Natan Yellin, Co-founder of Robusta.dev, discusses enhancing Kubernetes alerts with Robusta, improving Prometheus messages, deploying Robusta in clusters, using push notifications, and dealing with CPU limits in Kubernetes. The podcast covers challenges in alert management, monitoring solutions with Prometheus, effective alert management, push notifications for alerting, and detailed explanations of CPU limits.

Bret is joined by two pros from the NGINX team, Robert Haynes and Brian Ehlert to break down the various use cases of NGINX on Kubernetes, and help you decide when and where you'll be using it.There's a lot going on around NGINX and I wanted to focus this conversation around NGINX on Kubernetes, and specifically the two ways you can run it for cluster ingress. We also get into some of the advanced scenarios of using NGINX, like caching and web application firewalls (WAF).Many of us are using NGINX somewhere in our clusters. I found it very interesting how Robert, Brian, and the team at F5 spend a lot of time showing customers how they can use it in many ways to avoid deploying additional products on their clusters. I'm a big fan of reducing complexity.Streamed live on YouTube on December 15, 2022.Unedited live recording of this show on YouTube (Ep. #195).★Topics★Intro to K8s networkingK8s + NGINXThe basic Kubernetes Ingress provider of NGINXThe official NGINX team Ingress CRD (more features)Gateway API for K8sMonitoring NGINXMonitoring NGINX with Prometheus★Brian Ehlert★Brian Ehlert on Twitter★Robert Haynes★Robert Haynes on Twitter★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (02:41) - Main show (02:46) - Introductions (03:05) - Today's topic (03:40) - Question: Common NGINX use cases (05:21) - NGINX's web server capabilities (06:11) - Common NGINX on Kubernetes considerations (09:28) - API gateway vs ingress (14:12) - Ingress configurations and policies (16:35) - CRD with ingress project (19:52) - When people adopt Kubernetes (22:33) - Free vs Paid version (27:17) - Question (27:27) - Last-minute risky annotations (31:52) - Validating NGINX configs (34:44) - Avoiding NGINX config manipulation (39:46) - Questions (41:00) - Monitoring in NGINX (42:32) - Prometheus exporter (43:59) - Question about caching (49:39) - Question (51:21) - Wrapping up (54:05) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Matt Williams, co-founder of Infra, shares insights on simplifying Kubernetes user management, certificate distribution, and revocation. Infra's open-source tool tackles pain points in user authentication and permissions. The podcast covers Infra's history, Datadog's evolution, challenges in managing SSH and certificates in Kubernetes, and a demo of Infra's Kubernetes authentication and RBAC tool.

Bret is joined by Anaïs Urlichs of Aqua Security to talk container and Kubernetes security tools like trivy, kube-bench, tracee, and kube-hunter. I've been using trivy for over four years to scan for known vulnerabilities in my own container images and my clients.We also look at tracee, a new tool that is part of a new generation of tools that use the Linux kernel eBPF feature to investigate what's happening in real time on your servers. Anaïs is great as an explainer of Kubernetes and all cloud native things, and she's the creator of the 100 days of Kubernetes tutorials on her YouTube channel where she breaks down various cloud native topics for beginners. Based on what I've learned in this show from Anaïs, I plan to change how I use trivy so that it's scanning more things and more often in my CI automation pipelines.Streamed live on YouTube on November 3, 2022.Unedited live recording of this show on YouTube (Ep #190)★Topics★Aqua Security ToolsAqua Security on YouTubeTrivyTrivy-Operatorkube-benchtraceekube-hunter★Anaïs Urlichs★Anaïs on TwitterAnaïs' Newsletter Anaïs on YouTube 100 Days of Kubernetes★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (02:28) - Main show (02:32) - Introducing Anais (04:30) - Security Tools (04:56) - What is Aqua Security (06:12) - Not all security scanners are made equal (07:22) - What is Trivy? (08:01) - Misconfiguration scanning with Trivy (12:12) - Security vs Disruption (13:06) - Address vulnerabilities in the base image (14:11) - Question: Operator for Trivy (17:51) - Automating the tool (19:45) - Vulnerability fatigue (20:32) - Question: Go and No-go Criteria (24:13) - Tip Toe, Start Small (25:19) - Kube Bench (26:08) - Kube Hunter (28:09) - What is Tracee? (33:39) - What is the roadmap for implementing these tools? (39:57) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.Streamed live on YouTube on October 13, 2022.Unedited live recording of this show on YouTube (Ep #188)★Topics★Chainguard WebsiteChainguard TwitterChainguard AcademyWolfiWolfi-based imagesSigstore★Dan Lorenc★Dan Lorenc on TwitterDan Lorenc on Linkedin★Kim Lewandowski★Kim Lewandowski on TwitterKim Lewandowski on Linkedin★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Custom intro (02:51) - Main show (03:04) - Introductions (03:24) - How did Chainguard get started? (04:23) - What is a supply chain? (06:30) - First Security Things (08:55) - The article and the base image (12:02) - Wolfi elevator pitch (14:49) - How do packages get into Wolfi? (18:49) - How do Wolfi packages work (21:57) - Chainguard Enforce (26:43) - Question about in-toto (29:08) - Preventing unsigned images in production (30:44) - Blocking vulnerable dependencies with policies (31:39) - Scanning on servers (34:02) - Question (35:53) - Question (37:50) - Getting started with Wolfi (39:57) - Where are they on Github (demo?) (40:50) - Question about vex (43:13) - What else? (43:40) - Chainguard Academy (45:24) - Professional services (49:32) - Wrapping up (49:56) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Nirmal Mehta of AWS and engineering consultant Laura Tacho, for the annual Best of DevOps. We've started this trend of going through the year's best (and worst) of DevOps every December, everyone brings their topics, we mix them all up and try to get through all of it. This year, we came pretty close. We cover many topics in this year's episode, things like desktop GUIs for containers, the return of real-life conferences, Docker reaching a significant milestone, AI, ML, data platforms and much, much more.Streamed live on YouTube on December 8, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #194)★Topics★Full doc of topics (more than we could cover)Year of Desktop GUI’s for Container Dev and Cloud Native MgmtDocker Extensions List Rancher DesktopPodman DesktopLens commercialOpenLensk9s websiteKui websiteDevOps Survey TrendsOpenTelemetry Articles- Transforming IT Departments - Properly Explained and Demoed - Getting StartedKarpenter websiteeBPF and Profiling- Pixie- Parca★Laura Tacho★Laura's websiteLaura's CourseLaura on Twitter★Nirmal Mehta★Nirmal on LinkedinNirmal on MastodonNirmal on Twitter★Join my Community★New live course on CI automation and gitops deployments Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:53) - Custom intro (04:25) - Main show (04:45) - Introducing the guests (05:20) - In today's episode (05:52) - The year of desktop GUIs (12:14) - In real life conferences (12:46) - Boom and Bust (13:30) - Will Jenkins go away? (14:39) - GitHub Actions (16:14) - Laura's Rubber-band Theory (19:09) - Revenue and Docker's comeback (21:02) - Other trends (21:11) - DORA report (22:21) - Increased security requirements (24:31) - Jumping on the security bandwagon (25:43) - Security by default (27:04) - Rapid fire Kubernetes happenings (28:06) - Bret's Maven Course (28:15) - Laura's teaching (29:04) - WASM+ Docker (29:38) - Slim.ai (30:29) - Open telemetry (35:37) - Carpenter (37:04) - Lack of staff (37:50) - AI (40:38) - Boosting productivity (44:38) - ML models developed and running in containers (46:14) - Wrapping up (46:40) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Michael Irwin, Sr. Manager for DevRel at Docker, to review and demo our top 2022 new features and announcements from Docker Inc. We run through the very long list in this episode and sadly, had to skip over the smaller, nuance features or subtle changes and focused on the bigger things - a major one being Docker extensions - as well as Docker Hub support for OCI artifacts, like the Helm charts, volume, WASM, Hardened Docker Desktop, tilt.dev and much more.Streamed live on YouTube on December 1,  2022. Includes demos.Unedited live recording of this show on YouTube (Ep #193)★Topics★Docker Blog, "Products" category (most of our topics came from here)Recapping the last year of Docker Desktop (YouTube, September 2022)What's new in Docker Desktop (YouTube, DockerCon 2022, May 2022)What's new in Docker build (YouTube, DockerCon 2022, May 2022)★Michael Irwin★Michael on TwitterMichael's Website★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:53) - Custom intro (03:49) - Main show (04:00) - Welcome to Michael (05:24) - Keeping up with updates to our tools (08:03) - OCI artifacts (09:13) - What are OCI artifacts? (12:46) - WASM (16:35) - DEMO of WASM (23:16) - Question (23:43) - Question (25:42) - Question (27:29) - Question (31:31) - Extensions (34:40) - Question (36:41) - Question (39:37) - Dev Environments (42:51) - Compose v2 (44:54) - Hardened Desktop (49:46) - Tilt (51:17) - Docker Desktop for Linux (53:01) - DSO Website (55:48) - More vulnerabilities every year (58:51) - Moving Dockerd image management to containerd (01:02:29) - Buildkit improvements (01:05:50) - Buildkit's link feature (01:09:59) - Stuff not covered (01:11:50) - Winding down (01:12:23) - Question (01:17:51) - Show and guest calendar (01:18:20) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Brian Christner, a Docker Captain and Chief, Online Gaming for Grand Casino Baden (jackpots.ch), who returns to the show to discuss his top recommended skills for improving your DevOps expertise.Both Bret and Brian have been consultants on and off throughout their careers and also in positions where they needed to hire other engineers - often other DevOps engineers. They share their perspectives on the different types of DevOps roles and the various jobs they need to fill.In this episode, we thought it would be helpful to bring our experience on DevOps jobs and look at the most essential and in-demand skills throughout the industry.Streamed live on YouTube on October 6, 2022.Unedited live recording of this show on YouTube (Ep #187)★Topics★DevOps Foundations CourseEngineering Management Training from Laura TachoAwesome Docker resourcesAwesome Everything Lists on GitHubKubernetes This Month with Nigel PoultonAWS Cloud TrainingContainer Automation Examples by BretDocker Observability by Brain★Brian Christner★Brian on TwitterBrian on LinkedInBrian's Courses Promo Code TRAEFIK50 for 50% offBrian's GitHub Brian's Blog★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Intro 2 (01:47) - Main show (01:53) - Welcome (03:01) - Brian's corner of the internet (05:37) - Impact of certifications in the hiring process (06:01) - What's your pet project? (06:58) - What lights you up? (08:27) - Sharers rather than Knowers (09:51) - About clouds (16:35) - DevOps are enablers (17:49) - Be replaceable (19:58) - Soft Skills (20:20) - The many hats of Senior DevOps (20:23) - Encouragers (20:36) - Protectors (20:44) - Realistic (21:01) - Protect your team (21:27) - Say no (21:55) - Problem solvers (21:58) - Listeners (23:49) - Question (24:48) - Awesome Docker List (27:46) - DevOps is vast and wide (29:57) - Observability (31:48) - Choose what to measure (32:50) - Junior and Senior DevOps Skillsets (34:53) - Being proactive in measuring (37:03) - Question (38:07) - Use the built-in tools first (41:41) - Quick way to get your hands dirty (47:44) - Security (50:50) - Infrastructure-as-Code (54:51) - Being a generalist or a specialist (56:32) - Enable others to work without needing you (58:13) - Question (58:16) - Getting started with a cloud (01:01:11) - Nigel Poulton (01:01:58) - You can't be responsible for everything (01:03:53) - Are certifications mandatory? (01:06:34) - Deployment checklist question (01:07:22) - Question (01:12:14) - Question (01:13:00) - Announcements (01:15:12) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Rosemary Wang from HashiCorp to show off Vault for Kubernetes, an an open source secrets provider.Rosemary is a return guest and does her usual fantastic job at explaining the complex topics around storing secrets, who needs Vault and why, running Vault on Kubernetes, the Vault storage backend and so much more.Streamed live on YouTube on September 29, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #186)★Topics★Vault websiteHashiCorp CloudRaft storage for Vault, how Raft worksExample repo: HashiCorp Vault for Development Teams★Rosemary Wang★Rosemary on TwitterRosemary on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Bret intro (01:36) - Main show (01:52) - Course updates (02:12) - Introductions (03:15) - Today's Topic (04:24) - Anyone who doesn't need secret management? (07:13) - Elevator pitch for Vault (09:22) - Handling Rotation and Exit Strategies (11:49) - When do I need Vault? (14:35) - Question about Aquilas (14:54) - Vault is open source (16:50) - We ain't got time for that (17:41) - Can I run Vault on Kubernetes? (18:39) - Question: Where are Secrets Stored? (19:59) - Raft all the things (21:19) - Question: Vault and SSL Certificates (22:31) - Question and Demo (22:56) - Demo intro (23:26) - Demo (23:27) - Question about HSMs (23:50) - Question (24:44) - Question about Unsealed Tokens (27:18) - Question (29:42) - Bret's First Question about Toil (36:33) - Question: Password Managers and Vault (39:44) - Question (41:05) - Question (43:38) - Notes about Vault Agent Sidecar and Authentication (45:15) - Bret's Summary (48:48) - Question about Getting Started (49:44) - Starting with Sealed Secrets (52:30) - Wrap up (53:06) - Getting in touch with Rosemary (53:43) - What's next for Rosemary? (54:31) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Lee Calcote and Nic Jackson, co-authors of the Service Mesh Patterns book, to discuss service mesh for Docker Desktop and Compose apps with the new Meshery extension for Docker desktop.They talk about what service mesh is and go into the new Measure extension for Docker Desktop, which is a CNCF sandbox project. One of its bigger features is to help you try out different service meshes and test them with only a few clicks. They also cover other features of their tools, such as the beta of MeshMap which helps you visualize your clusters and apply better practices to your service mesh.Streamed live on YouTube on September 22, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #185)★Topics★Learn Service MeshMeshery Docker Extension MeshMap Service Mesh Patterns Book★Nic Jackson, Principal Developer Advocate, HashiCorp★Nic on TwitterNic on LinkedinNic Jackson on YouTube Shipyard website★Lee Calcote, Founder and CEO, Layer5★Lee on TwitterLee on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:52) - Bret intro (01:53) - Main show (01:58) - The guests (02:39) - Lee and Layer5 (03:55) - Nick and Hashicorp (05:51) - Lee and Nick (06:54) - Challenges of writing a book (07:37) - Layer5 and Meshery (08:38) - Meshery elevator pitch (10:46) - Service Mesh 101 (11:16) - Retry (12:20) - Observability (13:29) - Question Docker Swarm Supports Docker Extensions? (15:39) - What does service mesh seem like? (16:38) - Platform engineering (23:54) - Distributed systems concerns (25:39) - preparation (26:16) - What would you use Meshery locally for? (27:50) - Mesh map (28:48) - Demo but mostly theoretical (32:45) - Visual designer (33:11) - Catalog of extensions (33:49) - Performance management (37:03) - Installing the extension (37:52) - Close to the end (38:12) - A lot going on online (38:54) - Shipyard (42:26) - Starship (42:44) - Wrapping up (42:55) - Status of the book (49:45) - Closing (50:01) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com