DevOps and Docker Talk: Cloud Native Interviews and Tooling

Bret is joined by Anaïs Urlichs of Aqua Security to talk container and Kubernetes security tools like trivy, kube-bench, tracee, and kube-hunter. I've been using trivy for over four years to scan for known vulnerabilities in my own container images and my clients.We also look at tracee, a new tool that is part of a new generation of tools that use the Linux kernel eBPF feature to investigate what's happening in real time on your servers. Anaïs is great as an explainer of Kubernetes and all cloud native things, and she's the creator of the 100 days of Kubernetes tutorials on her YouTube channel where she breaks down various cloud native topics for beginners. Based on what I've learned in this show from Anaïs, I plan to change how I use trivy so that it's scanning more things and more often in my CI automation pipelines.Streamed live on YouTube on November 3, 2022.Unedited live recording of this show on YouTube (Ep #190)★Topics★Aqua Security ToolsAqua Security on YouTubeTrivyTrivy-Operatorkube-benchtraceekube-hunter★Anaïs Urlichs★Anaïs on TwitterAnaïs' Newsletter Anaïs on YouTube 100 Days of Kubernetes★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (02:28) - Main show (02:32) - Introducing Anais (04:30) - Security Tools (04:56) - What is Aqua Security (06:12) - Not all security scanners are made equal (07:22) - What is Trivy? (08:01) - Misconfiguration scanning with Trivy (12:12) - Security vs Disruption (13:06) - Address vulnerabilities in the base image (14:11) - Question: Operator for Trivy (17:51) - Automating the tool (19:45) - Vulnerability fatigue (20:32) - Question: Go and No-go Criteria (24:13) - Tip Toe, Start Small (25:19) - Kube Bench (26:08) - Kube Hunter (28:09) - What is Tracee? (33:39) - What is the roadmap for implementing these tools? (39:57) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.Streamed live on YouTube on October 13, 2022.Unedited live recording of this show on YouTube (Ep #188)★Topics★Chainguard WebsiteChainguard TwitterChainguard AcademyWolfiWolfi-based imagesSigstore★Dan Lorenc★Dan Lorenc on TwitterDan Lorenc on Linkedin★Kim Lewandowski★Kim Lewandowski on TwitterKim Lewandowski on Linkedin★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Custom intro (02:51) - Main show (03:04) - Introductions (03:24) - How did Chainguard get started? (04:23) - What is a supply chain? (06:30) - First Security Things (08:55) - The article and the base image (12:02) - Wolfi elevator pitch (14:49) - How do packages get into Wolfi? (18:49) - How do Wolfi packages work (21:57) - Chainguard Enforce (26:43) - Question about in-toto (29:08) - Preventing unsigned images in production (30:44) - Blocking vulnerable dependencies with policies (31:39) - Scanning on servers (34:02) - Question (35:53) - Question (37:50) - Getting started with Wolfi (39:57) - Where are they on Github (demo?) (40:50) - Question about vex (43:13) - What else? (43:40) - Chainguard Academy (45:24) - Professional services (49:32) - Wrapping up (49:56) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Nirmal Mehta of AWS and engineering consultant Laura Tacho, for the annual Best of DevOps. We've started this trend of going through the year's best (and worst) of DevOps every December, everyone brings their topics, we mix them all up and try to get through all of it. This year, we came pretty close. We cover many topics in this year's episode, things like desktop GUIs for containers, the return of real-life conferences, Docker reaching a significant milestone, AI, ML, data platforms and much, much more.Streamed live on YouTube on December 8, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #194)★Topics★Full doc of topics (more than we could cover)Year of Desktop GUI’s for Container Dev and Cloud Native MgmtDocker Extensions List Rancher DesktopPodman DesktopLens commercialOpenLensk9s websiteKui websiteDevOps Survey TrendsOpenTelemetry Articles- Transforming IT Departments - Properly Explained and Demoed - Getting StartedKarpenter websiteeBPF and Profiling- Pixie- Parca★Laura Tacho★Laura's websiteLaura's CourseLaura on Twitter★Nirmal Mehta★Nirmal on LinkedinNirmal on MastodonNirmal on Twitter★Join my Community★New live course on CI automation and gitops deployments Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:53) - Custom intro (04:25) - Main show (04:45) - Introducing the guests (05:20) - In today's episode (05:52) - The year of desktop GUIs (12:14) - In real life conferences (12:46) - Boom and Bust (13:30) - Will Jenkins go away? (14:39) - GitHub Actions (16:14) - Laura's Rubber-band Theory (19:09) - Revenue and Docker's comeback (21:02) - Other trends (21:11) - DORA report (22:21) - Increased security requirements (24:31) - Jumping on the security bandwagon (25:43) - Security by default (27:04) - Rapid fire Kubernetes happenings (28:06) - Bret's Maven Course (28:15) - Laura's teaching (29:04) - WASM+ Docker (29:38) - Slim.ai (30:29) - Open telemetry (35:37) - Carpenter (37:04) - Lack of staff (37:50) - AI (40:38) - Boosting productivity (44:38) - ML models developed and running in containers (46:14) - Wrapping up (46:40) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Michael Irwin, Sr. Manager for DevRel at Docker, to review and demo our top 2022 new features and announcements from Docker Inc. We run through the very long list in this episode and sadly, had to skip over the smaller, nuance features or subtle changes and focused on the bigger things - a major one being Docker extensions - as well as Docker Hub support for OCI artifacts, like the Helm charts, volume, WASM, Hardened Docker Desktop, tilt.dev and much more.Streamed live on YouTube on December 1,  2022. Includes demos.Unedited live recording of this show on YouTube (Ep #193)★Topics★Docker Blog, "Products" category (most of our topics came from here)Recapping the last year of Docker Desktop (YouTube, September 2022)What's new in Docker Desktop (YouTube, DockerCon 2022, May 2022)What's new in Docker build (YouTube, DockerCon 2022, May 2022)★Michael Irwin★Michael on TwitterMichael's Website★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:53) - Custom intro (03:49) - Main show (04:00) - Welcome to Michael (05:24) - Keeping up with updates to our tools (08:03) - OCI artifacts (09:13) - What are OCI artifacts? (12:46) - WASM (16:35) - DEMO of WASM (23:16) - Question (23:43) - Question (25:42) - Question (27:29) - Question (31:31) - Extensions (34:40) - Question (36:41) - Question (39:37) - Dev Environments (42:51) - Compose v2 (44:54) - Hardened Desktop (49:46) - Tilt (51:17) - Docker Desktop for Linux (53:01) - DSO Website (55:48) - More vulnerabilities every year (58:51) - Moving Dockerd image management to containerd (01:02:29) - Buildkit improvements (01:05:50) - Buildkit's link feature (01:09:59) - Stuff not covered (01:11:50) - Winding down (01:12:23) - Question (01:17:51) - Show and guest calendar (01:18:20) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Brian Christner, a Docker Captain and Chief, Online Gaming for Grand Casino Baden (jackpots.ch), who returns to the show to discuss his top recommended skills for improving your DevOps expertise.Both Bret and Brian have been consultants on and off throughout their careers and also in positions where they needed to hire other engineers - often other DevOps engineers. They share their perspectives on the different types of DevOps roles and the various jobs they need to fill.In this episode, we thought it would be helpful to bring our experience on DevOps jobs and look at the most essential and in-demand skills throughout the industry.Streamed live on YouTube on October 6, 2022.Unedited live recording of this show on YouTube (Ep #187)★Topics★DevOps Foundations CourseEngineering Management Training from Laura TachoAwesome Docker resourcesAwesome Everything Lists on GitHubKubernetes This Month with Nigel PoultonAWS Cloud TrainingContainer Automation Examples by BretDocker Observability by Brain★Brian Christner★Brian on TwitterBrian on LinkedInBrian's Courses Promo Code TRAEFIK50 for 50% offBrian's GitHub Brian's Blog★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Intro 2 (01:47) - Main show (01:53) - Welcome (03:01) - Brian's corner of the internet (05:37) - Impact of certifications in the hiring process (06:01) - What's your pet project? (06:58) - What lights you up? (08:27) - Sharers rather than Knowers (09:51) - About clouds (16:35) - DevOps are enablers (17:49) - Be replaceable (19:58) - Soft Skills (20:20) - The many hats of Senior DevOps (20:23) - Encouragers (20:36) - Protectors (20:44) - Realistic (21:01) - Protect your team (21:27) - Say no (21:55) - Problem solvers (21:58) - Listeners (23:49) - Question (24:48) - Awesome Docker List (27:46) - DevOps is vast and wide (29:57) - Observability (31:48) - Choose what to measure (32:50) - Junior and Senior DevOps Skillsets (34:53) - Being proactive in measuring (37:03) - Question (38:07) - Use the built-in tools first (41:41) - Quick way to get your hands dirty (47:44) - Security (50:50) - Infrastructure-as-Code (54:51) - Being a generalist or a specialist (56:32) - Enable others to work without needing you (58:13) - Question (58:16) - Getting started with a cloud (01:01:11) - Nigel Poulton (01:01:58) - You can't be responsible for everything (01:03:53) - Are certifications mandatory? (01:06:34) - Deployment checklist question (01:07:22) - Question (01:12:14) - Question (01:13:00) - Announcements (01:15:12) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Rosemary Wang from HashiCorp to show off Vault for Kubernetes, an an open source secrets provider.Rosemary is a return guest and does her usual fantastic job at explaining the complex topics around storing secrets, who needs Vault and why, running Vault on Kubernetes, the Vault storage backend and so much more.Streamed live on YouTube on September 29, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #186)★Topics★Vault websiteHashiCorp CloudRaft storage for Vault, how Raft worksExample repo: HashiCorp Vault for Development Teams★Rosemary Wang★Rosemary on TwitterRosemary on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Bret intro (01:36) - Main show (01:52) - Course updates (02:12) - Introductions (03:15) - Today's Topic (04:24) - Anyone who doesn't need secret management? (07:13) - Elevator pitch for Vault (09:22) - Handling Rotation and Exit Strategies (11:49) - When do I need Vault? (14:35) - Question about Aquilas (14:54) - Vault is open source (16:50) - We ain't got time for that (17:41) - Can I run Vault on Kubernetes? (18:39) - Question: Where are Secrets Stored? (19:59) - Raft all the things (21:19) - Question: Vault and SSL Certificates (22:31) - Question and Demo (22:56) - Demo intro (23:26) - Demo (23:27) - Question about HSMs (23:50) - Question (24:44) - Question about Unsealed Tokens (27:18) - Question (29:42) - Bret's First Question about Toil (36:33) - Question: Password Managers and Vault (39:44) - Question (41:05) - Question (43:38) - Notes about Vault Agent Sidecar and Authentication (45:15) - Bret's Summary (48:48) - Question about Getting Started (49:44) - Starting with Sealed Secrets (52:30) - Wrap up (53:06) - Getting in touch with Rosemary (53:43) - What's next for Rosemary? (54:31) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Lee Calcote and Nic Jackson, co-authors of the Service Mesh Patterns book, to discuss service mesh for Docker Desktop and Compose apps with the new Meshery extension for Docker desktop.They talk about what service mesh is and go into the new Measure extension for Docker Desktop, which is a CNCF sandbox project. One of its bigger features is to help you try out different service meshes and test them with only a few clicks. They also cover other features of their tools, such as the beta of MeshMap which helps you visualize your clusters and apply better practices to your service mesh.Streamed live on YouTube on September 22, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #185)★Topics★Learn Service MeshMeshery Docker Extension MeshMap Service Mesh Patterns Book★Nic Jackson, Principal Developer Advocate, HashiCorp★Nic on TwitterNic on LinkedinNic Jackson on YouTube Shipyard website★Lee Calcote, Founder and CEO, Layer5★Lee on TwitterLee on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:52) - Bret intro (01:53) - Main show (01:58) - The guests (02:39) - Lee and Layer5 (03:55) - Nick and Hashicorp (05:51) - Lee and Nick (06:54) - Challenges of writing a book (07:37) - Layer5 and Meshery (08:38) - Meshery elevator pitch (10:46) - Service Mesh 101 (11:16) - Retry (12:20) - Observability (13:29) - Question Docker Swarm Supports Docker Extensions? (15:39) - What does service mesh seem like? (16:38) - Platform engineering (23:54) - Distributed systems concerns (25:39) - preparation (26:16) - What would you use Meshery locally for? (27:50) - Mesh map (28:48) - Demo but mostly theoretical (32:45) - Visual designer (33:11) - Catalog of extensions (33:49) - Performance management (37:03) - Installing the extension (37:52) - Close to the end (38:12) - A lot going on online (38:54) - Shipyard (42:26) - Starship (42:44) - Wrapping up (42:55) - Status of the book (49:45) - Closing (50:01) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Liz Rice, Chief Open Source Officer at Isovalent, the makers of Cilium, to discuss Cilium and eBPF. Liz Rice is back to give us more insight into eBPF and the Cilium project. Isovalent is the company that created and manages the Cilium Project, which does an increasing number of things for Kubernetes, including networking, CNI support, security, advanced networking stuff, and observability, as well as other things like load balancing. Liz is one of my go-to experts on how low-level Linux internals work. She's been speaking about container internals since the early days of Docker.Streamed live on YouTube on September 8, 2022.Unedited live recording of this show on YouTube (Ep #183)★Topics★Cilium websiteIsovalent websiteeBPFNetwork Policy Editor★Liz Rice★Liz Rice on TwitterLiz Rice's websiteBooks on Containers, eBPF, Kubernetes and Go★Join my Community★ Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Bret intro (01:41) - Main interview (01:44) - The merch store (02:39) - More merch talk (04:19) - Introductions (05:16) - What else Liz does (05:26) - Liz's books (06:22) - Brief history of EBPF (07:41) - Kernel modules before EBPF (08:46) - EBPF vs Kernel Modules (09:57) - EBFP is dynamically loaded (11:23) - Performance and Data Transfer (12:35) - Isovalent and Cilium (14:12) - How Cilium started (16:18) - Specific versions of the kernel? (17:32) - Where do we use EBPF in Kubernetes? (18:12) - CNI (20:02) - Question: Where can you start learning EBPF? (23:04) - Question (30:22) - All open source? (31:08) - Question Cilium as a service mesh (32:32) - Enabling certain features (33:39) - Question (34:11) - Question (35:20) - Question (37:21) - Wrapping up Cilium in cloud (38:22) - Offloading programs XDP (40:16) - Question about GUI (42:41) - Question (49:29) - Question (52:10) - EBPF on Windows? (53:13) - How is it implemented? (54:02) - Wrapping up You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Shauli Rozen, CEO and Co-Founder of ARMO, creators of Kubescape. Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning.I'm a fan of tools like this and specifically of Kubescape, which I use and recommend to my clients. The scanner can scan your YAML manifests of your Kubernetes resources. It can scan your live Kubernetes clusters. And it can scan the YAML in your Git repos, as well as the images themselves that you're deploying to Kubernetes. As ARMO calls it, it's a single pane of glass into your Kubernetes security. Streamed live on YouTube on September 1, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #182)★Topics★Kubescape's GitHub K8s Security Dashboard ARMO website★Shauli Rozen★Shauli on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Main intro (00:53) - Custom intro (02:45) - Main show (02:49) - Introductions (03:43) - The Kubescape project (04:25) - Go to the developers (05:26) - Security low-handing fruit (06:19) - I just want to be a user (09:32) - Kubescape elevator pitch (12:00) - Good learning tool (12:48) - Linting (13:20) - Remediation (14:45) - The SaaS Version (16:19) - Does DevOps not care about security? (18:24) - A gap in terminology (20:31) - Security compliance and guidance (25:58) - GitOps Approach (27:38) - Asking about demo (28:19) - Question (29:21) - Become a contributor (30:55) - Demo intro (31:21) - Demo end part (31:26) - Question (31:56) - Visualizer (33:23) - Question (34:41) - Question (38:55) - Mindset differences (39:49) - Question (42:06) - Question (42:33) - Winding down (43:26) - How to get started (44:26) - Template outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Martin Wimpress and Pieter van Noordennen from Slim.ai to discuss some ways to slim down your Docker images and reduce the attack surface of your containers in the process.Many companies and projects have tried to do similar things before - Slim Images, Alpine Images, Distro List, Build Packs, and even Docker tried a few years back, to create intelligence and guidance around migrating legacy apps into slim production quality images. Those efforts were scrapped in 2019. The dual mandate of generating Docker images - easy to understand and as minimal as possible, with the lowest CVE vulnerability count - was not achieved by any of those projects. Automation and intelligence like Slim.ai is the future of building container images and also the future of complex monoliths and legacy apps with a lot of dependencies.Streamed live on YouTube on July 28, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #180)★Topics★Docker SlimSlim.ai★Martin Wimpress★Martin Wimpress on Twitter★Pieter van Noordennen★Pieter van Noordennen on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (04:32) - Main show (04:51) - How Slim.ai started (07:07) - Complexities of shipping images (08:53) - DockerSlim (10:27) - Setting the stage for demo (13:02) - Demo intro (13:28) - Demo (13:33) - Bret's Question (22:20) - Different container composition options (23:36) - Demo intro 2 (23:42) - Bret loves Docker Desktop and Extensions (27:28) - Pausing Docker (27:54) - The extension is the same as the SaaS (28:30) - It's free (29:03) - Demo? (29:03) - Distroless and optimized starting points (34:47) - Build engineering nightmare (36:15) - Not just security considerations (39:03) - Understanding dependency differences (40:34) - Question (42:03) - Slim cli (46:08) - Getting started (47:38) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com