>>from around the globe. It's the Cube with coverage of Coop Con and Cloud, Native Con Europe 2020 Virtual brought to You by Red Hat, The Cloud Native Computing Foundation and its ecosystem Partners. Hi, I'm stupid, man. And this is the Cube's coverage of Cube con Cloud Native Con Europe event, which, of course, this year has gone virtual, really lets us be able to talk to those guests where they are around the globe. Really happy to welcome back to the program. Liz Rice. First of all, she is the vice president of Open Source Engineering at Aqua Security. She's also the chair of the Technical Oversight Committee has part of Ah CN cf. Liz, it is great to see you. Unfortunately, it's remote, but ah, great to catch up with you. Thanks for joining. >>Yeah, Thanks for having me. Nice to see you if you know across the ocean. >>So, uh, you know, one of the one of the big things? Of course, for the Cube Con show. It's the rallying point for the community. There are so many people participating. One of the things we always love to highlight its not only the the vendor ecosystem. But there is a very robust, engaged community of end users that participate in it. And as I mentioned, you're the chair of that technology oversight committee. So maybe just give our audience a little bit of, you know, in case they're not familiar with the TOC does. And let's talk about the latest pieces there. >>Yes, say the TOC is really hit. C can qualify the different projects that want to join the CNC F. So we're assessing whether or not they're cloud native. We're assessing whether they could joined at sandbox or incubation or graduation levels. Which of the different maturity levels that we have for for project within the CN CF yeah, we're really there, Teoh also provide it steering around the What does cloud native mean and what does it mean to be a project inside the CN CF community? We're also a voice for all of the projects. We're not the only voice, but, you know, part >>of our role >>really is to make sure the projects are getting what they need in order to be successful. So it's it's really around the technology and the projects that we call cloud native >>Yeah, and and obliges Cloud Native because when people first heard of the show, of course, Kubernetes and Cube Con was the big discussion point. But as you said, Cloud native, there's a lot of projects there. I just glanced at the sandbox page and I think there's over 30 in the sandbox category on and you know they move along their process until they're, you know, fully mature and reach that, you know, 1.0 state, which is the stamp of approval that, you know, this could be used in production. I understand there's been some updates for the sandbox process, so help us understand you know where that is and what's the new piece of that? >>Yeah. So it's really been because of the growth off cloud native in general, the popularity off the CN CF and so much innovation happening in our space. So there's been so many projects who want Teoh become hard off the CNC f family on and we used to have a sponsorship model where members of the TOC would essentially back projects that they wanted to see joining at the sandbox level. But we ran into a number of issues with that process on and also dealing with the scale, the number of applications that have come in. So we've revamped the process. We made it much easier for projects to apply as much simpler form where really not making so much judgment we're really saying is it's a cloud native project and we have some requirements in terms off some governance features that we need from a project. And it's worth mentioning that when a project joins the CN CF, they are donating the intellectual property and the trademark off that project into the foundation. So it's not something that people should take lightly. But we have tried to make it easier and therefore much smoother. We're able Teoh assess the applications much more quickly, which I think everyone, the community, the projects, those of us on the TOC We're all pretty happy that we can make that a much faster process. >>Yeah, I actually, it brings up An interesting point is so you know, I've got a little bit of background in standards committees. A swell as I've been involved in open source for a couple of decades now some people don't understand. You know, when you talk about bringing a project under a foundation. You talked about things like trademarks and the like. There are more than one foundation out there for CN CF Falls under the Linux Foundation. Google, of course, brought Kubernetes in fully to be supported. There's been some rumblings I've heard for the last couple of years about SDO and K Native and I know about a month before the show there was some changes along SDO and what Google was doing there may be without trying to pass too many judgments in getting into some of the political arguments, help us understand. You know what Google did and you know where that kind of comparison the projects that sit in the CN cf themselves. >>Yeah, So I e I guess two years ago around two years ago, Stu was very much the new kid in the cloud native block. So much excitement about the project. And it was actually when I was a program co chair that we had a lot of talks about sdo at Cube Con cloud native bomb, particularly in Copenhagen, I'm recalling. And, uh, I think everyone I just saw a natural fit between that project on the CN, CF and There was an assumption from a lot of people across the community that it would eventually become part of the CNC f. That was it's natural home. And one of the things that we saw in recent weeks was a very clear statement from IBM, who were one off the Uh huh, yeah, big contributing companies towards that project that that was also their expectation. They were very much under the impression that Stu would be donated to the CN CF at an appropriate point of maturity, and unfortunately, that didn't happen. From my point of view, I think that has sown a lot of confusion amongst the community because we've seen so much. It's very much a project of fits. Service mesh designed to work with kubernetes is it really does. You're fit naturally in with the other CN CF projects. So it's created confusion for end users who, many of whom assume that it was called the CN CF, and that it has the neutral governance that the other projects. It's part of the requirements that we have on those projects. They have to have an open governance that they're not controlled by a single vendor, Uh, and we've seen that you know that confusion, Andi. Frustration around that confusion being expressed by more and more end users as well as other people across the community. And yeah, the door is still open, you know, we would still love to see SDO join the community. Clearly there are different opinions within the SD wan maintainers. I will have to see what happens. >>Yeah, lets you bring up some really good points. You know, absolutely some of some of that confusion out there. Absolutely. I've heard from customers that if they're making a decision point, they might say, Hey, maybe I'm not going to go down that maybe choose something else because I'm concerned about that. Um, you know, I sdo front and center k native, another project currently under Google that has, you know, a number of other big vendors in the community that aiding in that So hopefully we will see some progress on that, you know, going forward. But, you know, back to you talked about, You know, the TOC doesn't make judgements as to you know which project and how they are. One of the really nice things out there in the CN CF, it's like the landscape just for you to help, understand? Okay, here's all of these projects. Here's the different categories they fit in. Here is where they are along that maturity. There's another tool that I read. Cheryl Hung blogged about the technology radar. I believe for continuous delivery is the first technology radar. Help us understand how that is, you know, not telling customers what to do but giving them a little guidance that you know where some of these projects projects fit. In a certain segment, >>Yeah, the technology radar is a really great initiative. I'm really excited about it because we have increasing numbers or end users who are using these different projects it both inside the CN CF and projects that are outside of the CNC F family. Your end users are building stacks. They're solving real problems in the real world and with the technology radar. What Cheryl's been able to facilitate is having the end you to the end user community share with us. What tools? They're actually using what they actually believe are the right hammers for specific nails. And, you know, it's it's one thing for us as it's more on the developer or vendor side Teoh look at different projects and say what we think are the better solutions for solving different problems. Actually hearing from the horse's mouth from the end users who are doing it in the real world is super valuable. And I think that is a really useful input to help us understand. What are the problems that the end user is still a challenge by what are the gaps that we still need to fail more input we can get from the end user community, the more will be solving real problems and no necessarily academic problems that we haven't sorry discovered in >>the real world. Alright, well is, you know, teeing up a discussion about challenges that users still have in the world. If we go to your primary jobs, Main hat is you live in the security world and you know, we know security is still something, you know, front and center. It is something that has never done lots of discussion about the shared responsibility model and how cloud native in security fit together and all that. So maybe I know there's some new projects there, but love to just give me a snap shot as where we are in the security space. As I said, Overall, it's been, you know, super important topic for years. This year, with a global pandemic going on, security seems to be raised even more. We've seen a couple of acquisitions in the space, of course. Aqua Security helping customers along their security journey. So what do you seeing out there in the marketplace today and hear from your custom? >>Yeah, I Every business this year has, you know, look at what's going on and you know, it's been crazy time for everyone, but we've been pleasantly surprised at how, you know, in relative terms, our business has been able to. It's been strong, you know. And I think you know what you're touching on the fact that people are working remotely. People are doing so many things online. Security is evermore online. Cloud security's evermore part off what people need to pay attention to. We're doing more and more business online. So, actually, for those of us in the security business, it has bean, you know that there have been some silver linings to this this pandemic cloud? Um, yes. So many times in technology. The open source projects and in particularly defaults in kubernetes. Things are improving its long Bina thing that I've you know, I wished for and talked about that. You know, some of the default settings has always been the most secure they could be. We've seen a lot of improvements over the last 23 years we're seeing continuing to see innovation in the open source world as well as you know, on the commercial side and products that vendors like Akwa, you know, we continue to innovate, continue to write you ways for customers to validate that the application workloads that they're going to run are going to run securely in the cloud. >>Alright and lives. There's a new project that I know. Ah, you know, you Aqua are participating in Tell us a little bit about Starbird. You know what's what's the problem? It's helping solve and you know where that budget >>Yes, So stockholders, one of our open source initiatives coming out of my team are equal on, and the idea is to take security reporting information and turn it into a kubernetes native, uh, resources custom resources. And then that means the security information, your current security status could be queried over the kubernetes AP I, as you're querying the status or the deployment, say you can also be clearing to see whether it's passing configuration audits or it's passing vulnerability scans for the application containers inside that deployment. So that information is available through the same AP eyes through the queue control interface through dashboards like Octane, which is a nice dashboard viewer for kubernetes. And starboard brings security information not just from acquittals but from other vendor tools as well front and center into that kubernetes experience. So I'm really excited about Star Border. It's gonna be a great way of getting security visibility, Teoh more kubernetes use it >>all right. And we were talking earlier about just the maturity of projects and how they get into the sandbox. Is is this still pretty sandbox for >>this? OK, we're still very much in the early phases and you know it. I think in the open source world, we have the ability to share what we're doing early so that we can get feedback. We can see how it resonates with with real users. We've had some great feedback from partners that we've worked with and some actual customers who actually collaborated with When we're going through the initial design, some great feedback. There's still lots of work to do. But, yeah, the initial feedback has been really positive. >>Yeah, is usually the event is one of those places where you can help try toe, recruit some other people that might have tools as well as educate customers about what's going on. So is that part of the call to action on this is, you know, what are you looking for for kind of the rest of 2020 when it when it comes to this project? >>Yeah, absolutely. So internally, we're working on an operator which will automate some of the work that's double does in the background in terms off getting more collaboration. We would love to see integrations from or security tooling. We're talking with some people across the community about the resource definition, so we've come up with some custom resource definitions, but we'd love them to be applicable it to a variety of different tools. So we want to get feedback on on those definitions of people are interested in collaborating on that absolutely do come and talk to me and my team are reluctant. >>Great. Listen, and I'll give you the final word. Obviously, we're getting the community together while we're part So you know any other you know, engagement opportunities, you get togethers. Things that you want people to know about the European show this year. >>Well, it's gonna be really you know, I'm on tenterhooks to see whether or not we can recreate the same atmosphere as we would have in Q con. I mean, it won't be exactly the same, but I really hope that people will engage online. Do come and, you know, ask questions of the speakers. Come and talk to the vendors, get into slack channels with the community. You know, this is an opportunity to pretend we're in the same room. Let's let's let's do what we can Teoh recreate as close as we can. That community experience that you keep corn is famous for >>Yeah, absolutely. That whole way track is something that is super challenging to recreate. And there's no way that I am getting the Indonesian food that I was so looking forward to in Amsterdam just such a great culinary and cultural city. So hopefully sometime in the future will be able to be back there. Liz Rice. Always pleasure catching up with you. Thanks so much for all the work you're doing on the TOC. And always a pleasure talking to you. >>Thanks for having me. >>All right, Lots more coverage from Cube Con Cloud, Native con the European 2020 show, Of course. Virtual I'm stew minimum. And thank you for watching the Cube. Yeah, yeah, yeah, yeah.

>> Live from Barcelona, Spain it's theCUBE. Covering KubeCon + CloudNativeCon Europe 2019. Brought to you by Red Hat, the Cloud Native Computing Foundation and ecosystem partners. >> Welcome back to theCUBE here in Barcelona, Spain at the Fira, it's KubeCon + CloudNativeCon 2019. I'm Stu Miniman and my co-hosts for two days of live wall-to-wall coverage is Corey Quinn. Joining us back, we have two CUBE alums, Liz Rice, right to my right here who is a Technology Evangelist with Aqua security. Liz, thank you so much welcome back. >> Pleasure to be here. >> And Jeff Brewer, Vice President and Chief Architect, Small Business & Self-Employed Group, of Intuit. A CUBE alum since a few hours ago this morning. >> Yes, yes, thank you. >> Jeff, welcome back. >> Thank you. >> So, we've got you back with a different hat. Everybody in our industry can definitely recognize we wear lots of different hats we have lots of jobs thrown at us. Both of you are in the Technical Oversight Committee and Liz is not only a member but also the Chairperson, President. (people laughing) >> President is definitely a promotion. But, yeah, I'm Chair of the committee. >> Maybe, as it's known, the TOC. Liz, before we get there, your shirt says +1 binding. You have to explain for us and did not get a preview before the interview, so we'll see where this goes. >> It's one of the perks of being on the TOC. When we have something that comes to a vote we want to get input from the community so we ask anyone in the community to vote. But unless you're a member of the TOC your vote is non-binding. As a member of the committee, we have binding votes. And the traditional thing you write on the voting email is +1 binding. So, it's a nice surprise to get a t-shirt when I joined the TOC. >> Very nice. Can you just give us, our audience, that might not be familiar with the TOC, give us some of the key things about it. >> It's the Technical Oversight Committee for the CNCF. We are, really, the technical curation of the projects that come in to the CNCF. Which projects will get support and at what level because we have the sandbox experimentation stage then incubation and then finally graduation for the really established and kind of, de-risked projects. So, we're really evaluating the projects and kind of making a decision collaboratively on which ones we want the CNCF to support. >> All right. So Jeff, we had a great conversation with you about Intuit's cloud journey. Tell us how you got involved in the TOC. We always love the end users, not just using but participating in and helping to give some governance over what the community is doing. >> Yeah, so, about a year and a half ago we made a decision to acquire a small company called Applatix. Who was, actually, already in the end user community. And also contributors as well. Through that acquisition, I was part of that acquisition, I led that acquisition from the Intuit side and really got excited about the Kubernetes and the KubeCon story overall. Through the Kubernetes experts, I met them at a KubeCon and they introduced me to a whole lot more of the community. Just through some overall partnerships with AWS and also spending a lot of time with end-users that's how I really got to know the community a little bit. And then, was voted onto the CNCF as an end user representative in January. >> Wonderful. As far as you're concerned, as you go through this, do you find it challenging at times to separate your roles professionally from working for a large company, to whom many things matter incredibly. Again, as mentioned earlier, I am one of your customers. I care very much about technical excellence, coming out of Intuit, versus your involvement with the larger project. >> Yeah, so like most people in technology companies I'm extremely busy and I would love to spend, I would love to clone myself and spend more (laughing) more time. >> Everybody wants to submit a client project to the TOC we will prioritize that one. >> Exactly, exactly. >> The way I really balance it is that I make an explicit time carve out for those two activities. And most importantly, I attend the meetings. The TOC meetings that we have, those are extremely important. We get a lot of project reviews in those meetings. Liz chairs those meetings. That's where I always make sure that my schedule is cleared for that. >> Taking it, I guess, one step further. Do you find it challenging at all to separate out, in fact, when you're making decisions and making votes, for example, that are presumably binding, +1 binding as we've learned now, is the terminology. Do you find that you are often pulled between trying to advocate for your company and advocating for the community or are they invariably aligned in your mind? >> I mean, my job's the easiest because I come from an end user. So what I use and what I consume is likely what the community at large. There might be some niches and stuff like that. But I usually don't have that conflict. I don't know, as more of a vendor, you might have more of a conflict. >> It's something that I have be conscious of. I just try to mentally separate. I have a role with a company that pays my salary but when I'm doing open-source things if I feel conflicted about. This hasn't really come up yet, but if I do feel that there's some kind of conflict of interest I will always recuse myself. Actually, in my previous role, as the Co-Chair for the Program Committee for the KubeCon and CloudNativeCon Conference, on a couple of occasions we had competitors submit, and I would always just step back from those. Because it's the right thing to do. >> All right. So Liz, there's quite a few projects now, under the umbrella of CNCF. If I've go it right, it was like, 38 different ones. When Brian went on the stage this morning, 16 in the sandbox, 16 incubating and six have graduated now. How do you manage that? You know, there's some in the community they're like, oh my gosh, reminds us of like, big tent, from some initiatives. Some other things here, how much is too much? How do you balance that and what's the input of the TOC? >> Yeah, so one of the things that we're doing with the TOC is we've just established a thing called the SIGs, the special interest groups. Very much following the same model of Kubernetes SIGs. But the idea here is that we can, kind of formalize getting experts in the community to help us with particular kind of areas. So, we've already got a storage and security SIG set up. We expect there will be probably four to six more coming on board during the year. And that helps us with things like the project reviews and the due diligence to just be able to say, we would really appreciate some help. Those groups are also really enthusiastic about kind of sharing knowledge in the form of things like white papers. I think it will be really important for end-users to be able to navigate their way around these projects. Quite often there is more than one solution for a particular thing. And being able to, in a non-vendor way, in a neutral way, express why project X is good in one circumstance and project Y would be better in a different environment. There's work to be done there and I'm hoping to see that come out. >> This is one of my passions as the end user representative, is that trail map or that road map. That's one of the reasons why we really have invested at Intuit, in the Kubernetes technology and the Cloud Native technology. We didn't just roll them out as is. We actually curate them and create, really, a paved road for our developers to navigate that space. >> Yeah, and as we heard from your story it's not always, well, if there's some overlap you use SDO and Hellman. >> Yeah. >> That there's a fit for both of those in your environment, right. >> Yeah. >> From a, I guess, an end user perspective is there a waiting difference between someone like Intuit and someone like Twitter for pets, where there's a slight revenue scale, a slight revenue difference, like scale difference, like everything difference. >> Yes. >> Certainly, there is. I think that, but that's one of the beautiful things about the Cloud Native technologies. You can consume what you need and what you want, right. It's not one size fits all. A lot of people talk about, oh, there's a paradox of choice, there's so many projects, right. Actually, that's a benefit. Really, all you need is that road map to navigate your way through that, rather than just adopting a paved road that might not work for everybody. >> It almost feels, to some extent, almost like the AWS Service Catalog. Whenever you wind up looking at all the things they offer. It feels like going out to eat at the Cheesecake Factory. Where there is 80 pages of menu to flip through with some advertisements, great. And reminding yourself, at time, that they are not Pokemon, you do not need to catch them all. It's, sometimes, a necessary step, as you start to contextualize this. >> That's one of the great things about having over 80 members in the end user is. You can find a buddy, you can find a company like you. Talk to them, get connected with them and figure out what they're doing and learn from them. The community is broad enough to be able to do that. >> All right, so Liz, let's talk about security. >> Okay. (people laughing) >> You said there's a SIG that started up. Where are we, how are things going and you can you share about where we're going in the near future? >> The SIG came together from a group of people who really wanted to make it easier for end-users to roll out their Cloud Native stacks in a secure fashion. We don't always, as a community, speak the same language about security, we don't always have the most secure settings by default. They really came together around this common interest of just making it easier for people to secure. I think a big part of that will be looking at how the different projects, are they applying best practices from a security perspective? Is there more they should do to document how to operate their particular project more securely? I think that whole initiative and that group of people who've come together for SIG security, I'm so impressed and so pleased that they have come together with that enthusiasm to help on that front. >> Any commentary on what you're seeing in this space? >> Yeah, so as an almost, a fintech company, with a lot of fintech and, you know, we're not quite a bank, but we have a lot of the same security and compliance things. That SIG is so, so important to us. And having a roadmap. I found a education is really, really a big part of it of the security experts, right. Because this is somewhat newer technology. Even though it's been in use at Google for a long time the regulator's, the compliance people, don't totally understand it, right. So you have to have a way to explain to them what's going on. So things like, open policy agent, something that we've adopted, helps us explain what's going on in our system. Once they get it, they're like, this is awesome and our end users can now, really, our end users, meaning the people that use QuickBooks and TurboTax can really trust that we have those guardrails in place. >> At Aqua, it's a huge concern from a lot of our customers. Many of whom, coming from that kind of finance industry. That they're coming to us and saying, well, how can I be PCI compliant or GDPR. How do I manage these requirements with my container based stack, with my Cloud Native stack. That's why there is this huge ecosystem quite a lot of effort around security, compliance, policy. >> It feels very much like it's two problems rolled into one. First, how do you make sure that data is secure in these things? Secondly, how do you effectively and responsibly communicate that to a regulator, who expects to be taken on a tour of a data center when they show up on site? (people laughing) I checked, they won't let you. >> There are definitely two sets of security people in my experience. There are a set of people who care about how will I get attacked. How will breaches happen. And there are other people who go, I have a checklist and I need to check the boxes in the checklist, tell me how. Sometimes those two things overlap, but not always. >> All right, Liz, lot of updates, as always. Jeff, I really appreciate your commentary there. Well, there's the paradox of choice but we have a lot of customers out there and therefore we do. (people chuckling) Any highlights you want to share with our audience? >> I think one thing that happens every year is we see more. Well, we saw Kubernetes graduate, I think, early last year, end of the previous year. Now we've got six projects into graduation. From my perspective, that says something about how mature this whole set of projects, this whole platform is becoming. Because graduation is a pretty high bar. Not least in terms of the number of end users that have to be using it in production. This is solid technology. >> Yeah, any highlights from you? >> I think, like we might have touched on a little bit this morning. But I think that usually the technologies that where you're facing the big problems is pretty obvious which one to use, right. Like serverless, you're going to go look at something like Knative or whatnot. Functions as a service. There's some open fast projects, whatnot, like that. SDO services mesh is another one where it's getting mature and it's getting to the point where you can have these ubiquitous service meshes throughout it. So, those are the areas that we're most looking at right now. >> Great, all right. Well, Liz and Jeff, thank you so much for joining us. Thanks for all the work you do on the Oversight Committee and appreciate you sharing the updates with our community. >> Thank you for having us. >> Thank you. >> For Cory Quinn, I'm Stu Miniman. We'll be back more, with theCUBE here at KubeCon + CloudNativeCon 2019. Thanks for watching. (upbeat music)

>> Announcer: Live from Copenhagen, Denmark, it's theCUBE. Covering KubeCon and CloudNativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation and its ecosystem partners. >> Hello, everyone. Welcome back to theCUBE's exclusive coverage here in Copenhagen, Denmark for KubeCon 2018, part of the CNCF Cloud Native Compute Foundation, which is part of the Linux Foundation. I'm John Furrier, your host. We've got two great guests here, we've got Liz Rice, the co-chair of KubeCon and CloudNativeCon, kind of a dual naming because it's Kubernetes and it's Cloud Native and also technology evangelist at Aqua Security. She's co-chairing with Kelsey Hightower who will be on later today, and CUBE alumni as well, and Janet Kuo who is a software engineer at Google. Welcome to theCUBE, thanks for coming on. >> Yeah, thanks for inviting us. >> Super excited, we have a lot of energy even though we've got interviews all day and it's kind of, we're holding the line here. It's almost a celebration but also not a celebration because there's more work to do with Kubernetes. Just the growth of the CNCF continues to hit some interesting good performance KPIs on metrics. Growth's up on the membership, satisfaction is high, Kubernetes is being called a de facto standard. So by all kind of general qualitative metrics and quantitative, it's doing well. >> Lauren: It's doing great. >> But it's just the beginning. >> Yeah, yeah. I talked yesterday a little bit in, in the keynote, about project updates, about how Kubernetes has graduated. That's a real signal of maturity. It's a signal to the end-user companies out there that you know, the risk, nothing is ever risk-free, but you know, Kubernetes is here to stay. It's stable, it's got stable governance model, you know, it's not going away. >> John: It's working. >> It's going to continue to evolve and improve. But it's really working, and we've got end users, you know, not only happy and using it, they're prepared to come to this conference and share their stories, share their learnings, it's brilliant. >> Yeah, and Janet also, you know, you talk about China, we have announcement that, I don't know if it's formally announced, but Shanghai, is it out there now? >> Lauren: It is. >> Okay, so Shanghai in, I think November 14th, let me get the dates here, 14th and 15th in Shanghai, China. >> Janet: Yeah. >> Where it's going to be presented in either English or in Chinese, so it's going to be fully translated. Give us the update. >> Yeah, it will be fully translated, and we'll have a CFP coming soon, and people will be submitting their talks in English but they can choose to present either in English or Chinese. >> Can you help us get a CUBE host that can translate theCUBE for us? We need some, if you're out there watching, we need some hosts in China. But in all seriousness, this is a global framework, and this is again the theme of Cloud Native, you know. Being my age, I've seen the lift and shift IT world go from awesome greatness to consolidation to VMwares. I've seen the waves. But this is a different phenomenon with Cloud Native. Take a minute to share your perspectives on the global phenomenon of Cloud Native. It's a global platform, it's not just IT, it's a global platform, the cloud, and what that brings to the table for end users. >> I think for end users, if we're talking about consumers, it actually is, well what it's doing is allowing businesses to develop applications more quickly, to respond to their market needs more quickly. And end users are seeing that in more responsive applications, more responsive services, improved delivery of tech. >> And the businesses, too, have engineers on the front lines now. >> Absolutely, and there's a lot of work going on here, I think, to basically, we were talking earlier about making technology boring, you know, this Kubernetes level is really an abstraction that most application developers don't really need to know about. And making their experience easier, they can just write their code and it runs. >> So if it's invisible to the application developer, that's the success. >> That's a really helpful thing. They shouldn't have to worry about where their code is running. >> John: That's DevOps. >> Yeah, yeah. >> I think the container in Kubernetes technology or this Cloud Native technology that brings developer the ability to, you know, move fast and give them the agility to react to the business needs very quickly. And also users benefit from that and operators also, you know, can manage their applications much more easily. >> Yeah, when you have that abstraction layer, when you have that infrastructure as code, or even this new abstraction layer which is not just infrastructure, it's services, micro-services, growth has been phenomenal. You're bringing the application developer into an efficiency productivity mode where they're dictating the business model through software of the companies. So it's not just, "Hey build me something "and let's go sell it." They're on the front lines, writing the business logic of businesses and their customers. So you're seeing it's super important for them to have that ability to either double down or abandon quickly. This is what agile is. Now it's going from software to business. This, to me, I think is the highlight for me on this show. You see the dots connecting where the developers are truly in charge of actually being a business impact because they now have more capability. As you guys put this together and do the co-chair, do you and Kelsey, what do you guys do in the room, the secret room, you like, "Well let's do this on the content." I mean, 'cause there's so much to do. Take us through the process. >> So, a little bit of insight into how that whole process works. So we had well over 1,000 submissions, which, you know, there's no, I think there's like 150 slots, something like that. So that's a pretty small percentage that we can actually accept. We had an amazing program committee, I think there were around 60 people who reviewed, every individual reviewer looked at a subset. We didn't ask them to look at all thousand, that would be crazy. They scored them, that gave us a kind of first pass, like a sort of an ability to say, "Well, anything that was below average, "we can only take the top 15%, "so anything that's below average "is not going to make the cut." And then we could start looking at trying to balance, say, for example, there's been a lot of talk about were there too many Istio talks? Well, there were a lot of Istio talks because there were a lot of Istio submissions. And that says to us that the community wants to talk about Istio. >> And then number of stars, that's the number one project on the new list. I mean, Kubeflow and Istio are super hot. >> Yeah, yeah, Kubeflow's another great example, there are lots of submissions around it. We can't take them all but we can use the ratings and the advice from the program committee to try and assemble, you know, the best talks to try and bring different voices in, you know, we want to have subject matter experts and new voices. We want to have the big name companies and start-ups, we wanted to try and get a mix, you know. A diversity of opinion, really. >> And you're a membership organization so you have to balance the membership needs with the content program so, challenging with given the growth. I mean, I can only imagine. >> Yeah, so as program co-chairs, we actually have a really free hand over the content, so it's one of the really, I think, nice things about this conference. You know, sponsors do get to stand on stage and deliver their message, but they don't get to influence the actual program. The program is put together for the community, and by doing things like looking at the number of submissions, using those signals that the community want to talk about, I hope we can carry on giving the attendees that format. >> I would just say from an outsider perspective, I think that's something you want to preserve because if you look at the success of the CNCF, one thing I'm impressed by is they've really allowed a commercial environment to be fostered and enabled. But they didn't compromise the technical. >> Lauren: Yeah. >> And the content to me, content and technical tracks are super important because content, they all work together, right? So as long as there's no meddling, stay in your swim lane, whatever, whatever it is. Content is really important. >> Absolutely, yeah. >> Because that's the learning. >> Yeah, yeah. >> Okay, so what's on the cut list that you wish you could have put back on stage? Or is that too risque? You'll come back to that. >> Yeah. >> China, talk about China. Because obviously, we were super impressed last year when we went to go visit Alibaba just to the order of magnitude to the cultural mindset for their thinking around Cloud Native. And what I was most impressed with was Dr. Wong was talking about artistry. They just don't look at it as just technology, although they are nerdy and geeky like us in Silicon Valley. But they really were thinking about the artistry 'cause the app side of it has kind of a, not just design element to the user perspective. And they're very mobile-centric in China, so they're like, they were like, "This is what we want to do." So they were very advanced in my mind on this. Does that change the program in China vis a vis Seattle and here, is there any stark differences between Shanghai and Copenhagen and Seattle in terms of the program? Is there a certain focus? What's the insight into China? >> I think it's a little early to say 'cause we haven't yet opened the CFP. It'll be opening soon but I'm fully expecting that there will be, you know, some differences. I think the, you know, we're hoping to have speakers, a lot more speakers from China, from Asia, because it's local to them. So, like here, we tried to have a European flavor. You'll see a lot of innovators from Europe, like Spotify and the Financial Times, Monzo Bank. You know, they've all been able to share their stories with us. And I think we're hoping to get the same kind of thing in China, hear local stories as well. >> I mean that's a good call. I think conferences that do the rinse and repeat from North America and just slap it down in different regions aren't as effective as making it localized, in a way. >> Yeah. >> That's super important. >> I know that a lot of China companies, they are pretty invested pretty heavily into Kubernetes and Cloud Native technology and they are very innovative. So I actually joined a project in 2015 and I've been collaborating with a lot of Chinese contributors from China remotely on GitHub. For example, the contributors from Huawei and they've been invested a lot in this. >> And they have some contributors in the core. >> Yeah, so we are expecting to see submissions from those contributors and companies and users. >> Well, that's super exciting. We look forward to being there, and it should be excellent. We always have a fun time. The question that I want to ask you guys now, just to switch gears is, for the people watching who couldn't make it or might watch it on YouTube on Demand who didn't make the trip. What surprised you here? What's new, I'm asking, you have a view as the co-chair, you've seen it. But was there anything that surprised you, or did it go right? Nothing goes perfect. I mean, it's like my wedding, everything happens, didn't happen the way you planned it. There's always a surprise. Any wild cards, any x-factors, anything that stands out to you guys? >> So what I see from, so I attend, I think around five KubeCons. So from the first one it's only 550 people, only the small community, the contributors from Google and Red Hat and CoreOS and growing from now. We are growing from the inner circle to the outside circle, from the just contributors to also the users of it, like and also the ecosystem. Everyone that's building the technology around Cloud Native, and I see that growth and it's very surprising to me. We have a keynote yesterday from CERN and everyone is talking about their keynote, like they have I think 200 clusters, and that's amazing. And they said because of Kubernetes they can just focus on physics. >> Yeah, and that's a testimonial right there. >> Yeah. >> That was really good stories to hear, and I think maybe one of the things that surprises me, it sort of continues to surprise me is how collaborative, it's something about this kind of organization, this conference, this whole kind of movement, if you like. Where companies are coming in and sharing their learnings, and we've seen that, we've seen that a lot through the keynotes. And I think we see it on the conference floor, we see it in the hallway chat. And I think we see it in the way that the different SIGs and working groups and projects are all, kind of, collaborating on problem solving. And that's really exciting. >> That's why I was saying earlier in the beginning that there's a celebration amongst ourselves and the community. But also a realization that this is just the beginning, it's not a, it's kind of like when you get venture funding if you're a start-up. That's really when it begins, you don't celebrate, but you take a little bit of a pause. Now my personal take only to all of the hundreds of events we do a year is that I that think this community here has fought the hard DevOps battle. If you go back to 2008 timeframe, and '08, '09, '10, '11, '12, those years were, those were hyper scale years. Look at Google, Facebook, all the original DevOps engineers, they were eating glass and spitting nails. It was hard work. And it was really build your own, a lot of engineering, not just software development. So I think this, kind of like, camaraderie amongst the DevOps community saying, "Look, this is a really big "step up function with Kubernetes." Everyone's had some scar tissue. >> Yeah, I think a lot of people have learned from previous, you know, even other open source projects that they've worked on. And you see some of the amazing work that goes into the kind of, like, community governance side. The things that, you know, Paris Pittman does around contributor experience. It's so good to see people who are experts in helping developers engage, helping engineers engage, really getting to play that role. >> There's a lot of common experiences for people who have never met each other because there's people who have seen the hard work pay with scale and leverage and benefits. They see it, this is amazing. We had Sheryl from Google on saying, "When I left Google and I went out into the real world, "I was like, oh my God, "they don't actually use Borg," like, what? "What do they, how do they actually write software?" I mean, so she's a fish out of water and that, it's like, so again I think there's a lot of commonality, and it's a super great opportunity and a great community and you guys have done a great job, CNCF. And we hope to nurture that, the principles, and looking forward to China. Thanks for coming on theCUBE, we appreciate it. >> Yeah. >> Okay we're here at CNCF's KubeCon 2018, I'm John Furrier, more live coverage. Stay with us, day two of two days of CUBE coverage. Go to thecube.net, siliconangle.com for all the coverage. We'll be back, stay with us after this short break.

>> Live from Seattle, Washington it's theCUBE covering KubeCon and CloudNativeCom North America 2018. Brought to you by Red Hat the cloud-native computing foundation and its ecosystem partner. >> Welcome back everyone, it's theCUBE's live coverage here in Seattle of KubeCon and CloudNativeCon 2018. I'm John Furrier, with Stu Miniman, host of theCUBE. Three days of live coverage. Wall to wall, 8000 people here. Doubled from the previous event in North America, expanding globally, we are here with Liz Rice, technology analyst, evangelist at Aqua Security and program co-chair here at KubeCon, CloudNativeCon. Liz, thanks for joining us. >> Thank you for having me. >> I know you had a busy day, keynotes and all. A lot of activity, a lot of hand shaking, walking around, very crowded. >> It is, we're packed. We're absolutely at capacity here and the event sold out and it's busy. >> A lot of energy, real quick, I know you guys did a lot of work, you guys always do a great job, exceptional performance again. >> Thank you. >> CNCF does a great job on the content programming. It's about the open source communities. That's fundamental, a lot of end users, both participating and consuming. Vendor list is expanding. Putting the program together gets challenging when you have these kind of numbers. What were the themes? How did you put it all together? What was resonating? What's the focus? >> Yeah, it was so hard, we had so many applications that we could only accept 13%, which makes it almost impossible some of the decisions you have to make. And some of the things that were coming out, were like Knative, a lot of submissions around Knative. Serverless in general obviously being quite a hot topic, I would say across our industry. Really great talks from end users and we've seen a few on the keynote stage. Where some brands that we're all aware of, people like Airbnb, sharing their stories of what they've done to make their deployments, their cloud-native deployments, their use of kubernetes successful. So it's not just working from the ties, and doing some experiments, they are telling us how they've done this for real. >> You had a very successful KubeCon in Copenhagen. And so how did you integrate from Copenhagen to here. What were some of the inefficiencies? Obviously, the bigger numbers here. You recently had China the success where, we've reported on SiliconANGLE, the open source consumption and contribution is off the charts. It's huge, it's growing and it's a new dynamic. So between China, and Copenhagen, here, interesting things happening. >> China was phenomenal for me. It was my first trip to China, so it was eye-opening in all sorts of respects. And one of the really interesting things there was the use of machine learning. The uses of kube flow, real life examples. Again I think there is something about how much data they've been able to collect in China. But we heard some really great stories of, for example, electricity companies using machine learning on kubernetes to predict demand. It was fascinating. >> It's a lot of adoption. >> Yes. >> They are at the front end, they are a mobile culture. IOT is booming over there, it's just massive. >> Absolutely. >> Alright here in Seattle, obviously Seattle home of AWS, and I was just talking to some folks here locally in Seattle, just this morning, they said they think this is the biggest conference of the year here in Seattle. Which is really telling where you guys have come from. Interesting dynamic. A lot of new ecosystem partners. What's happening? It seems to be energy, the buzz. There's a subtext here that's buzzing around the hallways. What's the most important thing that people should be taking away from this event this year? >> I think the scale of it is coming from real adoption and businesses that are moving their applications into the cloud. Public cloud and hybrid cloud and finding success through doing that with cloud native components. You mentioned the end users who want to be part of the community, and they actually wanted to contribute to the community. You can look around the hall and see booths from, like Uber's over there. They're really contributing to this community. It's not just a bunch of enthusiasts, it's for real. >> Problems being solved, real company end users. >> So Liz, one of the things we've been looking at this is not a monolith here. You've actually got a whole lot of communities. As I've been wandering the floor, if I'm talking to people. We had Matt come on to talk about Envoy and they had their own conference at the beginning of the week and they had 250 people. As I'm wandering around, you talk to a number and it's like oh, I'm here all about Helm. You know there's different service meshes all over the place that everybody is talking about. >> Yeah another big theme. >> You're heavily focused on the security aspects there. I believe you've got a project that Aqua has been involved in. It was kube-hunter if I've got it. Maybe before you talk about kube-hunter, maybe just talk about balancing, this isn't one community, it's gotten really big. Do we need to break this into a micro-services space show? We'll have the core, but lots of other things and spread it out all over the world. >> Sure, it's a real challenge as this community is growing so fast and trying to keep the community feel. Balancing what the contributors want to do and making sure they're getting value and having the conversations they want, but also enabling the vendors, and the end users, and every constituent part to get something good out of this conference. It's a challenge as this gets bigger. There's no kind of, if this doubles again, will it feel the same? That's hard to imagine. So we got to think carefully about how-- >> We've seen that happen and it would not, even from last year to this year was a big change for a lot of people. >> For sure. >> So kube-hunter tell us about that. >> Yeah, kube-hunter, yes, kube-hunter is one of our open source projects at Aqua. It's basically penetration testing for kubernetes clusters, so it's written in Python. It attempts to make network requests looking for things like the open ports. It will tell you if you got some misconfigurations, 'cause a lot of the security issues with kubernetes can come about through poor configuration. And the other thing you can do, you can run it from externally to your cluster. You can also run it inside a pod inside your cluster and then that's simulating what might happen if an attacker got into your cluster, what could they do from there. They compromised a pod which could happen to a software vulnerability. Once they're in the pod, how vulnerable are you? What's the blast radius of that attack? And kube-hunter can help you see whether it's a complete disaster or actually fairly contained. >> Alright, Liz how are we doing from a security standpoint? We've watched the rise of containers over the last few years. And it's like okay wait do I need to put in some kind of lightweight VM? Do I do something there? What can I trust? What do I do? At AWS Reinvent a couple of weeks ago, there's the whole container marketplace. Feels like we are making progress but still plenty of work to do. >> Right, right, container security has lots of parts to it as you go through the life cycle of a container. Actually at AWS Reinvent, Aqua was recognized as having, I think they called it competency. Which I think it's a bit better than competency in container security. >> That's a complement I believe. >> Yeah, really complement, really competent. I think as community on the open source level, there are lots of good things happening. For example, the defaults in kubernetes have been getting better and better. If you are an enterprise, and particularly if you're a financial user, or a media company, or a government organization, you have much stronger requirements from a security perspective and that's where the open source tooling on its own may not be sufficient, and you may need to plug in commercial solutions like Aqua to really beef that up. And also to provide that end to end security right from when you're building your image through to the run time protection which is really powerful. >> Security has got to be built in from the beginning. Let me get your thoughts on end user traction and the huge demand for what end users are doing. I know you guys are seeing on the program side, the Linux foundation, CNC was talking about trying to get more case studies. We're seeing the end users prominent here. You mentioned Uber, Apple's here. A bunch of other companies, they're here. So end users are not only just contributing, they are also consuming. How are the new enterprises that are coming in consuming and interacting and engaging with kubernetes? Where are they on the IQ, if you will, level and what are they engaging on? Kubernetes has matured a bit and ready. It's been deployed, people using it. People gathering around it, but now people are starting to consume and deploy it at different scales. What's the end user uptake? What's the hot areas? What do you see the most people digging in? >> Great question, so I think we are seeing a lot of, particularly, I want to say like mature start-ups, so the Ubers and the Airbnbs and the Lyfts. They've got these massive scaled technology problems, and kubernetes is giving them, and the whole cloud-native community around it, it's giving them the ability to do these kind of custom things that they need to do. The kind of weird and wonderful things. They can add whatever adaptations they need, that maybe they wouldn't get if they were in a traditional architecture. So they're kind of the prominent voices that we are hearing right now. But at Aqua we are seeing some of these, maybe what you might call more traditional businesses like banks. They want to replicate that. They want to shape functionality really quickly. They are seeing challenges from upstart and they want to compete. So they know they've got to shift functionality quickly. They've got to do continuous deployment. Containers enable that. The whole cloud-native world enables that and that's where the adoption's from. >> They can take the blueprints from the people who built it from the ground up, the large scale startups, cloud-native in the beginning, and kind of apply the traditional IT kind of approach with the same tooling and the same platform. >> And we are seeing some interesting things around making that easier. So things like the CNAB, the cloud-native application bundling, that is coming out at Microsoft and Docker are involved in that. I think that's all to do with making it easier for enterprises to just go, yeah, this is the application I want to run it in the cloud. >> So let me ask you a question around the customer end users that we see coming onboard, because you have the upstream kind of community, the downstream benefits are impacting certainly IT and then developers, right? The classic developers, IT is starting to reimagine their infrastructure. All the goodness with cloud, and machine learning, and application is being redefined. It's changing the investment. So in 2019, what's your view on how companies are shaping their investment strategy to IT investment or technology investment strategies with cloud-native? Because this is a real trend that you just pointed out. Okay I'm a big company and I've used the old way and now I want the new way. So there's a lot of okay, instant start. Turn the key, does it run? There's a lot of managed services here, so the new persona of customer. How does that impact their investment, IT investments in your mind? What are you seeing please share any color commentary around that? >> I'm sure we're all aware that we're seeing shifts away from the traditional data center into public cloud which has implications around opex rather than capex. And I guess following on from that people worrying about whether vendor lock-in is a thing. Should they be just adopting in one public cloud or perhaps putting their eggs across different baskets? Should they be using these managed platforms? We have all these different distributions, we have these different managed solutions for kubernetes, there's a lot of choice out there. I think it's going to be interesting to see how that shapes out over the next few years. Are all these different distributions going to find a niche or how's that going to work? >> Matt Klein had a great observation. He was on earlier today from Lyft. He says look to solve a problem, use the tech to solve a problem, and then iterate, build on that. It's iteration mull of dev, ops. I think that's a good starting point. There's no magic silver bullet here. There's no magic answer, I think it's more of just get in there and get it going. The other question I have for you is 2019 prediction for kubernetes. What's going to happen this coming year? We're seeing this picture now, 8000 people, diverse audience. >> Yeah. >> What's the prediction 2019 for kubernetes? >> Oh, great question. I think maybe broader than just kubernetes, but the kind of cloud-native. Because kubernetes is like Janet said in her keynote this morning it's essentially boring. It kind of does what it's supposed to do now. I think what's going to be interesting is seeing those other pieces around it and above it, the improved developer experiences making it easier for companies to adopt. Maybe some of these choices around things like what service mesh you're going to use. How you're going to implement your observability. How you're going to deploy all this stuff without needing to hire 20 super detailed experts. We've got all the experts in this stuff. They're kind of here. The early adopters, great. Maybe that next wave, how are they going to be able to take advantage of this cloud-native? >> I think the programmability is key. Well great to have-- >> I think a big part of that is actually is going to be serverless. The ease of using serverless rather than the flexibility you get out of-- >> The millisecond latency around compute, yeah it's great. Well thanks for coming on, really appreciate it. Final question for you, what surprised you this year? Is there one thing that jumped out at you that you didn't expect? Good, bad or ugly? Great show here, it was packed. The waiting list was like 1500. What was the surprise this year from a program standpoint? >> I think actually the nicest surprise was the contribution of Phippy and all those lovely characters from Phippy Goes to the Zoo and those characters being donated by Microsoft, Matt Butcher and Karen Chu's work, was terrific. And it's just beautiful, just lovely. >> That's awesome, thanks so much Liz. Appreciate Liz right here. Program co-chair at KubeCon, CloudNativeCon, also technology evangelist at Aqua Security. That's her day job and her other job, she's running the content programming which is very huge here. Congratulations, I know it's tough work, a great job. >> Thank you very much. >> It's theCUBE coverage, breaking down all the action here at KubeCon and CloudNativeCon. I'm John Furrier and Stu Miniman, stay with us. Three days of wall-to-wall coverage. We're only on day two, we've got a whole nother day. A lot of great stories coming out of here and great content. Stay with us for more after this short break. (upbeat music)