Bret is joined by Liz Rice, Chief Open Source Officer at Isovalent, the makers of Cilium, to discuss Cilium and eBPF. Liz Rice is back to give us more insight into eBPF and the Cilium project. Isovalent is the company that created and manages the Cilium Project, which does an increasing number of things for Kubernetes, including networking, CNI support, security, advanced networking stuff, and observability, as well as other things like load balancing. Liz is one of my go-to experts on how low-level Linux internals work. She's been speaking about container internals since the early days of Docker.Streamed live on YouTube on September 8, 2022.Unedited live recording of this show on YouTube (Ep #183)★Topics★Cilium websiteIsovalent websiteeBPFNetwork Policy Editor★Liz Rice★Liz Rice on TwitterLiz Rice's websiteBooks on Containers, eBPF, Kubernetes and Go★Join my Community★ Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Bret intro (01:41) - Main interview (01:44) - The merch store (02:39) - More merch talk (04:19) - Introductions (05:16) - What else Liz does (05:26) - Liz's books (06:22) - Brief history of EBPF (07:41) - Kernel modules before EBPF (08:46) - EBPF vs Kernel Modules (09:57) - EBFP is dynamically loaded (11:23) - Performance and Data Transfer (12:35) - Isovalent and Cilium (14:12) - How Cilium started (16:18) - Specific versions of the kernel? (17:32) - Where do we use EBPF in Kubernetes? (18:12) - CNI (20:02) - Question: Where can you start learning EBPF? (23:04) - Question (30:22) - All open source? (31:08) - Question Cilium as a service mesh (32:32) - Enabling certain features (33:39) - Question (34:11) - Question (35:20) - Question (37:21) - Wrapping up Cilium in cloud (38:22) - Offloading programs XDP (40:16) - Question about GUI (42:41) - Question (49:29) - Question (52:10) - EBPF on Windows? (53:13) - How is it implemented? (54:02) - Wrapping up You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Shauli Rozen, CEO and Co-Founder of ARMO, creators of Kubescape. Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning.I'm a fan of tools like this and specifically of Kubescape, which I use and recommend to my clients. The scanner can scan your YAML manifests of your Kubernetes resources. It can scan your live Kubernetes clusters. And it can scan the YAML in your Git repos, as well as the images themselves that you're deploying to Kubernetes. As ARMO calls it, it's a single pane of glass into your Kubernetes security. Streamed live on YouTube on September 1, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #182)★Topics★Kubescape's GitHub K8s Security Dashboard ARMO website★Shauli Rozen★Shauli on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Main intro (00:53) - Custom intro (02:45) - Main show (02:49) - Introductions (03:43) - The Kubescape project (04:25) - Go to the developers (05:26) - Security low-handing fruit (06:19) - I just want to be a user (09:32) - Kubescape elevator pitch (12:00) - Good learning tool (12:48) - Linting (13:20) - Remediation (14:45) - The SaaS Version (16:19) - Does DevOps not care about security? (18:24) - A gap in terminology (20:31) - Security compliance and guidance (25:58) - GitOps Approach (27:38) - Asking about demo (28:19) - Question (29:21) - Become a contributor (30:55) - Demo intro (31:21) - Demo end part (31:26) - Question (31:56) - Visualizer (33:23) - Question (34:41) - Question (38:55) - Mindset differences (39:49) - Question (42:06) - Question (42:33) - Winding down (43:26) - How to get started (44:26) - Template outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Martin Wimpress and Pieter van Noordennen from Slim.ai to discuss some ways to slim down your Docker images and reduce the attack surface of your containers in the process.Many companies and projects have tried to do similar things before - Slim Images, Alpine Images, Distro List, Build Packs, and even Docker tried a few years back, to create intelligence and guidance around migrating legacy apps into slim production quality images. Those efforts were scrapped in 2019. The dual mandate of generating Docker images - easy to understand and as minimal as possible, with the lowest CVE vulnerability count - was not achieved by any of those projects. Automation and intelligence like Slim.ai is the future of building container images and also the future of complex monoliths and legacy apps with a lot of dependencies.Streamed live on YouTube on July 28, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #180)★Topics★Docker SlimSlim.ai★Martin Wimpress★Martin Wimpress on Twitter★Pieter van Noordennen★Pieter van Noordennen on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (04:32) - Main show (04:51) - How Slim.ai started (07:07) - Complexities of shipping images (08:53) - DockerSlim (10:27) - Setting the stage for demo (13:02) - Demo intro (13:28) - Demo (13:33) - Bret's Question (22:20) - Different container composition options (23:36) - Demo intro 2 (23:42) - Bret loves Docker Desktop and Extensions (27:28) - Pausing Docker (27:54) - The extension is the same as the SaaS (28:30) - It's free (29:03) - Demo? (29:03) - Distroless and optimized starting points (34:47) - Build engineering nightmare (36:15) - Not just security considerations (39:03) - Understanding dependency differences (40:34) - Question (42:03) - Slim cli (46:08) - Getting started (47:38) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Dmitriy Kalinin and John Ryan, software engineers at VMWare, to show off the many Carvel project tools.Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. The Carvel project includes tools for templating, image building and tracking, secrets management, app deploying and more. The tool list includes ytt, kapp, kapp-controller, kbld, imgpkg, vendir, and kwt.Streamed live on YouTube on July 14, 2022.Unedited live recording of this show on YouTube (Ep #178)★Topics★Carvel websiteCarvel on Twitter★Dmitriy Kalinin★Dmitriy Kalinin on Twitter★John Ryan★John Ryan on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:51) - Custom intro (01:50) - Main Show (02:14) - A lot of tools (03:19) - How did Carvel begin? (06:02) - Use the tools differently across all stages (06:59) - Building from the ground up (08:43) - Are the tools independently used? (09:28) - The first Carvel tool (09:42) - ytt (10:57) - kapp (11:57) - What is YTT (15:03) - Creating more consistency? (17:43) - How to use with compose (18:47) - Question about Q (21:40) - Question (24:33) - Question (25:12) - Solve a real problem (26:09) - Don't overcomplicate yourself (28:04) - What problem does Kapp solve? (30:37) - Kapp and Kapp controller (36:39) - Question (37:16) - Rapid fire (37:22) - Kbuild (43:28) - How does image package help? (46:57) - The experimental tools (47:45) - Secret generation (52:47) - Vendor (56:33) - Getting involved (58:06) - Last thoughts (59:20) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret goes through his top recommendations for securing container images, Docker containers and Kubernetes pods.This is a tip-packed show where Bret lists much of what's documented in his courses, starting with the first steps you should take, and the bare security necessities that everyone should be doing. Then he covers more advanced security activities you should consider once the basics are covered.Streamed live on YouTube on July 7, 2022.Unedited live recording of this show on YouTube (Ep #177).★Topics★Bret's Container Security AMADocker Security DocsDocker Buys AtomistSlim.ai website: Auto-slimming imagesDocker Slim toolKubescape websiteKubernetes Security ContextSeccomp by defaultLint all files with super-linterDatree K8s file scanKubernetes BenchmarkMy GitHub Actions examples: Automate your builds, CVE scans, and moreVideo on building a more secure base imageSnyk security tools websiteTrivy CVE and K8s scansFalco for watching servers for bad behavior★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - Intro (00:52) - Mid-Roll Intro (00:53) - Bret's Intro (01:46) - Main show (02:45) - What should I worry about first? The Basics! (03:47) - Start with images (04:28) - Bret.show/SecurityFirst (05:04) - CVE scanning (05:36) - Dependency scanning (06:28) - Bret's Github with Dependabot (07:25) - OS dependencies with Trivy and Snyk (09:23) - Bret's Talks (10:17) - Alpine is not always good (11:27) - All hands on automation (12:14) - Don't run as root inside the image (14:04) - Question (15:20) - Making slimmer images (15:52) - Atomist (17:19) - DockerSlim (20:48) - Question (22:21) - Question (24:09) - Question (24:36) - Question (24:45) - Question (25:15) - Securing Docker (25:47) - Docker host scanner (26:28) - Falco (26:55) - Just use Docker (28:28) - Question about Windows Containers (30:19) - Maintain your servers (31:12) - Docker in the cloud (32:29) - Always stay on the latest Kubernetes release (33:33) - Kube-bench (34:22) - Tree.io (35:04) - Pod specs (36:08) - Sec comp (37:33) - Security context (38:57) - Privilege escalation (39:50) - Superlinter (40:54) - Question about Fargate (42:35) - Network policies (44:38) - Kubernetes docs article on security context (45:16) - Question (47:43) - Third-party security monitoring (47:57) - Question about volumes (48:45) - Question about Docker subnets (49:30) - Question about secrets (50:17) - Question about subnets 2 (50:48) - Question (53:03) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Marc Campbell of Replicated to discuss the challenges of deploying your software on other people's Kubernetes.Following a discussion of the problems Replicated is solving, they go over all the great open source projects they are developing for deploying, managing, and troubleshooting Kubernetes.Streamed live on YouTube on June 23, 2022.Unedited live recording of this show on YouTube (Ep #175).★Topics★Replicated Replicated OSS Projects Kubernetes TroubleshooterSchema Hero Kubelist podcast, CNCF project leader interviewsEnterprise Ready assessment and podcastkURL - Customize your Kubernetes Installer KOTS - Manage COTS on K8s Find Outdated ImagesUnfork your custom Helm charts ★Marc Campbell★Marc Campbell on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:03) - Template intro (00:53) - Bret intro (03:02) - Main show (03:42) - How Mark Got to Replicated (04:28) - How Replicated Started (05:01) - All projects open source (06:04) - COTS (11:31) - Kubernetes: Limiter or Enabler? (13:06) - Kurl (16:57) - KOTS (20:15) - Not all users are going to be helm experts (21:13) - Unfork (25:08) - Troubleshooting Kubernetes (35:02) - Outdated (40:35) - Their podcasts (41:41) - Schemahero (50:19) - Other tools like kurl? (52:02) - Are teams adopting kots? (54:27) - Question (55:49) - What's next? (57:39) - Winding down (57:48) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Guillaume Tardif and Felipe Cruz of Docker Inc. for a deep dive into Docker extensions.Docker Extensions are a favorite new feature. Guillaume and Felipe are both engineers at Docker and they walk us through how extensions came about, how to install them, and how to submit them to the marketplace.By the time Docker released extensions at DockerCon in May 2022, there were already a dozen solid extensions, including a disk manager, log explorer, and other third-party tools like Portainer, Snyk, and Anchor. Docker extensions will be most helpful to people who use Docker Desktop.Streamed live on YouTube on June 16, 2022.Unedited live recording of this show on YouTube (Ep #174). Includes demos.★Topics★Docker Extensions homepageDocker Extensions announcement at DockerCon 2022Build your first Docker ExtensionSubmit your extension for the MarketplaceVackup, an example custom extensionExtension SDKOther Extension resources★Guillaume and Felipe★Guillaume Tardif on TwitterFelipe Cruz on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:52) - Bret custom intro (03:35) - Main show (03:37) - Main show (03:58) - Felipe intro (04:30) - Guillaume intro (05:32) - Today's topic (06:21) - What are Docker extensions? (08:47) - Question: Are extensions running in their own container? (10:24) - Question: Extensions are in Docker Desktop only? (11:00) - Where it is on the interface (11:27) - Submitting your own extensions to the marketplace (12:45) - Easy to install the extensions (13:16) - A couple extension examples (15:03) - Question: Extension versions and updates (15:34) - Question: Extensions dependent on Docker Desktop version? (16:38) - Sideloading extensions that are not in the marketplace (17:11) - Question: RAM and CPU usage (17:32) - Demos described (18:12) - Demo intro (18:38) - Demo (18:42) - Quick note about Portainer (19:16) - You don't have to remember commands (20:19) - Don't install all extensions at once (20:34) - Do extensions pause with Docker? (21:33) - Very little to learn (22:08) - Bret's backup tool extension isn't done (23:19) - Synchronising extensions across installations (23:55) - Docker roadmap and ideas (24:48) - Question: Security, where is the UI code running? (28:19) - Question: Multi-node Kubernetes clusters (30:26) - Question: Are all extensions open source? (32:01) - Expanding the SDK (32:43) - Bret's drop-down Kubernetes request (33:19) - Extension submission (34:06) - Wrapping up (35:15) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Nirmal Mehta, a Principal Specialist Solution Architect at AWS, and a Docker Captain, to discuss Karpenter, an autoscaling solution launched by AWS in 2021. Karpenter simplifies Kubernetes infrastructure by automating node scaling up and down, giving you "the right nodes at the right time."Autoscaling, particularly for Kubernetes, can be quite a complex project when you first start. Bret and Nirmal discuss how Karpenter works, how it can help or complement your existing setup, and how autoscaling generally works.Streamed live on YouTube on June 9, 2022.Unedited live recording of this show on YouTube (Ep #173). Includes demos.★Topics★Starship Shell PromptBret's favorite shell setupKarpenterKarpenter release blogK8s Scheduling ConceptsOther types of autoscalers:Horizontal Pod AutoscalerVertical Pod AutoscalerCluster Autoscaler★Nirmal Mehta★Nirmal on TwitterNirmal on LinkedIn★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:51) - Custom intro (02:08) - Main Show (02:12) - Introductions (03:12) - Nirmal's Jobs (03:58) - Talking about Kubernetes cluster scaling (05:04) - Who are we addressing? (06:29) - What is Karpenter not addressing? (06:52) - Auto-scaling at pod level (07:40) - Cluster auto-scaling (09:07) - Karpenter is alternate to cluser autoscaler (09:21) - Question (10:11) - Issues Karpenter was created to address (12:29) - What is Karpenter? (13:51) - Selective instance type provisioning (14:47) - Matching deployment definition to instance types (16:08) - Question: Is Karpenter designed only for AWS? (17:13) - Question: Can you auto-scale control plane nodes? (19:21) - The Kubernetes Scheduler (23:14) - Question: Does Karpenter auto-scale down? (25:05) - Question: EKS with Karpenter spot instances (25:58) - Question: Karpenter and AWS auto-scaling groups (26:10) - Question: Installation and provisioning (27:20) - Only affects unschedulable pods (28:49) - Demo intro (29:14) - Demo (29:19) - Scaling Down (30:27) - Keeping your nodes fresh (32:54) - If you want to learn more (33:23) - Goals for 2022 (34:15) - Questions (34:21) - Question: Cost-effective instances (35:35) - Question: Instances to IoC and automatically destroyed? (38:25) - Question: Features being pushed upstream into Kubernetes (40:28) - Question: Rebalancing (44:28) - Scaling down is hard too (46:18) - Question: Horizontal pod auto-scaler trigger Karpenter (47:25) - Question: Specs and Documentation (48:01) - Question: How does it pick instance sizes? (48:55) - Question: Karpenter respects desire to spread workloads (49:29) - Question: EKSAnywhere support (49:50) - Question: How do you pick AMIs? (50:37) - Winding down (52:25) - Wrapping up (52:30) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Laura Tacho, an engineering leadership coach, to discuss measuring your team's performance with DevOps metrics (DORA) and the new SPACE framework. Team Performance is one of Bret's favorite topics, and it should be everyone's concern.Laura and Bret discuss soft skills, how to implement DORA DevOps metrics, the new SPACE framework, as well as common pitfalls people make when attempting to implement those measurements. Streamed live on YouTube on June 2, 2022.Unedited live recording of this show on YouTube (Ep #172).★Topics★Laura's course on High-Performing Software TeamsDORA (DevOps Research and Assessment)DORA MetricsDORA DevOps Quick CheckSPACE frameworkGoodhart's lawDeveloper ExperienceDevOps HandbookAccelerate Book★Laura Tacho★Laura's homepage and NewsletterLaura on TwitterLaura on the GitHub blog★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by the co-creators of the Argo project and co-founders of Akuity - Hong Wang and Jesse Suen - to discuss the state of Argo and their new Akuity offering for Argo CD in the Cloud.Chances are, you've heard of one or more of the Argo projects. They include Argo Workflows, Argo CD, Argo Events, and Argo roll-outs. Argo is one of those Kubernetes projects that is so common for teams to choose that it's nearly an assumption that every team is using one of their tools in a cluster or two. Hong Wang and Jessie Suen helped co-create the Argo project years back at Intuit and have now co-founded a growing startup called Akuity. The company is focusing on making the Argo products better and creating SaaS offerings for the Argo tools. In this episode, we get a perspective on where the Argo tools came from and what the team behind it is doing. Streamed live on YouTube on May 26, 2022.Unedited live recording of this show on YouTube (Ep #171).★Topics★Argo CD homepageAkuity homepageAkuity news on more fundingArgo CD in the cloudArgoCon in SeptemberDeclarative setup of Argo CD★Twitter Links★ArgoAkuityJesse SuenHong Wang★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com