DevOps and Docker Talk: Cloud Native Interviews and Tooling

Bret and his co-host, Matt, are joined by Jason Dellaluce and Luca Guerra from Sysdig to talk about Falco, a tool I recommend for production clusters and knowing about any bad behavior on your servers. Falco is a security tool I've mentioned multiple times on this show, because I mostly think that a low level security focused logging product is something that every production server needs. The ability to log unexpected events and behaviors on your Linux host is powerful and necessary to be able to audit what's really happening on your infrastructure outside of your app itself. Falco has been a CNCF incubating project for over four years, and I was immediately drawn to it in its early days, because it was container and Kubernetes aware and it could log and alert with default rules for everything, from someone starting a shell inside a container, to a bash history file being deleted, to a container trying to talk to the Kubernetes API. This episode will be useful for those of you new to tools like Falco and for those familiar with its basics, but also wanting to learn about newer features and use cases, which I did some learning on myself in this episode.Live recording of the complete show from April 6, 2023 is on YouTube (Ep. #210).★Topics★Falco websiteFalco on CNCFYou can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Matt Williams - Host Jason Dellaluce - Guest Luca Guerra - Guest (00:00) - Intro (02:24) - Introducing the guests (05:25) - What is Falco? Why do we need it? (08:00) - What can Falco monitor? (17:11) - How are events logged? (30:59) - Does Falco classify alerts by severity?

Bret is joined by Lukas Gentele and Rich Burroughs from Loft Labs to look at a new project called DevPod, that supports dev containers and VMs. It works with local Docker instances and AWS, GCP, Azure, and several other cloud providers. The project is compatible with Microsoft's DevContainer standard, which means it works with the VC Code standalone app and VS Code in the browser.Lukas and Rich were on this show last year, showing off vcluster, which allows you to run a full Kubernetes cluster inside an existing Kubernetes namespace. In this episode, we announce the release of DevPod and also go through some demos. I'm already thinking of how I might use it in my own developer workflow.Live recording of the complete show from May 16, 2023 is on YouTube (Ep. #216). Includes demos.★Topics★DevPod websiteDevPod on TwitterYou can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Beth Fisher - Producer Lukas Gentele - Guest Ruch Burroughs - Guest Cristi Cotovan - Editor (00:00) - Intro (02:49) - Introducing the guests (03:39) - Loft Labs and VCluster (05:46) - Introducing DevPod (10:39) - Why CLI plus GUI? (13:16) - DevPod use case (15:30) - Options for IDEs and port forwarding (18:20) - Using the Microsoft VS Code dev containers features (21:14) - Create dev environments locally or remotely (27:47) - Turning it on and off without having to go to the infrastructure (49:13) - How to get DevPod (50:00) - What's next? Share feedback. (57:12) - This is not a production deployment tool (01:01:27) - Wrap-up

Bret and Matt are joined by two engineers in Docker's leadership - Chief Technology Officer Justin Cormack and Senior Manager of Developer Relations Michael Irwin, to talk about recent Docker Hub changes, as well as their latest product releases.We touch on Docker's latest updates and announcements, focusing on the early releases of Docker Scout, Docker plus WebAssembly, and the Telepresence extension for Docker Desktop. We also look at Docker's version 23 release, its first major update in three years, with key changes including BuildKit becoming the default builder, the ability to run alternate containerd shims, and a return to semantic versioning. Other updates include new Swarm features and deprecation of older features, specifically older storage drivers.In the show we also cover Docker's recent announcement and subsequent retraction of a plan to require free Docker Hub organizations to move to different plans.Live recording of the complete show from March 23, 2023 is on YouTube (Ep. #208).★Topics★Docker v23 releaseDocker Hub org changesDocker ScoutTechnical preview of Docker+WasmTelepresence for Docker announcementYou can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Justin Cormack - Guest Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Michael Irwin 🇺🇦 🕊 - Guest Matt Williams - Host (00:00) - Intro (02:56) - Docker version 23 release (05:37) - Docker's Hub Announcement and Retraction (07:40) - What does telepresence mean with Docker (10:18) - Should I switch to Kubernetes for development? (12:35) - Telepresence elevator pitch (20:30) - Telepresence connection scenarios (23:30) - How to connect with Telepresence? (31:05) - Bret's Jekyll Story (33:12) - What is available free in Scout? (35:15) - Scout is not a point-in-time scan (39:45) - James Buren's Scout Video (40:03) - Anyone can make an extension (42:04) - Favorite extensions (43:19) - Wasm technical preview (45:33) - Bret's interview with Nigel Poulton (48:27) - Question (52:31) - Docker 23 defaults to BuildKit (53:27) - Happy Birthday Docker (55:06) - Wrapping up

Bret and Matt are joined by Chad Crowell of KubeSkills to walk through how you can contribute to Kubernetes open source.Chad started the kubeskills.com community and podcast to focus on learning Kubernetes by doing and in this episode, he's taking us through a detailed guide on how to get involved in the Kubernetes community.Although Kubernetes and other CNCF projects may seem big and complex with tons of activity, Chad helps us understand how the maturity of the projects and the community make it a much more pleasant onboarding experience for first-time contributors. We go through a wide range of resources and steps to help your first issue or pull request go smoothly.Live recording of this show from March 9, 2023 is on YouTube (Ep. #206).★Topics★Learning K8s by Open Source PDF slidesFirst Timers Only websiteK8s Contributor Community HomepageList of K8s SIGsK8s SlackOpen Sauced websiteK8s Contributors onboarding courseKube Cuddle podcast with Joe BedaLearning K8s Skills You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Matt Williams - Host Chad M. Crowell - Guest (00:00) - Intro (02:45) - Chad's Book (05:11) - Learning platforms (05:37) - Another way to learn (06:44) - SIGs (07:47) - Community or Contributor Experience SIG (10:06) - Volunteers (11:27) - For those who want to start contributing (13:50) - The different tags (14:48) - Good first issues (16:01) - Bret's first Docker fix (16:50) - Who determines the first issues? (18:37) - OpenSauced (19:16) - Finding the next steps after learning (19:59) - Dashboard to track contributions (20:42) - A very friendly community (22:30) - Who's paying for OpenSauced? (23:06) - How to build your rep on the internet (24:57) - Github Flow, Breaking it down (27:24) - Eddie Hub (28:10) - Assign yourself to the issue (28:50) - Compile Kubernetes (30:14) - Tracking the pull request lifecycle (31:44) - Changing the k8s reference issue (35:17) - Kubernetes Slack Channels (35:59) - SIG mailing lists (36:44) - Getting feedback before you do the work (38:18) - How do you give up and issue? (39:53) - Correlating issues with Slack (40:28) - Start with an issue first (41:24) - Random PRs don't go well (43:00) - Onboarding course (44:11) - Cheat sheet (44:26) - What Chad has learned from contributing (46:09) - Online resources (48:48) - Certifications and exams (50:46) - Matt's comment about a podcast (52:48) - Wrap up

Bret is joined by fellow Docker Captain Nuno do Carmo to talk about desktop container solutions and the best Docker setup for Windows 11. Nuno's a Docker Captain, Civo Ambassador, Microsoft MVP, and a big fan of Windows and Cloud Native. I've had him on the show before, because the more you use the Windows Subsystem for Linux and Docker Desktop, the more you'll want to use WSL.Nuno helps answer many questions such as where are the Linux files stored, managing the CPU and memory resources, backing up files in WSL, getting the host Windows Explorer into the Linux filesystem, getting back to the Windows file system from the Linux shell and more!Live recording of this show from February 23, 2023 on YouTube (Ep. #204). Includes demos.★Topics★Nuno's WSL blogBret's Docker Desktop alternatives listRancher Desktop websitePodman Desktop websiteYou can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Beth Fisher - Producer Cristi Cotovan - Editor Nuno do Carmo - Guest (00:00) - Intro (00:52) - Episode intro (02:27) - Main show (02:39) - Reflecting on the Docker birthday (03:25) - Bret's Maven Course (03:27) - Introducing Nuno (04:34) - All starts with WSL (05:13) - Mac vs Windows (05:33) - WSL1 and WSL2 (08:28) - Question Linux in VM vs WSL (12:51) - Filesystems and performance (14:34) - Setting yourself up for success with WSL (15:37) - WSL not installed by default with Windows (17:16) - Demo start (18:20) - Line endings issue in the past (18:56) - The tooling is WSL-aware (20:00) - VHDx (21:01) - Demo (24:22) - Bret re-explains it (27:01) - Question SSH into WSL (29:12) - Question How do you make a fresh WSL VM? (31:25) - Question What does mount show in Linux (32:37) - Question (33:28) - Taking snapshots with Raft WSL (34:08) - Question distros and VHDx files (35:45) - Deleting or losing your distros (37:17) - Question (39:45) - Ecosystem and options - the spreadsheet (42:11) - Demos (42:18) - Podman desktop (45:00) - Comment on Red Hat on Windows (46:13) - Rancher Desktop (53:19) - Demo (53:50) - Process isolation on Windows

Bret is joined by Project Calico's Tomas Hruby from Tigera to dig into Calico CNI features for Kubernetes and beyond. Calico can be used in a lot of places, including Linux, Windows, containers, bare metal, eBPF or iptables. Many of us learned about it as a CNI option for Kubernetes network and networking policy.Streamed live on YouTube on February 9, 2023.Unedited live recording of this show on YouTube (Ep. #202). Includes demos.★Topics★Project CalicoTigera WebsiteProject Calico on Tigera's WebsiteCreators & Guests Bret Fisher - Host Beth Fisher - Producer Cristi Cotovan - Editor Tomas Hruby - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Intro (00:52) - About this episode (01:31) - Main show (01:36) - In today's episode (03:00) - How did Tomas get started with Calico? (03:28) - Projects are typically open source and SaaS (04:07) - Project Calico elevator pitch (05:26) - What can Calico do? (06:33) - The origins of Calico (07:13) - Docker got Kubernetes started (08:25) - Project Calico on Github (08:50) - Open source version is command-line driven (09:04) - Calico and the company behind it (09:28) - What makes Calico unique? (10:54) - EBPF (12:28) - EBPF and Calico (14:28) - Question (18:02) - Demo intro (18:33) - Question (19:18) - Question (20:25) - Question (21:15) - Vulnerabilities and threats (23:28) - Question (27:05) - Calico as service mesh (30:33) - What is Tomas excited about? (31:53) - EBPF real-time tooling

Bret is joined by Kyle Galbraith and Jacob Gillespie, co-founders of Depot, to discuss their new solution to slow Docker builds. If you've never dug into some of the details of Dockers BuildKit, that's the engine behind your Docker build command, then this episode is for you. I'm fairly confident that everyone who uses Docker will eventually come upon the problems that Kyle and Jacob were trying to solve with Depot. Their focus is on speeding up your Docker builds by doing them remotely, in a transparent way. They avoid you needing to rethink your workflows and CI automations and provide a CLI tool that's a drop-in replacement for the Docker build command. In this episode, we walked through the problems they can solve today with what I would call a unified shared build cache for your whole team, including your CI and automation tools. The way they are going about speeding up the Docker builds is something I wished Docker had done for us all along. I think it's still early days for the Depot product, but if you're suffering with long build image times it's already mature enough to be something I would consider as a replacement for the traditional Docker engine builds that we're all used to.Streamed live on YouTube on January 12, 2023.Unedited live recording of this show on YouTube (Ep. #198). Includes demos.★Topic Links★Depot websiteDepot on TwitterCreators & Guests Bret Fisher - Host Beth Fisher - Producer Cristi Cotovan - Editor Kyle Galbraith - Guest Jacob Gillespie - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Bret's intro (02:24) - Main show (02:33) - Introducing the guests (02:53) - Today's topic (03:07) - Where did the idea for Depot come from? (04:26) - How it started (06:37) - Describing the problems (07:59) - The caching problem (09:49) - Docker caching default and in CI (12:45) - What is cache busting? (14:23) - Being deliberate about your CI environment (15:23) - What problems is Depot trying to solve? (17:27) - Replacing the Docker CLI with Depot (22:13) - Building for multi-platform (26:53) - Question (30:13) - Question (32:14) - Demo intro (32:45) - Modes of hosting (33:29) - Question (34:33) - What else does the UI offer? (38:21) - Getting started with Depot (39:28) - What's on the horizon? (40:30) - Outro

Natan Yellin, Co-founder of Robusta.dev, discusses enhancing Kubernetes alerts with Robusta, improving Prometheus messages, deploying Robusta in clusters, using push notifications, and dealing with CPU limits in Kubernetes. The podcast covers challenges in alert management, monitoring solutions with Prometheus, effective alert management, push notifications for alerting, and detailed explanations of CPU limits.

Bret is joined by two pros from the NGINX team, Robert Haynes and Brian Ehlert to break down the various use cases of NGINX on Kubernetes, and help you decide when and where you'll be using it.There's a lot going on around NGINX and I wanted to focus this conversation around NGINX on Kubernetes, and specifically the two ways you can run it for cluster ingress. We also get into some of the advanced scenarios of using NGINX, like caching and web application firewalls (WAF).Many of us are using NGINX somewhere in our clusters. I found it very interesting how Robert, Brian, and the team at F5 spend a lot of time showing customers how they can use it in many ways to avoid deploying additional products on their clusters. I'm a big fan of reducing complexity.Streamed live on YouTube on December 15, 2022.Unedited live recording of this show on YouTube (Ep. #195).★Topics★Intro to K8s networkingK8s + NGINXThe basic Kubernetes Ingress provider of NGINXThe official NGINX team Ingress CRD (more features)Gateway API for K8sMonitoring NGINXMonitoring NGINX with Prometheus★Brian Ehlert★Brian Ehlert on Twitter★Robert Haynes★Robert Haynes on Twitter★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (02:41) - Main show (02:46) - Introductions (03:05) - Today's topic (03:40) - Question: Common NGINX use cases (05:21) - NGINX's web server capabilities (06:11) - Common NGINX on Kubernetes considerations (09:28) - API gateway vs ingress (14:12) - Ingress configurations and policies (16:35) - CRD with ingress project (19:52) - When people adopt Kubernetes (22:33) - Free vs Paid version (27:17) - Question (27:27) - Last-minute risky annotations (31:52) - Validating NGINX configs (34:44) - Avoiding NGINX config manipulation (39:46) - Questions (41:00) - Monitoring in NGINX (42:32) - Prometheus exporter (43:59) - Question about caching (49:39) - Question (51:21) - Wrapping up (54:05) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Matt Williams, co-founder of Infra, shares insights on simplifying Kubernetes user management, certificate distribution, and revocation. Infra's open-source tool tackles pain points in user authentication and permissions. The podcast covers Infra's history, Datadog's evolution, challenges in managing SSH and certificates in Kubernetes, and a demo of Infra's Kubernetes authentication and RBAC tool.