DevOps and Docker Talk: Cloud Native Interviews and Tooling

Bret is joined by Michael Irwin, Sr. Manager for DevRel at Docker, to review and demo our top 2022 new features and announcements from Docker Inc. We run through the very long list in this episode and sadly, had to skip over the smaller, nuance features or subtle changes and focused on the bigger things - a major one being Docker extensions - as well as Docker Hub support for OCI artifacts, like the Helm charts, volume, WASM, Hardened Docker Desktop, tilt.dev and much more.Streamed live on YouTube on December 1,  2022. Includes demos.Unedited live recording of this show on YouTube (Ep #193)★Topics★Docker Blog, "Products" category (most of our topics came from here)Recapping the last year of Docker Desktop (YouTube, September 2022)What's new in Docker Desktop (YouTube, DockerCon 2022, May 2022)What's new in Docker build (YouTube, DockerCon 2022, May 2022)★Michael Irwin★Michael on TwitterMichael's Website★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:53) - Custom intro (03:49) - Main show (04:00) - Welcome to Michael (05:24) - Keeping up with updates to our tools (08:03) - OCI artifacts (09:13) - What are OCI artifacts? (12:46) - WASM (16:35) - DEMO of WASM (23:16) - Question (23:43) - Question (25:42) - Question (27:29) - Question (31:31) - Extensions (34:40) - Question (36:41) - Question (39:37) - Dev Environments (42:51) - Compose v2 (44:54) - Hardened Desktop (49:46) - Tilt (51:17) - Docker Desktop for Linux (53:01) - DSO Website (55:48) - More vulnerabilities every year (58:51) - Moving Dockerd image management to containerd (01:02:29) - Buildkit improvements (01:05:50) - Buildkit's link feature (01:09:59) - Stuff not covered (01:11:50) - Winding down (01:12:23) - Question (01:17:51) - Show and guest calendar (01:18:20) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Brian Christner, a Docker Captain and Chief, Online Gaming for Grand Casino Baden (jackpots.ch), who returns to the show to discuss his top recommended skills for improving your DevOps expertise.Both Bret and Brian have been consultants on and off throughout their careers and also in positions where they needed to hire other engineers - often other DevOps engineers. They share their perspectives on the different types of DevOps roles and the various jobs they need to fill.In this episode, we thought it would be helpful to bring our experience on DevOps jobs and look at the most essential and in-demand skills throughout the industry.Streamed live on YouTube on October 6, 2022.Unedited live recording of this show on YouTube (Ep #187)★Topics★DevOps Foundations CourseEngineering Management Training from Laura TachoAwesome Docker resourcesAwesome Everything Lists on GitHubKubernetes This Month with Nigel PoultonAWS Cloud TrainingContainer Automation Examples by BretDocker Observability by Brain★Brian Christner★Brian on TwitterBrian on LinkedInBrian's Courses Promo Code TRAEFIK50 for 50% offBrian's GitHub Brian's Blog★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Intro 2 (01:47) - Main show (01:53) - Welcome (03:01) - Brian's corner of the internet (05:37) - Impact of certifications in the hiring process (06:01) - What's your pet project? (06:58) - What lights you up? (08:27) - Sharers rather than Knowers (09:51) - About clouds (16:35) - DevOps are enablers (17:49) - Be replaceable (19:58) - Soft Skills (20:20) - The many hats of Senior DevOps (20:23) - Encouragers (20:36) - Protectors (20:44) - Realistic (21:01) - Protect your team (21:27) - Say no (21:55) - Problem solvers (21:58) - Listeners (23:49) - Question (24:48) - Awesome Docker List (27:46) - DevOps is vast and wide (29:57) - Observability (31:48) - Choose what to measure (32:50) - Junior and Senior DevOps Skillsets (34:53) - Being proactive in measuring (37:03) - Question (38:07) - Use the built-in tools first (41:41) - Quick way to get your hands dirty (47:44) - Security (50:50) - Infrastructure-as-Code (54:51) - Being a generalist or a specialist (56:32) - Enable others to work without needing you (58:13) - Question (58:16) - Getting started with a cloud (01:01:11) - Nigel Poulton (01:01:58) - You can't be responsible for everything (01:03:53) - Are certifications mandatory? (01:06:34) - Deployment checklist question (01:07:22) - Question (01:12:14) - Question (01:13:00) - Announcements (01:15:12) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Rosemary Wang from HashiCorp to show off Vault for Kubernetes, an an open source secrets provider.Rosemary is a return guest and does her usual fantastic job at explaining the complex topics around storing secrets, who needs Vault and why, running Vault on Kubernetes, the Vault storage backend and so much more.Streamed live on YouTube on September 29, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #186)★Topics★Vault websiteHashiCorp CloudRaft storage for Vault, how Raft worksExample repo: HashiCorp Vault for Development Teams★Rosemary Wang★Rosemary on TwitterRosemary on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Bret intro (01:36) - Main show (01:52) - Course updates (02:12) - Introductions (03:15) - Today's Topic (04:24) - Anyone who doesn't need secret management? (07:13) - Elevator pitch for Vault (09:22) - Handling Rotation and Exit Strategies (11:49) - When do I need Vault? (14:35) - Question about Aquilas (14:54) - Vault is open source (16:50) - We ain't got time for that (17:41) - Can I run Vault on Kubernetes? (18:39) - Question: Where are Secrets Stored? (19:59) - Raft all the things (21:19) - Question: Vault and SSL Certificates (22:31) - Question and Demo (22:56) - Demo intro (23:26) - Demo (23:27) - Question about HSMs (23:50) - Question (24:44) - Question about Unsealed Tokens (27:18) - Question (29:42) - Bret's First Question about Toil (36:33) - Question: Password Managers and Vault (39:44) - Question (41:05) - Question (43:38) - Notes about Vault Agent Sidecar and Authentication (45:15) - Bret's Summary (48:48) - Question about Getting Started (49:44) - Starting with Sealed Secrets (52:30) - Wrap up (53:06) - Getting in touch with Rosemary (53:43) - What's next for Rosemary? (54:31) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Lee Calcote and Nic Jackson, co-authors of the Service Mesh Patterns book, to discuss service mesh for Docker Desktop and Compose apps with the new Meshery extension for Docker desktop.They talk about what service mesh is and go into the new Measure extension for Docker Desktop, which is a CNCF sandbox project. One of its bigger features is to help you try out different service meshes and test them with only a few clicks. They also cover other features of their tools, such as the beta of MeshMap which helps you visualize your clusters and apply better practices to your service mesh.Streamed live on YouTube on September 22, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #185)★Topics★Learn Service MeshMeshery Docker Extension MeshMap Service Mesh Patterns Book★Nic Jackson, Principal Developer Advocate, HashiCorp★Nic on TwitterNic on LinkedinNic Jackson on YouTube Shipyard website★Lee Calcote, Founder and CEO, Layer5★Lee on TwitterLee on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:52) - Bret intro (01:53) - Main show (01:58) - The guests (02:39) - Lee and Layer5 (03:55) - Nick and Hashicorp (05:51) - Lee and Nick (06:54) - Challenges of writing a book (07:37) - Layer5 and Meshery (08:38) - Meshery elevator pitch (10:46) - Service Mesh 101 (11:16) - Retry (12:20) - Observability (13:29) - Question Docker Swarm Supports Docker Extensions? (15:39) - What does service mesh seem like? (16:38) - Platform engineering (23:54) - Distributed systems concerns (25:39) - preparation (26:16) - What would you use Meshery locally for? (27:50) - Mesh map (28:48) - Demo but mostly theoretical (32:45) - Visual designer (33:11) - Catalog of extensions (33:49) - Performance management (37:03) - Installing the extension (37:52) - Close to the end (38:12) - A lot going on online (38:54) - Shipyard (42:26) - Starship (42:44) - Wrapping up (42:55) - Status of the book (49:45) - Closing (50:01) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Liz Rice, Chief Open Source Officer at Isovalent, the makers of Cilium, to discuss Cilium and eBPF. Liz Rice is back to give us more insight into eBPF and the Cilium project. Isovalent is the company that created and manages the Cilium Project, which does an increasing number of things for Kubernetes, including networking, CNI support, security, advanced networking stuff, and observability, as well as other things like load balancing. Liz is one of my go-to experts on how low-level Linux internals work. She's been speaking about container internals since the early days of Docker.Streamed live on YouTube on September 8, 2022.Unedited live recording of this show on YouTube (Ep #183)★Topics★Cilium websiteIsovalent websiteeBPFNetwork Policy Editor★Liz Rice★Liz Rice on TwitterLiz Rice's websiteBooks on Containers, eBPF, Kubernetes and Go★Join my Community★ Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Bret intro (01:41) - Main interview (01:44) - The merch store (02:39) - More merch talk (04:19) - Introductions (05:16) - What else Liz does (05:26) - Liz's books (06:22) - Brief history of EBPF (07:41) - Kernel modules before EBPF (08:46) - EBPF vs Kernel Modules (09:57) - EBFP is dynamically loaded (11:23) - Performance and Data Transfer (12:35) - Isovalent and Cilium (14:12) - How Cilium started (16:18) - Specific versions of the kernel? (17:32) - Where do we use EBPF in Kubernetes? (18:12) - CNI (20:02) - Question: Where can you start learning EBPF? (23:04) - Question (30:22) - All open source? (31:08) - Question Cilium as a service mesh (32:32) - Enabling certain features (33:39) - Question (34:11) - Question (35:20) - Question (37:21) - Wrapping up Cilium in cloud (38:22) - Offloading programs XDP (40:16) - Question about GUI (42:41) - Question (49:29) - Question (52:10) - EBPF on Windows? (53:13) - How is it implemented? (54:02) - Wrapping up You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Shauli Rozen, CEO and Co-Founder of ARMO, creators of Kubescape. Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning.I'm a fan of tools like this and specifically of Kubescape, which I use and recommend to my clients. The scanner can scan your YAML manifests of your Kubernetes resources. It can scan your live Kubernetes clusters. And it can scan the YAML in your Git repos, as well as the images themselves that you're deploying to Kubernetes. As ARMO calls it, it's a single pane of glass into your Kubernetes security. Streamed live on YouTube on September 1, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #182)★Topics★Kubescape's GitHub K8s Security Dashboard ARMO website★Shauli Rozen★Shauli on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Main intro (00:53) - Custom intro (02:45) - Main show (02:49) - Introductions (03:43) - The Kubescape project (04:25) - Go to the developers (05:26) - Security low-handing fruit (06:19) - I just want to be a user (09:32) - Kubescape elevator pitch (12:00) - Good learning tool (12:48) - Linting (13:20) - Remediation (14:45) - The SaaS Version (16:19) - Does DevOps not care about security? (18:24) - A gap in terminology (20:31) - Security compliance and guidance (25:58) - GitOps Approach (27:38) - Asking about demo (28:19) - Question (29:21) - Become a contributor (30:55) - Demo intro (31:21) - Demo end part (31:26) - Question (31:56) - Visualizer (33:23) - Question (34:41) - Question (38:55) - Mindset differences (39:49) - Question (42:06) - Question (42:33) - Winding down (43:26) - How to get started (44:26) - Template outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Martin Wimpress and Pieter van Noordennen from Slim.ai to discuss some ways to slim down your Docker images and reduce the attack surface of your containers in the process.Many companies and projects have tried to do similar things before - Slim Images, Alpine Images, Distro List, Build Packs, and even Docker tried a few years back, to create intelligence and guidance around migrating legacy apps into slim production quality images. Those efforts were scrapped in 2019. The dual mandate of generating Docker images - easy to understand and as minimal as possible, with the lowest CVE vulnerability count - was not achieved by any of those projects. Automation and intelligence like Slim.ai is the future of building container images and also the future of complex monoliths and legacy apps with a lot of dependencies.Streamed live on YouTube on July 28, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #180)★Topics★Docker SlimSlim.ai★Martin Wimpress★Martin Wimpress on Twitter★Pieter van Noordennen★Pieter van Noordennen on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (04:32) - Main show (04:51) - How Slim.ai started (07:07) - Complexities of shipping images (08:53) - DockerSlim (10:27) - Setting the stage for demo (13:02) - Demo intro (13:28) - Demo (13:33) - Bret's Question (22:20) - Different container composition options (23:36) - Demo intro 2 (23:42) - Bret loves Docker Desktop and Extensions (27:28) - Pausing Docker (27:54) - The extension is the same as the SaaS (28:30) - It's free (29:03) - Demo? (29:03) - Distroless and optimized starting points (34:47) - Build engineering nightmare (36:15) - Not just security considerations (39:03) - Understanding dependency differences (40:34) - Question (42:03) - Slim cli (46:08) - Getting started (47:38) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Dmitriy Kalinin and John Ryan, software engineers at VMWare, to show off the many Carvel project tools.Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. The Carvel project includes tools for templating, image building and tracking, secrets management, app deploying and more. The tool list includes ytt, kapp, kapp-controller, kbld, imgpkg, vendir, and kwt.Streamed live on YouTube on July 14, 2022.Unedited live recording of this show on YouTube (Ep #178)★Topics★Carvel websiteCarvel on Twitter★Dmitriy Kalinin★Dmitriy Kalinin on Twitter★John Ryan★John Ryan on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:51) - Custom intro (01:50) - Main Show (02:14) - A lot of tools (03:19) - How did Carvel begin? (06:02) - Use the tools differently across all stages (06:59) - Building from the ground up (08:43) - Are the tools independently used? (09:28) - The first Carvel tool (09:42) - ytt (10:57) - kapp (11:57) - What is YTT (15:03) - Creating more consistency? (17:43) - How to use with compose (18:47) - Question about Q (21:40) - Question (24:33) - Question (25:12) - Solve a real problem (26:09) - Don't overcomplicate yourself (28:04) - What problem does Kapp solve? (30:37) - Kapp and Kapp controller (36:39) - Question (37:16) - Rapid fire (37:22) - Kbuild (43:28) - How does image package help? (46:57) - The experimental tools (47:45) - Secret generation (52:47) - Vendor (56:33) - Getting involved (58:06) - Last thoughts (59:20) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret goes through his top recommendations for securing container images, Docker containers and Kubernetes pods.This is a tip-packed show where Bret lists much of what's documented in his courses, starting with the first steps you should take, and the bare security necessities that everyone should be doing. Then he covers more advanced security activities you should consider once the basics are covered.Streamed live on YouTube on July 7, 2022.Unedited live recording of this show on YouTube (Ep #177).★Topics★Bret's Container Security AMADocker Security DocsDocker Buys AtomistSlim.ai website: Auto-slimming imagesDocker Slim toolKubescape websiteKubernetes Security ContextSeccomp by defaultLint all files with super-linterDatree K8s file scanKubernetes BenchmarkMy GitHub Actions examples: Automate your builds, CVE scans, and moreVideo on building a more secure base imageSnyk security tools websiteTrivy CVE and K8s scansFalco for watching servers for bad behavior★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - Intro (00:52) - Mid-Roll Intro (00:53) - Bret's Intro (01:46) - Main show (02:45) - What should I worry about first? The Basics! (03:47) - Start with images (04:28) - Bret.show/SecurityFirst (05:04) - CVE scanning (05:36) - Dependency scanning (06:28) - Bret's Github with Dependabot (07:25) - OS dependencies with Trivy and Snyk (09:23) - Bret's Talks (10:17) - Alpine is not always good (11:27) - All hands on automation (12:14) - Don't run as root inside the image (14:04) - Question (15:20) - Making slimmer images (15:52) - Atomist (17:19) - DockerSlim (20:48) - Question (22:21) - Question (24:09) - Question (24:36) - Question (24:45) - Question (25:15) - Securing Docker (25:47) - Docker host scanner (26:28) - Falco (26:55) - Just use Docker (28:28) - Question about Windows Containers (30:19) - Maintain your servers (31:12) - Docker in the cloud (32:29) - Always stay on the latest Kubernetes release (33:33) - Kube-bench (34:22) - Tree.io (35:04) - Pod specs (36:08) - Sec comp (37:33) - Security context (38:57) - Privilege escalation (39:50) - Superlinter (40:54) - Question about Fargate (42:35) - Network policies (44:38) - Kubernetes docs article on security context (45:16) - Question (47:43) - Third-party security monitoring (47:57) - Question about volumes (48:45) - Question about Docker subnets (49:30) - Question about secrets (50:17) - Question about subnets 2 (50:48) - Question (53:03) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Marc Campbell of Replicated to discuss the challenges of deploying your software on other people's Kubernetes.Following a discussion of the problems Replicated is solving, they go over all the great open source projects they are developing for deploying, managing, and troubleshooting Kubernetes.Streamed live on YouTube on June 23, 2022.Unedited live recording of this show on YouTube (Ep #175).★Topics★Replicated Replicated OSS Projects Kubernetes TroubleshooterSchema Hero Kubelist podcast, CNCF project leader interviewsEnterprise Ready assessment and podcastkURL - Customize your Kubernetes Installer KOTS - Manage COTS on K8s Find Outdated ImagesUnfork your custom Helm charts ★Marc Campbell★Marc Campbell on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:03) - Template intro (00:53) - Bret intro (03:02) - Main show (03:42) - How Mark Got to Replicated (04:28) - How Replicated Started (05:01) - All projects open source (06:04) - COTS (11:31) - Kubernetes: Limiter or Enabler? (13:06) - Kurl (16:57) - KOTS (20:15) - Not all users are going to be helm experts (21:13) - Unfork (25:08) - Troubleshooting Kubernetes (35:02) - Outdated (40:35) - Their podcasts (41:41) - Schemahero (50:19) - Other tools like kurl? (52:02) - Are teams adopting kots? (54:27) - Question (55:49) - What's next? (57:39) - Winding down (57:48) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com