DiscoverDevOps and Docker Talk
DevOps and Docker Talk

DevOps and Docker Talk

Author: Bret Fisher

Subscribed: 728Played: 15,466
Share

Description

Interviews and Q&A from my weekly YouTube Live show. Topics cover Docker and container tools like Kubernetes, Swarm, Cloud Native development, Cloud tech, DevOps, GitOps, DevSecOps, and the full software lifecycle supply chain. Full YouTube shows and more info available at https://podcast.bretfisher.com
131 Episodes
Reverse
DevPod for Dev Containers

DevPod for Dev Containers

2023-05-2601:01:54

Bret is joined by Lukas Gentele and Rich Burroughs from Loft Labs to look at a new project called DevPod, that supports dev containers and VMs. It works with local Docker instances and AWS, GCP, Azure, and several other cloud providers. The project is compatible with Microsoft's DevContainer standard, which means it works with the VC Code standalone app and VS Code in the browser.Lukas and Rich were on this show last year, showing off vcluster, which allows you to run a full Kubernetes cluster inside an existing Kubernetes namespace. In this episode, we announce the release of DevPod and also go through some demos. I'm already thinking of how I might use it in my own developer workflow.Live recording of the complete show from May 16, 2023 is on YouTube (Ep. #216). Includes demos.★Topics★DevPod websiteDevPod on TwitterSupport this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Beth Fisher - Producer Lukas Gentele - Guest Ruch Burroughs - Guest Cristi Cotovan - Editor (00:00) - Intro (02:49) - Introducing the guests (03:39) - Loft Labs and VCluster (05:46) - Introducing DevPod (10:39) - Why CLI plus GUI? (13:16) - DevPod use case (15:30) - Options for IDEs and port forwarding (18:20) - Using the Microsoft VS Code dev containers features (21:14) - Create dev environments locally or remotely (27:47) - Turning it on and off without having to go to the infrastructure (49:13) - How to get DevPod (50:00) - What's next? Share feedback. (57:12) - This is not a production deployment tool (01:01:27) - Wrap-up
Docker 2023 New Stuff

Docker 2023 New Stuff

2023-05-1955:48

Bret and Matt are joined by two engineers in Docker's leadership - Chief Technology Officer Justin Cormack and Senior Manager of Developer Relations Michael Irwin, to talk about recent Docker Hub changes, as well as their latest product releases.We touch on Docker's latest updates and announcements, focusing on the early releases of Docker Scout, Docker plus WebAssembly, and the Telepresence extension for Docker Desktop. We also look at Docker's version 23 release, its first major update in three years, with key changes including BuildKit becoming the default builder, the ability to run alternate containerd shims, and a return to semantic versioning. Other updates include new Swarm features and deprecation of older features, specifically older storage drivers.In the show we also cover Docker's recent announcement and subsequent retraction of a plan to require free Docker Hub organizations to move to different plans.Live recording of the complete show from March 23, 2023 is on YouTube (Ep. #208).★Topics★Docker v23 releaseDocker Hub org changesDocker ScoutTechnical preview of Docker+WasmTelepresence for Docker announcementSupport this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Justin Cormack - Guest Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Michael Irwin 🇺🇦 🕊 - Guest Matt Williams - Host (00:00) - Intro (02:56) - Docker version 23 release (05:37) - Docker's Hub Announcement and Retraction (07:40) - What does telepresence mean with Docker (10:18) - Should I switch to Kubernetes for development? (12:35) - Telepresence elevator pitch (20:30) - Telepresence connection scenarios (23:30) - How to connect with Telepresence? (31:05) - Bret's Jekyll Story (33:12) - What is available free in Scout? (35:15) - Scout is not a point-in-time scan (39:45) - James Buren's Scout Video (40:03) - Anyone can make an extension (42:04) - Favorite extensions (43:19) - Wasm technical preview (45:33) - Bret's interview with Nigel Poulton (48:27) - Question (52:31) - Docker 23 defaults to BuildKit (53:27) - Happy Birthday Docker (55:06) - Wrapping up
Contribute to Kubernetes

Contribute to Kubernetes

2023-05-0553:091

Bret and Matt are joined by Chad Crowell of KubeSkills to walk through how you can contribute to Kubernetes open source. Chad started the kubeskills.com community and podcast to focus on learning Kubernetes by doing and in this episode, he's taking us through a detailed guide on how to get involved in the Kubernetes community.Although Kubernetes and other CNCF projects may seem big and complex with tons of activity, Chad helps us understand how the maturity of the projects and the community make it a much more pleasant onboarding experience for first-time contributors. We go through a wide range of resources and steps to help your first issue or pull request go smoothly.Live recording of this show from March 9, 2023 is on YouTube (Ep. #206).★Topics★Learning K8s by Open Source PDF slidesFirst Timers Only websiteK8s Contributor Community HomepageList of K8s SIGsK8s SlackOpen Sauced websiteK8s Contributors onboarding courseKube Cuddle podcast with Joe BedaLearning K8s Skills Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Cristi Cotovan - Editor Beth Fisher - Producer Matt Williams - Host Chad M. Crowell - Guest (00:00) - Intro (02:45) - Chad's Book (05:11) - Learning platforms (05:37) - Another way to learn (06:44) - SIGs (07:47) - Community or Contributor Experience SIG (10:06) - Volunteers (11:27) - For those who want to start contributing (13:50) - The different tags (14:48) - Good first issues (16:01) - Bret's first Docker fix (16:50) - Who determines the first issues? (18:37) - OpenSauced (19:16) - Finding the next steps after learning (19:59) - Dashboard to track contributions (20:42) - A very friendly community (22:30) - Who's paying for OpenSauced? (23:06) - How to build your rep on the internet (24:57) - Github Flow, Breaking it down (27:24) - Eddie Hub (28:10) - Assign yourself to the issue (28:50) - Compile Kubernetes (30:14) - Tracking the pull request lifecycle (31:44) - Changing the k8s reference issue (35:17) - Kubernetes Slack Channels (35:59) - SIG mailing lists (36:44) - Getting feedback before you do the work (38:18) - How do you give up and issue? (39:53) - Correlating issues with Slack (40:28) - Start with an issue first (41:24) - Random PRs don't go well (43:00) - Onboarding course (44:11) - Cheat sheet (44:26) - What Chad has learned from contributing (46:09) - Online resources (48:48) - Certifications and exams (50:46) - Matt's comment about a podcast (52:48) - Wrap up
Bret is joined by fellow Docker Captain Nuno do Carmo to talk about desktop container solutions and the best Docker setup for Windows 11. Nuno's a Docker Captain, Civo Ambassador, Microsoft MVP, and a big fan of Windows and Cloud Native. I've had him on the show before, because the more you use the Windows Subsystem for Linux and Docker Desktop, the more you'll want to use WSL.Nuno helps answer many questions such as where are the Linux files stored, managing the CPU and memory resources, backing up files in WSL, getting the host Windows Explorer into the Linux filesystem, getting back to the Windows file system from the Linux shell and more!Live recording of this show from February 23, 2023 on YouTube (Ep. #204). Includes demos.★Topics★Nuno's WSL blogBret's Docker Desktop alternatives listRancher Desktop websitePodman Desktop websiteSupport this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.comCreators & Guests Bret Fisher - Host Beth Fisher - Producer Cristi Cotovan - Editor Nuno do Carmo - Guest (00:00) - Intro (00:52) - Episode intro (02:27) - Main show (02:39) - Reflecting on the Docker birthday (03:25) - Bret's Maven Course (03:27) - Introducing Nuno (04:34) - All starts with WSL (05:13) - Mac vs Windows (05:33) - WSL1 and WSL2 (08:28) - Question Linux in VM vs WSL (12:51) - Filesystems and performance (14:34) - Setting yourself up for success with WSL (15:37) - WSL not installed by default with Windows (17:16) - Demo start (18:20) - Line endings issue in the past (18:56) - The tooling is WSL-aware (20:00) - VHDx (21:01) - Demo (24:22) - Bret re-explains it (27:01) - Question SSH into WSL (29:12) - Question How do you make a fresh WSL VM? (31:25) - Question What does mount show in Linux (32:37) - Question (33:28) - Taking snapshots with Raft WSL (34:08) - Question distros and VHDx files (35:45) - Deleting or losing your distros (37:17) - Question (39:45) - Ecosystem and options - the spreadsheet (42:11) - Demos (42:18) - Podman desktop (45:00) - Comment on Red Hat on Windows (46:13) - Rancher Desktop (53:19) - Demo (53:50) - Process isolation on Windows
Bret is joined by Project Calico's Tomas Hruby from Tigera to dig into Calico CNI features for Kubernetes and beyond. Calico can be used in a lot of places, including Linux, Windows, containers, bare metal, eBPF or iptables. Many of us learned about it as a CNI option for Kubernetes network and networking policy.Streamed live on YouTube on February 9, 2023.Unedited live recording of this show on YouTube (Ep. #202). Includes demos.★Topics★Project CalicoTigera WebsiteProject Calico on Tigera's WebsiteCreators & Guests Bret Fisher - Host Beth Fisher - Producer Cristi Cotovan - Editor Tomas Hruby - Guest Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Intro (00:52) - About this episode (01:31) - Main show (01:36) - In today's episode (03:00) - How did Tomas get started with Calico? (03:28) - Projects are typically open source and SaaS (04:07) - Project Calico elevator pitch (05:26) - What can Calico do? (06:33) - The origins of Calico (07:13) - Docker got Kubernetes started (08:25) - Project Calico on Github (08:50) - Open source version is command-line driven (09:04) - Calico and the company behind it (09:28) - What makes Calico unique? (10:54) - EBPF (12:28) - EBPF and Calico (14:28) - Question (18:02) - Demo intro (18:33) - Question (19:18) - Question (20:25) - Question (21:15) - Vulnerabilities and threats (23:28) - Question (27:05) - Calico as service mesh (30:33) - What is Tomas excited about? (31:53) - EBPF real-time tooling
Bret is joined by Kyle Galbraith and Jacob Gillespie, co-founders of Depot, to discuss their new solution to slow Docker builds. If you've never dug into some of the details of Dockers BuildKit, that's the engine behind your Docker build command, then this episode is for you. I'm fairly confident that everyone who uses Docker will eventually come upon the problems that Kyle and Jacob were trying to solve with Depot. Their focus is on speeding up your Docker builds by doing them remotely, in a transparent way. They avoid you needing to rethink your workflows and CI automations and provide a CLI tool that's a drop-in replacement for the Docker build command. In this episode, we walked through the problems they can solve today with what I would call a unified shared build cache for your whole team, including your CI and automation tools. The way they are going about speeding up the Docker builds is something I wished Docker had done for us all along. I think it's still early days for the Depot product, but if you're suffering with long build image times it's already mature enough to be something I would consider as a replacement for the traditional Docker engine builds that we're all used to.Streamed live on YouTube on January 12, 2023.Unedited live recording of this show on YouTube (Ep. #198). Includes demos.★Topic Links★Depot websiteDepot on TwitterCreators & Guests Bret Fisher - Host Beth Fisher - Producer Cristi Cotovan - Editor Kyle Galbraith - Guest Jacob Gillespie - Guest Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Bret's intro (02:24) - Main show (02:33) - Introducing the guests (02:53) - Today's topic (03:07) - Where did the idea for Depot come from? (04:26) - How it started (06:37) - Describing the problems (07:59) - The caching problem (09:49) - Docker caching default and in CI (12:45) - What is cache busting? (14:23) - Being deliberate about your CI environment (15:23) - What problems is Depot trying to solve? (17:27) - Replacing the Docker CLI with Depot (22:13) - Building for multi-platform (26:53) - Question (30:13) - Question (32:14) - Demo intro (32:45) - Modes of hosting (33:29) - Question (34:33) - What else does the UI offer? (38:21) - Getting started with Depot (39:28) - What's on the horizon? (40:30) - Outro
Bret is joined by Natan Yellin, the co-founder of Robusta.dev to talk Kubernetes and Prometheus monitoring, alerting, and maybe some CPU limit ranting. Robusta tries to fill the gap left by Kubernetes' own AlertManager which has a very specific and not so helpful way of describing events in your cluster. This makes it hard to diagnose the cause of the event and you're left with Google, StackOverflow and an awful lot of head-scratching. Robusta acts as a proxy between AlertManager and your notification platform of choice.In the show we talk about what Robusta is, how to deploy it in your clusters, and Natan also details some of the enhancements in their cloud offering that you can layer on top of that, which has a generous free tier.Streamed live on YouTube on January 5, 2023.Unedited live recording of this show on YouTube (Ep. #197). Includes demos.★Topics★Robusta WebsiteRobusta on GitHubKubeCon - Building a Runbook Automation System for Prometheus and KubernetesStop using K8s CPU limitsRecommended Pod SpecSend Push notifications to your phonePrometheus AlertManagerGrafana LabsKubewatch★Natan Yellin★Natan on TwitterNatan on LinkedIn★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - In today's episode (02:59) - Main show (03:27) - Introducing Natan (03:53) - Alert fatigue (04:29) - Where did the idea for Robusta come from? (08:16) - Someone has to do the job (09:17) - What does Robusta offer? (10:25) - Proxying the alerts and providing context (11:30) - Saving 10 to 30 minutes (13:48) - The open source Robusta repo (14:10) - The need to de-aggregate event data (15:09) - Example or demo (15:39) - Question about observability for microservices (18:38) - Tip 1 Consider using silences (19:49) - Tip 2 Monitor outcomes (20:23) - Don't ignore alerts because of fatigue (23:13) - Sending to different channels based on priority (24:42) - Question about sending messages to destinations (26:17) - Question (26:49) - Installing Robusta (27:42) - Demo set up commands (27:54) - Questions (28:11) - Demo Kubernetes-specific (29:05) - Multi-cluster question (31:32) - What does the SaaS platform do? (32:44) - Demo with SaaS (33:37) - kubectl not recommended (35:03) - Breaking the glass (38:15) - Question about notifications (40:14) - Getting started (41:24) - CPU limiting (42:15) - Soft limits on CPU in Kubernetes (44:35) - Bret's pod spec (49:22) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by two pros from the NGINX team, Robert Haynes and Brian Ehlert to break down the various use cases of NGINX on Kubernetes, and help you decide when and where you'll be using it.There's a lot going on around NGINX and I wanted to focus this conversation around NGINX on Kubernetes, and specifically the two ways you can run it for cluster ingress. We also get into some of the advanced scenarios of using NGINX, like caching and web application firewalls (WAF).Many of us are using NGINX somewhere in our clusters. I found it very interesting how Robert, Brian, and the team at F5 spend a lot of time showing customers how they can use it in many ways to avoid deploying additional products on their clusters. I'm a big fan of reducing complexity.Streamed live on YouTube on December 15, 2022.Unedited live recording of this show on YouTube (Ep. #195).★Topics★Intro to K8s networkingK8s + NGINXThe basic Kubernetes Ingress provider of NGINXThe official NGINX team Ingress CRD (more features)Gateway API for K8sMonitoring NGINXMonitoring NGINX with Prometheus★Brian Ehlert★Brian Ehlert on Twitter★Robert Haynes★Robert Haynes on Twitter★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (02:41) - Main show (02:46) - Introductions (03:05) - Today's topic (03:40) - Question: Common NGINX use cases (05:21) - NGINX's web server capabilities (06:11) - Common NGINX on Kubernetes considerations (09:28) - API gateway vs ingress (14:12) - Ingress configurations and policies (16:35) - CRD with ingress project (19:52) - When people adopt Kubernetes (22:33) - Free vs Paid version (27:17) - Question (27:27) - Last-minute risky annotations (31:52) - Validating NGINX configs (34:44) - Avoiding NGINX config manipulation (39:46) - Questions (41:00) - Monitoring in NGINX (42:32) - Prometheus exporter (43:59) - Question about caching (49:39) - Question (51:21) - Wrapping up (54:05) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Matt Williams of Infra to show off their open source project Infra, which provides easy, centralized RBAC and auth to Kubernetes and more. Infra is a new company taking on simplifying centralized infrastructure, user authentication and permissions. Their open source tool by the same name is quite easy to start with. In this episode, Matt does a great job of explaining the pain points of Kubernetes user management, certificate distribution and revocation, and more pain points that Infra is bringing simplicity to.Streamed live on YouTube on November 10, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #191).★Topics★Infra WebsiteInfra on GitHubAll Day DevOps free conferenceMatt Williams===========Matt on TwitterMatt's YouTube Channel★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Bret intro (01:53) - Main show (02:08) - Introducing Matt (02:40) - Today on the podcast (03:06) - Infra HQ and Company History (03:52) - How Infra came to be (06:40) - Datadog (08:34) - Infra and open source (09:59) - How Infra can help (10:24) - Core Infra functionality (11:56) - Bad idea (12:48) - Can't revoke certificates (16:11) - Painful Certificate Redistribution (17:11) - Why you need Infra (18:41) - Question (19:38) - Service accounts (20:22) - kubectl and pronunciations (21:57) - Question about OIDC (23:45) - Not just a Kubernetes tool (25:27) - Dealing with Keys is Hard (26:08) - Offboarding can be harder than Onboarding (28:24) - Workflow (29:21) - Demo intro (29:51) - End demo (30:02) - Cloud hosted and self-hosted (30:35) - Providers, Okta (32:02) - Is Infra GIOps Compatible? (34:53) - Quick summary of the demo for audio listeners (36:44) - Dumbed down roles? (38:08) - Question (38:52) - A tool to add to your toolbox (40:38) - Getting started and contributing (41:25) - Question (41:51) - Auditing in the future (42:49) - A Safe and Secure Model (43:52) - Wrapping up (45:42) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Anaïs Urlichs of Aqua Security to talk container and Kubernetes security tools like trivy, kube-bench, tracee, and kube-hunter. I've been using trivy for over four years to scan for known vulnerabilities in my own container images and my clients.We also look at tracee, a new tool that is part of a new generation of tools that use the Linux kernel eBPF feature to investigate what's happening in real time on your servers. Anaïs is great as an explainer of Kubernetes and all cloud native things, and she's the creator of the 100 days of Kubernetes tutorials on her YouTube channel where she breaks down various cloud native topics for beginners. Based on what I've learned in this show from Anaïs, I plan to change how I use trivy so that it's scanning more things and more often in my CI automation pipelines.Streamed live on YouTube on November 3, 2022.Unedited live recording of this show on YouTube (Ep #190)★Topics★Aqua Security ToolsAqua Security on YouTubeTrivyTrivy-Operatorkube-benchtraceekube-hunter★Anaïs Urlichs★Anaïs on TwitterAnaïs' Newsletter Anaïs on YouTube 100 Days of Kubernetes★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (02:28) - Main show (02:32) - Introducing Anais (04:30) - Security Tools (04:56) - What is Aqua Security (06:12) - Not all security scanners are made equal (07:22) - What is Trivy? (08:01) - Misconfiguration scanning with Trivy (12:12) - Security vs Disruption (13:06) - Address vulnerabilities in the base image (14:11) - Question: Operator for Trivy (17:51) - Automating the tool (19:45) - Vulnerability fatigue (20:32) - Question: Go and No-go Criteria (24:13) - Tip Toe, Start Small (25:19) - Kube Bench (26:08) - Kube Hunter (28:09) - What is Tracee? (33:39) - What is the roadmap for implementing these tools? (39:57) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.Streamed live on YouTube on October 13, 2022.Unedited live recording of this show on YouTube (Ep #188)★Topics★Chainguard WebsiteChainguard TwitterChainguard AcademyWolfiWolfi-based imagesSigstore★Dan Lorenc★Dan Lorenc on TwitterDan Lorenc on Linkedin★Kim Lewandowski★Kim Lewandowski on TwitterKim Lewandowski on Linkedin★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Custom intro (02:51) - Main show (03:04) - Introductions (03:24) - How did Chainguard get started? (04:23) - What is a supply chain? (06:30) - First Security Things (08:55) - The article and the base image (12:02) - Wolfi elevator pitch (14:49) - How do packages get into Wolfi? (18:49) - How do Wolfi packages work (21:57) - Chainguard Enforce (26:43) - Question about in-toto (29:08) - Preventing unsigned images in production (30:44) - Blocking vulnerable dependencies with policies (31:39) - Scanning on servers (34:02) - Question (35:53) - Question (37:50) - Getting started with Wolfi (39:57) - Where are they on Github (demo?) (40:50) - Question about vex (43:13) - What else? (43:40) - Chainguard Academy (45:24) - Professional services (49:32) - Wrapping up (49:56) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Best of DevOps 2022

Best of DevOps 2022

2022-12-2346:48

Bret is joined by Nirmal Mehta of AWS and engineering consultant Laura Tacho, for the annual Best of DevOps. We've started this trend of going through the year's best (and worst) of DevOps every December, everyone brings their topics, we mix them all up and try to get through all of it. This year, we came pretty close. We cover many topics in this year's episode, things like desktop GUIs for containers, the return of real-life conferences, Docker reaching a significant milestone, AI, ML, data platforms and much, much more.Streamed live on YouTube on December 8, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #194)★Topics★Full doc of topics (more than we could cover)Year of Desktop GUI’s for Container Dev and Cloud Native MgmtDocker Extensions List Rancher DesktopPodman DesktopLens commercialOpenLensk9s websiteKui websiteDevOps Survey TrendsOpenTelemetry Articles- Transforming IT Departments - Properly Explained and Demoed - Getting StartedKarpenter websiteeBPF and Profiling- Pixie- Parca★Laura Tacho★Laura's websiteLaura's CourseLaura on Twitter★Nirmal Mehta★Nirmal on LinkedinNirmal on MastodonNirmal on Twitter★Join my Community★New live course on CI automation and gitops deployments Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:53) - Custom intro (04:25) - Main show (04:45) - Introducing the guests (05:20) - In today's episode (05:52) - The year of desktop GUIs (12:14) - In real life conferences (12:46) - Boom and Bust (13:30) - Will Jenkins go away? (14:39) - GitHub Actions (16:14) - Laura's Rubber-band Theory (19:09) - Revenue and Docker's comeback (21:02) - Other trends (21:11) - DORA report (22:21) - Increased security requirements (24:31) - Jumping on the security bandwagon (25:43) - Security by default (27:04) - Rapid fire Kubernetes happenings (28:06) - Bret's Maven Course (28:15) - Laura's teaching (29:04) - WASM+ Docker (29:38) - Slim.ai (30:29) - Open telemetry (35:37) - Carpenter (37:04) - Lack of staff (37:50) - AI (40:38) - Boosting productivity (44:38) - ML models developed and running in containers (46:14) - Wrapping up (46:40) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Michael Irwin, Sr. Manager for DevRel at Docker, to review and demo our top 2022 new features and announcements from Docker Inc. We run through the very long list in this episode and sadly, had to skip over the smaller, nuance features or subtle changes and focused on the bigger things - a major one being Docker extensions - as well as Docker Hub support for OCI artifacts, like the Helm charts, volume, WASM, Hardened Docker Desktop, tilt.dev and much more.Streamed live on YouTube on December 1,  2022. Includes demos.Unedited live recording of this show on YouTube (Ep #193)★Topics★Docker Blog, "Products" category (most of our topics came from here)Recapping the last year of Docker Desktop (YouTube, September 2022)What's new in Docker Desktop (YouTube, DockerCon 2022, May 2022)What's new in Docker build (YouTube, DockerCon 2022, May 2022)★Michael Irwin★Michael on TwitterMichael's Website★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:53) - Custom intro (03:49) - Main show (04:00) - Welcome to Michael (05:24) - Keeping up with updates to our tools (08:03) - OCI artifacts (09:13) - What are OCI artifacts? (12:46) - WASM (16:35) - DEMO of WASM (23:16) - Question (23:43) - Question (25:42) - Question (27:29) - Question (31:31) - Extensions (34:40) - Question (36:41) - Question (39:37) - Dev Environments (42:51) - Compose v2 (44:54) - Hardened Desktop (49:46) - Tilt (51:17) - Docker Desktop for Linux (53:01) - DSO Website (55:48) - More vulnerabilities every year (58:51) - Moving Dockerd image management to containerd (01:02:29) - Buildkit improvements (01:05:50) - Buildkit's link feature (01:09:59) - Stuff not covered (01:11:50) - Winding down (01:12:23) - Question (01:17:51) - Show and guest calendar (01:18:20) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Brian Christner, a Docker Captain and Chief, Online Gaming for Grand Casino Baden (jackpots.ch), who returns to the show to discuss his top recommended skills for improving your DevOps expertise.Both Bret and Brian have been consultants on and off throughout their careers and also in positions where they needed to hire other engineers - often other DevOps engineers. They share their perspectives on the different types of DevOps roles and the various jobs they need to fill.In this episode, we thought it would be helpful to bring our experience on DevOps jobs and look at the most essential and in-demand skills throughout the industry.Streamed live on YouTube on October 6, 2022.Unedited live recording of this show on YouTube (Ep #187)★Topics★DevOps Foundations CourseEngineering Management Training from Laura TachoAwesome Docker resourcesAwesome Everything Lists on GitHubKubernetes This Month with Nigel PoultonAWS Cloud TrainingContainer Automation Examples by BretDocker Observability by Brain★Brian Christner★Brian on TwitterBrian on LinkedInBrian's Courses Promo Code TRAEFIK50 for 50% offBrian's GitHub Brian's Blog★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Intro 2 (01:47) - Main show (01:53) - Welcome (03:01) - Brian's corner of the internet (05:37) - Impact of certifications in the hiring process (06:01) - What's your pet project? (06:58) - What lights you up? (08:27) - Sharers rather than Knowers (09:51) - About clouds (16:35) - DevOps are enablers (17:49) - Be replaceable (19:58) - Soft Skills (20:20) - The many hats of Senior DevOps (20:23) - Encouragers (20:36) - Protectors (20:44) - Realistic (21:01) - Protect your team (21:27) - Say no (21:55) - Problem solvers (21:58) - Listeners (23:49) - Question (24:48) - Awesome Docker List (27:46) - DevOps is vast and wide (29:57) - Observability (31:48) - Choose what to measure (32:50) - Junior and Senior DevOps Skillsets (34:53) - Being proactive in measuring (37:03) - Question (38:07) - Use the built-in tools first (41:41) - Quick way to get your hands dirty (47:44) - Security (50:50) - Infrastructure-as-Code (54:51) - Being a generalist or a specialist (56:32) - Enable others to work without needing you (58:13) - Question (58:16) - Getting started with a cloud (01:01:11) - Nigel Poulton (01:01:58) - You can't be responsible for everything (01:03:53) - Are certifications mandatory? (01:06:34) - Deployment checklist question (01:07:22) - Question (01:12:14) - Question (01:13:00) - Announcements (01:15:12) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Rosemary Wang from HashiCorp to show off Vault for Kubernetes, an an open source secrets provider.Rosemary is a return guest and does her usual fantastic job at explaining the complex topics around storing secrets, who needs Vault and why, running Vault on Kubernetes, the Vault storage backend and so much more.Streamed live on YouTube on September 29, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #186)★Topics★Vault websiteHashiCorp CloudRaft storage for Vault, how Raft worksExample repo: HashiCorp Vault for Development Teams★Rosemary Wang★Rosemary on TwitterRosemary on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:54) - Bret intro (01:36) - Main show (01:52) - Course updates (02:12) - Introductions (03:15) - Today's Topic (04:24) - Anyone who doesn't need secret management? (07:13) - Elevator pitch for Vault (09:22) - Handling Rotation and Exit Strategies (11:49) - When do I need Vault? (14:35) - Question about Aquilas (14:54) - Vault is open source (16:50) - We ain't got time for that (17:41) - Can I run Vault on Kubernetes? (18:39) - Question: Where are Secrets Stored? (19:59) - Raft all the things (21:19) - Question: Vault and SSL Certificates (22:31) - Question and Demo (22:56) - Demo intro (23:26) - Demo (23:27) - Question about HSMs (23:50) - Question (24:44) - Question about Unsealed Tokens (27:18) - Question (29:42) - Bret's First Question about Toil (36:33) - Question: Password Managers and Vault (39:44) - Question (41:05) - Question (43:38) - Notes about Vault Agent Sidecar and Authentication (45:15) - Bret's Summary (48:48) - Question about Getting Started (49:44) - Starting with Sealed Secrets (52:30) - Wrap up (53:06) - Getting in touch with Rosemary (53:43) - What's next for Rosemary? (54:31) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Lee Calcote and Nic Jackson, co-authors of the Service Mesh Patterns book, to discuss service mesh for Docker Desktop and Compose apps with the new Meshery extension for Docker desktop.They talk about what service mesh is and go into the new Measure extension for Docker Desktop, which is a CNCF sandbox project. One of its bigger features is to help you try out different service meshes and test them with only a few clicks. They also cover other features of their tools, such as the beta of MeshMap which helps you visualize your clusters and apply better practices to your service mesh.Streamed live on YouTube on September 22, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #185)★Topics★Learn Service MeshMeshery Docker Extension MeshMap Service Mesh Patterns Book★Nic Jackson, Principal Developer Advocate, HashiCorp★Nic on TwitterNic on LinkedinNic Jackson on YouTube Shipyard website★Lee Calcote, Founder and CEO, Layer5★Lee on TwitterLee on Linkedin★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Template intro (00:52) - Bret intro (01:53) - Main show (01:58) - The guests (02:39) - Lee and Layer5 (03:55) - Nick and Hashicorp (05:51) - Lee and Nick (06:54) - Challenges of writing a book (07:37) - Layer5 and Meshery (08:38) - Meshery elevator pitch (10:46) - Service Mesh 101 (11:16) - Retry (12:20) - Observability (13:29) - Question Docker Swarm Supports Docker Extensions? (15:39) - What does service mesh seem like? (16:38) - Platform engineering (23:54) - Distributed systems concerns (25:39) - preparation (26:16) - What would you use Meshery locally for? (27:50) - Mesh map (28:48) - Demo but mostly theoretical (32:45) - Visual designer (33:11) - Catalog of extensions (33:49) - Performance management (37:03) - Installing the extension (37:52) - Close to the end (38:12) - A lot going on online (38:54) - Shipyard (42:26) - Starship (42:44) - Wrapping up (42:55) - Status of the book (49:45) - Closing (50:01) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Liz Rice, Chief Open Source Officer at Isovalent, the makers of Cilium, to discuss Cilium and eBPF. Liz Rice is back to give us more insight into eBPF and the Cilium project. Isovalent is the company that created and manages the Cilium Project, which does an increasing number of things for Kubernetes, including networking, CNI support, security, advanced networking stuff, and observability, as well as other things like load balancing. Liz is one of my go-to experts on how low-level Linux internals work. She's been speaking about container internals since the early days of Docker.Streamed live on YouTube on September 8, 2022.Unedited live recording of this show on YouTube (Ep #183)★Topics★Cilium websiteIsovalent websiteeBPFNetwork Policy Editor★Liz Rice★Liz Rice on TwitterLiz Rice's websiteBooks on Containers, eBPF, Kubernetes and Go★Join my Community★ Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Bret intro (01:41) - Main interview (01:44) - The merch store (02:39) - More merch talk (04:19) - Introductions (05:16) - What else Liz does (05:26) - Liz's books (06:22) - Brief history of EBPF (07:41) - Kernel modules before EBPF (08:46) - EBPF vs Kernel Modules (09:57) - EBFP is dynamically loaded (11:23) - Performance and Data Transfer (12:35) - Isovalent and Cilium (14:12) - How Cilium started (16:18) - Specific versions of the kernel? (17:32) - Where do we use EBPF in Kubernetes? (18:12) - CNI (20:02) - Question: Where can you start learning EBPF? (23:04) - Question (30:22) - All open source? (31:08) - Question Cilium as a service mesh (32:32) - Enabling certain features (33:39) - Question (34:11) - Question (35:20) - Question (37:21) - Wrapping up Cilium in cloud (38:22) - Offloading programs XDP (40:16) - Question about GUI (42:41) - Question (49:29) - Question (52:10) - EBPF on Windows? (53:13) - How is it implemented? (54:02) - Wrapping up Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Shauli Rozen, CEO and Co-Founder of ARMO, creators of Kubescape. Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning.I'm a fan of tools like this and specifically of Kubescape, which I use and recommend to my clients. The scanner can scan your YAML manifests of your Kubernetes resources. It can scan your live Kubernetes clusters. And it can scan the YAML in your Git repos, as well as the images themselves that you're deploying to Kubernetes. As ARMO calls it, it's a single pane of glass into your Kubernetes security. Streamed live on YouTube on September 1, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #182)★Topics★Kubescape's GitHub K8s Security Dashboard ARMO website★Shauli Rozen★Shauli on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Main intro (00:53) - Custom intro (02:45) - Main show (02:49) - Introductions (03:43) - The Kubescape project (04:25) - Go to the developers (05:26) - Security low-handing fruit (06:19) - I just want to be a user (09:32) - Kubescape elevator pitch (12:00) - Good learning tool (12:48) - Linting (13:20) - Remediation (14:45) - The SaaS Version (16:19) - Does DevOps not care about security? (18:24) - A gap in terminology (20:31) - Security compliance and guidance (25:58) - GitOps Approach (27:38) - Asking about demo (28:19) - Question (29:21) - Become a contributor (30:55) - Demo intro (31:21) - Demo end part (31:26) - Question (31:56) - Visualizer (33:23) - Question (34:41) - Question (38:55) - Mindset differences (39:49) - Question (42:06) - Question (42:33) - Winding down (43:26) - How to get started (44:26) - Template outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Martin Wimpress and Pieter van Noordennen from Slim.ai to discuss some ways to slim down your Docker images and reduce the attack surface of your containers in the process.Many companies and projects have tried to do similar things before - Slim Images, Alpine Images, Distro List, Build Packs, and even Docker tried a few years back, to create intelligence and guidance around migrating legacy apps into slim production quality images. Those efforts were scrapped in 2019. The dual mandate of generating Docker images - easy to understand and as minimal as possible, with the lowest CVE vulnerability count - was not achieved by any of those projects. Automation and intelligence like Slim.ai is the future of building container images and also the future of complex monoliths and legacy apps with a lot of dependencies.Streamed live on YouTube on July 28, 2022. Includes demos.Unedited live recording of this show on YouTube (Ep #180)★Topics★Docker SlimSlim.ai★Martin Wimpress★Martin Wimpress on Twitter★Pieter van Noordennen★Pieter van Noordennen on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:53) - Custom intro (04:32) - Main show (04:51) - How Slim.ai started (07:07) - Complexities of shipping images (08:53) - DockerSlim (10:27) - Setting the stage for demo (13:02) - Demo intro (13:28) - Demo (13:33) - Bret's Question (22:20) - Different container composition options (23:36) - Demo intro 2 (23:42) - Bret loves Docker Desktop and Extensions (27:28) - Pausing Docker (27:54) - The extension is the same as the SaaS (28:30) - It's free (29:03) - Demo? (29:03) - Distroless and optimized starting points (34:47) - Build engineering nightmare (36:15) - Not just security considerations (39:03) - Understanding dependency differences (40:34) - Question (42:03) - Slim cli (46:08) - Getting started (47:38) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
Bret is joined by Dmitriy Kalinin and John Ryan, software engineers at VMWare, to show off the many Carvel project tools.Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. The Carvel project includes tools for templating, image building and tracking, secrets management, app deploying and more. The tool list includes ytt, kapp, kapp-controller, kbld, imgpkg, vendir, and kwt.Streamed live on YouTube on July 14, 2022.Unedited live recording of this show on YouTube (Ep #178)★Topics★Carvel websiteCarvel on Twitter★Dmitriy Kalinin★Dmitriy Kalinin on Twitter★John Ryan★John Ryan on Twitter★Join my Community★Best coupons for my Docker and Kubernetes coursesChat with us on our Discord Server Vital DevOpsHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (00:51) - Custom intro (01:50) - Main Show (02:14) - A lot of tools (03:19) - How did Carvel begin? (06:02) - Use the tools differently across all stages (06:59) - Building from the ground up (08:43) - Are the tools independently used? (09:28) - The first Carvel tool (09:42) - ytt (10:57) - kapp (11:57) - What is YTT (15:03) - Creating more consistency? (17:43) - How to use with compose (18:47) - Question about Q (21:40) - Question (24:33) - Question (25:12) - Solve a real problem (26:09) - Don't overcomplicate yourself (28:04) - What problem does Kapp solve? (30:37) - Kapp and Kapp controller (36:39) - Question (37:16) - Rapid fire (37:22) - Kbuild (43:28) - How does image package help? (46:57) - The experimental tools (47:45) - Secret generation (52:47) - Vendor (56:33) - Getting involved (58:06) - Last thoughts (59:20) - Outro Support this show and get exclusive benefits on Patreon, YouTube, or bretfisher.com!★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansGrab some merch at Bret's Loot BoxHomepage bretfisher.com
loading
Comments (2)

Mohammad Sadeghi

you are best teacher for me

Jan 5th
Reply

Pavel S

Great podcast! Thank you!

Feb 28th
Reply
Download from Google Play
Download from App Store