DevOps and Docker Talk: Cloud Native Interviews and Tooling

Bret is joined by Dmitriy Kalinin and John Ryan, software engineers at VMWare, to show off the many Carvel project tools.Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. The Carvel project includes tools for templating, image building and tracking, secrets management, app deploying and more. The tool list includes ytt, kapp, kapp-controller, kbld, imgpkg, vendir, and kwt.Streamed live on YouTube on July 14, 2022.Unedited live recording of this show on YouTube (Ep #178)★Topics★Carvel websiteCarvel on Twitter★Dmitriy Kalinin★Dmitriy Kalinin on Twitter★John Ryan★John Ryan on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:51) - Custom intro (01:50) - Main Show (02:14) - A lot of tools (03:19) - How did Carvel begin? (06:02) - Use the tools differently across all stages (06:59) - Building from the ground up (08:43) - Are the tools independently used? (09:28) - The first Carvel tool (09:42) - ytt (10:57) - kapp (11:57) - What is YTT (15:03) - Creating more consistency? (17:43) - How to use with compose (18:47) - Question about Q (21:40) - Question (24:33) - Question (25:12) - Solve a real problem (26:09) - Don't overcomplicate yourself (28:04) - What problem does Kapp solve? (30:37) - Kapp and Kapp controller (36:39) - Question (37:16) - Rapid fire (37:22) - Kbuild (43:28) - How does image package help? (46:57) - The experimental tools (47:45) - Secret generation (52:47) - Vendor (56:33) - Getting involved (58:06) - Last thoughts (59:20) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret goes through his top recommendations for securing container images, Docker containers and Kubernetes pods.This is a tip-packed show where Bret lists much of what's documented in his courses, starting with the first steps you should take, and the bare security necessities that everyone should be doing. Then he covers more advanced security activities you should consider once the basics are covered.Streamed live on YouTube on July 7, 2022.Unedited live recording of this show on YouTube (Ep #177).★Topics★Bret's Container Security AMADocker Security DocsDocker Buys AtomistSlim.ai website: Auto-slimming imagesDocker Slim toolKubescape websiteKubernetes Security ContextSeccomp by defaultLint all files with super-linterDatree K8s file scanKubernetes BenchmarkMy GitHub Actions examples: Automate your builds, CVE scans, and moreVideo on building a more secure base imageSnyk security tools websiteTrivy CVE and K8s scansFalco for watching servers for bad behavior★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - Intro (00:52) - Mid-Roll Intro (00:53) - Bret's Intro (01:46) - Main show (02:45) - What should I worry about first? The Basics! (03:47) - Start with images (04:28) - Bret.show/SecurityFirst (05:04) - CVE scanning (05:36) - Dependency scanning (06:28) - Bret's Github with Dependabot (07:25) - OS dependencies with Trivy and Snyk (09:23) - Bret's Talks (10:17) - Alpine is not always good (11:27) - All hands on automation (12:14) - Don't run as root inside the image (14:04) - Question (15:20) - Making slimmer images (15:52) - Atomist (17:19) - DockerSlim (20:48) - Question (22:21) - Question (24:09) - Question (24:36) - Question (24:45) - Question (25:15) - Securing Docker (25:47) - Docker host scanner (26:28) - Falco (26:55) - Just use Docker (28:28) - Question about Windows Containers (30:19) - Maintain your servers (31:12) - Docker in the cloud (32:29) - Always stay on the latest Kubernetes release (33:33) - Kube-bench (34:22) - Tree.io (35:04) - Pod specs (36:08) - Sec comp (37:33) - Security context (38:57) - Privilege escalation (39:50) - Superlinter (40:54) - Question about Fargate (42:35) - Network policies (44:38) - Kubernetes docs article on security context (45:16) - Question (47:43) - Third-party security monitoring (47:57) - Question about volumes (48:45) - Question about Docker subnets (49:30) - Question about secrets (50:17) - Question about subnets 2 (50:48) - Question (53:03) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Marc Campbell of Replicated to discuss the challenges of deploying your software on other people's Kubernetes.Following a discussion of the problems Replicated is solving, they go over all the great open source projects they are developing for deploying, managing, and troubleshooting Kubernetes.Streamed live on YouTube on June 23, 2022.Unedited live recording of this show on YouTube (Ep #175).★Topics★Replicated Replicated OSS Projects Kubernetes TroubleshooterSchema Hero Kubelist podcast, CNCF project leader interviewsEnterprise Ready assessment and podcastkURL - Customize your Kubernetes Installer KOTS - Manage COTS on K8s Find Outdated ImagesUnfork your custom Helm charts ★Marc Campbell★Marc Campbell on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:03) - Template intro (00:53) - Bret intro (03:02) - Main show (03:42) - How Mark Got to Replicated (04:28) - How Replicated Started (05:01) - All projects open source (06:04) - COTS (11:31) - Kubernetes: Limiter or Enabler? (13:06) - Kurl (16:57) - KOTS (20:15) - Not all users are going to be helm experts (21:13) - Unfork (25:08) - Troubleshooting Kubernetes (35:02) - Outdated (40:35) - Their podcasts (41:41) - Schemahero (50:19) - Other tools like kurl? (52:02) - Are teams adopting kots? (54:27) - Question (55:49) - What's next? (57:39) - Winding down (57:48) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Guillaume Tardif and Felipe Cruz of Docker Inc. for a deep dive into Docker extensions.Docker Extensions are a favorite new feature. Guillaume and Felipe are both engineers at Docker and they walk us through how extensions came about, how to install them, and how to submit them to the marketplace.By the time Docker released extensions at DockerCon in May 2022, there were already a dozen solid extensions, including a disk manager, log explorer, and other third-party tools like Portainer, Snyk, and Anchor. Docker extensions will be most helpful to people who use Docker Desktop.Streamed live on YouTube on June 16, 2022.Unedited live recording of this show on YouTube (Ep #174). Includes demos.★Topics★Docker Extensions homepageDocker Extensions announcement at DockerCon 2022Build your first Docker ExtensionSubmit your extension for the MarketplaceVackup, an example custom extensionExtension SDKOther Extension resources★Guillaume and Felipe★Guillaume Tardif on TwitterFelipe Cruz on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:52) - Bret custom intro (03:35) - Main show (03:37) - Main show (03:58) - Felipe intro (04:30) - Guillaume intro (05:32) - Today's topic (06:21) - What are Docker extensions? (08:47) - Question: Are extensions running in their own container? (10:24) - Question: Extensions are in Docker Desktop only? (11:00) - Where it is on the interface (11:27) - Submitting your own extensions to the marketplace (12:45) - Easy to install the extensions (13:16) - A couple extension examples (15:03) - Question: Extension versions and updates (15:34) - Question: Extensions dependent on Docker Desktop version? (16:38) - Sideloading extensions that are not in the marketplace (17:11) - Question: RAM and CPU usage (17:32) - Demos described (18:12) - Demo intro (18:38) - Demo (18:42) - Quick note about Portainer (19:16) - You don't have to remember commands (20:19) - Don't install all extensions at once (20:34) - Do extensions pause with Docker? (21:33) - Very little to learn (22:08) - Bret's backup tool extension isn't done (23:19) - Synchronising extensions across installations (23:55) - Docker roadmap and ideas (24:48) - Question: Security, where is the UI code running? (28:19) - Question: Multi-node Kubernetes clusters (30:26) - Question: Are all extensions open source? (32:01) - Expanding the SDK (32:43) - Bret's drop-down Kubernetes request (33:19) - Extension submission (34:06) - Wrapping up (35:15) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Nirmal Mehta, a Principal Specialist Solution Architect at AWS, and a Docker Captain, to discuss Karpenter, an autoscaling solution launched by AWS in 2021. Karpenter simplifies Kubernetes infrastructure by automating node scaling up and down, giving you "the right nodes at the right time."Autoscaling, particularly for Kubernetes, can be quite a complex project when you first start. Bret and Nirmal discuss how Karpenter works, how it can help or complement your existing setup, and how autoscaling generally works.Streamed live on YouTube on June 9, 2022.Unedited live recording of this show on YouTube (Ep #173). Includes demos.★Topics★Starship Shell PromptBret's favorite shell setupKarpenterKarpenter release blogK8s Scheduling ConceptsOther types of autoscalers:Horizontal Pod AutoscalerVertical Pod AutoscalerCluster Autoscaler★Nirmal Mehta★Nirmal on TwitterNirmal on LinkedIn★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:51) - Custom intro (02:08) - Main Show (02:12) - Introductions (03:12) - Nirmal's Jobs (03:58) - Talking about Kubernetes cluster scaling (05:04) - Who are we addressing? (06:29) - What is Karpenter not addressing? (06:52) - Auto-scaling at pod level (07:40) - Cluster auto-scaling (09:07) - Karpenter is alternate to cluser autoscaler (09:21) - Question (10:11) - Issues Karpenter was created to address (12:29) - What is Karpenter? (13:51) - Selective instance type provisioning (14:47) - Matching deployment definition to instance types (16:08) - Question: Is Karpenter designed only for AWS? (17:13) - Question: Can you auto-scale control plane nodes? (19:21) - The Kubernetes Scheduler (23:14) - Question: Does Karpenter auto-scale down? (25:05) - Question: EKS with Karpenter spot instances (25:58) - Question: Karpenter and AWS auto-scaling groups (26:10) - Question: Installation and provisioning (27:20) - Only affects unschedulable pods (28:49) - Demo intro (29:14) - Demo (29:19) - Scaling Down (30:27) - Keeping your nodes fresh (32:54) - If you want to learn more (33:23) - Goals for 2022 (34:15) - Questions (34:21) - Question: Cost-effective instances (35:35) - Question: Instances to IoC and automatically destroyed? (38:25) - Question: Features being pushed upstream into Kubernetes (40:28) - Question: Rebalancing (44:28) - Scaling down is hard too (46:18) - Question: Horizontal pod auto-scaler trigger Karpenter (47:25) - Question: Specs and Documentation (48:01) - Question: How does it pick instance sizes? (48:55) - Question: Karpenter respects desire to spread workloads (49:29) - Question: EKSAnywhere support (49:50) - Question: How do you pick AMIs? (50:37) - Winding down (52:25) - Wrapping up (52:30) - Outro You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Laura Tacho, an engineering leadership coach, to discuss measuring your team's performance with DevOps metrics (DORA) and the new SPACE framework. Team Performance is one of Bret's favorite topics, and it should be everyone's concern.Laura and Bret discuss soft skills, how to implement DORA DevOps metrics, the new SPACE framework, as well as common pitfalls people make when attempting to implement those measurements. Streamed live on YouTube on June 2, 2022.Unedited live recording of this show on YouTube (Ep #172).★Topics★Laura's course on High-Performing Software TeamsDORA (DevOps Research and Assessment)DORA MetricsDORA DevOps Quick CheckSPACE frameworkGoodhart's lawDeveloper ExperienceDevOps HandbookAccelerate Book★Laura Tacho★Laura's homepage and NewsletterLaura on TwitterLaura on the GitHub blog★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by the co-creators of the Argo project and co-founders of Akuity - Hong Wang and Jesse Suen - to discuss the state of Argo and their new Akuity offering for Argo CD in the Cloud.Chances are, you've heard of one or more of the Argo projects. They include Argo Workflows, Argo CD, Argo Events, and Argo roll-outs. Argo is one of those Kubernetes projects that is so common for teams to choose that it's nearly an assumption that every team is using one of their tools in a cluster or two. Hong Wang and Jessie Suen helped co-create the Argo project years back at Intuit and have now co-founded a growing startup called Akuity. The company is focusing on making the Argo products better and creating SaaS offerings for the Argo tools. In this episode, we get a perspective on where the Argo tools came from and what the team behind it is doing. Streamed live on YouTube on May 26, 2022.Unedited live recording of this show on YouTube (Ep #171).★Topics★Argo CD homepageAkuity homepageAkuity news on more fundingArgo CD in the cloudArgoCon in SeptemberDeclarative setup of Argo CD★Twitter Links★ArgoAkuityJesse SuenHong Wang★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Rosemary Wang, a developer advocate at Hashi Corp. She recently finished a Manning book, titled Infrastructure as Code: Patterns and Practices. They discuss how infrastructure as code fits into DevOps and Gitops, and how you can get started with IaC and run over some important patterns, such as controlling versioning, IaC testing and managing costs.Rosemary worked at ThoughtWorks previously, and it was interesting to hear her experiences on learning from senior engineering, and how pairing and other types of mentorship can help. Streamed live on YouTube on April 28, 2022.Unedited live recording of this show on YouTube (Ep #168).★Topics★Infrastructure as Code: Patterns and Practices, with examples in Python and Terraform ★Rosemary Wang★Rosemary on Twitter ★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Ravi Lachhman, Field CTO at Shipa, to discuss the basics of Shipa application and policy management, and show off the developer experience that Shipa brings to apps running on IaC and GitOps tools like ArgoCD,  Crossplane, Terraform, Kubernetes, and more.Shipa is focused on the layer above the infrastructure where application developers can avoid other Kubernetes manifest tools like Helm or Kustomize, and create a cleaner contract between what their application needs are and how the infrastructure provides them.If you've done Kubernetes YAML long enough, you know that it can get quite complex and verbose, and it requires both infrastructure and developer roles or knowledge to fully configure it. So you kind of got to know both worlds. But Shipa wants to fit in the middle somewhere, not replacing the infrastructure tools like Terraform or Crossplane, but rather working on top of them, providing an easier way to describe your apps from a dev's point of view and how they work on top of your infrastructure. It focuses on the application requirements, not necessarily how those requirements are implemented. Streamed live on YouTube on April 14, 2022.Unedited live recording of this show on YouTube (Ep #166). Includes demos.★Topics★Shipa website Shipa exampleDevOps Days Atlanta★Ravi Lachhman★Ravi on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by Erik Veld, Manager, Developer Advocacy at HashiCorp, the creators of Nomad. Nomad is an orchestrator like Kubernetes and Swarm but it has a unique set of features that make it an interesting alternative on multiple levels. It's known for having a much simpler infrastructure design than Kubernetes, and also having a stronger community and feature release cycle then Swarm. Erik talks about the basics of Nomad, the reason it was created and runs through some demos. Streamed live on YouTube April 7, 2022.Unedited live recording of this show on YouTube (Ep #165). Includes demos.★Topics★Nomad website Nomad GitHub page Tech-Nomadic, Run Your Software Anywhere (YouTube) Managing DigitalOcean Kubernetes clusters with Terraform (YouTube)★Erik Veld★Erik on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com