On-demand Session: Containerization 102: Security, Optimization and Speed

Mar 21 2023/Events/34 min read
This previously recorded session continues our series on containerization, diving a bit deeper to discuss the key areas to ensure container optimization and speed

Can't see the embedded YouTube video above? Click here

Containers and Microservices are now the primary platform for many organizations, but complexity and adoptions continue to be a challenge. This month we are discussing security concerns through the lens of the platform and network because the options are vast and sometimes unclear.

This previously recorded session continues our series on containerization, diving a bit deeper to discuss the key areas to ensure container optimization and speed, such as:

What are the security ramifications of containers?

How have platforms enabled the rise of containers and microservices?

What challenges have been introduced by containers and platforms?

What are some of the enhancements to networking, and why this improves the speed of delivery

Robert Sirchia, Head of Community Evangelism, SUSE
Marino Wijay, Ambassador, EddieHub, Platform Advocate,
Moderated by Sean O'Dell, Head of Dev Rel, Cloudsmith!

Missed Containerization 101 in February? Check it out here!

(02:42) Welcome everybody to the March webinar or Tech talk as I like to call it my name is Sean Odell I am the head of developer relations at cloudsmith and I am really excited to uh have everybody here today listening in I've got some fantastic speakers um some some folks that I know really really well and we're going to be talking about the second phase or kind of the 102 of containerization today we're going to focus on speed optimization and probably far more security than uh than any of the other

(03:22) two and uh before we kick things off you know I just want to mention a few things for everybody in the audience and I think these are super important if you are watching on Twitter or LinkedIn if you repost this live stream you get a chance to win a free lunch and I think that's always exciting if you're hungry or plan on getting hungry at any point in time the second thing is we also give away some prizes at the end of the session um and so let us know you're here by dropping Emoji in the chat and I will

(03:54) announce the winner uh of the free lunch and some prizes at the end of the uh at the end of the session today lastly before we kick things off and get to the topic at hand I am excited to introduce to all of you unpack conference unpacked is the first ever user conference from cloudsmith and this is going to happen on June 20th 2023 and uh you know to to help everybody understand this conference is really for devops professionals and Engineering leaders who are interested in learning more hearing more and hearing from peers and Industry experts

(04:33) about securing and scaling software delivery and uh kind of the fun tagline I actually like to repeat it the conference is virtual that is global and it is free and uh feel free to jump in the chat if you are on the the webinar platform and uh you know choose the link and register and obviously we'll be sharing via socials and others now let's get to today's program I am excited to introduce to to uh to uh speakers to uh really two individuals to the floor

(05:08) Robert he is uh he is the head of community and evangelism at suse and Marino which I have known for a long time both as a peer and as a friend Marino is a developer and platform Advocate at solo IO gentlemen welcome to the show thank you thank you very much Robert I'll start with you man tell us a little bit about yourself uh I spent my entire career as a developer written code um in the past couple years I've flipped over to the Evangelist in the community role which I don't feel that it's almost

(05:42) one in the same and so I'm the head of community evangelism for Susa a part of the SUSE and Rancher community so that's like what I'm doing nice glad to have you on board today Mourinho how about yourself yeah yeah thanks uh thanks Sean and I will say that you know I I haven't been a developer um I I would say I spent most of my time in the world of infrastructure and networking and you know as much as I try to escape this world of networking I feel like it just keeps pulling me back into it so I did spend a lot of time

(06:14) doing the the Consulting this the pre-sales architecture all that fun stuff but then you know to Rob's point I just really like just getting out there in front of people and talking about all this cool stuff and uh you know I found myself in an evangelist slash advocacy role so I've been doing it for about a year it's been interesting you learn at a different pace you see so many different perspectives and it's just like all in your face so yeah now glad to have you both my background's a little bit different I

(06:45) actually call myself a reformed infrastructure architect uh which is actually where I got started um I I managed uh Enterprise I guess Enterprise Manager if you want to call it that and security patching for uh for a large Fortune 200 organization here in the United States and uh oftentimes on the infrastructure side I had angst for application owners and developers because I was I was it was done the wrong way like I I was I was instructed incorrectly right um and and I've I've learned from my mistakes and that's why I believe you

(07:19) know what we do and and really even today's conversation right having a background in security with infrastructure but now with applications or containerizations or microservices or kubernetes and whatever moniker and acronym you want to throw out there today um but we are going to be jumping into this wide topic uh but really focusing in on the security aspect looking forward to this guys so so to begin um and there's so many questions I could ask here I'm just going to ask a kind of a simple one and I think this

(07:49) conversation will jump from here um where should people be looking when they're getting started with container security now I'm going to preface this I know you're both going to go in different directions and that's okay just with your backgrounds and your understanding uh but I'm really curious to see where we'll start and I'm actually going to start with Robert where can people be looking when they're getting started with container security I think the low hanging fruit is understanding where your images are

(08:18) coming from and knowing that one that's I think the easiest way to get started with that and then people miss it and they're going through like oh I need ebf today and I'm like hold up here do you know where your images are all coming from well no I just pulled them off the internet and that's that I think that's an easy safe way to start so you start with package management or package awareness or package ability or or capabilities right is that an easy task in today's society when we have a

(08:48) variety of locations that we're pulling uh our artifacts from no because of humans right um like I would say the human factor would be the hardest part right getting people not to pull them down from Docker Hub and not saying Docker hub's not secure right but you know just just anywhere on the Internet it's like oh I just pulled it I Googled it and found the first the first search and I think that's where it's just developing a policy and getting the humans in your organization to follow that particular

(09:17) policy because I think the hard part uh and Robert I appreciate the fact that we didn't even have the conversation of where to start with that answer but you just gave a great plug for cloud Smith so we'll just leave it at that uh fantastic job uh Mourinho I'll let you answer this question man from your perspective where should people be looking when they're getting started with container security you know there's this notion of okay I'm gonna go pull whatever I can off the shelf or maybe

(09:44) I'll just build it and I think when it comes to building it and then deciding where you're going to store it it really comes down to the maintenance and the the constant custodial efforts you need to provide to making sure that that image that you built is always secure and so there's there's a couple of things that I would think about initially is okay how do I pick a good base image one that has very limited vulnerabilities and then once I picked that and I decide okay let's build my container image and store it somewhere

(10:11) what can I do to constantly scan for vulnerabilities let's say today I use a good golden image today and then three days down down down the road I find there's a vulnerability right so it's an element of picking you know both your trusted image as well as the the place you store it you know to Rob's point but also having some sort of artifact scanning going on so that you know uh when you need to swap out the base image or you know implement this into your CI pipeline so that now you have something

(10:41) much more cleaner to work with but then there are so many other areas too like I come from a networking background and you know once you've got those containers up and running how do you protect the the network and how do you protect you know one container from doing something to another container yeah you know you actually bring up a couple of points number one I don't think it's three days before the vulnerability shows up often times is about 30 seconds later at least that's what I have found maybe I'm just the

(11:09) only one or maybe I've got some terrible ideas out there but man vulnerabilities show up quickly right um and and we're going to jump into like I think the other thing is when we look at container security there's I go back to the old analogy right when I had a physical server right there were multiple ways to secure a said physical server right we do the same we did the same thing with virtualization we need to do the same thing with you know containers right the principles still apply and so the attack surfaces is

(11:36) massive it comes from different angles it comes from a variety of angles so to your point Marino you know you know talking about attack surfaces what are some ways where container security and networking has matured uh over the in obviously this could be a long answer but where has it matured over the past couple of years um that you have seen you know the the two working together maybe where in the past they haven't I think it really comes down to automation uh we decided a long time ago that it just makes no sense to do

(12:08) everything by hand so let's say 10 years ago you started with one container and you decided hey I need to network this to another container and then now all of a sudden you have a thousand of them having to deal with some level of bash to be able to push out container networking configurations or networking namespace configs makes no sense but because of what people have attempted to do manually and then also because they try to drive it with automation now we have orchestration systems that have this like this container networking

(12:36) layer much you know if you've ever worked with kubernetes which I'm sure like everyone at this point knows you're working with a container networking interface and that has all the necessary pieces for you to just get containers talking but then it also offers up that layer to just provide zero trust or eliminate your surface attack area because now you have this opportunity to profile your network see who's talking to who and then say now we can you know deploy a baseline policy and now we have

(13:03) our zero trust but you start to realize that things change so quickly that you're constantly having to change that so you now need to also think about observability what is changing and then how do we adapt to that yeah and and when it comes to container security rate we we could hit a couple of facets and I think what in in some of the subsequent questions we'll actually get to it because I know Robert's got some opinions on this too um but before we go deeper into the what I would say is the layers of container

(13:31) security I want to I want to focus on something that both of you articulated right package management package delivery or software delivery and really just the application life cycle um and look I'm not a big fan of buzzwords but unfortunately our industry does this um and so the buzzword of supply chain security is something we all hear in supply chain attacks right even the example you gave Marino was a supply chain attack right where I go grab a package that package still happens to have a vulnerability when my CI pipeline

(14:02) picks it up guess what I'm automating the deployment of vulnerabilities it's a it's a novel concept right so so I'm gonna ask this question of you Robert when we look at supply chain when we look at in attack supply chain security how can people at the base kind of at the at the at the base level um mitigate risks with using containers and I it sounds weird that I'm saying how do you mitigate risk with using containers because containers are innately a good thing but humans are often you know

(14:34) malicious and and all that sort but how do how do you start to building the foundation of of a secure container or a secure container strategy I think Mourinho started I think you mentioned that base container image right and then you know I'll go back to you know the hardest part about is getting people to adopt it and building upon what what your business needs are from that perspective and then allowing A Change Control for particular packages to come in um one of the things that scares me to death especially just npm okay we're

(15:09) like it's just npm it's what's the big deal I'm like yeah but you don't know what that's doing like you're just it's on a browser it's running and I know it's not a container but for a front-end developer their container is what is a web browser right and so it's the same thing but they arbitrarily do that is to have a way where you're pulling in the right package that you might need and then having a process to quickly change it if a vulnerability is found right

(15:34) Marino had a really good point is that observability I said that correctly what does that look like when you find something and how do you fix it as fast as possible but that's starting with that base image and being like that's our gold image we did this we do the same thing in virtualization remember we create that Windows server that was our our that's the that's the gold image if you guys and I knew because I used to hear about it you know guys and they're like did you update the gold image all

(16:00) right it's safe to update let's update it we'll do it all this weekend and the infrastructure team would do it and we didn't understand from the developers we didn't understand what the hell they were talking about so it was just one of those whoa what is this but that's we did the same thing it worked then it kind of worked the same way now yeah you did scare me when you mentioned the word Change Control um so I think all of us whether you're a developer whether you've been on the

(16:23) infrastructure side of the house does not matter we've all had um horror stories of Change Control and so so let's let's talk a little bit about that right um How does change control work and and what are some ways that you've seen it work within this new paradigm that is a really good mixture of controls but freedom in some cases foreign yes so you know back about 10 years ago 15 years ago when I used to do Network cutovers and whatnot change controls were everywhere and it's because you want to do something to the to an

(17:08) environment that has impacted the business in some way shape or form but that impact is supposed to be positive it's supposed to optimize something make something better make us move forward with another project something along those lines but then when you decide you want to make this change you need to go through multiple levels of approval and what's fascinating about that is you sometimes might not even make your change window because you're still sitting at approval levels and that was always a frustrating

(17:35) thing because someone would would pipe up and say oh what about this and then you start to realize you've missed a whole bunch of considerations around using I don't know certain protocols but then today it's a lot more collaborative I mean we make changes in a very very small fashion that we don't necessarily have to wait for someone to sign off as long as we can test this beforehand we see viable output you know things that that basically say okay this is going to work this is going to make sense this is

(18:04) going to be beneficial then that's our approval process and that is sped up our deployments in so many ways right and to see that Paradigm move over or that shift altogether means that we've we've definitely left behind that whole Change Control process but the elements of are still here they still exist primarily because look we still need to have some mechanism to track these changes because if something goes wrong how do we roll back how do we work our way backwards I think tools like git and GitHub and

(18:32) gitlab have made this so much easier for us to be able to revert our changes but I'll tell you what like 10 years ago you forgot to put in that restart in you know 20 seconds you're locked out oh yeah yeah it makes it go ahead Robert so I I guess from a developer standpoint we've we've started with Automation and some of the platforms that we use have we've been able to have smaller incremental changes right and to you know piggyback on what Bernie was saying is those changes are just so common now

(19:03) that it's really not change control it's just this continuous push right where you're like oh you got it done get into the next thing the CI will hit it's Friday who cares for pushing and a lot of automation has been done to help roll things back you know so it's just like the changes are not as big and drastic they're just con there's just like a constant fluidity of you know new improvements that were there but you had something breaks then oh stop rolling back right absolutely and and you both you know you

(19:32) you both mentioned tooling as a part of the answer but I'm gonna I'm gonna say that really it's probably people and process far more than tooling when you want to secure a container and I know that sounds a little funny because it's still technology at the root of of a container but all of the things that we've been doing over the years right whether it's it's the initial itsm or change board you know situation moving into automation then adding that collaboration layer to improve that life

(20:05) cycle or to improve the cycle is is I think actually where you start to mitigate the risks right it's it's a combined effort but obviously tooling is important um but people who implement the tooling are I think are far more important anything to add to that I want to be a controversial and say developers need to start owning part of that process of containers we've never really owned that to us it was just like yeah it's just like the VM we don't care um and that attraction really should go

(20:39) back to the solution Architects maybe the Enterprise Architects were where they stand in an organization and when I say developers I'm not saying Engineers those are two fundamentally different things but the developers really need to start having some ownership with that because part of that change needs to start with them going like hey there's this new container image Break by stuff I almost like shouldn't but it could you don't know yeah I'm gonna go on to disagree with that a little bit primarily because I don't

(21:07) think we should put the onus on developers to manage container security I think we should work towards providing them a platform that inherently provides this container security we should be able to define the kind of parameters we need for policies for the types of Base images we want to allow and let let them work with that because now we're putting this this additional pressure to go learn something else like do they even want to learn kubernetes no we should be the ones that care about it they should only care about let's just

(21:38) get this container up and or get this to a point that it's actually a container you go deal with it after the fact right but to make this even better if we gave them an internal developer platform where it would just automate the whole you know provisioning of you've got your container image it's now married to a whole bunch of others now this is a full-on application that gets deployed on top of some app service it could be kubernetes under the hood or something else but that's all they need to be

(22:03) worried about and I I feel like if you start to load on extra extra you know technology domains that they don't really need to care about you start pulling away from their expertise in developing good applications uh I guess it was I I would rephrase it more if it we used to hear it and you guys on the infrastructure side works on my machine right well if it has to work in the container right and so you have to take it some level of ownership where it works in the container we I wouldn't expect them to go anything outside the

(22:33) container but a new image comes right they should they should own the you know hey this is breaking anything you know well we're switching from sleep UCI to whatever it doesn't matter the developer should be part of that process that's all that's fair and and I'll be controversial and I'll actually agree with you both in parts so I I go I know it's it's such a crazy thing um so I go back to the days you know as an Enterprise architect focused on on infrastructure our application

(23:01) developers would bring us business requirements uh for an application all the way down to libraries all the way down to tools and they would even provide us with the requirements from an operating system perspective right they weren't they weren't the ones creating it they weren't the ones who were building the operating system you know whatever Windows Server 2003 build or whatever it may be but they would tell you I'm going to need this particular service and innately the security team the infrastructure team and in collaboration

(23:34) with the application team knew exactly what was going on right so it's it's a combined effort right it's a collaborative effort the developers don't care about kubernetes as much as we want to have as much as the industry has tried to say this developers only care about actually the software and the artifacts and the packages that are required to deliver their application it's not this hard um we can do everything we want from a marketing perspective but that's just the case um so then the question becomes right

(24:00) mitigating risks is is a part of the pro or is a part of the solution but having the collaborative effort and this goes back to the people process look I I don't know that you need something from npm and I can't go secure npm if you don't tell me right or I don't know if you need this particular version of node.

(24:24) js or what like I'm just whatever whatever Library it may be right without that collaboration you just don't know and so to me I think you start mitigating risks people process tooling but start with people process thank you any last comments on that topic yeah we all slightly disagreed you know I I actually agree with that with the fact that it has to start with people right people are the ones that are making decisions based off of what they're finding out in the market what they're finding out from their peers seeing success stories from the blog

(24:55) posts that they read and all the different you know news releases and so it does come back to people but I think to your point right the collaborative effort comes in from when you actually have decision makers coming together and saying look we need to build this how can you support us to be able to build this and then you'll get to a point where there's a common ground so that both sides of that coin went good yeah it's interesting when when we as Cloudsmith when we talk to our customers and community members they never actually

(25:23) ask us about the infrastructure layer they really care about the the artifacts and the software um that goes along with the application right um but then to even mourinho's point this actually leads me to my next question and actually someone with with both what where Robert was going they have had to learn about the infrastructure layer right the there is a look modern infrastructure whether it's serverless whether it's kubernetes or containers or or or microservices like there's a blending like there's a very

(25:59) close line that the boundary is a whole lot closer today than it ever was so when organizations when developers win you know platform teams begin looking at containerization container security where do they start when it comes to the kubernetes layer right where do those two works together and maybe where do you see some division rob you should take this one first and then I'll provide my uh my perspective I got about half of what he said he broke out there so quick quick if you don't mind sorry Robert no no so so when you

(26:38) look at it it at the kind of blending between kubernetes and application security um where do you think companies should start or developers or platform teams should start and kind of merging those two together I'm not sure would be the best idea to merge them but I think for application teams is continuous scanning of their packages it's continuous scanning of what's what's going on with that and then from an infrastructure a platform perspective is anything to lock down kubernetes um kubernetes is complex for some not so

(27:15) much for others but it's not natively secure I'm not saying it's not secure but there's still things that are wide open that allow you to ease of use that really I mean we Marino can talk about networking and what probably needs to be locked down to kubernetes that I would just no it looks good leave it open I don't care that I mean like he's laughing but here's me I'd be like yeah it's normally finding to protective it's so those things I would say just you know how do you throw

(27:41) that platform part from a developer perspectives that's constant scanning right because when log4j hit most companies didn't know until the news hit it because they weren't scanning and that was that was scary for me oh my god did you not sketch that and they're like we weren't scanning I think that's where from a developer's perspective and then I hate using the buzz phrase zero trust but on the zero trust for that platform is like how else can we lock it down to make it almost unusable usable to a point where it's

(28:12) secure um more than the default installation kubernetes I should say that I think there's there's yeah there's many facets to you know bringing security to the Realms of a developer that should care about it as well as you know infrastructure and platform teams so there's been a lot of advancements over the last few years especially when it comes to containerization and orchestration tools you know kubernetes is much more secure than it was five years ago there are a lot more tools that you can deploy and layer on

(28:47) top of kubernetes that help with containers that help with understanding the processes that are running inside of containers the ebpf for example has become a a very recurring theme in a lot of conversations and a lot of presentations and even Technologies because of how it's able to identify processes and provide security but at the kernel layer not necessarily at the operating system layer and that becomes very important especially when it comes to optimization of how your apps perform being able to cut back on unnecessary

(29:19) resources Etc this opens up a whole other door and another conversation but because of these advancements now you start to see that you don't have to lean on the developer to develop secure containers what you want them to do is Implement their security practices in the way they build their code you know obviously let's make sure that we don't have any buffer overflows let's make sure that we're not exposing our keys inside of GitHub or any or any of those locations using all these necessary pieces to be

(29:50) able to create that secure application and then push it over to the app or so the Ops teams to say look okay you've got one layer of security let's add the additional layers to achieve defense in depth so okay on the physical side you're locking down your physical host because you're not going to use Ubuntu and then Deploy kubernetes on top of that you're probably going to consider using something like Talos so that you're using a secure distribution of kubernetes then you're going to realize

(30:15) okay the containers that I build with maybe I'll use something like Wolfie that chain guard just recently came out with because that's a very highly secure base image which they constantly check for vulnerabilities and publish new images on a consistent basis and then you have the network security layer where you're thinking about authorization identity authentication implementing things like TLS for secure encryption and then policies to basically say you can't do this to that object or whatever and then you're

(30:41) thinking about rbrac who has access to these environments who should have access should your CI pipelines be the only thing that deploy to your to your clusters or should you have your entire team doing it right so these are all decisions that people have to make it's not necessarily you know a system that's going to be able to solve it all and there isn't a system to solve it all I think VMware might have tried this with tanzu offering but I don't know how far they've they've gotten because there's

(31:07) so many moving pieces when it comes to the tanzu platform and it doesn't take into the account that anytime you add if you look at the landscape and you add something to the landscape you increase your you've increased your threats I don't want to say astronomically but you've you've anything you add to a cluster from that's that landscape now you've increased what can be what can go wrong where where your vulnerabilities are I I was trying not to use astronomical but it's not the case but I

(31:37) mean it does go up and people don't realize that like oh I can put Prometheus here not saying it's not secure but now you are worrying about vulnerabilities there so anything you add to that particular cluster I think you know even though it's part of the landscape we need to know that there might be a vulnerability and expect it and then what do you do when it does happen I think the last thing a lot is I think everyone gravitates to using open source Technologies and forgets all the additional features they need to add or

(32:07) build or codify into whatever they're building this is why Enterprises exist I mean we've addressed these particular gaps especially when it comes to security and so you want to be using Enterprise technology not open source because it's free and oh I'll just use you know the issue feature to be able to try to get some troubleshooting or something along those lines right [Music] yeah yeah that that that's a that's a challenge for another day and you know I'll actually actually I want to pick

(32:37) him on a on a word that Mourinho used and I think it actually applies to a lot of the conversation right is optimization whether it is optimization at a security you know from a security perspective optimization from a package You Know download or repository perspective all the way to optimization of network and speed and in in in delivery right when when you kind of thinking about the just the past few years right whether it's containerization um infrastructure or or or or you know artifact and package management what are

(33:14) some other ways that maybe optimization we either have had already started down the path of or maybe we should look at a little bit more um and and maybe not optimization of security but maybe optimization in terms of usability rather than complexity any thoughts or comments I don't want to say the word standardization but what I hear a lot from people in the community and I when I say community people who are users of Open Source is best practice right and we don't really do a great job of communicating what that best practices

(33:54) are and if that is something that could be addressed you know not necessarily from the open source perspective but just from like a technology perspective is you know what are those best practices like if Marina put up a thing on you know properly locking down your network on your cluster I'll be the first guy there just sitting there going like okay where's my notes uh okay I don't know what that means what's level two to three I would be just completely lost but I would be like because because

(34:21) you don't know what those and it's not necessarily going to save you anything but it's a starting point for someone to take that next step of security right it's like hey I learned that in best practices and networking I should do this and what's that and it becomes more you know and I'm not picking you know just you're there on screen so it's just like I'm using the networking example because I'm terrible with networking and I will tell everybody that but it's just

(34:43) what does that look like um because it's optimization right like I'm optimizing what I know and what I need to know and then all of a sudden it's kind of built upon those things and sometimes I don't need to know and I'd rather just leave it to an exporter but there's times I should have a cursory idea of what it should be like yeah got it Merino anything you want to add there no I think Rob covered it pretty well um I I spoke to death about you know my perspective on you know how you can

(35:12) increase the surface attack area pretty easily and just the fact that people need to be there to make these right calls but the thing is you're also going to realize that these same people have made these mistakes before and they're coming at it with all of those experience let's just not do this again because there's so many better ways to do it um one one last thing I'll add though is I think what has happened over over the last little while especially with the rise of containerization is

(35:40) that networking has been com has become a very very different thing altogether like yeah networking is still there but then there are so many additional layers and so you know let's say you decide you're going to deploy a kubernetes environment by yourself without any sort of minute service and you decide okay let's use a cni like sodium and then you decide let's also layer in a service mesh like Linker D or istio but then you realize you have all of these different pieces you have to manage on your own

(36:09) and then you also have to manage the vulnerabilities that pop up which then drive issues around okay we just found a vulnerable vulnerability in sdod which is going to impact the data path and the control plane for everything that exists inside of my environment when can I do this oh I can't do this I can't I can't take an outage how do we get around that so a lot of these same patterns are starting to pop up again so it's not like anything's truly changed but I will tell you them like you know to Rob's

(36:38) point the more you layer on the more responsible you have to be yeah I I have a a common phrase I use kubernetes is not complex it's not when you start to add everything on top of it is where complexity and speed and optimization and security really becomes a challenge like go back to Robert's example about you know standardization or or best practices excuse me right I can go read a how-to on deploying kubernetes it's it's actually pretty simple it's really easy to use but that's not a real world

(37:12) scenario for me at the end of the day right and so I I need to add some you know additional pieces on top of it um I uh you know I think one more quick question I'm going to give you guys one minute um and I want to hear what you believe is the greatest or biggest challenge today that we face with containers or containerization and container or container management platforms one problem one challenge you've got one minute go ahead whoever wants to go first I'll take it go for it I'm just gonna say the more you do the more complex

(37:55) it's going to get but here's the other thing too as is as more and more complex the system gets whatever you're building you start to realize tools like AI could possibly help with this chat GPT is enter the chat but then you start to forget the fact that chat GPT doesn't have updated information it could be using incorrect configuration you might be relying on it to develop your security stance in your environment you throw that in there deploy it oh yeah Cube cuddle apply yaml and then all of a

(38:22) sudden you know a week later your entire environment's been infiltrated bank accounts trained right so the question now actually becomes do you want to use chat GBP or similar tools as a superpower to enhance your your platform engineering and how is that going to translate to using things like kubernetes and containers it's really just going to change the Paradigm altogether because now you're going to have a mishmash of varying opinions as well Marino jumped to my last question but we're going to get to that in just a

(38:55) second Robert what's your one challenge that you see today is the greatest or biggest challenge that we're facing in the containerization or uh or or or container platform landscape not everything can be containerized and people need to accept that like we we uh to be perfectly like we will hear just throw it in a container throw in a container it's not going to solve all your problems there's applications that are not designed to be containerized there's applications that even if you figured out how to

(39:25) containerize a cots application it can't run in an environment with many instances running right because it doesn't know how to operate it wasn't built that way I think that's one of the things that we just have to if it's up there with developers love kubernetes that's that's the one bit the second with is you know not everything can go in a container or should it's okay right I mean it's Oracle DB is that running in the container now I don't know but or I'm pretty confident if it's not Oracle

(39:56) doesn't want you to do it so don't think it's going through it it just needs to be on a VM let it be in the VM it's okay yeah okay what do you mean I can't download a 10.7 gigabyte container image anymore so like this this is the other interesting thing because when you see how developers build their containers they're not breaking it down into tiny tiny pieces they're building this massive massive thing and then they're the ones that are completely well okay maybe I shouldn't say that but you start

(40:25) to realize that these container images are going to consume unnecessary Network bandwidth and then your application is not going to come online and the time you expect it to so it's funny that we actually didn't even talk about this how do you build how do you Empower developers to build smaller containers anyways different conversation uh yes okay so so you you you both answered your your biggest challenge um uh Robert you mentioned a couple of like funny monikers like developers love Dev uh kubernetes

(40:58) um and I would also say that uh devops is not dead but hey we'll have a little bit of fun with that um I had to throw that in there it's always it's always a good one your SRE now I think you guys are called like they just renamed you or something or it's basically what it is is it exactly um okay so so Mourinho brought up the topic and I actually wanted to end today's uh talk with kind of a forward-looking conversation uh so we've got about two or three minutes to close this out where do we see newer

(41:27) Technologies AI share GPT all of these new I mean look we're technologists right we've been at this a while and and we've we've been following technology for a while this one might be a fundamental Game Changer that we've seen in a long time uh and this goes beyond just an infrastructure layer so from both you guys perspective where do you see things like AI Chad GPT supporting helping in you know container Security in the infrastructure space around containers and containerization in general

(42:00) I think you need to look at the problem with Marino touched on it is the data is old within any of these AI programs it's old right and so it needs to be refreshed and updated and we need to you know consume it and we don't know what data is putting put in there right so is it having a you know specific focus on X and we're not looking at the wider picture that's the problem it's like you it's almost like a the consultant you hire who's an expert in AWS but you're running in Azure right sure there's

(42:33) gonna be a lot of things that cross over but if you don't know the nuances of azure you're not going to you're going to have so many some of those problems and I think that's where I I my concern with AI would be it's like you don't know what it's that that thing's learning from and so without a control of that then really what are you putting your trust into you know because you really don't see that okay Marino anything add? I I totally agree with what Rob said I also will add

(42:59) the fact that it's it's a great tool to help you learn and understand things um but where it can start to really go wrong is if you're heavily reliant on it I think what needs to happen is as as these machine learning models get better and better they need to be trained to also verify the information that they're using right I mean they're just pulling information from the World Wide Web the dark web even who knows and to make sure that it's legitimate is is one concern the other concern is who owns the output

(43:30) do you use something like chat GPT to generate ideas to help you kind of build your Playbook or do you actually use chat GPD to build that Playbook and then does chatgpt own it is the bigger challenge so it comes back down to if you built your entire organization your technical organization with let's say infrastructure as code and that was all you know originated from something like chat gbt who really owns your Network at that point foreign yes and that scares me um and I have so many questions and and no answers to that uh at this point guys

(44:05) um I want to close out and first of all just say thanks for your opportunity you know for your participation and and your willingness to uh to have a fun chat disagree a little bit I'm surprised we didn't even talk uh certain activities uh Rob uh because you and I have some similarities when it comes to non-technological things um I will mention uh we're big fans of some sports teams um but yes but real quick uh Mourinho tell us a little bit about next couple of months for you and for solo and and

(44:35) maybe where the you or the team will be at yeah so I'm gonna be heading out to Raleigh soon to deliver a talk at devops days uh and then literally I'll be flying back home so that I can fly the next day to Amsterdam because I'll be there for kubecon doing a few talks there Solo's hosting something called application networking day which unfortunately is already sold out but you could still register to get on the wait list if you want to you know get it on the action in case some people people

(44:57) show up um but as one last thing I'll share I'm running a conference in Toronto called Cube huddle and uh it's happening in May May 17th 18th go to and go check it out we have some excellent speakers lined up we have some excellent keynoters excellent sponsors that come through so it's going to be a great event I hope to see you all there awesome thanks Merino Rob you're up my friend uh uh we got two two announcements I could talk about one uh one would be the uh Rancher 2.7 we have

(45:25) a lot of awesome things we bring extensions where anybody can write their own extension that runs within Rancher and gives you kind of a a window into other services that you'd need a CLI for now we give you a place to run that web extension so I'm really excited about that and then at kubecon we have a huge announcement um I tease a little bit here with a lot of big changes happening within our community so I haven't talked much about it because I've been busy building content for what that is

(45:54) um but that's we will be announcing that April 19th through a couple live streams so I've been working that's why I'm not in studio the studio is actually in pieces getting ready to get shipped to Amsterdam very cool yeah and and you know from a cloud Smith perspective couple things that that we think are important uh number one we actually just released an integration or an enhanced integration with datadog so we're excited about that uh we're bringing some fun things around policy management we've started uh

(46:23) adding those capabilities Docker
vulnerability scanning yes containerization talk about vulnerability scanning today that's available now in the uh in the cloud platform and then uh everybody's favorite word s-bombs um and and we're looking at s-bombs for containers um and specifically via cosine so you know that's just some of the product things we've got going on a cloud Smith more importantly the team will be at AWS Summit in Paris in a couple of days or a couple of weeks and then lastly just to go along with both

(46:53) Marino and Rob uh the team will be at kubecon in Amsterdam enjoying not only the uh the the the the city but also enjoying the community and I and and you were talking about networking day everything is sold out at kubecon everything all of it the show the pre days everything like there was no like there's no chance at this point um and so it's going to be a fantastic and crazy few days yeah gentlemen thank you yeah if you're there you need someone to hang out with just hit me up on Twitter because I'll probably be in a

(47:27) hotel lobby because I can't get into anything it is sold out 10 000 plus people are going to be there this is the first time ever so it's a lot of exciting stuff
Get our next blog straight to your inbox