idea to have that ecosystem depend upon a few brilliant people like him doing this work or if there's a larger community of people working on security supply chain issues. Also, who are his colleagues that he bounces these ideas off of and how do we eliminate the bus factor here. Dan tells us they have a slack for Sigstore [00:30:03] We learn Dan's perspective on the long-term growth of the software industry towards security in general, how will that change over the next five to ten years, and how his role and the role of people like him will change. [00:31:35] Find out all the places you can follow Dan on the internet. Quotes [00:10:14] “You kind of move past that single point of failure and single tool shame that's actually used to manage everything.” [00:12:44] “So, they kind of helped contribute to the standardization process by proving stuff out by getting to try all the new exciting stuff.” [00:16:33] The “bullseye” release actually just went on a couple of days ago which was awesome.” [00:17:04] “It's a problem because there's nobody maintaining, which is a really good topic for sustainability.” [00:24:46] “But nobody's doing it for open source, nobody's signing their code on PyPy or Ruby Gems even though you can.” [00:29:50] “These are not the Kim Kardashians of the coding community.” [00:30:25] “Something that we've been constantly reminding, you know, the policy makers wherever we can, is that 80 to 90% of software in use today is open source.” [00:30:51] “And even if companies can do this work for the software that they produce if we don't think of, and don't take care of, and don't remember that these same requirements are going to hit opensource at the very bottom of the stack, and we're kind of placing unfunded mandates and burdens on these repositories and maintainers that they didn't sign up for it.” [00:31:11] “So we're really trying to remind everyone that as we increase these security standards, which we should do and we need to do, because software is serious, and people's lives depend on it.” Spotlight [00:32:32] Eric's spotlight is a game called Incremancer by James Gittins. [00:33:35] Justin's spotlight is Visual Studio Live Share. [00:34:04] Richard's spotlight is the BibTeX Community. [00:35:03] Dan's spotlight is the Debian maintainers. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) Dan Lorenc Twitter (https://twitter.com/lorenc_dan?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Dan Lorenc Linkedin (https://www.linkedin.com/in/danlorenc) Dan Lorenc Blog (https://dlorenc.medium.com/) Tekton (https://tekton.dev/) Minikube (https://minikube.sigs.k8s.io/docs/) Skaffold (https://skaffold.dev/) Open SSF (https://openssf.org/) Open Container Initiative (https://opencontainers.org/) Committing to Cloud Native podcast-Episode 20-Taking Open Source Supply Chain Security Seriously with Dan Lorenc (https://podcast.curiefense.io/20) “In Defense of Package Managers” by Dan Lorenc (https://dlorenc.medium.com/in-defense-of-package-managers-31792111d7b1?) Open Source Insights (https://deps.dev/) GitHub repositories Nebraska users (https://github.com/search?q=location%3Anebraska&type=users) CHAOSScast podcast (https://podcast.chaoss.community/) Sigstore (https://www.sigstore.dev/) RyotaK Twitter (https://twitter.com/ryotkak) Dustin Ingram Twitter (https://twitter.com/di_codes?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Incremancer (https://incremancer.gti.nz/) Visual Studio Live Share (https://visualstudio.microsoft.com/services/live-share/) Enhanced support for citations on GitHub-Arfon Smith (https://github.blog/2021-08-19-enhanced-support-citations-github/) Debian (https://www.debian.org/) Debian “bullseye” Release (https://www.debian.org/releases/bullseye/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Dan Lorenc.
A conversation with Shripad Nadgowda about DevSecOps and supply chain security. IBM Research DevSecOps IBM Code Risk Analyzer What is Tekton ? Cloud Native Toolkit Create a toolchain that scans for security risks KubeCon North America Cloud Data Security Con Supply Chain Security Con Podcast Feedback Music: Mercury by Shane Ivers
The Pipeline: All Things CD & DevOps Podcast by The CD Foundation
Speaker: Dibyo Mukherjee from GoogleTekton Triggers is a project that adds eventing support to Tekton i.e. it provides a mechanism to declaratively create PipelineRuns and TaskRuns based on external events. With the recent v0.15 release, Tekton Triggers now has a beta API.So, what exactly does “beta” mean for Triggers? Tekton follows the Kubernetes deprecation policies which means that we will avoid making backwards-incompatible changes to APIs and features that are in beta. If we do have to make a backwards-incompatible change, users will be given at least 9 months' worth of releases to migrate.Support the show (https://cd.foundation/podcast/podcast-submission-form/)
This week we discuss 1Password moving to Electron, Knative and Infrastructure as Code best practices. Plus, what to do with extra lumber… Rundown Users lobby 1Password to abandon new Electron version (https://appleinsider.com/articles/21/08/16/users-lobby-1password-to-abandon-new-electron-version) Cisco beefing up app monitoring portfolio with acquisition of Epsagon for $500M (https://techcrunch.com/2021/08/16/cisco-beefing-up-app-monitoring-portfolio-with-acquisition-of-epsagon-for-500m/) Cloud startup Epsagon to be acquired by Cisco for $500 million (https://www.calcalistech.com/ctech/articles/0,7340,L-3915010,00.html) Relevant to your interests Clearlake Capital completes strategic equity investment in RSA (https://clearlake.com/clearlake-capital-completes-strategic-equity-investment-in-rsa/) Apple SVP Craig Federighi responds to confusion over iOS 15 iCloud child safety policies in new interview (https://9to5mac.com/2021/08/13/apple-svp-craig-federighi-responds-to-confusion-over-ios-15-icloud-child-safety-policies-in-new-interview/) Poly Network offers $500,000 reward to crypto hacker who returned stolen assets. (https://www.engadget.com/poly-network-rewards-crypto-hacker-121507483.html) PolyNetwork's Hacker Returns All Funds on Ethereum and Refuses a $500K Bug Bounty (https://cryptopotato.com/polynetworks-hacker-returns-all-funds-on-ethereum-and-refuses-a-500k-bug-bounty/) Disney Beats Q3 Estimates As Streaming Flagship Hits 116M Subscribers (https://deadline.com/2021/08/disney-q3-beats-estimates-streaming-116-million-subscribers-1234813827/) (https://www.engadget.com/poly-network-rewards-crypto-hacker-121507483.html) Translates GitHub Actions into Tekton and Knative Objects (https://github.com/triggermesh/aktion) Music Distributor DistroKid Raises Money at $1.3 Billion Valuation from the creator of F'dcompany.com (https://www.bloomberg.com/news/articles/2021-08-16/music-distributor-distrokid-raises-money-at-1-3-billion-valuation?srnd=markets-vp) HashiCorp State of Cloud Strategy Survey (https://www.hashicorp.com/state-of-the-cloud) T-Mobile Investigating Claims of Massive Data Breach (https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/) Funding, Buyback, and Hiring (https://ma.tt/2021/08/funding-buyback-hiring/) Palantir bought $50 million in gold bars in August as cash pile grows (https://www.cnbc.com/2021/08/17/palantir-bought-50-million-in-gold-bars-in-august-as-cash-accumulates.html) In No Code you delete code as you write it. (https://twitter.com/kelseyhightower/status/1427707854090215429?s=20) Roblox bookings grow 35% to $665.5M for Q2 2021 (https://venturebeat.com/2021/08/16/roblox-bookings-grow-35-to-665-5m-for-q2-2021/) WhatsApp Can't Ban the Taliban Because It Can't Read Their Texts (https://www.vice.com/en/article/93yvy5/whatsapp-says-its-not-banning-the-taliban-because-it-cant-read-their-texts) OK, so you stole $600m-plus from us, how about you be our Chief Security Advisor, Poly Network asks thief (https://www.theregister.com/2021/08/18/poly_network_job/) Postman's Series D Funding and the API-First World (https://blog.postman.com/postman-announces-series-d/) Would the math work if Databricks were valued at $38B? (https://techcrunch.com/2021/08/18/would-the-math-work-if-databricks-were-valued-at-38b/) Debian 11 formally debuts and hits the Bullseye (https://www.theregister.com/2021/08/16/debian_11_bullseye_released/) This is why Valve is switching from Debian to Arch for Steam Deck's Linux OS (https://www.pcgamer.com/this-is-why-valve-is-switching-from-debian-to-arch-for-steam-decks-linux-os/) Nonsense The Most Dangerous Writing App (https://www.squibler.io/dangerous-writing-prompt-app) Suicide Linux (https://qntm.org/suicide) Austin expected to become least-affordable metro for homebuyers outside of California (https://www.kvue.com/article/money/economy/boomtown-2040/austin-expected-to-become-least-affordable-metro-for-homebuyers-outside-of-california/269-6bbed38e-ce06-453e-a659-aece44c6c111) These People Who Work From Home Have a Secret: They Have Two Jobs (https://www.wsj.com/articles/these-people-who-work-from-home-have-a-secret-they-have-two-jobs-11628866529) How QR codes are made (https://twitter.com/Nick_Craver/status/1425606620265000965) Atlas | Leaps, Bounds, and Backflips (https://blog.bostondynamics.com/atlas-leaps-bounds-and-backflips) Every hotdog eaten shortens life by 36 minutes (https://news.yahoo.com/every-hot-dog-eaten-shortens-142355450.html) Progress Report: August 2021 (https://asahilinux.org/2021/08/progress-report-august-2021/) PINE64 presents PineNote, its new tablet in ebook format with electronic ink (https://linuxstoney.com/pine64-presents-pinenote/) EC2 offers 400 Instance Types (https://twitter.com/furrier/status/1426323051168165891?s=20) Amazon EC2 M6i Instances Powered by the Latest-Generation Intel Xeon Scalable Processors (https://aws.amazon.com/blogs/aws/new-amazon-ec2-m6i-instances-powered-by-the-latest-generation-intel-xeon-scalable-processors/) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at strongdm.com/SDT (http://strongdm.com/SDT) CBT Nuggets — Training available for IT Pros anytime, anywhere. Start your 7-day Free Trial today at cbtnuggets.com/sdt (https://cbtnuggets.com/sdt) Clubhouse.io — is project management built specifically for software teams. Sign up to day at www.clubhouse.io/sdt (https://clubhouse.io/sdt) Conferences SpringOne (https://springone.io), Sep 1-2 DevOps World by CloudBees September 28-30 (https://www.devopsworld.com) DevOps Loop | October 4, 2021 (https://devopsloop.io/?utm_campaign=Global_P6_TS_Q322_Event_DevOpsLoop_at_VMworld&utm_source=twitter&utm_medium=social) - see Coté's promo video (https://twitter.com/cote/status/1425460843014131716). THAT Conference comes to Texas January 17-20, 2022 (https://that.us/activities/call-for-counselors/tx/2022) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: The White Lotus (https://www.hbo.com/the-white-lotus?camp=GOOGLE%7CHTS_SEM%7CPID_p64640553468&keyword=whats+the+white+lotus+about&utm_id=sa%7C71700000085024446%7C58700007207672331%7Cp64640553468&utm_content=tun&gclid=CjwKCAjwmeiIBhA6EiwA-uaeFZn4B3y39e_zSPMRqpQRLRlpbZcqjCPZ2XXT4RyS11xRWmAFvRv86BoCrUEQAvD_BwE&gclsrc=aw.ds) on HBO (https://www.hbo.com/the-white-lotus?camp=GOOGLE%7CHTS_SEM%7CPID_p64640553468&keyword=whats+the+white+lotus+about&utm_id=sa%7C71700000085024446%7C58700007207672331%7Cp64640553468&utm_content=tun&gclid=CjwKCAjwmeiIBhA6EiwA-uaeFZn4B3y39e_zSPMRqpQRLRlpbZcqjCPZ2XXT4RyS11xRWmAFvRv86BoCrUEQAvD_BwE&gclsrc=aw.ds) Matt: Cloud Native AF #2: James Urquhart (https://www.cloudnativeaf.com/2) Mitani Chicken Salt (https://www.mitani.com.au/) Coté: Sharp R20DS microwave (https://www.coolblue.nl/en/product/746608/sharp-r20ds.html). Also, see product descriptions about defrosting stew and other “small meals” for rival microwaves (https://twitter.com/cote/status/1423964819787485184). Photo Credit (https://unsplash.com/photos/vKyp17kj31w) Photo Credit (https://unsplash.com/photos/exf4mcFw4zg)
7/30/21, Friday Night Revival. Evangelist Craig Marshall.
Fr. Roger J. Landry Sacred Heart Convent of the Sisters of Life, Manhattan Friday of the Seventeenth Week in Ordinary Time, Year I Memorial of Blessed Solanus Casey, OFM Cap. July 30, 2021 Lev 23:1.4-11.15-16.27.34-37, Ps 81, Mt 13:54-58 To listen to an audio recording of today's homily, please click below: https://traffic.libsyn.com/secure/catholicpreaching/7.30.21_Homily_1.mp3 The following points […] The post The Son of the Tekton, 17th Friday (I), July 30, 2021 appeared first on Catholic Preaching.
#111: Ever since Alex Birsan published his Dependency Confusion article in February 2021, the concept of the software supply chain has come to the forefront. The supply chain should not be a new concept to people, but many seemed to have been caught off guard. Today we talk about Alex's article along with a new project that allows you to manage your supply chain security in Tekton. https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://security.googleblog.com/2021/06/verifiable-supply-chain-metadata-for.html https://cloud.google.com/blog/products/identity-security/how-were-helping-reshape-software-supply-chain-ecosystem-securely https://portswigger.net/daily-swig/software-supply-chain-attacks-everything-you-need-to-know https://www.cisa.gov/publication/software-supply-chain-attacks https://www.whitesourcesoftware.com/resources/blog/software-supply-chain-attacks/ https://deps.dev/ YouTube channel: https://youtube.com/devopsparadox/ Books and Courses: Catalog, Patterns, And Blueprints https://www.devopstoolkitseries.com/posts/catalog/ Kubernetes Chaos Engineering With Chaos Toolkit And Istio https://www.devopstoolkitseries.com/posts/chaos/ Canary Deployments To Kubernetes Using Istio and Friends https://www.devopstoolkitseries.com/posts/canary/ Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/ Slack: https://www.devopsparadox.com/slack/ Connect with us at: https://www.devopsparadox.com/contact/
話したネタ 社内DevOps基盤の狙いとは? アプリケーションのライフサイクル管理とは? 対応するクラウドなどは? 市中にも同様のSaaSがあるが、なぜ自社開発するのか? エンタープライズ向け・自社用での作り込みとは、たとえば何を? どういう技術を利用しているのか? Tekton Tektonは何をするのか? Jenkins X でも Tektonを活用 ソフトウェアエンジニアリングにおける Fan-in と Fan-out とは? Tektonの採用事例は増えている? Spinnaker Argo Workflows なぜTektonを採用したのか? kaniko CUE なぜCUEを利用するのか? YAMLやJSONとの違いは? HashiCorp Configuration Language CUEの特徴は? Type Validation Overlayを認めておらず、Unifyする jsonnet kustomize なぜ、CUEでOverlayを認めていないのか? GopherがCUEの開発に携わっている CUEは日本でも採用されている? gotime Grafanaでも取り込まれつつある 社内的になぜCUEを採用するのか? 社内に基盤の良さを伝えるのは大変では? 採用募集中: ソフトウェア基盤開発・運用エンジニア向けポスト
The Pipeline: All Things CD & DevOps Podcast by The CD Foundation
Speakers: Priti Desai, IBM and Jerop Kipruto, GoogleWhat do you use to build, test, and deploy your cloud native applications? Is your choice of CI/CD solution powerful yet flexible for all of your use cases? Have you heard about Tekton? Tekton is an Open Source CI/CD pipelines execution engine. Tekton Pipelines can define Steps, Tasks (collection of steps), Custom Tasks (advanced Run objects), and Pipelines (collection of Tasks and Custom Tasks). Pipelines also support resources to connect multiple Tasks through input/output models or workspaces to share a file system across many different Tasks. Tekton is implemented based on four core design principles: Reusability Simplicity Flexibility Conformance Tekton is highly optimized for building and deploying cloud native applications compared to other CI/CD tools. In this session, we will demonstrate migrating common CI/CD pipelines to Tekton by building a checklist for the migration.Support the show (https://cd.foundation/podcast/podcast-submission-form/)
This week we discuss Red Hat’s open source strategy, public cloud adoption and Signal’s Instagram ads. Plus, advice on setting your thermostat. Rundown Red Hat Red Hat open-sources StackRox Kubernetes security product (https://www.theregister.com/2021/05/04/red_hat_stackrox_kubernetes/) Red Hat Delivers Full GitOps CI/CD Built on Tekton and Argo (https://thenewstack.io/red-hat-delivers-full-gitops-ci-cd-built-on-tekton-and-argo/) RHEL, RHEL, RHEL, fancy that: Rocky Linux would-be CentOS replacement hits RC1 milestone (https://www.theregister.com/2021/05/04/rocky_linux_wouldbe_centos_replacement/) AWS Earnings Amazon (and AWS) results blow it out of the water while Twitter sinks; IBM buying into the cloud with Turbonomic acquisition for $1.5 billion (https://johnfurrier.substack.com/p/earnings-amazon-and-aws-results-blow?utm_medium=email&utm_campaign=cta) AWS on track to be bigger than IBM by Christmas, once Kyndryl is spun out (https://www.theregister.com/2021/04/30/amazon_q1_2021/) The CloudCast Episode: Is the Public Cloud growing fast enough? (https://www.thecloudcast.net/2021/05/is-public-cloud-growing-quickly.html) The Instagram ads Facebook won't show you (https://signal.org/blog/the-instagram-ads-you-will-never-see/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Relevant to your interests Nashville is basically broke, but that didn't stop it from luring Oracle with lavish incentives. Other small cities are also paying top dollar to compete for Big Tech. (https://www.businessinsider.com/austin-nashville-raleigh-miami-oracle-apple-incentives-competition-2021-4) DigitalOcean data breach exposes customer billing information (https://www.bleepingcomputer.com/news/security/digitalocean-data-breach-exposes-customer-billing-information/) How a university got itself banned from the Linux kernel (https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source) Microsoft: It's 90 days until the end of Skype for Business Online, here's what to expect (https://www.zdnet.com/article/microsoft-its-90-days-until-the-end-of-skype-for-business-online-heres-what-to-expect/) About one-third of Basecamp employees accepted buyouts today after a contentious all-hands meeting. (https://twitter.com/caseynewton/status/1388212468510380034?s=21) How Basecamp blew up (https://www.platformer.news/p/-how-basecamp-blew-up) Basecamp sees mass employee exodus after CEO bans political discussions (https://techcrunch.com/2021/04/30/basecamp-employees-quit-ceo-letter/) The ransomware surge ruining lives (https://www.bbc.co.uk/news/technology-56933733) Epic Games Primer (Pt VI): Epic's Philosophy and Unprecedented Aspirations (https://www.matthewball.vc/all/epicprimer6) The Epic Games trial has exposed the ‘Fortnite’ maker’s inner workings. Here’s what we learned. (https://www.washingtonpost.com/video-games/2021/05/04/epic-games-vs-apple-trial-takeaways/) AirTag Teardown: Yeah, This Tracks (https://www.ifixit.com/News/50145/airtag-teardown-part-one-yeah-this-tracks) Then a Hacker Began Posting Patients’ Deepest Secrets Online (https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/) Kubernetes at the Edge: Organizations are using edge technologies, but there is room to grow (https://www.cncf.io/blog/2021/05/04/kubernetes-at-the-edge-organizations-are-using-edge-technologies-but-there-is-room-to-grow/) Digital Horses Are the Talk of the Crypto World (https://www.nytimes.com/2021/05/01/style/zed-run-horse-racing.html) In huge demand right now: Warehouses (https://thehustle.co/05042021-Warehouses/) Twitter acquires news startup Scroll in push for subscriptions (https://www.reuters.com/technology/twitter-acquires-news-startup-scroll-push-subscriptions-2021-05-04/) Apple reports 2 iOS 0-days that let hackers compromise fully patched devices (https://arstechnica.com/gadgets/2021/05/apple-reports-2-ios-0days-that-let-hackers-compromise-fully-patched-devices/) Messaging app Discord ties up with Sony's PlayStation (https://www.reuters.com/technology/messaging-app-discord-ties-up-with-sonys-playstation-2021-05-03/?taid=609090e9c73c080001080ac8&utm_campaign=trueAnthem:%20Trending%20Content&utm_source=newsletter&utm_medium=email&stream=top) Clubhouse downloads plummet to 900,000 in April as competition grows - 9to5Mac (https://9to5mac.com/2021/05/03/clubhouse-downloads-plummet-to-900000-in-april-as-competition-grows/) Goldman Sachs CEO is summoning workers back to the office by June 14 (https://www.cnbc.com/2021/05/04/goldman-sachs-ceo-is-summoning-workers-back-to-the-office-by-june-14.html) Signal made Instagram ads that shows users how much Facebook knew about them. (https://twitter.com/sdw/status/1389661120500174856?s=21) Ethereum’s 27-Year-Old Creator Is Now the World’s Youngest Crypto Billionaire (https://observer.com/2021/05/etherum-founder-buterin-billionaire-cryptocurrency-surge-bitcoin/) New Relic open sources Pixie, its Kubernetes-native in-cluster observability platform | ZDNet (https://www.zdnet.com/article/new-relic-open-sources-pixie-its-kubernetes-native-in-cluster-observability-platform/) How Jeff Bezos outflanked the National Enquirer (https://www.axios.com/jeff-bezos-national-enquirer-4ecfbfe6-4640-428e-9c78-e9a609b4f76b.html?utm_campaign=organic&utm_medium=socialshare&utm_source=email) Oversight Board upholds former President Trump’s suspension, finds Facebook failed to impose proper penalty (https://www.oversightboard.com/news/226612455899839-oversight-board-upholds-former-president-trump-s-suspension-finds-facebook-failed-to-impose-proper-penalty/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) ForgeRock IPO Expected In 2021 With Valuation Of Over $3B: Report (https://www.crn.com/news/security/forgerock-ipo-expected-in-2021-with-valuation-of-over-3b-report) Where to start modernizing your legacy portfolio (https://www.techradar.com/uk/news/where-to-start-modernizing-your-legacy-portfolio) Why Verizon sold AOL, Yahoo for about 1% of their peak valuation (https://www.axios.com/newsletters/axios-media-trends-b57d1701-05a2-4339-8dea-8d7725cfd4b7.html?chunk=4&utm_term=twsocialshare#story4) Verizon to offload Yahoo, AOL for $5 billion (https://finance.yahoo.com/news/apollo-acquire-verizons-media-assets-121009726.html?guccounter=1) "Act like a scientist, not like a preacher.” (@AdamMGrant) (https://twitter.com/mijustin/status/1389642344610160641?s=21) Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms (https://www.theregister.com/2021/05/05/twilio_codecov_attack/) Nonsense 'Disaster Girl' is 21 now and just made $500,000 off the meme (https://twitter.com/i/events/1387821366146211845) Wow, so Berkshire Hathaway is so expensive it broke NASDAQ data feeds. (https://twitter.com/mattrickard/status/1389732069333295104) Meet Einstein (https://einstein.digitalhumans.com/) Creepy Expensify video about pending IPO (https://twitter.com/expensify/status/1389205286590681092?s=20) Sponsors ConfigCat — Release features faster with less risk with ConfigCat. Start today by visiting ConfigCat.com (https://configcat.com) and signing for their forever free plan. CBT Nuggets — Training available for IT Pros anytime, anywhere. Start your 7-day Free Trial today at cbtnuggets.com/sdt (https://cbtnuggets.com/sdt) strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at: strongdm.com/SDT (http://strongdm.com/SDT) Listener Feedback Ryan wants you to work at Datadog as Technical Writer (https://www.datadoghq.com/careers/detail/?gh_jid=2220727) Jordy says there lots of jobs at Weaveworks (https://www.weave.works/company/hiring/) Jeffrey want you to become the SRE - World of Warcraft (https://careers.blizzard.com/global/en/job/R005960/Software-Engineer-Server-Reliability-World-of-Warcraft) Conferences RabbitMQ Summit (https://rabbitmqsummit.com), July 13-14, 2021. SLOConf - (https://www.sloconf.com/) Virtual May 17-20 - Matt (https://twitter.com/SLOconf/status/1386643722616676354)’s talk is in the can SpringOne (https://springone.io), Sep 1st to 2nd. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) and LinkedIn (https://www.linkedin.com/company/software-defined-talk/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté’s book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Mare of Eastown (https://www.hbo.com/mare-of-easttown?camp=GOOGLE%7CHTS_SEM%7CPID_p62529247201&keyword=mare+of+easttown+hbo+series&utm_id=sa%7C71700000081749821%7C58700006943261024%7Cp62529247201&utm_content=tun&gclid=CjwKCAjwhMmEBhBwEiwAXwFoEfq-huP0xAQl40w6ZhN3ZnCF1QwIIVk2iRvg1QJQ3w9yUebt535gtBoCnxcQAvD_BwE&gclsrc=aw.ds) Listen my interview with Grant from Replicated (https://www.softwaredefinedtalk.com/297) Matt: Long Service Leave (https://www.industrialrelations.nsw.gov.au/employers/nsw-employer-essentials/long-service-leave-entitlement-nsw/) Photo Credit (https://unsplash.com/photos/vO9-gal54go) Photo Credit (https://unsplash.com/photos/K-Iog-Bqf8E)
El Padre Jonathan Romanoski contesta preguntas de Luis Román sobre San José y su papel en el plan de Salvación. También discute su importancia con la Iglesia Militante y como puede ser modelo para todos los cristianos en el mundo.Consagración a San José Las Maravillas de Nuestro Padre Espiritual por Fr. Donald Calloway https://www.ignatius.com/Consagraci%C3%B3n-a-San-Jos%C3%A9-P3731.aspxEnciclica QUAMQUAM PLURIES http://www.vatican.va/content/leo-xiii/es/encyclicals/documents/hf_l-xiii_enc_15081889_quamquam-pluries.htmlPara información y apoyar al Padre Romanoski de St. Agnes Catholic Church (Chapel) en Naples Florida visita: https://www.corpuschristifssp.com/Para más información sobre la FSSP visita la Pagina Web: https://fsspmexico.mx/También visita y suscríbete al canal FSSP México en YouTube: https://www.youtube.com/channel/UCM-i8QqB--VNgGERPRKX1WQPara encontrar parroquias tradicionales: https://www.latinmassdir.org/Te puede interesar:⛪ El Tesoro de la Santa Misa
Año XV. Núm. 55. En nuestra reflexión semanal en el Año de San José, continuamos con la carta apostólica Patris Corde del Papa Francisco.-Mauricio I. PérezSeminans ad Seminandum
The Pipeline: All Things CD & DevOps Podcast by The CD Foundation
Guest Speaker: Andrea FrittoliTekton is an open-source project for building cloud-native CI/CD pipelines and systems. It provides reusable and lightweight building blocks, such as tasks, that embody best practices. Tekton, hosted by the CD Foundation, aspires to be the common denominator in CI/CD.Tekton gives developers full flexibility in how to set up their workflows. In this episode, we will talk about how to get started authoring cloud-native delivery pipelines; we will dig into the Tekton resources used to implement the CD pipelines that build, release, and deploy Tekton itself.Support the show (https://cd.foundation/podcast/podcast-submission-form/)
Guest Speakers: Avinesh and Adam from IBMIn this episode we will get an introduction into Tekton and its usability. Learn from these two Tekton users & contributors about how to get started with Tekton. Support the show (https://cd.foundation/podcast/podcast-submission-form/)
This week we speak with Jai Choi, Founding Partner at Tekton Ventures. Based in Silicon Valley, Tekton is an international seed investment firm that leverages an extensive global network to partner with entrepreneurs in leading technology hubs worldwide.
The conversation covers: Tracy's thoughts on how the relationship between open-source and cloud-native should be described. The advantages and disadvantages to an organization using open-source. Some of the major risks associated with using open-source, and why companies should approach with caution. Why CI/CD is a rising security concern for open-source organizations.Tracy also provides her thoughts on how businesses are handling the CI/CD pipeline today, and where the trend is heading. Some of the unresolved challenges related to continuous delivery that currently exist. Tracy's advice for companies that are just starting to develop an open-source contribution strategy. How companies should approach topics like open-source strategizing and building open-source communities. The common mistakes that individuals and companies make when nurturing open-source communities. Tracy also comments on mistakes that people are making with continuous delivery. Links CloudBees: https://www.cloudbees.com/ Continuous Delivery Foundation: https://cd.foundation/ Twitter: https://twitter.com/tracymiranda Emily: Hi everyone. I'm Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product's value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn't talk about them. Instead, we talk a lot about technical reasons. I'm hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you'll join me.Emily: Welcome to The Business of Cloud Native. Today, I'm chatting with Tracy Miranda. Tracy, thank you so much for joining me.Tracy: Hi, Emily. Thanks for having me. It's my pleasure.Emily: So, as usual, I just want to start off with having you introduce yourself, both what you do, where you work, but also, like, some details, what does this actually mean? How do you actually spend your day?Tracy: Yeah, so I'm the director of open-source CloudBees, and I'm also the board chair at the Continuous Delivery Foundation, which is an open-source foundation, which is home to projects like Jenkins, and Spinnaker, and Tecton, and Jenkins X. So, basically, I'm a big fan of all things open-source, which in day-to-day means I'm doing anything which is related to building communities. So, either involved with code, or building communities and through conferences, or sometimes just the boring governance stuff around open-source.Emily: What is the boring governance stuff around open-source?Tracy: So, I guess it is just trying to get folks moving in the same direction, and reminding people that it's sometimes more than just code. And whether it's updating a code of conduct, and one of the things we've seen and—okay, I wouldn't call this boring; it's actually taken over a bit in open-source communities, but it's sort of different from the code, but it's the whole terminology updates. We've seen a lot of open-source communities have become more aware about wanting to be better about using terms like ‘master' and ‘slave' and move away from that. That being said, it's not that easy, so there's a lot to do in getting people on the same page and ready to move forward even before you can start changing a line of code.Emily: Since the topic of the podcast is cloud-native, obviously, open-source and cloud-native are related. In fact, some people think that cloud-native must be open-source. Where do you fall on that spectrum? How do you think the relationship between open-source and cloud-native should be described?Tracy: Yeah, I think that they're pretty distinct things. So, cloud-native is all about using the Cloud effectively and having technology which takes advantage of modern architectures to give you things like rapid elasticity, or on-demand self-service. And that's distinct from open-source, which is around the licensing, and it's become more about communities, as well. But I think because Kubernetes has been the most successful cloud-native project that is open-source, I guess there's become this very, very strong association which, in my mind, is a very, very good thing because I think open-source communities are really the way to drive innovation very, very quickly across the industry.Emily: And this may seem sort of obvious, but what are some of the advantages and disadvantages to an organization in using open-source?Tracy: Yes. So, I think—well, lots—virtually every company uses open-source, and the first thing people can see as the benefits are just the engineering efficiencies. So, using technologies which, say aren't core to the business, but then building on top of those and taking advantage of the features rather than dedicating their own engineering resources to developing them. I used to work as a consultant, and I would go from company to company, and usually, they would be adopting open-source when they wanted to get away from an in-house project where the people or person who had written it had left the company. So, I think there's a lot to be said, as well, for sustainability of technology: that communities and open-source communities are really good at sustaining projects over the long term, and therefore kind of the best bet for technology that's going to live on beyond individuals or even companies, acquisitions, or whatever.Emily: Do you think there are any risks to using open-source? I'm even interested in hearing if there are risks that are not real, but that are perceived risks. And then even maybe some risks that people don't think about, but that are in fact, quite real.Tracy: Yes, yeah, no, absolutely there are risks. So, it's wise for companies to approach with caution. I think the risks sort of depend on which side—like, are you looking to just use open-source that someone else has written, or are you contributing something, which might be key to your company, but then you're saying, “Okay, I'm going to do this in an open way,” which brings us to one of those common perceived myths, that someone, like a cloud provider, is then going to take your open-source software and do a better job of making money around it, so thereby just ruining your entire business model.And I think the other area where we tend to see a lot of dialogue around, is always around open-source security. For a long time, people used to, sort of, make out that this was different from closed source security, somehow. Security through obscurity meant that closed-source was better than open-source, which is clearly not the case. You can have secure open-source software, not secure open-source software. It just really depends on the project and the practices.Emily: And then also, I thought we'd talk a little bit specifically about this CI/CD work that you do. How important is CI/CD, do you think, in the pursuit of being cloud-native?Tracy: Yes, no, I think CI/CD has just risen to the top as one of the key concerns. And I think, part of the reason—when you're doing things in a cloud-native way it means that your systems are very distributed; you don't necessarily know where the services are running, it's typically not on-premise, and suddenly it becomes very important to understand how do you do this integration, and how do you then deliver that software in a way that is both quick, and that is not going to—you can do it in a safe way, so it's not going to break every time you do releases. And I think we're seeing that it really is at the forefront. Like last year, we started the Continuous Delivery Foundation, which is an open-source foundation, and the mission there is to increase the world's capacity to ship software securely and at speed. And the uptake from folks has been really well. Everyone's grappling and trying to figure out, what does CI/CD look like in the Cloud? What does it mean to be cloud-native CI/CD?Emily: And from the perspective of an end-user, what do you think are some of the, still, unresolved challenges related to continuous delivery?Tracy: Yeah, it's very challenging. Everything is changing under enterprise's feet. And it's not just the tools we're using, is also the skills we expect people to have, the way we organize a team. And traditionally, it's been very, very hard to decommission software or deprecate it, but what we're seeing in the industry now is that everything is changing really rapidly. You take something like Kubernetes and it has a new release, like, every three months and then nine months later, that's deprecated. So, people are having to make changes in enterprise situations at a rate that they just previously didn't come anywhere close to, and that's pretty challenging when you're having to deal with the changing tools, and processes, and people all at the same time, all while keeping your business up and running.Emily: In terms of the whole CI/CD pipeline, do you think most end-users experience that as being mature? Is it sort of figured out, or is it something that they continue to struggle with?Tracy: I think everybody has a CI… certainly CI… many people have sort of cracked, and they've got their systems set up. And then the delivery side, it just, kind of, varies. And I think it depends; we see a lot of folks who are really trying to figure out pipelines and are really trying to figure out what that looks like in a cloud-native world, and they haven't figured out, what does it mean for things to be highly available? What does it mean to be able to scale at any level? So, everybody's got something, but I think we've only just scratched the surface of what's possible with today's technology.Emily: Where do you think it's going in the future?Tracy: Yeah, I think, like in the same way we're having this big shift, everybody's got monoliths, and the problem with the monolith is that you can't do the speed and security at the same time. So, if you think about the key metrics people use today, there's two on speed, “Which is how quickly can you deploy?” And, “What's your lead time for changes?” And then for the safety, it's, “How long would it take you to restore services, if something went wrong?” And, “What is your change failure rate? How often are things going wrong every time you push code?” So, in the bid to get really good at those metrics, I think people have realized that monoliths cause a lot of problems, and it's much easier to meet these capabilities if you've got microservices are smaller batches of code, each, which do a specific thing, and there's less chance of things falling over when you make changes because there's not all these huge dependencies. Now, however, when you do start having all these different microservices with, let's say, a web of dependencies, things start to get really complicated. So, now you don't have, perhaps, one CI/CD pipeline, you have a pipeline per microservice. And then we start to say, “Okay, what is the definition of the application even? Is it all these microservices? Which version is it?” And then things like configuration management start to enter the picture, especially if you've got dependencies on things, let's say, outside your company, or open-source. So, I think it's a lot for people to grapple with, like, how to truly do microservices, and how the definition of an application is going to evolve. And I think for CI/CD, we can't keep doing what we've done in the sense of traditionally, folks have written a pipeline by hand, and you'd write a pipeline for your monolith. But now you've got all these different microservices. You want to start thinking about how can you have a pipeline auto-generated for them.Emily: I wanted to actually shift and talk more about open-source communities as well since I know that's a large part of what you do. My first question is, what would you say to a company that's starting to think not just about consuming open-source, but developing a strategy to contribute to open-source? What do you advise companies who are just starting that journey?Tracy: Yeah, no, I think for companies, it's a really good thing. I think open-source can give you a lot of strategic advantages, especially if you're coming in strong, and you're looking to be a leader in a space. And if we talk about category creation, you can use open-source almost as a weapon to drive the industry in a specific direction. So, I think what is important for companies is to be very deliberate about this strategy because open-source strategies can be almost counterintuitive, especially to folks who haven't done it before. This idea that you're giving away assets for free, or making them open. So, it's really important to have all the stakeholders in the company on the same page, and really understanding that this is a long-term thing where you'll have these benefits and not something where you start off and you do sort of half-heartedly.Emily: Are there two or three, sort of, primary open-source strategies?Tracy: Yeah, no, I think—[00:13:42 unintelligible] I think you can break it down. So, people would talk about the Red Hat model, which is really hard to reproduce but everything was open-source, and then they have this whole—they layered on top of that with a lot of services, and things. And then there's the open-core model where you're separating an open-source portion of the product, and then you add on a lot of features and things that add value that aren't being produced in the open-source. So, I think there's those, and then the new one that we're starting to see more of is—just looking much more at SaaS platforms. So, you have some open-source code, but your real—where you're making money is by offering it as a service.Emily: And how does that differ for a company whose core business isn't software? So, for example, if you're something like a Home Depot, and almost undoubtedly you use open-source software. If Home Depot wants to start contributing as well, as part of their company strategy, what should they know? What should a company like that think about as strategies?Tracy: Yeah, no, I think that's a great point because we do see a lot of companies contributing, and actually a lot of innovation is coming from companies who use software, but they have a different focus. And I think one good example, as well, is Capital One, who have a lot of open-source they contribute and maintain. And it's different, it's separate from, kind of, the main banking function. So, I think, again, for companies like that, it's just mapping out the strategy, being very deliberate in is there some sort of monetization around this, or is it more—you know, we see a lot of companies who want to do it to be seen as leaders in the field, and to, sort of, share some innovation to be seen as an attractive place, as well, for people to work with, and just to really drive that industry to help the innovation and to help make it a good place to be. So, I think the same things apply there, although maybe the business models allow, perhaps, for a bit more freedom. And we often find in those companies, they will have open-source program offices, which is a dedicated set of people who will map out the strategy and pull the whole company along in the same direction.Emily: Obviously, a big part of open-source is building a community. How do you do this? How do you herd the cats in a way that advances your project? And I'm actually curious, I don't know if you have a perspective on this from both somebody—an individual starting a project, and a company that wants to create a community around a particular project?Tracy: Yeah, no, I think that's a really great question. And people are always attracted to, I think, you want to start out with the big idea: why is your project going to do things better than before, or what's nicer about it? So, I think you have to start with, I guess you'd call it, like, you're [00:16:58 unintelligible] for your open-source project; the reason people are going to be attracted to it, and they're going to come and say, “Actually, I want to be part of this.” Because I think people do want to feel part of something bigger than themselves. They also want to see other people contributing, and everybody pulling their weight, and not necessarily any kind of biases for specific companies. So, the more open you can make it, the more transparent you can be about how things happen, people love to—if they're committing, and folks in open-source do commit fully—they want to know that they're not going to be taken advantage of, that they can do that, and they can really change the way the project is going to—they can feel the change they're going to make. So, I think it's important just to go to those principles of openness and transparency, and to let people participate. I think sometimes having clear ways—like with Jenkins, we saw that originally it really thrived because people could write their plugins, and they could make it their own, and they could share them and show them to their friends. And it's the same idea with GitHub, things that make developers look good as well, while they're contributing to open-source always makes for very, very successful projects.Emily: What do you think are common mistakes that people—individuals or companies make around nurturing the community?Tracy: Yeah, I think the mistakes are always connected to control and wanting to control too much or in a too specific way. And you could almost—I don't know if this is a good analogy, but it's almost like, I guess, parenting, in a way. You might be tempted to be very regimented and say, “Okay, your child can do this, or they can't do that.” But then you sort of lose out in finding out where could this go? How big could this grow? So, I think it's finding the right level of control so that the project can take on a life of its own and be used in ways that perhaps you couldn't even imagine. I think that's when the real magic happens. But it does take a leap of faith and understanding that you will be able to reap some business benefit out of this if that is your aim as well.Emily: Do you think that that's easier for individuals or for companies to achieve?Tracy: I think it depends on what people are going into it for. And for individuals, I think often it's they want to share their idea with the world or they want to build a reputation, which is very synonymous with doing the project. Having said that, individuals can have the same issues around wanting to control it, but I think there's perhaps a different monetization emphasis which would make it easier.Emily: Actually, I had a similar question related to continuous delivery which is, do you find that there are common mistakes that you see people making?Tracy: Yes. And some of the mistakes, I guess—one of the most common mistakes is a pretty boring one. And I know why it happens, but [laughs] it's just around documentation, to be honest. And it's the, “Okay, we're going to write the code, and then we're not going to necessarily document it or share the way people can either get involved or use a project.” And it's just—documentation is hard. Good documentation is really hard. Things keep changing, and it's boring to go keep updating them. But it's so incredibly important, and some of the most successful open-source projects have always provided that kind of self-service set of docs where people don't have to be asking the same questions over and over again. They really can go off and feel empowered to do things and to do things and not feel like they're getting it wrong or wasting their time, which I think is really important when building community. So, yeah, just write good docs, everybody.Emily: And do you think there's anything else specifically related to how companies approach continuous delivery, that there's something that a lot of them are not doing right?Tracy: With continuous delivery, especially today where everybody's in a really, kind of, tricky situation where they're trying to make this move to using cloud-native technologies because the benefits are so huge, but at the same time, all these technologies are coming very thick and fast, and nobody's sure—people have tried technologies which are now no longer used, so this is a bit of fear of saying, “Okay, is this going to be a safe bet? And at the same time, while I'm trying to decide if that's the right technology to use, I'm having to restructure my teams, and change of habits is really hard, and we've got all these additional environments we're having to deliver software for.” So, it's a huge challenge, and everything has to be done in balance: you have to get the tools, and you have to get the technology, and you have to get the people right. You can't do any one of those and hope it's going to work, you have to do this juggling act within your organization. And that's massively, massively challenging, especially when you are trying to change long-held behaviors and habits people have, and just ask them to do things in a different way.Emily: Do you think technology is more challenging, or people skills organization is more challenging?Tracy: Yeah, I think the thing with technology that is more challenging today is, especially in the CI/CD space, we have a lot of different types of tools. And we don't have standard ways to talk about—like, we don't have standardization of terms, so different things have different meanings to different people. So, you might say ‘a pipeline' but it might mean—the scope might change depending on who you're talking to. And so it's really hard for people to understand, how do I connect these different tools together? There's very poor interoperability, as well, which is another thing the Continuous Delivery Foundation wants to try and solve. So, I think those are key areas. Security is another one, which makes it really hard when you break things up. And no one's taking responsibility for the interaction between different platforms of different open-source technology written by different people, that becomes really tricky. So, I think we do need solutions at a community level, and we need communities working together closer to tackle this proliferation, and lack of interoperability, and new security concerns that we have to deal with as an industry.Emily: Is there anything else that I didn't think to ask that you'd like to add?Tracy: Yeah, no. I think what we're doing in the Continuous Delivery Foundation, if I can say a little bit about that, it is a relatively new open-source foundation. And I think it's a good place to bring people together where we're trying to tackle these issues. So, things like interoperability, we have an interoperability working group. And one of the first things that happened in that group as people would come together and talk about the different tools, is that we spontaneously realized we needed to define the tools. And there was a page set up where everybody could write down the definition of how their tool—use different terms. You know, is it a step? Or what do you call it in your tool? So, we have this what we call, like, the Rosetta Stone, of CI/CD tools. So, it compares across—whether it's all kinds of Git providers or pipeline orchestration tools, was the different terminology. And I think from there, we're going to look to see how we can standardize as an industry, just to make it simpler for people because I think—I would really hate to be someone new coming into the industry today and trying to figure out where to start, which tool to try out because the amount of noise and confusion is at all-time high levels.Emily: That's absolutely fair. And in fact, speaking of tools, my next question is, what tool do you really rely on? What engineering tool would you not be able to work without?Tracy: Yeah, well, they kind of say for developers, and I think this rings true for me as well, you're kind of in three places. You're in, like, GitHub and Slack, and then your development environment which use VS code, and like many people. So, those are, kind of, the three development environments. I think, when I look at CI/CD, and we look at new technology in the space that's, kind of, gaining quick adoption, there's two projects in CDF which are starting to really resonate. And one is Tekton, which came out of Google, and their Knative serverless platform. But that's looking to have these standardized building blocks for CI/CD pipelines. And then the other one is Jenkins X, which, incidentally, uses the building blocks of Tekton to stitch together a CI/CD experience, if you wish, that pulls in Kubernetes, and Helm, and all those other projects to give a really nice developer experience just generating pipelines for you, so you don't have to write things by hand, and giving you preview environments, and really just trying to take advantage of all the power that cloud-native affords you in delivering software.Emily: And then lastly, how can listeners connect with you or follow you?Tracy: Yeah, no, I think the best place is Twitter. So, find me Twitter at @tracymiranda, and in all the continuous delivery working groups, and the communities we're building there. So, find that on cd.foundation, and, yeah, come join the community. We're having some great conversations in the space.Emily: Well, thank you so much, Tracy, for joining us.Tracy: Yeah, thanks for having me. And yeah, really great conversation and questions.Emily: Thanks for listening. I hope you've learned just a little bit more about The Business of Cloud Native. If you'd like to connect with me or learn more about my positioning services, look me up on LinkedIn: I'm Emily Omier—that's O-M-I-E-R—or visit my website which is emilyomier.com. Thank you, and until next time.Announcer: This has been a HumblePod production. Stay humble.
The Pipeline: All Things CD & DevOps Podcast by The CD Foundation
In episode 14 we have a special guest that will also present at our upcoming event cdCON! Adam Roberts' been a familiar figure in the Tekton community since it started, coming out of knative-build, so has been able to see it grow and develop rapidly. As a Tekton Dashboard maintainer, and someone that's involved in Tekton everyday, Adam's looking to use this platform to highlight that not only is the project itself awesome, but the community is helping to drive its growth and adoption. Adam's specifically referring to the "not just on GitHub" events that regularly occur and will be providing particular examples and insights into what makes the community project something special.Register for cdCON to hear his entire talk and visit other great topics that open source is tackling! Support the show (https://cd.foundation/podcast/podcast-submission-form/)
'Was Jesus a rubbish carpenter?' Chris and Tom discuss if Jesus was a klutz? Does it matter if the son of God was terrible with a hammer? And did Jesus invent the modern table? All the big questions are dealt with, as always.
A warm welcome to John Harris who will be joining us for his first time on the show today to discuss our exciting topic, CI and CD in cloud native! CI and CD are two terms that usually get spoken about together but are actually two different things entirely if you think about them. We begin by getting into exactly what these differences are, highlighting the regulatory aspects of CD in contrast to the future-focussed nature of CI. We then move on to a deep exploration of their benefits in optimizing processes in cloud native space through automation and surveillance from development to production environments. You’ll hear about the benefits of automatic building in container orchestration, the value of make files and local test commands, and the evolution of CI from its ‘rubber chicken’ days with Martin Fowler and Jez Humble. We take a deep dive into the many ways that containers differ from regular binary as far as deployment methods, build speed, automation, run targets, realtime reflections of changes, and regulation. Moreover, we talk to the challenges of transitioning between testing and production environments, getting past human error through automation, and using sealed secrets to manage clusters. We also discuss the benefits and drawbacks of different CI tools such as Kubebuilder, Argo, Jenkins X, and Tekton. Our conversation gets wrapped up by looking at some of the exciting developments on the horizon of CI and CD, so make sure to tune in! Follow us: https://twitter.com/thepodlets Website: https://thepodlets.io Feeback: info@thepodlets.io https://github.com/vmware-tanzu/thepodlets/issues Hosts: Bryan Liles Nicholas Lane Key Points From This Episode: • The difference between CI and CD.• Understanding the meaning of CD: ‘continuous delivery’ and ‘continuous deployment’.• Building an artifact that can be deployed in the future is termed ‘continuous integration’.• The benefits of continuous integration for container orchestration: automatic building.• What to do before starting a project regarding make files and local test commands.• Kubebuilder is a tool that scaffolds out the creation of controllers and web hooks.• Where CI has got to as far as location since its ‘rubber chicken’ co-located days.• The prescience of Martin Fowler and Jez Humble regarding continuous integration.• The value of running tests in a CI process for quality maintenance purposes.• What makes containers great as far as architecture, output, deployment, and speed.• The benefits of CD regarding deployment automation, reflection, and regulation.• Transitioning between testing and production environments using targets, clusters, pipelines.• Getting past human error through automation via continuous deployment.• What containers mean for the traditional idea of environments.• How labeling factors into the simplicity of transitioning from development to production.• What GitOps means for keeping track of changes in environments using tags.• How sealed secrets stop the need to change an app when managing clusters.• The tools around CD and what a good CD system should look like.• Using Argo and Spinnaker to take better advantage of hardware.• How JenkinsX helps mediate YAML when installing into clusters.• Why the customizable nature of CI tools can be seen as negative.• The benefits of using cloud native-built tools like Tekton.• Perspectives on what is missing in the cloud native space.• A definition of blue-green deployments and how they operate in service meshes.• The business abstraction elements of CI tools that are lacking.• Testing and data storage-related aspects of CI/CD that need to be developed. Quotes: “With the advent of containers, now it’s as simple as identifying the images you want and basically running that image in that environment.” — @bryanl [0:18:32] “The whole goal whenever you’re thinking about continuous delivery or continuous deployment is that any human intervention on the actual moving of code is a liability and is going to break.” — @bryanl [0:21:27] “Any time you’re in developer tooling, everyone wants to do something slightly differently. All of these tools are so tweak-able that they become so general.” — @johnharris85 [0:34:23] Links Mentioned in Today’s Episode: John Harris — https://www.linkedin.com/in/johnharris85/Jenkins — https://jenkins.io/CircleCI — https://circleci.com/Drone — https://drone.io/Travis — https://travis-ci.org/GitLab — https://about.gitlab.com/Docker — https://www.docker.com/Go — https://golang.org/Rust — https://www.rust-lang.org/Kubebuilder — https://github.com/kubernetes-sigs/kubebuilderMartin Fowler — https://martinfowler.com/Jez Humble — https://continuousdelivery.com/about/David Farley — https://dfarley.com/index.htmlAMD — https://www.amd.com/enIntel — https://www.intel.com/content/www/us/en/homepage.htmlWindows — https://www.microsoft.com/en-za/windowsLinux — https://www.linux.org/Intel 386 — http://www.computinghistory.org.uk/det/6192/Introduction-of-Intel-386/386SX — https://www.computerworld.com/article/2475341/flashback--remembering-the-386sx.html386DX — https://en.wikipedia.org/wiki/Intel_80386Pentium — https://www.intel.com/content/www/us/en/products/processors/pentium.htmlAMD64 — https://www.webopedia.com/TERM/A/AMD64.htmlARM — https://en.wikipedia.org/wiki/ARM_architectureTomcat — http://tomcat.apache.org/Netflix — https://www.netflix.com/za/GitOps — https://www.weave.works/technologies/gitops/Weave — https://www.weave.works/Argo — https://www.intuit.com/blog/technology/introducing-argo-flux/Spinnaker — https://www.spinnaker.io/Google X — https://x.company/Jenkins X — https://jenkins.io/projects/jenkins-x/YAML — https://yaml.org/Tekton — https://github.com/tektonCouncourse CI — https://concourse-ci.org/ Transcript: EPISODE 11 [INTRODUCTION] [0:00:08.7] ANNOUNCER: Welcome to The Podlets Podcast, a weekly show that explores Cloud Native one buzzword at a time. Each week, experts in the field will discuss and contrast distributed systems concepts, practices, tradeoffs and lessons learned to help you on your cloud native journey. This space moves fast and we shouldn’t reinvent the wheel. If you’re an engineer, operator or technically-minded decision maker, this podcast is for you. [EPISODE] [00:00:41] BL: Back to the Kubelets Podcast, episode 11. I’m Bryan Liles, and today we have Nicholas Lane. [00:00:50] NL: Hello! [00:00:51] BL: And joining us for the first time, we have John Harris. [00:00:55] JH: Hey everyone. How is it going? [00:00:56] BL: All right! So today we’re going to talk about CI and CD in cloud native. I want to start this off with this whole term CI and CD. We talk about them together, that are two different things almost entirely if you think about them. But CI stands for continuous integration, and then we have CD. What does CD stand for? [00:01:19] NL: Compact disk. [00:01:20] BL: Right. True, and actually I’ve used that term before. I actually do agree. But what else does CD stand for? [00:01:28] NL: It’s continuous deployment right? [00:01:30] BL: Yeah, and? [00:01:31] JH: Continuous delivery. [00:01:32] NL: Oh! I forgot about that one. [00:01:35] BL: Yeah, that’s the interesting thing, is that as we talk about tech and we give things acronyms, CD is just a great one. Change in directories, compact disk, continuous delivery and continuous deployment. Here’s the bonus question, does anyone here know the difference between continuous delivery and continuous deployment? [00:01:58] NL: Now that’s interesting. [00:01:59] JH: I would go ahead and say continuous delivery is the ability to move changes through the pipeline, but you still have the ability to do human intervention at any stage, and usually deployments production and continuous delivery would be a business decision, whereas continuous deployment is no gating and everything just go straight to product. [00:02:18] BL: Oh, John! Gold start for you, because that is one of the common ones. I just like to bring that up because we always talk about CI and CD as they are just one thing, but they’re actually way bigger topics and we’ve already introduced three things here. Let’s start at the beginning and let’s talk about continuous integration, a.k.a CI. I’ll start off. We have CI, and what is the goal of CI? I think that we always get boggled down with tech terms and all these technology and all these packages from all these companies. But I’d like to boil CI down to one simple thing. The process of continuous integration is to build an artifact that can be deployed somewhere at some future date at some future time by some future person, process. Everything else is a detail of the system you choose to use. Whether you use Jenkins, or CircleCI, or Drone, or you built your own thing, or you’re using Travis, or any of the other online CI tools. At the end of the day, you’re building either – If you’re doing web development. Maybe you’re building out Docker files, because we’re in cloud native. I mean docker images, because we’re in cloud native. But if you’re not, maybe you’re just building JARs, WARs, or EARs, or a ZIP file, or a binary, or something. I’d just like to start off, start this off with there. Any more thoughts on continuous integration? [00:03:48] NL: Yeah. I think the only times that I’ve ever used something that’s like continuous integration is when I’ve been doing like more container orchestration, like development, things on top of like things like Kubernetes, for instance. The thing I really like about it is like the concept of being able to like, from my computer, save and do an automatic save and push to a local repo and have all of the pieces get built for me automatically somewhere else, and I just love that so much because it saves so much brain thinky juice to run every command to make the binary you need. [00:04:28] BL: So did you actually create those scripts yourself? [00:04:30] NL: Some of them. When I’ve used things like GitLab, I use the pipeline that exists there and just fiddled around with like a little bit of code, like some bash there, but like not too much because GitLab has a pretty robust pipeline. Travis — I don’t think I needed to actually. Travis had a pretty good just go make Docker build, scripts already templated out for you. [00:04:53] JH: Yeah. I’d like to tell people whenever you start any project, whether it’s big or small, especially if it’s on – Not on Windows. I’ll tell you something different if it’s on Windows. But if you’re developing on a Mac or developing on Linux, the first thing you should do in your project is create a make file or your programming language equivalent of a make file, and then in that make file what you should do is write a command that will build your software that runs its tests locally, and also builds – whatever the process is. I mean, if you’re running in Go, you do a Go build. If you’re using Rust, build with Rust, or C++, or whatever before you even write any code. The reason why is because the hardest part is making your code build, and if you leave that to the end, you’re actually making it harder on yourself. If your code build works from the beginning, all you have to do is change it to fit what you’re doing rather than thinking about it when it’s crunch time. [00:05:57] NL: I actually ran into that exact scenario recently, because I’ve been building some tooling around some Kubernetes stuff, and the first one I did, I built it all manually by hand. Then at the end I was like – I gave it to the person who wanted it and they’re like, “So, where’s the make file?” I’m like, “Where’s the what?” So I had go in and like fill in the make file, and that was a huge pain in the butt. Then recently the other thing I’ve been using is Kubebuilder. John, you and I have been talking about Kubebuilder quite a bit, but using Kubebuilder, and one of the things it does for you is it scaffolds out and a make file for you, and that was like going from me doing it by myself to having it already exist for you or just having it at the beginning was so much better. I totally agree with you, Brian. [00:06:42] BL: So quick point of order here. For those of us who don’t know what Kubebuilder is. What is Kubebuilder? [00:06:48] NL: Kubebuilder is a tool that was created by members of the Kubernetes Community to scaffold out the creation of controllers and web hooks. What a controller is in Kubernetes is a piece of software that waits, sort of watches a specific object or many specific objects and reconciles them. If they noticed that something has changed and you want to make an action based on that change, the controller does that for you. [00:07:17] JH: Okay. So it actually makes the action of working with CRDs and Kubernetes much easier than creating it all yourself. [00:07:26] NL: Correct. Yeah. So, for instance, the one that I made for myself was a tool that watched, updated and watched a specific CRD, but it wasn’t necessarily a controller. It was just like flagging on whether or not a change occurred, and I used the dynamic client, and that was a huge headache on of itself. Kubebuilder has like the ability to watch not just CRDs, but any object in Kubernetes and then reconcile them based on changes. [00:07:53] NL: It’s pretty great. [00:07:54] BL: All right. So back to CI. John, do you have any opinions on CI or anecdotes or anything like that? [00:07:59] JH: Yeah. I think one of the interesting things about the original kind of philosophy of CI outside of tooling was like trunk-based development that every develop changes get integrated into trunk as soon as possible. You don’t get into integration hell and rebasing. I guess it’s kind of interesting when you apply that to a cloud native landscape where like when that stuff came out with like Martin Fowler or Jez Humble probably 10, 15 years ago almost now, a lot of dev teams were co-located. You could do CI. I think there was a rubber chicken method where you didn’t use a tool. It was just whoever had the chicken that’s responsible for the build. Just to pull everyone else’s changes. But now it seems like everything is branch-based. When you look at a project like Kubernetes, there’s a huge number of contributors all geographically displaced, different time zones, lots of different branches and features going on at the same time. It’s interesting how these original principles of continuous integration from the beginning now apply to these huge projects in the cloud native landscape. [00:08:56] BL: Yeah, that’s actually a great point of how prescient Martin Fowler has been for many, many years, and even with Jez Humble being able to see these problems 10, 15 years ago and be able to describe them. I believe Jez Humble wrote the CD book, the continuous delivery book. [00:09:15] JH: Yeah, with David Farley, I think. [00:09:18] NL: Yeah. Yeah, he did. So, John, you brought up some good things about CI. I try to simplify everything. I think the mark of someone who really knows what they’re talking about is being able to explain everything in the simplest words possible, and then you can work backwards when people understand. I started off by saying that CI produces an artifact. I didn’t talk about branches or anything like that, or even the integration piece. But now let’s go into that a little bit. There are a lot of misconceptions about CI in general, but one of the things that we talk about is that you have to run test. No, you don’t have to run test, but should you? Yes, 100% of the time. Your CI process, your integration process should actually build your software and run the test, because running the test on this dedicated service or hardware wherever it is ensures that the quality of your software is there at least as much as your developers have insured the quality in the test. It’s very important those run, and a lot of bugs of course can be spotted by running a CI. I mean, we are all sorts of developers here, and I tell you what, sometimes I forget to run the test locally and CI catches me before a commit makes it into master and it has a huge typo or a whole bunch of print lines in there. Moving on here, thinking about CI and cloud native. Whenever you’re creating a cloud native app, have you ever thought about the differences between let’s say creating just a regular binary that maybe runs on a server, but not in a container on somebody’s cloud native stack, i.e. Kubernetes? Have you ever thought about the differences of things to think about? [00:11:04] BL: Yeah. So part of it is – I would imagine or I believe it’s like things like resource, like what resources you need or what architecture you’re deploying into. You need the binary to make like run in this – With containerization, it’s easy because you’re like, “I know that the container is going to be this architecture,” but you can’t necessarily guarantee that outside of a containerized world. I mean, I suppose you can being like with the right tooling setup you can be like, “I only want to run on this.” But that isn’t necessarily guaranteed, because any computer that runs on could be just whatever architecture that happens to land on, right? Also, something to – I think of is like how do you start processes on disparate computers in a controlled fashion? Something like, again, with containers, you can trust that the container runtime will run it for you. But without that, it seems like a much harder task. [00:12:01] NL: Yeah, I would agree. Then I said that containers in general just help us out, because most of our workloads go on some AMD or Intel 64 bit and it’s Linux. We know what our output is going to be. So it’s not like in the old days where you had to actually figure out what your run target was. I mean, that’s even on Intel stacks. I mean, I’m updating myself here where you had like – When the 386 was out and then you had the 386SX and the 386DX, there were different things there, and you actually compile your code different. Then when the 46 came out and then when we had introduction of Pentium chips, things were different. But now we can pretty much all target AMD64, and in some cases, I mean, there are some chip things like the bigger encryption things that are in the newer chips. But for the most part, we know what our deployed target is going to be. But the cool thing is also that we don’t have to have Intel or AMD64. It could be ARM32 or ARM64, and with the addition to a lot of the work that has been going on in Windows land lately, we can have Windows images. I don’t know so many people were doing that yet. I’m not out and part of the field, but I like that the opportunity is there. [00:13:25] JH: Oh! I think one of the interesting things is the deployment method as well. Now with containers, everything is kind of an immutable rip and replace. Like if we develop an application, we know that the old container is going to stop when I deploy a new one. I think Netflix were doing a little bit of this before containers and some other folks with like baking AMIs and using that immutable method. But I think before that it was if we had a WAR file, we had to throw it back into Tomcat, let Tomcat pick it up or whatever. Everything was a little bit more flaky in terms of deployment. We had to do a lot of checks around deployment rather than just bring something out, bring something back in blue/green, whatever. [00:13:59] BL: Well, I actually like that you brought that up, because that’s actually one of the greatest parts of this whole cloud native thing, is that when we’re using containers and we’re deploying with containers, we know what our file system is going to look like, because we created it. There would not be some rogue file or another configuration there that will trip up our deployment, because at build time, we’ve created the environment. It’s much better than that facility that Netflix was doing with baking AMIs. In a previous life, I actually ran the facility for baking AMIs at a large company where we had thousands of developers on more than a thousand dev teams, and we had a lot of spyware. Whenever you had to build an image, it was fine in one account, but if you had let’s say a thousand accounts with the way that AWS works and encrypted images, you actually had to copy all the images to all the accounts. It couldn’t actually boot it from your account. That process would literally take all night to get it done across all of our accounts. If you made a mistake, guess what? You get to do it again. So I am glad that we actually have this thing called a container and all these things based on CRI, the container runtime, that we are able to quickly build containers. I don’t want to just limit this conversation to continuous integration. Let’s get into the other parts too with deployment and delivery. What is so novel about CD and the cloud native world? [00:15:35] NL: I think to me it’s the ability to have your code or your artifact or whatever it is, whatever you’re working on. When you make a change, you can see the change reflected in reality, whatever your reality looks like, without your intervention. I mean, you might have had to set up all the pipelines and all that jargon, but when you press save in VS code and it creates a branch and runs all your tests and then deploys it for you or delivers it for you into what you’d define as reality, that’s just so nice, because it really kind of sucks having to do the like, “Okay, I’ve got a new deployment. Destroy the old deployment. Put in the new one or like rev the new image tag or whatever in the deployment you’re doing.” All these manual steps, again, thinky-brain juice, it takes pieces of your attention away, and having these pieces like added for you is just so nice. [00:16:30] BL: Yeah, what do you think, John? [00:16:32] JH: Yeah. I think just something in the state of DevOps we’ve bought one of the best predictors for a company’s success is like cycle time of feature from ideation to production. I think like the faster we can get that cycle – It kind of gets me interested. How long does an application take to build? If it takes two hours, how good are you at getting features out there quickly? Maybe one of the drivers with microservices, smaller pieces independently deployed, we can get features out to production quicker, because I think the name of the game is just about enabling developers to put the decision in the hands of the business to decide when the customer should see that feature. I think the tighter we can make that cycle, the better for everyone. [00:17:14] BL: Oh, no! I agree. I love and hate web services, but what I do like is the idea of making these abstractions smaller, and if the abstractions are smaller, it’s less code. A lot of the languages we use now are faster compiling, let’s say, a large C++ project. That could take literally two hours to compile. But now when we have languages like Go, and Rust is not as fast, but it’s not slow as well. Then we have all of our interpret languages, whether it’d be Python, or JavaScript, or TypeScript, where we can actually go from an idea, run the test in a few minutes and build this image that we can actually run and see it almost in real-time. Now with the complexity of the tools, I mean, the features that are built in the tools, we can now easily manage multiple deployment environments, because think about before, you would have a dev environment, and that would be the Wild West. That would be literally where it would be awful. You might have to rebuild it every couple of months. Then you would have staging, and then maybe you would have some kind of pre-prod environment just as like your final smoke test, and then you would have your production. Maintaining all the software on all those was extremely hard. But now with the advent of containers, now it’s as simple as identifying the images you want and basically running that image in that environment. I like where we’ve ended up. But with all power comes new problems, and just because we can deploy quicker means we just run into a lot of different problems we didn’t run into before. The first one that I’ll bring up is the complexity. Auto conversion between environments, so moving code between test staging and production. How do we do that? Any ideas before I throw some out there? [00:19:11] NL: I guess you would have different, or maybe the same pipeline but different targets for like if say you’re using something like Kubernetes. You could have one part of your pipeline deploy initially to this Kubernetes context, which points to like one cluster. It’s building up clusters by environment type and then deploying into those, running your tests, see if it runs properly and then switch over to the next context to apply that image tag and that information and then just go down the chain until you go to production. [00:19:44] BL: Well, that’s interesting. One thing I’d like to throw out there, and I’m not advocating any particular product. But the idea of having pipelines for continuous integration and your CD process is great, where you can now have gates and you can basically automate the whole thing. Code goes into CI and we built an artifact, and a message can go out automatically to an approver or not, and that message could say, “Hey! This code is going to be integrated into our trunk or our master branch.” They can either do it themselves manually as a lot of people do or they can actually maybe click on a link or check a checkbox and this gets integrated in. Then what automatically could happen at this point is, and I’ve seen a lot of companies doing this, is now we take that software and we spin up a new whole environment and we just install that software. For that one particular feature that you worked on, you can actually get an automatic environment for that. Then what we can do is we can take that environment itself and we can now merge this maybe into a staging branch or tag it with a staging label, and that automatically gets moved to staging. Depending on how complicated you are, how advanced you are, now you can actually have it go out to your product people or people who make decisions, maybe your executives, and they can view the software in whatever context it happens to be in. Then they can say, “Okay.” Now that’s when we’re talking about now we can hit okay and the software just keeps on moving to the pipeline and it gets into production. The whole goal here, and this is actually where your goal should be just in general whenever you’re thinking about continuous delivery or continuous deployment is that any human intervention on the actual moving of code is a liability and is going to break, and it’s going to break because on Friday afternoon at 5:25 PM, someone’s thinking about the weekend and they’re not thinking about code, and they’re going to break your build. Our goal is to build these delivery systems that are Friday afternoon proof. We can push code anytime. It doesn’t matter. We trust our process. [00:22:03] JH: I think it’s a great point about environments. I think back in the day, an environment used to be a set of machines, and then test used to be – staging was where there were kind of more stable versions of APIs and folks were more coordinated pushing things into them. What really is an environment? Like you said, when we push micro services or whatever service, we can spin up an entire Kubernetes cluster just for that service. We can set it up. We can run whatever tests we want. We could tear it down. With the advent of Elastic compute, and now containers, they really enabled this world where like the traditional idea of an environment and what constitutes an environment is starting to get a bit kind of sloppy and blend into each other. [00:22:42] BL: I like it though. I think it’s progress. [00:22:45] NL: I totally agree. The one that scares me but I also find like really interesting, is the idea of having all of your environments in one set of machines. So clusters. Having a multi-tenanted set of machines for like dev staging and production, they’re all running in the same place and they’re all just separated by like what configuration of like connectivity from different networking and things like that set up. When a user hits your website, bryanliles.com, they should go to the production images, but those are binaries, and those binaries should be running in the same space essentially as the development ones. It’s scary, but it’s also like allows for like some really fast testing and integration. I find it to be very fascinating. [00:23:33] BL: I mean that’s where we want to be. I find more often than not that people have separate clusters for dev and staging and production. But using the Kubernetes API, you don’t have to do that, because what we can do is we can force deployment or workload to a set of machines based on their label. That’s actually one of the very strong positives for Kubernetes. Forget all the complexity. One of the things that makes it easy is to say that I want this particular deployment to only live on my development machines. Well, which development machine? I don’t care. What if we increase our development pool size? We just re-label nodes. It doesn’t matter. Now we can just control that. When it comes down to controlling cost and complexity, this is actually one idea that Kubernetes is leading and just making it easier to actually use more of your hardware. [00:24:31] NL: Yeah. Absolutely. That’s so great because if you think about it from a CI/CD standpoint, at that point all you have to do is just change the label to where you’re applying this piece of code. So you’re like, “Node selector, label equals dev. Okay, now it’s staging. Okay, now it’s prod.” [00:24:47] BL: So this brings me into the next part of what I want to talk about or introduce to you all today. We’re on a journey as you probably can tell. Now whenever we have our CI process and we’re building and we’re deploying, where do we store our configurations? [00:25:04] NL: [inaudible 00:25:04]. [00:25:06] BL: Ever thought about that? [00:25:08] NL: Okay. I mean, in a Kubernetes perspective, you might be using something like etcd to sort of – But like everything else, what if you’re using Travis? [inaudible 00:25:16] store everything. Everything should be versioned, right? Everything should be – [00:25:20] BL: Yeah, 100%. [00:25:24] NL: I would store everything these as much as possible. Now, do I do that all the time? God, no! Absolutely not. I’m a human being after all. [00:25:32] BL: I mean, that’s what I actually want to bring up, is this concept of GitOps. GitOps was a coined term by my friend, Alexis, who works at Weave. I think Weave created this. Really what it’s about is instead of having – basically, Kubernetes is declarative, and our configurations can be declarative too, because what we can do is make sure is we can have tech space configurations, and for one reason it’s because tech space means it can be versioned. It can be diffs. We take those text versions and we put them in our same repository we put our code in. How do we know what’s in production at any given time or any given time in the past? We just look at the tags of what we did. We had a push at 5:15 on August 13th. Of course, this is 5:15, you could see time, because any other time doesn’t exist in the computer land. So what we could do is we could just basically tag that particular version as like 2019-08-13. If I said 5-17-55, and we call 01 just so we could have 100 deploys in a day. If we started doing that, now not only can we control what we have, but we can also know what was on in any given environment at any given time. Because with Git and with Mercurial and any other of these – Well, only the popular ones, with Git and Mercurial, you can definitely do this. Any given commit can have multiple tags. You could actually have a tag that hit dev and then a tag that, let’s say, hits staging, and then a tag that hit production, the exact same code but three different tags. So you know at any given time what happened. [00:27:18] JH: Yeah, the config thing is so important. I think that was another Jez Humble quote where it was like, “Give me three hours access to your code and I’ll break it. But give me 5 minutes with your configurations and I’ll break it.” Almost like every big bug is, right, someone was accidentally pointing the prod server to the staging database like, “Oops! Their API was pointing to the wrong port, and everything came down,” or we changed the wrong versions or whatever. I think that’s one of the intersections of developers and operations folks. We kind of talked about like Dev Ops and things like that. I really love the idea of everything being kept in Git and using GitOps, but then we’ve got things like secrets and configuration that shouldn’t be seen or being able to be edited by developers, but need to be for ops folks. But we still want to keep the single point of truth. Things like sealed secrets have really enabled us to move along in this area where we can keep everything in text-based version. [00:28:08] BL: All right. Quick point of order here. Sealed secrets is a controller/CRD created by Bitnami. What it allows you do is, John – [00:28:23] JH: It allows you – It creates a CRD, which is sealed secret, which is a special resource type in your cluster and also creates a key, which is only available to that operator running in your cluster. You can submit a sealed secret in plain text or you can submit a secret in plain text and it will throw it back out as an encrypted secret with that key and then you can check that into version control. Then when you go to deploy your software, you can deploy that encrypted secret into the cluster. The operator will pick it up, decrypt it using only the key that it has access to and then put it back in the cluster as a regular secret. Your application just interacts with regular Kubernetes secrets. You don’t need to change your app. They deal with all the encryption outside of the user intervention. [00:29:03] BL: I think the most important part of what you said is that this allows us to have no excuses about what we can store in our repositories for our configuration, because someone is going to make the argument, “No, we can’t store secrets, because someone’s going to be able to see them.” Well, guess what? We never even stored an unencrypted secret in our repository. They’re all encrypted, and it’s still secrets. It’s [inaudible 00:29:25]. I don’t know if anyone’s cracked yet. I’m sure maybe a state level actor has thought of it. But for us regular people, even our companies, like even at VMware, or even at Google, they have not done it yet. So it’s still pretty safe. Thinking even further now, and really what I’m trying to paint the picture of is not just how do you do CD, but really what CD could look like and how it can actually make you happy rather than sad. The next item I wanted to think about was tools around CD and creating tools and what does a good continuous delivery system look like. I kind of hinted about this earlier whenever I was talking about pipelines. The ability to take advantage of your hardware, so we’re deploying to let’s say 100 servers. We’re pulling 5 or 6 services to 100 node cluster. We can do those all at once, and what we can do is you want to have a system that can actually run like this. I could think of a couple. From Intuit, there is Argo, and they have Argo CD. There is the tool created by Google and maybe Netflix. I want to have to look that one up. It’s funny, because they quoted – [00:30:40] JH: Spinnaker? [00:30:42] BL: Spinnaker. They quoted me in their book, and I don’t remember their name. I’m sorry anyone from Spinnaker product listening. Once again, not advocating any products, but they have the concept of doing pipelines. Then you also have other things for your projects, like if you’re using open source, Drone. Another X Google – I think it was X-Googler that made this. Basically, they have ways you can do more than one thing at a time. The most important piece about this is not only can you do more than one thing at a time, is that you have a programmatic check that it’ll make sure that you can verify that whatever you did was successful. We deployed to staging or we deployed to our smoke test servers for our smoke test, and that requires our testing people and an executive signoff. They can actually just wait until they get their signoff or maybe if it goes over a day or so, they can actually – It just fails, and now the build is done. But that part is pretty neat. Any other topics over here before I start throwing out more? [00:31:45] NL: I think I just have thoughts on some of the tools that we’ve used. Everyone Jenkins. Jenkins can do anything that you want it to do, but you really have to tighten the screws on it. It is super powerful. It’s kind of like Bash, like Bash scripting. It’s super powerful, but you have to know precisely what you’re doing, otherwise it can really hurt you. Actually, I have used Spinnaker in the past, and I’ve really liked it. It has a good UI, very good pipelines. Easy blue/green or canary deployment mechanism, I thought that was great. I’ve looked at Drone, believe it or not, but Drone is actually pretty cool. Check out Drone. I really liked it. [00:32:25] BL: Well, since we’re throwing out products, Jenkins, does have JenkinsX. I have not given it the full rundown yet. But what I do like about it, and I think everyone should pay attention to this if you’re doing a product in this space, is that when you install JenkinsX, you install it locally to your machine. You basically get this binary called JX, and you then tell JX to install it into your cluster. Instead of just doing kubectl apply-f a whole bunch of YAML, it actually ask you questions and it sets up GitHub repositories or wherever you need these repositories. It sets up [inaudible 00:33:01] spaces for you. There’s no just [inaudible 00:33:05] kubectl apply-f HTTPS: I just owned your system, because that’s actually a problem. Then it solves the YAML sprawl, because YAML and Kubernetes is something that is complained about a lot, but it’s how it’s configured. But it’s also just a detail what we’re supposed to be doing, and we actually work with Joe Beda and I could talk about this all the time, is that the YAML is the implementation, but it’s not the idea. The idea is that we build tools on top of that that create YAML so users have to see less YAML. I think that’s a problem with Jenkins, is that it’s so powerful and they’re like, “Well, we want powerful people or smart people to be able to do smart things. So here you go.” The problem with that is that where do I start? It’s a little daunting. So I do think that they definitely came with the much stronger game with this JX command. Just as a little sidebar, we do it as well with our Valero project, and I think that just speaks, should be like the bar for anything. If you’re installing something into a cluster, you should come up with a command line tool that helps you manage the lifecycle of whatever you’re installing to the operator, YAML, whatever. [00:34:18] JH: I think what’s interesting about the options, this is definitely one area where there’s so much nuance. Any time you’re in developer tooling, everyone wants to do something slightly differently. All of these tools are so tweak-able that they become so general. I think it’s probably one of the criticisms that could be leveraged against Jenkins is that you can do everything, and that’s actually a negative as well as a positive. Sometimes it’s too overwhelming. There are too many ways of doing things. I’m a fan of some of the more kind opinionated tools in that space. [00:34:45] BL: Yeah. I like opinionated tools as well, but the problem that we’re having in this cloud native space is that, yeah, Kubernetes is five-years-old now. We are just getting to the point where we actually understand what a good decision is, because there was a lot of guesses before and we’ve done a lot of things, and some of these have been good ideas, but in some cases they have not been great ideas. Even I ran the project case on it. Great idea on paper, but implementation, it required people to know too many things. We’d learned a lot of lessons from that. That’s what I think we’re going to find out in this space is that we’re going to learn little lessons. I say this project from my last project that I was going to bring up is something that I think has learned some of the lessons. Google sponsors a project called Tekton, and if you go to – It’s like I believe, and they have some continuous delivery stuff in there and they implement pipelines. But the neat part is, and this is actually the best part, it’s actually a cloud native built service. So every step of your delivery process, from creating images, to actually putting them on clusters, is backed by a Docker image or a container, and I think that part is pretty neat. So now you can define your steps. What is your step? Well, you can use one of their pre-baked, run this command, or if you have something special, like the example before I was giving out where you would say that you need an approval, maybe it’s a Slack approval. You send something with Slack and it has a checkbox, check yes if you like me. What we can do now is we can actually control that and it’s easy to write something a little Docker image that can actually make that call and then get the request and then it can move it on. If you’re looking at more of a toolkit full of good ideas, I do think that Tekton has definitely has some lots of industry. People are looking at it and it’s probably the best example of getting it right in the cloud native way. Because a lot of the products we have now are not cloud native. We’re talking about Jenkins. We’re talking about Spinnaker and we talk about Drone and Travis, which is totally a SaaS product. They’re not cloud native. Actually, the neat part about Tekton is that it actually comes with its own controllers and its own CRDs. So you can actually build these things up using your familiar Kubernetes tooling, which means in theory we could actually use the tooling that we are deploying. We can actually control it in the same way as our applications, because it’s just yet another object that goes in our cluster. [00:37:21] NL: That does sound pretty cool. One other that I meant to bring up was Concourse. Have you check out Concourse yet? [00:37:27] BL: CouncourseCI. I have not. I have used it, but never in a way where I would have a big opinion on it. [00:37:34] NL: I’m kind of in the same place. I think it’s a good idea. It seems really neat, but I need to kick the tires a little more. I will say that I really like the UI. The structure of the UI is really nice. Everything makes sense, and anything you can click on like drills into something a bit deeper. I think that’s pretty cool, but it is one of the shout that I went out to as well as like another tool that I’m aware of. [00:37:52] BL: Yeah, that’s pretty interesting. So we’ve gone about 40 minutes now. Let’s actually start winding this down, and the way that I’m going to suggest that we wind this down is thinking about where we are now. What’s missing in this space and what else could we actually be doing in the cloud native space to make this work out better? [00:38:12] NL: I think I’d like to see better structured or better examples of blue-green or canary deployments with tests associated, and that might just be like me not looking hard enough at this problem. But anytime I began looking at blue-green, I get the idea of what someone’s done, but I would love to see some implementation details, or any of these opinionated tools having opinions around blue-green and what they specifically do to test it. I feel like I’m just not seeing that. [00:38:41] BL: With blue-green, blue-green is hard to do in Kubernetes without an external tool, because for everyone, a blue-green deployment is, I have a software deployment and we’ll give it a color. We’ll call it blue, and I have the next version, and we’ll call it green. Really what I can do is I basically have two versions of my application deployed and I can use my load balancer, or in this case, my service to just change the label or the selector in my service and now I can point at at my green from my blue. Then I want to deploy again, I can just deploy another blue and then change my label selector again. The problem with this is that you can do it in Kubernetes, just fine. But out of the box with Kubernetes, you will drop traffic, because guess what? What happens to a connection that was initiated or a session that was initiated on the blue cluster when you went to green? Actually, this is a whole conversation in itself about service meshes and this is actually one of the reasons service mesh is a big topic, because you can do this blue-green, or another example would be Netflix and Redblack, or you get the creative people who are like rainbow deployments, because just having two is not good enough for them. So they want to have any number of deployments going at one time. I agree with that 100%. [00:39:57] JH: I think, yeah, integrating tools like launch. [inaudible 00:40:01] and I think there are more which enable – I think we’re missing the business abstractions on this stuff so far. Like you said, it’s kind of hard to do if you need to go into the gritty of it right now, but I think the business abstractions of if we deploy a different version to a certain subset of customers, can we get all of those metrics? Can we get those traces back in? Will you automate it, roll it out? Can we increase the percentage of customers that are seeing those things? Have that all controlled in a Kubernetes native way, but having roll it up to a business and more of an abstraction. I think that stuff is currently missing. I think the underpinning kind of technologies are coming up, stuff like service mesh, but I think it’s the abstraction that’s really going to make it useful, which doesn’t exist today. [00:40:39] BL: Yeah. Actually, that’s pretty close to what I was going to say. We built all these tooling that helps us basically as technologists, but really what it comes down to is the business. A lot of the things we’re talking about where we’re talking about CD is important to the business, but when we’re talking about metrics or trace collection, that’s not important to the business, because they only care about the SLA. This is on the SLO side. What we really need to do is mature our processes enough that we can actually marry our outputs to something that other people can understand that has no jargon and it’s sales going up, sales going down. Everything else is just a detail. So, anything else? [00:41:20] NL: Something I think I’d like to see is in our testing, if there was a good way to accurately show the effect of something at load in a CI/CD component. Because one of the things that I’ve run into is like I’ve got this great idea for how this code should work and when I deploy it, it works great. The like a thousand people touch it all at once and it doesn’t work right anymore. I’d love to have some tool along the way that can test things out of load and like show me something that I could fix before all those people touch it. [00:41:57] BL: Yes, that would be a good tool to have. So John, anything else for you? [00:42:02] JH: I’ll open a can of worms right at the end and say the biggest problem here is probably going to be data when we have a lot of systems we need to talk to each other and we need the data to align between those systems and we have now proliferation of environments and clusters. Like how do we get that data reliably into the place that it needs to be to make up testing robust enough to get things out there? It’s probably an episode on some – [00:42:23] BL: Yeah, that’s a big conversation that if we could answer it, we wouldn’t working at VMware. We would have our own companies doing all these great things. But we can definitely iterate on it. So with that, I think we’re going to wrap it up. Thanks for listening to the Kubelets. I’m Bryan Liles, and with me today was Nicholas Lane and John – Yeah, and John Harris. [00:42:47] JH: Thanks everyone. [00:42:47] BL: All right, we’ll see you next time. [END OF EPISODE] [00:42:50] ANNOUNCER: Thank you for listening to The Podlets Cloud Native Podcast. Find us on Twitter at https://twitter.com/ThePodlets and on the http://thepodlets.io/ website, where you'll find transcripts and show notes. We'll be back next week. Stay tuned by subscribing. [END]See omnystudio.com/listener for privacy information.