>>from around the globe. It's the Cube with coverage of Yukon and Cloud. Native Con North America. 2020. Virtual Brought to You by Red Hat, The Cloud, Native Computing Foundation and Ecosystem Partners Welcome back to the Cube. Virtual coverage of KUB Con Cloud native 2020. It's virtual this year. We're not face to face. Were normally in person where we have great interviews. Everyone's kind of jamming in the hallways, having a good time talking tech, identifying the new projects and knew where So we're not. There were remote. I'm John for your host. We've got two great gas, both Cuba alumni's Chris. And is it chief technology officer of the C and C F Chris, Welcome back. Great to see you. Thanks for coming on. Appreciate it. >>Awesome. Glad to be here. >>And, of course, another Cube alumni who is in studio. But we haven't had him at a Show Jr store meant executive director of the Fin Ops Foundation. And that's the purpose of this session. A interesting data point we're going to dig into how cloud has been enabling Mawr communities, more networks of practitioners who are still working together, and it's also a success point Chris on the C N C F vision, which has been playing out beautifully. So we're looking forward to digging. Jr. Thanks for coming on. Great to see you. >>Yeah, great to be here. Thanks, John. >>So, first of all, I want to get the facts out there. I think this is really important story that people should pay attention to the Finn Ops Foundation. That J. R. That you're running is really an interesting success point because it's it's not the c n c f. Okay. It's a practitioner that builds on cloud. Your experience in community you had is doing specific things that they're I won't say narrow but specific toe a certain fintech things. But it's really about the success of Cloud. Can you explain and and layout for take a minute to explain What is the fin Ops foundation and has it relate to see NCF? >>Yeah, definitely. So you know, if you think about this, the shift that we've had to companies deploying primarily in cloud, whether it be containers a ciencia focuses on or traditional infrastructure. The thing that typically people focus on right is the technology and innovation and speed to market in all those areas. But invariably companies hit this. We'd like to call the spend panic moment where they realize they're They're initially spending much more than they expected. But more importantly, they don't really have the processes in place or the people or the tools to do things like fully, you know, understand where their costs are going to look at how to optimize those to operate that in their organizations. And so the foundation pinups foundation eyes really focused on, uh, the people in practitioners who are in organizations doing cloud financial management, which is, you know, being those who drive this accountability of this variable spin model that's existed. So we were partnering very closely with, uh, see NCF. And we're now actually part of the Linux Foundation as of a few months ago, Uh, and you know, just to kind of put into context how that you kind of Iraq together, whereas, you know, CNC s very focused on open source coordinative projects, you know, For example, Spotify just launched their backstage cloud called Management Tool into CFCF Spotify folks, in our end, are working on the best practices around the cloud financial management that standards to go along with that. So we're there to help, you know, define this sort of cultural transformation, which is a shift to now. Engineers happen to think about costs as they never did before. On finance, people happen to partner with technology teams at the speed of cloud, and, you know executives happen to make trade off decisions and really change the way that they operate the business. With this variable page ago, engineers have all the access to spend the money in Cloud Model. >>Hey, blank check for engineers who doesn't like that rain that in its like shift left for security. And now you've got to deal with the financial Finn ops. It's really important. It's super point, Chris. In all seriousness. Putting kidding aside, this is exactly the kind of thing you see with open sores. You're seeing things like shift left, where you wanna have security baked in. You know what Jr is done in a fabulous job with his community now part of Linux Foundation scaling up, there's important things to nail down that is specific to that domain that are related to cloud. What's your thoughts on this? Because you're seeing it play out. >>Yeah, no, I mean, you know, I talked to a lot of our end user members and companies that have been adopting Cloud Native and I have lots of friends that run, you know, cloud infrastructure at companies. And Justus Jr said, You know, eventually there's been a lot of success and cognitive and want to start using a lot of things. Your bills are a little bit more higher than you expect. You actually have trouble figuring out, you know, kind of who's using what because, you know, let's be honest. A lot of the clouds have built amazing services. But let's say the financial management and cost management accounting tools charge back is not really built in well. And so I kind of noticed this this issue where it's like, great everyone's using all these services. Everything is great, But costs are a little bit confusing, hard to manage and, you know, you know, scientifically, you know, I ran into, you know, Jr and his community out there because my community was having a need of like, you know, there's just not good tools, standards, no practices out there. And, you know, the Finau Foundation was working on these kind of great things. So we started definitely found a way to kind of work together and be under the same umbrella foundation, you know, under the under Linux Foundation. In my personal opinion, I see more and more standards and tools to be created in this space. You know, there's, you know, very few specifications or standards and trying to get cost, you know, data out of different clouds and tools out there, I predict, Ah, lot more work is going to be done. Um, in this space, whether it's done and defendants foundation itself, CNC f, I think will probably be, uh, collaboration amongst communities. Can I truly figure this out? So, uh, engineers have any easier understanding of, you know, if I spent up the service or experiment? How much is this actually going to potentially impact the cost of things and and for a while, You know, uh, engineers just don't think about this. When I was at Twitter, we spot up services all time without really care about cost on, and that's happening a lot of small companies now, which don't necessarily have as a big bucket. So I'm excited about the space. I think you're gonna see a huge amount of focus on cloud financial management drops in the near future. >>Chris, thanks for that great insight. I think you've got a great perspective. You know, in some cases, it's a fast and loose environment. Like Twitter. You mentioned you've got kind of a blank check and the rocket ships going. But, Jr, this brings up to kind of points. This kind of like the whole code side of it. The software piece where people are building code, but also this the human error. I mean, we were playing with clubs, so we have a big media cloud and Amazon and we left there. One of the buckets open on the switches and elemental. We're getting charged. Massive amounts for us cash were like, Wait a minute, not even using this thing. We used it once, and it left it open. It was like the water was flowing through the pipes and charging us. So you know, this human error is throwing the wrong switch. I mean, it was simply one configuration error, in some cases, just more about planning and thinking about prototypes. >>Yeah. I mean, so take what your experience there. Waas and multiply by 1000 development teams in a big organization who all have access to cloud. And then, you know, it's it's and this isn't really about a set of new technologies. It's about a new set of processes and a cultural change, as Chris mentioned, you know, engineers now thinking about cost and this being a whole new efficiency metric for them to manage, right? You know, finance teams now see this world where it's like tomorrow. The cost could go three x the next day they could go down. You've got, you know, things spending up by the second. So there's a whole set of cross functional, and that's the majority of the work that are members do is really around. How do we get these cross functional teams working together? How do we get you know, each team up leveled on what they need, understand with cloud? Because not only is it, you know, highly variable, but it's highly decentralized now, and we're seeing, you know, cloud hit. These sort of material spend levels where you know, the big, big cloud spenders out there spending, you know, high nine figures in some cases you know, in cloud and it's this material for their for their businesses. >>And let's just let's be honest. Here is like Clouds, for the most part, don't really have a huge incentive in offering limits and so on. It's just, you know, like, hey, the more usage that the better And hopefully getting a group of practitioners in real figures. Well, holy put pressure to build better tools and services in this area. I think actually it is happening. I think Jared could correct me if wrong. I think AWS recently announced a feature where I think it's finally like quotas, you know, enabled, you know, you have introducing quotas now for and building limits at some level, which, you know, I think it's 2020 Thank you know, >>just to push back a little bit in support of our friends, you ask Google this company, you know, for a long time doing this work, we were worried that the cloud would be like, What are you doing? Are you trying to get our trying to minimize commitments and you know the dirty secret of this type of work? And I were just talking a bunch of practitioners today is that cloud spend never really goes down. When you do this work, you actually end up spending more because you know you're more comfortable with the efficiency that you're getting, and your CEO is like, let's move more workloads over. But let's accelerate. Let's let's do Maurin Cloud goes out more data centers. And so the cloud providers air actually largely incentivized to say, Yeah, we want people to be officially don't understand this And so it's been a great collaboration with those companies. As you said, you know, aws, Google, that you're certainly really focused in this area and ship more features and more data for you. It's >>really about getting smart. I mean, you know, they no, >>you could >>do it. I mean, remember the old browser days you could switch the default search engine through 10 menus. You could certainly find the way if you really wanted to dig in and make policy a simple abstraction layer feature, which is really a no brainer thing. So I think getting smarter is the right message. I want to get into the synergy Chris, between this this trend, because I think this points to, um kind of what actually happened here if you look at it at least from my perspective and correct me if I'm wrong. But you had jr had a community of practitioners who was sharing information. Sounds like open source. They're talking and sharing, you know? Hey, don't throw that switch. Do This is the best practice. Um, that's what open communities do. But now you're getting into software. You have to embed cost management into everything, just like security I mentioned earlier. So this trend, I think if you kind of connect the dots is gonna happen in other areas on this is really the synergy. Um, I getting that right with CNC >>f eso The way I see it is, and I dream of a future where developers, as they develop software, will be able to have some insight almost immediately off how much potential, you know, cost or impact. They'll have, you know, on maybe a new service or spinning up or potentially earlier in the development cycle saying, Hey, maybe you're not doing this in a way that is efficient. Maybe you something else. Just having that feedback loop. Ah lot. You know, closer to Deb time than you know a couple weeks out. Something crazy happens all of a sudden you notice, You know, based on you know, your phase or financial folks reaching out to you saying, Hey, what's going on here? This is a little bit insane. So I think what we'll see is, as you know, practitioners and you know, Jr spinoffs, foundation community, you know, get together share practices. A lot of them, you know, just as we saw on sense. Yeah, kind of build their own tools, models, abstractions. And, you know, they're starting to share these things. And once you start sharing these things, you end up with a you know, a dozen tools. Eventually, you know, sharing, you know, knowledge sharing, code sharing, you know, specifications. Sharing happens Eventually, things kind of, you know, become de facto tools and standards. And I think we'll see that, you know, transition in the thin ops community over the next 12 to 4 months. You know, very soon in my thing. I think that's kind of where I see things going, >>Jr. This really kind of also puts a riel, you know, spotlight and illustrates the whole developer. First cliche. I mean, it's really not a cliche. It's It's happening. Developers first, when you start getting into the calculations of our oi, which is the number one C level question is Hey, what's the are aware of this problem Project or I won't say cover your ass. But I mean, if someone kind of does a project that it breaks the bank or causes a, you know, financial problem, you know, someone gets pulled out to the back would shed. So, you know, here you're you're balancing both ends of the spectrum, you know, risk management on one side, and you've got return on investment on the other. Is that coming out from the conversation where you guys just in the early stages, I could almost imagine that this is a beautiful tailwind for you? These thes trends, >>Yeah. I mean, if you think about the work that we're doing in our practice you're doing, it's not about saving money. It's about making money because you actually want empower those engineers to be the innovation engines in the organization to deliver faster to ship faster. At the same time, they now can have, you know, tangible financial roo impacts on the business. So it's a new up leveling skill for them. But then it's also, I think, to Christmas point of, you know, people seeing this stuff more quickly. You know what the model looks like when it's really great is that engineers get near real time visibility into the impact of their change is on the business, and they can start to have conversations with the business or with their finance partners about Okay, you know, if you want me to move fast, I could move fast, But it's gonna cost this if you want me to optimize the cost. I could do that or I can optimize performance. And there's actually, you know, deeper are like conversation the candidate up. >>Now I know a lot of people who watch the Cube always share with me privately and Chris, you got great vision on this. We talked many times about it. We're learning a lot, and the developers are on the front lines and, you know, a lot of them don't have MBAs and, you know they're not in the business, but they can learn quick. If you can code, you can learn business. So, you know, I want you to take a minute Jr and share some, um, educational knowledge to developers were out there who have to sit in these meetings and have to say, Hey, I got to justify this project. Buy versus build. I need to learn all that in business school when I had to see s degree and got my MBA, so I kind of blended it together. But could you share what the community is doing and saying, How does that engineer sit in the meeting and defend or justify, or you some of the best practices what's coming out of the foundation? >>Yeah, I mean, and we're looking at first what a core principles that the whole organization used to line around. And then for each persona, like engineers, what they need to know. So I mean, first and foremost, it's It's about collaboration, you know, with their partners andan starting to get to that world where you're thinking about your use of cloud from a business value driver, right? Like, what is the impact of this? The critical part of that? Those early decentralization where you know, now you've got everybody basically taking ownership for their cloud usage. So for engineers, it's yes, we get that information in front of us quickly. But now we have a new efficiency metric. And engineers don't like inefficiency, right? They want to write fishing code. They wanna have efficient outcomes. Um, at the same time, those engineers need to now, you know, have ah, we call it, call it a common lexicon. Or for Hitchhiker's Guide to the Galaxy, folks. Ah, Babel fish that needs to be developed between these teams. So a lot of the conversations with engineers right now is in the foundation is okay. What What financial terms do I need to understand? To have meaningful conversations about Op X and Capex? And what I'm going to make a commitment to a cloud provider like a committed use discount, Google or reserved instance or savings Planet AWS. You know, Is it okay for me to make that? What? How does that impact our, you know, cost of capital. And then and then once I make that, how do I ensure that I could work with those teams to get that allocated and accounted? The right area is not just for charge back purposes, but also so that my teams can see my portion of the estate, right? And they were having the flip side of that conversation with all the finance folks of like, You need to understand how the variable cloud, you know, model works. And you need to understand what these things mean and how they impact the business. And then all that's coming together. And to the point of like, how we're working with C and C f you know, into best practices White papers, you know, training Siri's etcetera, sets of KP eyes and capabilities. Onda. All these problems have been around for years, and I wouldn't say they're solved. But the knowledge is out there were pulling it together. The new level that we're trying to talk with the NCF is okay. In the old world of Cloud, you had 1 to 1 use of a resource. You're running a thing on an instance in the new world, you're running in containers and that, you know, cluster may have lots of pods and name spaces, things inside of it that may be doing lots of different workloads, and you can no longer allocate. I've got this easy to instance and this storage to this thing it's now split up and very ephemeral. And it is a whole new layer of virtualization on top of virtual ization that we didn't have to deal with before. >>And you've got multiple cloud. I'll throw that in there, just make another dimension on it. Chris, tie this together cause this is nice energy to scale up what he's built with the community now, part of the Linux Foundation. This fits nicely into your vision, you know, perfectly. >>Yeah, no, 100% like, you know, so little foundation. You know, as you're well, well aware, is just a federation of open source foundations of groups working together to share knowledge. So it definitely fits in kind of the little foundation mission of, you know, building the largest share technology investment for, you know, humankind. So definitely good there with my kind of C and C f c T o hat, you know, on is, you know, I want to make sure that you know, you know my community and and, you know, the community of cloud native has access and, you know, knowledge about modern. You know, cloud financial management practices out there. If you look at some of the new and upcoming projects in ciencia things like, you know, you know, backstage, which came out of Spotify. They're starting to add functionality that, you know, you know, originally backstage kind of started out as this, you know, everyone builds their own service catalog to go catalog, and you know who owns what and, you know and all that goodness and developers used it. And eventually what happened is they started to add cost, you know, metrics to each of these services and so on. So it surfaces things a little bit closer, you know, a depth time. So my whole goal is to, you know, take some of these great, you know, practices and potential tools that were being built by this wonderful spinoffs community and trying to bring it into the project. You know, front inside of CNC F. So having more projects either exposed, you know, useful. You know, Finn, ops related metrics or, you know, be able to, you know, uh, you know, tool themselves to quickly be able to get useful metrics that could be used by thin ox practitioners out there. That's my kind of goal. And, you know, I just love seeing two communities, uh, come together to improve, improve the state of the world. >>It's just a great vision, and it's needed so and again. It's not about saving money. Certainly does that if you play it right, but it's about growth and people. You need better instrumentation. You need better data. You've got cloud scale. Why not do something there, right? >>Absolutely. It's just maturity after the day because, you know, a lot of engineers, you know, they just love this whole like, you know, rental model just uses many Resource is they want, you know, without even thinking about just basic, you know, metrics in terms of, you know, how many idle instances do I have out there and so, like, people just don't think about that. They think about getting the work done, getting the job done. And if they anything we do to kind of make them think a little bit earlier about costs and impact efficiency, charge back, you know, I think the better the world isn't Honestly, you know, I do see this to me. It's It's almost like, you know, with my hippie hat on. It's like Stephen Green or for the more efficient we are. You know, the better the world off cloud is coming. Can you grow? But we need to be more efficient and careful about the resource is that we use in sentencing >>and certainly with the pandemic, people are virtually you wanted mental health, too. I mean, if people gonna be pulling their hair out, worrying about dollars and cents at scale, I mean, people are gonna be freaking out and you're in meetings justifying why you did things. I mean, that's a time waster, right? I mean, you know, talking about wasting time. >>I have a lot of friends who, you know, run infrastructure at companies. And there's a lot of you know, some companies have been, you know, blessed during this, you know, crazy time with usage. But there is a kind of laser focused on understanding costs and so on and you not be. Do not believe how difficult it is sometimes even just to get, you know, reporting out of these systems, especially if you're using, you know, multiple clouds and multiple services across them. It's not. It's non trivial. And, you know, Jared could speak to this, But, you know, a lot of this world runs in like terrible spreadsheets, right and in versus kind of, you know, nice automated tools with potential, a p I. So there's a lot of this stuff. It's just done sadly in spreadsheets. >>Yeah, salute the flag toe. One standard to rally around us. We see this all the time Jr and emerging inflection points. No de facto kind of things develop. Kubernetes took that track. That was great. What's your take on what he just said? I mean, this is a critical path item for people from all around. >>Yeah, and it's It's really like becoming this bigger and bigger data problem is well, because if you look at the way the clouds are building, they're building per seconds and and down to the very fine grain detail, you know, or functions and and service. And that's amazing for being able to have accountability. But also you get people with at the end of the month of 300 gigabyte billing files, with hundreds of millions of rows and columns attached. So, you know, that's where we do see you companies come together. So yeah, it is a spreadsheet problem, but you can now no longer open your bill in a spreadsheet because it's too big. Eso you know, there's the native tools are doing a lot of work, you know, as you mentioned, you know, AWS and Azure Google shipping a lot. There's there's great, you know, management platforms out there. They're doing work in this area, you know, there's there's people trying to build their own open source the things like Chris was talking about as well. But really, at the end of the day like this, this is This is not a technology. Changes is sort of a cultural shift internally, and it's It's a lot like the like, you know, move from data center to cloud or like waterfall to Dev ops. It's It's a shift in how we're managing, you know, the finances of the money in the business and bringing these groups together. So it it takes time and it takes involvement. I'm also amazed I look like the job titles of the people who are plugged into the Phenoms Foundation and they range from like principal engineers to tech procurement. Thio you know, product leaders to C. T. O. S. And these people are now coming together in the classic to get a seat at the table right toe, Have these conversations and talk about not How do we reduce, you know, cost in the old eighties world. But how do we work together to be more quickly to innovate, to take advantage of these cognitive technologies so that we could be more competitive? Especially now >>it's automation. I mean, all these things are at play. It's about software. I mean, software defined operations is clearly the trend we've been covering. You guys been riding the wave cloud Native actually is so important in all these modern APS, and it applies to almost every aspect of stacks, so makes total sense. Great vision. Um, Chris props to you for that, Jr. Congratulations on a great community, Jerry. I'll give you the final word. Put a plug in for the folks watching on the fin ops Foundation where you're at. What are you looking to do? You adding people, What's your objectives? Take a minute to give the plug? >>Yeah, definitely. We were in open source community, which means we thrive on people contributing inputs. You know, we've got now almost 3000 practitioner members, which is up from 1500 just this this summer on You know, we're looking for those who have either an interesting need to plug into are checked advisory council to help define standards as part of this event, The cognitive gone we're launching Ah, white paper on kubernetes. Uh, and how to do confidential management for it, which was a collaborative effort of a few dozen of our practitioners, as well as our vendor members from VM Ware and Google and APP Thio and a bunch of others who have come together to basically defined how to do this. Well, and, you know, we're looking for folks to plug into that, you know, because at the end of the day, this is about everybody sort of up leveling their skills and knowledge and, you know, the knowledge is out there, nobody's head, and we're focused on how toe drive. Ah, you know, a central collection of that be the central community for it. You enable the people doing this work to get better their jobs and, you know, contribute more of their companies. So I invite you to join us. You know, if your practitioner ITT's Frito, get in there and plug into all the bits and there's great slack interaction channels where people are talking about kubernetes or pinups kubernetes or I need to be asked Google or where we want to go. So I hope you consider joining in the community and join the conversation. >>Thanks for doing that, Chris. Good vision. Thanks for being part of the segment. And, as always, C N C F. This is an enablement model. You throw out the soil, but the 1000 flowers bloom. You don't know what's going to come out of it. You know, new standards, new communities, new vendors, new companies, some entrepreneur Mike jump in this thing and say, Hey, I'm gonna build a better tool. >>Love it. >>You never know. Right? So thanks so much for you guys for coming in. Thanks for the insight. Appreciate. >>Thanks so much, John. >>Thank you for having us. >>Okay. I'm John Furry, the host of the Cube covering Coop Con Cloud, Native Con 2020 with virtual This year, we wish we could be there face to face, but it's cute. Virtual. Thanks for watching

>> From Seattle, Washington, it's theCUBE, covering KubeCon and CloudNativeCon North America 2018. Brought to you by Red Hat, the Cloud Native Computing Foundation, and the its ecosystem partners. >> Okay, welcome back everyone. Live here in Seattle for KubeCon CloudNativeCon 2018, with theCUBE's coverage I'm John Furrier for Stu Miniman. We've been there from the beginning watching this community grow into a powerhouse. Almost a Moore's Law like growth, doubling every, actually six months, if you think about it. >> Yeah it's pretty wild. >> Chris Aniszczyk, CTO and COO of the CNCF, the Cloud Native Computing Foundation, great to see you again. Thanks for coming on. >> Super stoked to be here. Thank you for being with us since the beginning. >> So it's been fun to watch you guys, CNCF has done an exceptional job, I thought, a fabulous job of how you guys have built out a great community, open-source community as the main persona target, but brought in the vendor on terms that really work for open-source, Linux foundation, great shepherding this thing through, now you have, basically, looks like a conference. >> Yeah. >> End user conference, vendors are here, still open-source is pure. The growth has been phenomenal. Just take a minute to give us the update on just some of the stats, massive growth. >> Yeah, sure. I mean you know, we're 8,000 people here today, which is absolutely wild. What's actually crazy is when we planned this event, it was about two years ago when we had to start booking a venue, figuring out how many people may be here. And two years ago we thought 5,000 would have been a fantastic number. Well, we got to 8,000. We have about 1500 to 2,000 people on the wait list that could not get in. So, obviously we did not plan properly but sometimes it's hard to predict kind of the uptake of technology these days. Things just move quickly. I think we've kind of benefited from the turnaround that's happening in the industry right now where companies are finally looking to modernize their infrastructure. Whether it's moving to the cloud or just modernizing things, and that's happening everywhere, from traditional enterprises to internet scale companies. Everyone's looking to kind of modernize things and we're kind of at the forefront of that. >> I mean the challenge of events is, some of it is provisioning, over provision. You don't show up, you want elastic, dynamic, agile-- >> I want the Cloud Native events. >> Programmable space that could just go auto scale when you need it. >> Exactly. >> All kidding aside, congratulations on the success. But one thing we've been covering on SiliconANGLE and theCUBE, and you guys have been actually executing on, is the growth in China in open-source. And it's been around for a while but just the scale, just pure numbers, tell them about the success in China and the impact to the open-source community and business. >> Yeah. We put on our first event in Shanghai, KubeCon China. It was fantastic. We sold out at 2500 people. Always a little bit difficult to do your first event in China. I have many stories to share on that one, but the amount of scale, in terms of software deployment there are just fascinating. You kind of have these companies like ofo, is like a bike sharing system right. You know in China they have hundreds of millions of these bicycles that they have to kind of manage in an infrastructural way. The software that you use to actually do that has to be built very well. And so the trend that we're actually seeing in CNCF now is about 10%, we have three projects that were born in China, dealing with China-scale problems. So one of those projects is TiKV, which is kind of a very well fine-tuned built distributed key value store that is used by a lot of the Chinese com providers and folks like ofo and LME out there that are just dealing with hundreds of millions of users. It's fascinating. I think the trend you're going to see in the future is there's going to be more technology that is kind of born dealing with China-scale issues, and having those lessons being shared with the rest of the world and collaborate. One of the goals in CNCF for us is to help bridge these communities. In China about 25% of our attendance was international, which was higher then we expected. But we had dual live simultaneous translation for everyone, to kind of try to bridge these... >> It's a big story. The consumption and the contribution side is just phenomenal. >> China is our number two contributor to all CNCF projects, it's very impressive in my opinion. >> So Chris there was a lot in the keynote. I wondered, give us a little insight, it's different for a foundation in open-source communities than it is for company when you talk about the core product being Kubernetes and then all these other projects, you've got the incubating projects, the ones that have been elevated, new FCD comes into it, how do you do the juggling act of this? >> Honestly, the whole goal of the foundation is basically to cultivate and sustain, and kind of grow projects that come in. Some are going to work and be very successful, some may never leave the sandbox, which is our early stage. So today I was very excited to finally have etcd come as an official incubating project. This is our 31st project, which is a little bit wild, since we started, it was just Kubernetes. We had other projects that moved from, say, sandbox to incubating. So in China, one of our big announcements was Harbor, which is a container registry, or actually, technically, we call it a Cloud Native Registry, because it does support things like helm charts, it doesn't only host container-based artifacts. It moved up to the incubating level and that is being embedded. It's in all of Cloud Foundry's and Pivotal's products. It's used by some cloud providers in China as their kind of registry as a service. Like their equivalent to ECR or GCR, essentially. And we've just seen incredible growth across all of our projects. I mean, we have three graduated projects. Envoy recently, which you saw Matt, Constance, and Jose on stage a little bit to talk about. To me, what I really like about Envoy and Prometheus, these are two projects that were not born from a vendor. You know. Envoy came from Lyft because they were just like, you know what? We're not happy with our current kind of reverse proxy, service proxy situation, let's build our own open-source and kind of share our lessons. Prometheus, born from SoundCloud. So I think CNCF has a good mix of, hey, we have some initial vendor-driven projects, like Kubernetes came from Google but now it's used by a ton of people. But then you have other projects that were born from the end-user community. I think having that healthy mix is good for everyone. >> I think the DNA of that early on in the culture has been a successful one for you guys. Not being vendor-led, being end-user led, but vendors can come in and participate. >> Yeah, absolutely. >> So talk about the end-user perspective because we're very interested, a lot of people are interested in end-user. What are they doing with it? It used to be a joke. I stood up a bunch Hadoop but what are you using it for? What are people using Kubernetes for? You've got Apple, Uber, Capital One, Comcast, GoDaddy, Airbnb. They're all investing in Kubernetes as their main stack. >> And CNCF projects, not only Kubernetes. >> But what does that mean when they say Kubernetes as a stack? It's kind of been encapsulated to include other things. People are looking at this as a real alternative. Can you explain what that is about? >> So, I think people have to realize that CNCF is essentially more than just Kubernetes. Cloud Native is more than just Kubernetes. So what we'll see is, take a company like Lyft. Lyft did not start using Kubernetes, they are kind of on that migration path now but Lyft started to use Envoy, Prometheus, gRPC, other technologies that kind of lead them to that Cloud Native journey that eventually they're like, you know what? Maybe we don't need our homegrown orchestrator. We'll go use that. And use, (huffs) Everyone falls in differently in kind of a community. Some people start with Kubernetes and eventually subsume the other kind of ancillary projects. >> This is what the project cloud is about. Let me rephrase the question. So when people say, because this is a real trend we've been reporting on this, the CNCF stack, people have language semantics on how that's couched. Oh, on the Kubernetes-- >> I don't like stack because it means there's one proscribed solution, where I think it's more like an a la carte model. >> Well if I quote the CNCF stack, if there was a word for it, as an alternative, as a solution base with Kubernetes at the core of it, right. Okay, cool. What is that usage being looked like? How is that developing? How are end users looking at the CNCF holistically with Kubernetes at the core? >> So we have one of the largest end-user communities out there of any open-source foundation. We have about 80 members. When we talk to them directly, why are they adopting CNCF projects and technology? Most of the time is they want to deploy software faster, right? They want to use modern CICD tools and just development patterns. So it's all about faster time to market and making the developers lives easier so they're actually able to deliver business customer value. And it's basically similar to a whole DevOps mantra, right. If I could ship software faster and it's easier for my developers to get stuff done, I'm delivering value to whatever my end-user customer is at the end of the day. If you go to the CNCF end-user website, we have case studies from Nordstrom, Capital One, I think Lyft is there. Just a bunch of people that, we moved to these technologies because it improved the way we could monitor software, how fast we could ship. It's all about faster time to market, and modernizing their infrastructure. >> Chris, give us a little bit of a view coming forward. We're on 1.13 for Kubernetes, if I read it right. The contribution slowed down a little bit because we're actually reaching a level of maturity. >> Kubernetes is boring and mature. >> What do you see as we come, other than continued growth? >> So I think the wider ecosystem is going to continue to grow. So if you actually look at Kubernetes directly, it has been very focused on moving things out of the core as much as possible and trying to force people to extend things. I don't know if you saw, Tim Hockin had this great talk in terms of how all the Kubernetes components are either being ripped out or turned into custom resource definition of CODs. Basically trying to make Kubernetes as extensible as possible. Instead of trying to ram things into Kubernetes, hey, use the built in extensibility layer. >> Decompose a little bit. >> Decompose and the analogy here would be like kernel space versus user space if you're going to Linux. All the exciting things tend to happen in user space these days but, yeah, the kernel is still important, actively contributed to by a ton of people, very critical, everything. But a lot of the action happens in user space. And I think you'll see the same thing with Kubernetes, where it will kind of become like Linux where the kernel of Kubernetes, very stable, mature, focused on basically not breaking and trying to keep it as simple as possible and built good extensibility mechanisms so folks could plug in whatever systems. We saw this with storage in Kubernetes. A lot of the initial storage drivers, flex volume stuff, was baked into the Kubernetes with a new effort called the container storage interface. They all pulled that out and made they basically built an extensibility mechanism so any company or any project could bring in their storage solution. >> One of the key trends we're seeing, obviously, in cloud is automation. We see serverless around the corner, you see all these things going on around the cool things you guys are building. As automation continues to move down the track, where is that going to impact and create value for customer end-users as they roll with the CNCF? So Kubernetes at some point could be auto, why even be managing clusters? Well, that should be automated at some point. >> I mean, hey, you could do it both ways. A lot of people love the managed service approach. If I could pay a large hyper-scale cloud provider to manage everything, the more the merrier. Some want the freedom to roll their own. Some may want to pay a vendor, I don't know, Red Hat OpenShift looks great, let's pay them to help manage data. Or I just roll alone. And we've seen it all. You know it really depends on the organization. We've seen some very high end banks or financial institutions that have very good technical chops. They're okay rolling on their own. Some may not be as interested in that and just pay a vendor to manage it. >> It's a choice issue. >> For us it's all goodness, whatever you prefer. I think longer term we'll see more people, just for the convenience of managed services, go that route. But for CNCF Kubernetes there's multiple ways to do it; you could go Vanilla, you could go Managed Service, you could go through a vendor like Rancher or OpenShift. The cool thing about all these things is they all are conformant to the Kubernetes certified program, so it means there's no breakage or forking, everyone is compliant. >> So for the people that are watching that couldn't make it here or are on the waiting list, or doing LobbyCon. >> I'm sorry, I'm sorry for the waiting list. >> This is actually a good venue to do LobbyCon, there's places to meet here. I know a lot of people actually in town kind of LobbyCon-ing it. But for the people that aren't here, what's the most important story that's being told? I know we're not being talked about. What is happening here? What should people know about this year? In your mind's eye, in your understanding of the program, and how it's developed early on, what's the most important thing? >> I think in general CNCF, Cloud Native, Kubernetes all have matured a lot in the last three years, especially the last 12-18 months, where you've seen... Earlier it was all about technical-savvy folks scratching their itch. Now the end-users that I'm talking to, you have like Maersk, what does Maersk do? They actually ship containers, right? But now they are using Kubernetes to manage containers on the containers. >> They're in the container business. >> I'm seeing traditional insurance companies. So I think what we're doing is we're basically hitting, we're kind of past that threshold of early adopters and tinkerers, and now we're moving to full-blown mainstream adoption. Part of that is the cloud providers are all offering Managed Kubernetes, so it's convenient for companies that move in the cloud. And then on the distro front, OpenShift, PKS, Rancher, they're all mature products. So there's just a lot of stability and maturity in the ecosystem. >> Just talking about the mature stuff, give us your take on Knative. What should people be looking at that? How does Serverless fit into all this? >> So Serverless, you know we love Serverless in CNCF. We just view it as another kind of programing model that eventually runs on some type of containerized stack. For us at CNCF, we have a Serverless working group that's been putting out whitepapers. We have a spec around cloud events standardized. I think Knative is a fantastic approach of how to basically build a, kind of like CNCF where it's a set of components that you can use to build your own serverless framework. I think the adoption has been great. We've actually been talking to them about potentially bringing in some components of Knative into CNCF. I think, if you want to provide your own serverless offering, you're going to need the components in Knative to make that happen. I've seen SAPs picked up on it. GitLab just announced a serverless offering based on Knative today. I think it's a great technology. It's still very early days. I think serverless is great and will be continually used, but it's one option of many. We're going to have containers, we're going to have serverless, we're going to have mainframes. It's going to be a mix of everything. >> I'm old enough to remember the old client server days when multi-vendor was a big buzz word. Multi-cloud now is a subtext here. I think that one of the big stories in issue of the maturity is that you're starting to see people, I want choice. And hybrid-cloud is the word today but I think ultimately people view it as a multi-cloud environment of resource. >> So one interesting thing about KubeCon, I think one of our reasons that we've grown so much is if you look at it, there's really no other event you can go to that is truly multi-cloud. You have all the HyperScale folks, you've got your end-users and vendors in one area, right? Versus you going to a vendor-specific event. So I think that's kind of been part of our benefit and then luck to kind of stumble in this where everyone is in the same room. I think next year, big push on bringing all the clouds. >> Well, Chris, thanks for spending the time. I know you're super busy. CTO and COO of the CNCF, really making things happen. This is a real, important technology wave, the cloud computing, and having the kind of choices in ecosystem around open-source is making it happen. Congratulations to your success. We're going to continue coverage here. Day one of three days of CUBE coverage. I'm John Furrier for Stu Miniman. Stay with us for more after this short break. (light music)

(gentle music) >> Announcer: Live, from Los Angeles, it's theCUBE, covering Open Source Summit, North America, 2017, brought to you by the Linux Foundation and Red Hat. >> Okay welcome back, and we're live here in Los Angeles, this is theCUBE's exclusive coverage of the Linux Foundation's Open Source Summit North America. I'm John Furrier, your host with my co-host Stu Miniman. Our next guest is Chris Aniszczyk, who's the COO, Chief Operating Officer of the CNCF, the Cloud Native Compute Foundation, formerly Cube-Con, Cloud Native Foundation, all rolled into the most popular Linux Foundation project right now, very fashionable, cloud native, running on native clouds, Chris welcome back to theCUBE, good to see you. >> Awesome, it's been a while, great to be back. >> So you are the Chief Operating Officer of the hottest project, to me at least, in the Foundation. Not the most important, because there's a lot of really important, everything's important, you don't pick a favorite child, but, if one's trending, the CNCF is certainly trending, it's got the most sponsors, it's got the most participants, there's so much action going on, there's so much change and opportunity, around Kubernetes, around containers, around writing cloud-native applications. You've guys have really put together a nice foundation around that, nice group, congratulations. >> Thank you. >> Take a step back and explain to us, what the hell is the CNCF? We know what it is, we were there present at creation, but it's super-important, it's growing in relevance every day. Take a minute to explain. >> So I mean, you know, CNCF is all about providing a neutral home for cloud-native technology, and it's been about almost two years since our first board meeting and the idea was, there's a certain set of technology out there that are essentially micro-service-based, that live in containers that are centrally orchestrated by some process, right, that's essentially what we mean when we say cloud-native, right, and CNCF was seeded with Kubernetes as its first project, and as we've seen over the last couple of years, Kubernetes has grown quite well, they have a large community, diverse contributor base, and have done kind of extremely well. They're one of actually the fastest, highest velocity open source projects out there, maybe only, compared to the kernel is maybe a little bit faster but it's just great to kind of see it growing. >> Why is it so hot right now? What's the catalyst? >> So I think if we kind of step back and we look at the trends in industry, right, more and more companies are becoming software companies, you know, folks like John Deere, building IoT platforms. You need some type of infrastructure to run this stuff, and especially at scale. You know, imagine sensors in every tractor, farm or in every vehicle, you're going to need serious infrastructure and cloud native really is a way to scale those type of infrastructure needs and so this is kind of I think why you're seeing a lot of interest being piqued in CNCF-related technology. >> A lot of prototypes too. >> Chris, see you know, it's interesting, I look back you know, a year or two ago, and it was like, oh, it was like the orchestration wars, it was Swarm versus Mesos, and now I look at it in the last year it's like, wait, Mesos fully embracing it, MesosCon they're going to be talking about how Mesos is the best place to you know, Kubernetes on DCOS, containerd now part of the container wars, so the container wars, we're going to talk about OCI, you know, Amazon, Microsoft, of course Google, out there at the beginning. Is there anybody that's not on board that Kubernetes... >> I mean we really have the top five cloud providers in the world, depending on what metrics you look at, part of CNCF, you know there's some others out there that still aren't fully part of the family. Hopefully if you stay tuned over the next week or so you may hear some announcements coming from CNCF of other large cloudy-type companies joining the family. >> Every week there's a new platinum sponsor (Chris laughs) and you guys are getting a check every week it seems. >> To me it's great to see companies stepping up to the play and actually sustaining open source foundations that are critical to the actual business, and I think that it's great to see this involvement. So to me I'm personally thrilled, 'cause otherwise we'd be in a situation where if the top five cloud providers in the world weren't part of CNCF, maybe they'd be trying to do their own initiative, so it's great that we have these companies at the table, and all trying to build, you know, find their own pathway to cloud-native. >> You guys are hyper-growth right now, and you're new too, you're still kind of you know, >> Chris: Less than two years old! >> I mean it's amazing. So I want to put a little Jim Zemlin test to you, (Chris laughs) which is, in his keynote today he talked about, this is the big kind of event for the whole community of open source to come together, and again, you're talking 64 million libraries out there now. He projected by 2026, 400 million, it literally is a hockey stick growth, so you got growth there, so he talked about four things, my summary. Project health, so healthiness, sustainability, secure code, training, new members. What's your strategy re those four things? Keeping the CNCF healthy, you don't eat too much and choke on all of that growth... >> Yeah, so in terms of projects, we have a very unique governance structure in place when we designed CNCF. So we kind of have this independent technical operating committee, we kind of jokingly refer to them as a technical supreme court, but they are made up of people from, kind of luminaries in the container cloud-native space, they're from competing companies too, but they try to really wear an independent hat and make sure that we're, projects that we're accepting are high quality, are a good fit for the foundation, and so it's actually fairly hard to get a project in CNCF, 'cause it really requires the blessing of this TOC. So, even though we have 10 projects now in about two years, I think that's about a project every two months, which is an okay pace. The other unique thing that we're doing is we have different levels of projects, we have inception, incubation and graduation. Right now, we have no graduated projects in CNCF, believe it or not, Kubernetes has not graduated yet because they're still finalizing their governance for the project and they're almost there. Once they do that, they'll most likely graduate. >> They'll walk cap and gown all nine yards, eh? >> Exactly, it'll be great. December we'll have the cap and gown ceremony. But the other unique thing is we're not, we do annual kind of reviews for some of our projects, certain levels will be annually reviewed, and if they're not longer healthy or a good fit, we're okay archiving them, or telling, you know, telling them you know, maybe you're not a good fit anymore for the foundation, or you know. And so I think you have to have a process in place where sometimes you do have to move things to the attic. >> Do you have a high bar on the projects >> The initial bar is extremely, extremely high, and I think over time, we may see some projects that get recycled or moved to the attic, or maybe they maybe merged together, we'll see, so we're thinking about this already, so... >> John: Okay, security? >> Security, so we, all projects in CNCF that graduate have to partake in the core infrastructures best practices badging program, so if the CII has this great effort that is basically helping to ensure projects meet a minimal level of best practices that make their projects secure. You know, it doesn't give you like full-blown guarantee, but these are good practices. >> So you were leveraging pre-existing work, classic, open-source ethos. >> Exactly, and they have like a set of domain experts completely focused on security building out these practices and you'll notice Kubernetes recently merged in the CII Best Practices badge, so if you go to the readme, you'll actually see it, and you'll click through and you'll see all the things that they've had to sign off and check on that they participate in, and so all of our projects are kind of going >> Training. >> Training, yeah, we just recently announced couple things. One is we have a >> Looking good so far, you get an A plus. >> Yeah, so as of today we've launched the Certified Kubernetes Administrator Program or CKA for short. So we have folks that are getting trained on, and are having official stamps that they are certified Kubernetes administrators, and to me that's huge, given like how hot the space is, having some stamp of approval that they are really certified in the space is huge. So we also offer free training through edX, so we launched some training courses earlier, and to be honest, if you look at our member companies, lots of great folks out there providing training material. >> So one of the keynotes that Christine Corbett Moran was talking about in her keynote was, more inclusion so there's no ruling class. Now I know you really have a ruling class going on with your high bar, I get that. How are you getting new members in, what's the strategy, who are the new members, how are you going to manage the perception possibly that a few people control the swing votes at potentially big projects? >> So here what's interesting is, people joining CNCF, like I mentioned before, we have a TOC, right? So there's kind of this separation of, I don't say church and state, but like, so the governing board, people who pay to join CNCF, they pay to sustain our open source projects, and so essentially they help with, they pay for marketing, staff, events and so on. They actually don't have technical influence over the projects. You don't have to be a member to have technical influence over our projects. People join CNCF because they want to have a say in the overall budget of how marketing, events and stuff, and just overall support the organization. But on the technical side, there's this kind of firewall, there's an independent TOC, they make the technical decisions. You can't really pay to join that at all, you have to actually be heavily participating in that community. >> John: How does someone get in that group? Is there a code? >> They have to just be like a luminary, we have a kind of election process that happens every two or three years, depending on how things are structured, and it's independently elected by the CNCF member community, essentially, is the simplest way I can explain it. >> The other announcement you talked about, kind of the individual certification, but the KCSP sort of programs >> Correct, exactly. >> Maybe you can tell us a little bit about that. >> Yes, so we had a program set up so it's Kubernetes Certified Service Provider, KCSP, that basically >> rolls right off the tongue >> I know, right, exactly. Herbal space program, whatever, I think of sometimes video games when we say it, but essentially, the program was put in place that a lot of end users out there in companies that are new to cloud native, and they're new to Kubernetes, essentially want to find a trusted set of partners that they can rely on, services and other things, so we created KCSP as a way to vet a certain set of companies that have at least a minimum of three people that have passed the Kubernetes certification exam that I talked about, and are essentially participating upstream in some way actively in the Kubernetes community. So we got a couple handfuls of companies that have launched, which is great, and so now, given that we're growing so fast, companies out there that are early end users that are exploring the space now have a trusted set of companies that go look at, and we're hoping to grow that program over time too. So this is just phase one. >> All right, so Chris, the other thing that I want to make sure we talk about, the Open Container Initiative, so I think it was originally OCP, which of course is, >> Open Container Project which when OCP was announced, it was like, okay, the cold war of Docker versus CoreOS versus everybody else, (Chris laughs) trying to figure out what that container format was, we all shook hands, I took a nice selfie with Ben who was CEO at the time, and everybody. So 1.0 is out. So, container's fully mature, ready to be rolled out right? But what does it mean? >> So I mean it's funny 'cause I basically joined the Linux Foundation, to help both start CNCF and OCI around the same time, right, and OCI was very narrowly scoped to only care about a small set of container-specific issues. One around how do you actually really run containers, start, stop, all that kind of life cycle bit, and how are containers laid out on disk, we call that the image specification. So you have the runtime spec and the image spec, and those are just very limited core pieces, like that OCI was not opinionated on networking or storage or any of, those are all left to other initiatives. And so after almost two years, we shipped 1.0, we got basically all the major container players to agree that this is 1.0 and we're going to build off from this, and so if you look at Docker with it's containerd project, or you know, fully adopting OCI, the Mesos community is, Cloud Foundry, even AWS announced their container register's supporting OCI, so we got the 1.0 out there, now we're going to see an abundance of people building tools and other things. I think you'll see more end users out there exploring containers. I've talked to a lot of companies that I can't necessarily name, but there's a lot of folks out there that may not dive into container technology until there is actually a mature standard and they feel like this technology is just not going to go away or they're going to get locked into some specific platforms. So, with 1.0 out the door, you'll see over the next six to 12 months, more tools being built. We're actually working to roll out a certification program so you get that nice little, you know, hey, this product is OCI-certified and supports the spec, so you'll see that happen over the next... >> Okay, so you've got the runtime spec and the image format spec, >> Yep, those are the two big ones. >> All 1.0, we're ready to roll, what's the roadmap >> Yeah, what's next. So there are early discussions about what other mature areas are out there kind of in container land right now. There are some discussions around distribution, so having a standard API to basically fetch and push container images out there. If you look at it, each container registry has basically a different set of APIs, and wouldn't it be nice if we could all kind of easily work together and have maybe one set, a way to kind of distribute these things. So there are some early discussions around potentially building out a distribution specification, but that's something that the technical community has to decide within OCI to do, and so over the next couple of months we're having some meetings, we're doing a bigger meeting at DockerCon Europe coming up in October to basically try to figure out what's really next. So I think after we shipped 1.0 a lot of people took a little bit of a breather, a break, and say like, congratulate themselves, take some vacation over the summer, and now we're going to get back into the full swing of things over the next couple of months. >> Say, what's the big conversation here, obviously at your event in Austin, it's got a plug for, theCUBE will be live covering it as well. >> I know, I'm excited. >> What's the uptake, what's the conversation in the hallways, any meetings, give us some >> Yeah, so we're doing >> I know there's some big announcement coming on Wednesday, there's some stuff happening >> Yeah, so, you know, first coming Wednesday, so like I mentioned, we have 10 projects right now in CNCF. We have two projects currently out for vote. So one of them is Envoy. There's a company you've probably heard of, Lyft, ride-sharing company, but Envoy essentially is their fancy service mesh that powers the Lyft platform, and many other companies out there are actually taking advantage of Envoy. Google's playing around with it, integrating into the Istio project, which is pretty powerful, but Envoy is currently, it was invited by the TOC for a formal vote, the voting period started last week, so we're collecting votes from the nine TOC members, and once that voting period is hopefully we can announce whether the project was accepted or not. The other project in the pipeline is a project called Jaeger, which is from Uber, you know, nice to have Uber >> John: Jaegermeister. >> Yeah, Jaegermeister, a bit like it. It's nice to have a product from Uber, another product from Lyft, kind of it's nice to see >> And if you have too much Jaeger, you have to take the Lyft to get home, right? >> Exactly, correct. So you know, just like Envoy, Jaeger is, you know, was formally invited by the TOC, it's out for vote, and hopefully we'll count the votes soon and figure out if it gets accepted or not. So Jaeger is focused on distributed tracing, so one problem in micro-services land is once you kind of like refactor your application to kind of be micro-services-based, actually tracing and figuring out what happens when things go wrong is hard, and you need a really good set of distributed tracing tools, 'cause otherwise it's like the worst murder mystery, you have like no idea what's happened, so having solid distributed tracing solution like Jaeger is great, 'cause in CNCF we're going to have a project called OpenTracing, but that's just kind of like the spec of how you do things, there's no full-blown client-server distributed >> For instance you usually need it for manageability >> Exactly, and that's what Jaeger provides, and I'm excited to kind of have these two projects under consideration in CNCF. >> Is manageability the hottest thing going on right now in terms of conversations? (Chris sighs) Or is it more stability and getting projects graduating? >> Yeah, so like our big focus is like, we want to see projects graduate, kind of meet the minimum bar that the TOC set up for graduated projects. In terms of other hot areas that are under discussion in CNCF are storage, so for example we have a storage working group that's been working hard to kind of bring in all the vendors and different storage folks together, and there's some early work called the container storage interface, we call it CSI for short, and so you know there's another project at CNCF called CNI, which basically tried to build a standard around how networking is done in container land. CSI is doing the same thing because, you know, it's no fun rewriting your storage drivers for all the different orchestration systems out there, and so why not get together and build out a standard that is used by Kubernetes, by Mesos, by Cloud Foundry, by Docker, and just have it so they all work across these things. So that's what's happening, and it's still early days, but there's a lot of excitement in that. >> Okay, the event in Austin, what can people expect? Cube-Con. >> You're literally going to have the biggest gathering of Kubernetes and cloud-native talent. It's actually going to be one of our biggest events probably for the Linux Foundation at all. We're probably going to get 3-4,000 people minimum out there, and I'm stoked, we're going to have some... Schedule's not fully announced yet. I do secretly know some of the keynotes potentially, but just wait for that announcement, I promise you it's going to be great. >> And one question I get, just I thought I'd bring it up since you're here in the hot seat, lot of people coming in with, supporting you guys on the governing side, not even cyclical. How are you going to service them, how are you going to scale up, do you have confidence that you have the ability to execute against those sponsorships, support the members, what's your plan, can you share some insights, clarify that? >> You know, pressure makes diamonds, right? We have a lot of people at the right table, and we are doing some hiring, so we have a couple spots open for developer advocacy, technical writing, you know additive things that help our project overall. We're also trying to hire a head of marketing. So like, we are in the process of expanding the organization. >> Do you feel comfortable... >> I feel comfortable, like things are growing, things are moving at a fast clip, but we're doing the best we can to hire and don't be surprised if you hear some announcements soon about some fun hires. >> Well it's been great for us covering, we've been present and creating, if you will, this movement, which has been kind of cool, because it kind of a confluence of a couple of things coming together. >> Chris: Yeah, absolutely. >> It's just been really fun to watch, just the momentum from the cloud really early days, 2009 timeframe to now, it's been a real nice ride and congratulations to the entire community. >> Thank you, like for me it's just exciting to have all these companies sitting together at the same table, having Amazon join, and the other top fighters, all basically committing to saying, we are in the cloud-native, we may have different ways of getting there, but we're all committed working together at some level. So I'm stoked. >> Great momentum, and you guys doing some great work, congratulations. >> Thank you very much. >> And you know it's working when I get focused, hey can you, so and so, I'm like, oh yeah, no problem, oh wow, they're big time now, you guys are big time. Congratulations. >> Thank you, it's in phase one now, like we have the right people at the table >> Don't screw it up! (John and Chris laugh) As they say. It's on yours. Chris Aniszczyk, who's the COO of the Cloud Native Compute Foundation, the hottest area of Linux Foundation right now, a lot of action on cloud, cloud-native developers where DevOps is meeting, lot of progress in application development. Still, they're really only two years old, get involved, more inclusion the better. It's theCUBE, Cube coverage of CNCF. We'll be in Austin in December. >> Chris: Yep, six to eight. >> December 6 to 8, we'll be there live. More live coverage coming back in Los Angeles here for the Open Source Summit North America after this short break.

>> Hey everyone. Welcome back to theCUBE's coverage day two of CloudNative Security CON 23. Lisa Martin here in studio in Palo Alto with John Furrier. John, we've had some great conversations. I've had a global event. This was a global event. We had Germany on yesterday. We had the Boston Studio. We had folks on the ground in Seattle. Lot of great conversations, a lot of great momentum at this event. What is your number one takeaway with this inaugural event? >> Well, first of all, our coverage with our CUBE alumni experts coming in remotely this remote event for us, I think this event as an inaugural event stood out because one, it was done very carefully and methodically from the CNCF. I think they didn't want to overplay their hand relative to breaking out from CUBE CON So Kubernetes success and CloudNative development has been such a success and that event and ecosystem is booming, right? So that's the big story is they have the breakout event and the question was, was it a good call? Was it successful? Was it going to, would the dog hunt as they say, in this case, I think the big takeaway is that it was successful by all measures. One, people enthusiastic and confident that this has the ability to stand on its own and still contribute without taking away from the benefits and growth of Kubernetes CUBE CON and CloudNative console. So that was the key. Hallway conversations, the sessions all curated and developed properly to be different and focused for that reason. So I think the big takeaway is that the CNCF did a good job on how they rolled this out. Again, it was very intimate event small reminds me of first CUBE CON in Seattle, kind of let's test it out. Let's see how it goes. Again, clearly it was people successful and they understood why they're doing it. And as we commented out in our earlier segments this is not something new. Amazon Web Services has re:Invent and re:Inforce So a lot of parallels there. I see there. So I think good call. CNCF did the right thing. I think this has legs. And then as Dave pointed out, Dave Vellante, on our last keynote analysis was the business model of the hackers is better than the business model of the industry. They're making more money, it costs less so, you know, they're playing offense and the industry playing defense. That has to change. And as Dave pointed out we have to make the cost of hacking and breaches and cybersecurity higher so that the business model crashes. And I think that's the strategic imperative. So I think the combination of the realities of the market globally and open source has to go faster. It's good to kind of decouple and be highly cohesive in the focus. So to me that's the big takeaway. And then the other one is, is that there's a lot more security problems still unresolved. The emphasis on developers productivity is at risk here, if not solved. You saw supply chain software, again, front and center and then down in the weeds outside of Kubernetes, things like BIND and DNS were brought up. You're seeing the Linux kernel. Really important things got to be paid attention to. So I think very good call, very good focus. >> I would love if for us to be able to, as the months go on talk to some of the practitioners that actually got to attend. There were 72 sessions, that's a lot of content for a small event. Obviously to your point, very well curated. We did hear from some folks yesterday who were just excited to get the community back together in person. To your point, having this dedicated focus on CloudNativesecurity is incredibly important. You talked about, you know, the offense defense, the fact that right now the industry needs to be able to pivot from being on defense to being on offense. This is a challenging thing because it is so lucrative for hackers. But this seems to be from what we've heard in the last couple days, the right community with the right focus to be able to make that pivot. >> Yeah, and I think if you look at the success of Kubernetes, 'cause again we were there at theCUBE first one CUBE CON, the end user stories really drove end user participation. Drove the birth of Kubernetes. Left some of these CloudNative early adopters early pioneers that were using cloud hyperscale really set the table for CloudNative CON. I think you're seeing that here with this CloudNative SecurityCON where I think we're see a lot more end user stories because of the security, the hairs on fire as we heard from Madrona Ventures, you know, as they as an investor you have a lot of use cases out there where customers are leaning in with getting the rolling up their sleeves, working with open source. This has to be the driver. So I'm expecting to see the next level of SecurityCON to be end user focused. Much more than vendor focused. Where CUBECON was very end user focused and then attracted all the vendors in that grew the industry. I expect the similar pattern here where end user action will be very high at the beginning and that will essentially be the rising tide for the vendors to be then participating. So I expect almost a similar trajectory to CUBECON. >> That's a good path that it needs to all be about all the end users. One of the things I'm curious if what you heard was what are some of the key factors that are going to move CloudNative Security forward? What did you hear the last two days? >> I heard that there's a lot of security problems and no one wants to kind of brag about this but there's a lot of under the hood stuff that needs to get taken care of. So if automation scales, and we heard that from one of the startups we've just interviewed. If automation and scale continues to happen and with the business model of the hackers still booming, security has to be refactored quickly and there's going to be an opportunity structurally to use the cloud for that. So I think it's a good opportunity now to get dedicated focus on fixing things like the DNS stuff old school under the hood, plumbing, networking protocols. You're going to start to see this super cloud-like environment emerge where data's involved, everything's happening and so security has to be re imagined. And I think there's a do over opportunity for the security industry with CloudNative driving that. And I think this is the big thing that I see as an opportunity to, from a story standpoint from a coverage standpoint is that it's a do-over for security. >> One of the things that we heard yesterday is that there's a lot of it, it's a pretty high percentage of organizations that either don't have a SOCK or have a very primitive SOCK. Which kind of surprised me that at this day and age the risks are there. We talked about that today's focus and the keynote was a lot about the software supply chain and what's going on there. What did you hear in terms of the appetite for organizations through the voice of the practitioner to say, you know what guys, we got to get going because there's going to be the hackers are they're here. >> I didn't hear much about that in the coverage 'cause we weren't in the hallways. But from reading the tea leaves and talking to the folks on the ground, I think there's an implied like there's an unlimited money from customers. So it's a very robust from the data infrastructure stack building we cover with the angel investor Kane you're seeing data infrastructure's going to be part of the solution here 'cause data and security go hand in hand. So everyone's got basically checkbook wide open everyone wants to have the answer. And we commented that the co-founder of Palo Alto you had on our coverage yesterday was saying that you know, there's no real platform, there's a lot of tools out there. People will buy anything. So there's still a huge appetite and spend in security but the answer's not going to more tool sprawling. It's going to more platform auto, something that enables automation, fix some of the underlying mechanisms involved and fix it fast. So to me I think it's going to be a robust monetary opportunity because of the demand on the business side. So I don't see that changing at all and I think it's going to accelerate. >> It's a great point in terms of the demand for the business side because as we know as we said yesterday, the next Log4j is out there. It's not a matter of if this happens again it's when, it's the extent, it's how frequent we know that. So organizations all the way up to the board have to be concerned about brand reputation. Nobody wants to be the next big headline in terms of breaches and customer data being given to hackers and hackers making all this money on that. That has to go all the way up to the board and there needs to be alignment between the board and the executives at the organization in terms of how they're going to deal with security, and now. This is not a conversation that can wait. Yeah, I mean I think the five C's we talked about yesterday the culture of companies, the cloud is an enabler, you've got clusters of servers and capabilities, Kubernetes clusters, you've got code and you've got all kinds of, you know, things going on there. Each one has elements that are at risk for hacking, right? So that to me is something that's super important. I think that's why the focus on security's different and important, but it's not going to fork the main event. So that's why I think the spin out was, spinout, or the new event is a good call by the CNCF. >> One of the things today that struck me they're talking a lot about software supply chain and that's been in the headlines for quite a while now. And a stat that was shared this morning during the keynote just blew my brains that there was a 742% increase in the software supply chain attacks occurring over the last three years. It's during Covid times, that is a massive increase. The threat landscape is just growing so amorphously but organizations need to help dial that down because their success and the health of the individuals and the end users is at risk. Well, Covid is an environment where everyone's kind of working at home. So there was some disruption to infrastructure. Also, when you have change like that, there's opportunities for hackers, they'll arbitrage that big time. But I think general the landscape is changing. There's no perimeter anymore. It's CloudNative, this is where it is and people who are moving from old IT to CloudNative, they're at risk. That's why there's tons of ransomware. That's why there's tons of risk. There's just hygiene, from hygiene to architecture and like Nick said from Palo Alto, the co-founder, there's not a lot of architecture in security. So yeah, people have bulked up their security teams but you're going to start to see much more holistic thinking around redoing security. I think that's the opportunity to propel CloudNative, and I think you'll see a lot more coming out of this. >> Did you hear any specific information on some of the CloudNative projects going on that really excite you in terms of these are the right people going after the right challenges to solve in the right direction? >> Well I saw the sessions and what jumped out to me at the sessions was it's a lot of extensions of what we heard at CUBECON and I think what they want to do is take out the big items and break 'em out in security. Kubescape was one we just covered. They want to get more sandbox type stuff into the security side that's very security focused but also plays well with CUBECON. So we'll hear more about how this plays out when we're in Amsterdam coming up in April for CUBECON to hear how that ecosystem, because I think it'll be kind of a relief to kind of decouple security 'cause that gives more focus to the stakeholders in CUBECON. There's a lot of issues going on there and you know service meshes and whatnot. So it's a lot of good stuff happening. >> A lot of good stuff happening. One of the things that'll be great about CUBECON is that we always get the voice of the customer. We get vendors coming on with the voice of the customer talking about and you know in that case how they're using Kubernetes to drive the business forward. But it'll be great to be able to pull in some of the security conversations that spin out of CloudNative Security CON to understand how those end users are embracing the technology. You brought up I think Nir Zuk from Palo Alto Networks, one of the themes there when Dave and I did their Ignite event in December was, of 22, was really consolidation. There are so many tools out there that organizations have to wrap their heads around and they need to be able to have the right enablement content which this event probably delivered to figure out how do we consolidate security tools effectively, efficiently in a way that helps dial down our risk profile because the risks just seem to keep growing. >> Yeah, and I love the technical nature of all that and I think this is going to be the continued focus. Chris Aniszczyk who's the CTO listed like E and BPF we covered with Liz Rice is one of the most three important points of the conference and it's just, it's very nerdy and that's what's needed. I mean it's technical. And again, there's no real standards bodies anymore. The old days developers I think are super important to be the arbiters here. And again, what I love about the CNCF is that they're developer focused and we heard developer first even in security. So you know, this is a sea change and I think, you know, developers' choice will be the standards bodies. >> Lisa: Yeah, yeah. >> They decide the future. >> Yeah. >> And I think having the sandboxing and bringing this out will hopefully accelerate more developer choice and self-service. >> You've been talking about kind of putting the developers in the driver's seat as really being the key decision makers for a while. Did you hear information over the last couple of days that validates that? >> Yeah, absolutely. It's clearly the fact that they did this was one. The other one is, is that engineering teams and dev teams and script teams, they're blending together. It's not just separate silos and the ones that are changing their team dynamics, again, back to the culture are winning. And I think this has to happen. Security has to be embedded everywhere in making it frictionless and to provide kind of the guardrail so developers don't slow down. And I think where security has become a drag or an anchor or a blocker has been just configuration of how the organization's handling it. So I think when people recognize that the developers are in charge and they're should be driving the application development you got to make sure that's secure. And so that's always going to be friction and I think whoever does it, whoever unlocks that for the developer to go faster will win. >> Right. Oh, that's what I'm sure magic to a developer's ear is the ability to go faster and be able to focus on co-development in a secure fashion. What are some of the things that you're excited about for CUBECON. Here we are in February, 2023 and CUBECON is just around the corner in April. What are some of the things that you're excited about based on the groundswell momentum that this first inaugural CloudNative Security CON is generating from a community, a culture perspective? >> I think this year's going to be very interesting 'cause we have an economic challenge globally. There's all kinds of geopolitical things happening. I think there's going to be very entrepreneurial activity this year more than ever. I think you're going to see a lot more innovative projects ideas hitting the table. I think it's going to be a lot more entrepreneurial just because the cycle we're in. And also I think the acceleration of mainstream deployments of out of the CNCF's main event CUBECON will happen. You'll see a lot more successes, scale, more clarity on where the security holes are or aren't. Where the benefits are. I think containers and microservices are continuing to surge. I think the Cloud scale hyperscale as Amazon, Azure, Google will be more aggressive. I think AI will be a big theme this year. I think you can see how data is going to infect some of the innovation thinking. I'm really excited about the data infrastructure because it powers a lot of things in the Cloud. So I think the Amazon Web Services, Azure next level gen clouds will impact what happens in the CloudNative foundation. >> Did you have any conversations yesterday or today with respect to AI and security? Was that a focus of anybody's? Talk to me about that. >> Well, I didn't hear any sessions on AI but we saw some demos on stage. But they're teasing out that this is an augmentation to their mission, right? So I think a lot of people are looking at AI as, again, like I always said there's the naysayers who think it's kind of a gimmick or nothing to see here, and then some are just going to blown away. I think the people who are alpha geeks and the industry connect the dots and understand that AI is going to be an accelerant to a lot of heavy lifting that was either manual, you know, hard to do things that was boring or muck as they say. I think that's going to be where you'll see the AI stories where it's going to accelerate either ways to make security better or make developers more confident and productive. >> Or both. >> Yeah. So definitely AI will be part of it. Yeah, definitely. One of the things too that I'm wondering if, you know, we talk about CloudNative and the goal of it, the importance of it. Do you think that this event, in terms of what we were able to see, obviously being remote the event going on in Seattle, us being here in Palo Alto and Boston and guests on from Seattle and Germany and all over, did you hear the really the validation for why CloudNative Security why CloudNative is important for organizations whether it's a bank or a hospital or a retailer? Is that validation clear and present? >> Yeah, absolutely. I think it was implied. I don't think there was like anyone's trying to debate that. I think this conference was more of it's assumed and they were really trying to push the ability to make security less defensive, more offensive and more accelerated into the solving the problems with the businesses that are out there. So clearly the CloudNative community understands where the security challenges are and where they're emerging. So having a dedicated event will help address that. And they've got great co-chairs too that put it together. So I think that's very positive. >> Yeah. Do you think, is it possible, I mean, like you said several times today so eloquently the industry's on the defense when it comes to security and the hackers are on the offense. Is it really possible to make that switch or obviously get some balances. As technology advances and industry gets to take advantage of that, so do the hackers, is that balance achievable? >> Absolutely. I mean, I think totally achievable. The question's going to be what's the environment going to be like? And I remember as context to understanding whether it's viable or not, is to look at, just go back 13 years ago, I remember in 2010 Amazon was viewed as an unsecure environment. Everyone's saying, "Oh, the cloud is not secure." And I remember interviewing Steve Schmidt at AWS and we discussed specifically how Amazon Cloud was being leveraged by hackers. They made it more complex for the hackers. And he said, "This is just the beginning." It's kind of like barbed wire on a fence. It's yeah, you're not going to climb it so people can get over it. And so since then what's happened is the Cloud has become more secure than on premises for a lot of either you know, personnel reasons, culture reasons, not updating, you know, from patches to just being insecure to be more insecure. So that to me means that the flip the script can be flipped. >> Yeah. And I think with CloudNative they can build in automation and code to solve some of these problems and make it more complex for the hacker. >> Lisa: Yes. >> And increase the cost. >> Yeah, exactly. Make it more complex. Increase the cost. That'll be in interesting journey to follow. So John, here we are early February, 2023 theCUBE starting out strong as always. What year are we in, 12? Year 12? >> 13th year >> 13! What's next for theCUBE? What's coming up that excites you? >> Well, we're going to do a lot more events. We got the theCUBE in studio that I call theCUBE Center as kind of internal code word, but like, this is more about getting the word out that we can cover events remotely as events are starting to change with hybrid, digital is going to be a big part of that. So I think you're going to see a lot more CUBE on location. We're going to do, still do theCUBE and have theCUBE cover events from the studio to get deeper perspective because we can then bring people in remote through our our studio team. We can bring our CUBE alumni in. We have a corpus of content and experts to bring to table. So I think the coverage will be increased. The expertise and data will be flowing through theCUBE and so Cube Center, CUBE CUBE Studio. >> Lisa: Love it. >> Will be a integral part of our coverage. >> I love that. And we have such great conversations with guests in person, but also virtually, digitally as well. We still get the voices of the practitioners and the customers and the vendors and the partner ecosystem really kind of lauded loud and clear through theCUBE megaphone as I would say. >> And of course getting the clips out there, getting the highlights. >> Yeah. >> Getting more stories. No stories too small for theCUBE. We can make it easy to get the best content. >> The best content. John, it's been fun covering CloudNative security CON with you with you. And Dave and our guests, thank you so much for the opportunity and looking forward to the next event. >> John: All right. We'll see you at Amsterdam. >> Yeah, I'll be there. We want to thank you so much for watching TheCUBES's two day coverage of CloudNative Security CON 23. We're live in Palo Alto. You are live wherever you are and we appreciate your time and your view of this event. For John Furrier, Dave Vellante, I'm Lisa Martin. Thanks for watching guys. We'll see you at the next show.

(energetic music plays) >> Lisa: Hey everyone, we're so glad you're here with us. theCUBE is covering Cloud Native Security Con 23. Lisa Martin here with John Furrier. This is our second day of coverage of the event. We've had some great conversations with a lot of intellectual, exciting folks, as you know cuz you've been watching. John and I are very pleased to welcome back one of our alumni to theCUBE Taylor Dolezal joins us the head of ecosystem at CNCF. Taylor, welcome back to theCUBE. Great to see you. >> Taylor: Hey everybody, great to see you again. >> Lisa: So you are on the ground in Seattle. We're jealous. We've got fomo as John would say. Talk to us about, this is a inaugural event. We were watching Priyanka keynote yesterday. Seemed like a lot of folks there, 72 sessions a lot of content, a lot of discussions. What's the buzz, what's the reception of this inaugural event from your perspective? >> Taylor: So it's been really fantastic. I think the number one thing that has come out of this conference so far is that it's a wonderful chance to come together and for people to see one another. It's, it's been a long time that we've kind of had that opportunity to be able to interact with folks or you know, it's just a couple months since last Cube Con. But this is truly a different vibe and it's nice to have that focus on security. We're seeing a lot of folks within different organizations work through different problems and then finally have a vendor neutral space in which to talk about all of those contexts and really raise everybody up with all this new knowledge and new talking points, topics, and different facets of knowledge. >> John: Taylor, we were joking on our yesterday's summary of the keynotes, Dave Vellante and I, and the guests, Lisa and I, about the CNCF having an event operating system, you know, very decoupled highly cohesive events, strung together beautifully through the Linux Foundation, you know, kind of tongue in cheek but it was kind of fun to play on words because it's a very technical community. But the business model of, of hackers is booming. The reality of businesses booming and Cloud Native is the preferred developer environment for the future application. So the emphasis, it's very clear that this is a good move to do and targeting the community around security's a solid move. Amazon's done it with reinforce and reinvent. We see that Nice segmentation. What's the goal? Because this is really where it connects to Cube Con and Cloud Native Con as well because this shift left there too. But here it's very much about hardcore Cloud Native security. What's your positioning on this? Am I getting it right or is there is that how you guys see it? >> Taylor: Yeah, so, so that's what we've see that's what we were talking about as well as we were thinking on breaking this event out. So originally this event was a co-located event during the Cube Con windows in both Europe and North America. And then it just was so consistently popular clearly a topic that people wanted to talk, which is good that people want to talk of security. And so when we saw this massive continued kind of engagement, we wanted to break this off into its own conference. When we were going through that process internally, like you had mentioned the events team is just phenomenal to work with and they, I love how easy that they make it for us to be able to do these kinds of events too though we wanted to talk through how we differentiate this event from others and really what's changed for us and kind of how we see this space is that we didn't really see any developer-centric open source kinds of conferences. Ones that were really favoring of the developer and focus on APIs and ways in which to implement these things across all of your workloads within your organization. So that's truly what we're looking to go for here during these, all of these sessions. And that's how it's been playing out so far which has been really great to see. >> John: Taylor, I want to ask you on the ecosystem obviously the built-in ecosystem at CNCF.IO with Cube Cons Cloud Cons there, this is a new ecosystem opportunity to add more people that are security focused. Is their new entrance coming into the fold and what's been the reaction? >> Taylor: So short answer is yes we've seen a huge uptick across our vendor members and those are people that are creating Cloud offerings and selling those and working with others to implement them as well as our end users. So people consuming Cloud Native projects and using them to power core parts of their business. We have gotten a lot of data from groups like IBM and security, IBM security and put 'em on institute. They gave us a cost of data breach report that Priyanka mentioned and talked about 43% of those organizations haven't started or in the early stages of updating security practices of their cloud environments and then here on the ground, you know, talking through some best practices and really sharing those out as well. So it's, I've gotten to hear pieces and parts of different conversations and and I'm certain we'll hear more about those soon but it's just really been great to, to hear everybody with that main focus of, hey, there's more that we can do within the security space and you know, let's let's help one another out on that front just because it is such a vast landscape especially in the security space. >> Lisa: It's a huge landscape. And to your point earlier, Taylor it's everyone has the feeling that it's just so great to be back together again getting folks out of the silos that they've been operating in for such a long time. But I'd love to get some of your, whatever you can share in terms of some of the Cloud Native security projects that you've heard about over the last day or so. Anything exciting that you think is really demonstrating the value already and this inaugural event? >> Taylor: Yes, so I I've been really excited to hear a lot of, personally I've really liked the talks around EBPF. There are a whole bunch of projects utilizing that as far as runtime security goes and actually getting visibility into your workloads and being able to see things that you do expect and things that you don't expect and how to remediate those. And then I keep hearing a lot of talks about open policy agents and projects like Caverno around you know, how do we actually automate different policies or within regulated industries, how do we actually start to solve those problems? So I've heard even more around CNCF projects and other contexts that have come up but truly most of them have been around the telemetry space EBPF and, and quite a few others. So really great to, to see all those projects choosing something to bind to and making it that much more accessible for folks to implement or build on top of as well. >> John: I love the reference you guys had just the ChatGPT that was mentioned in the keynote yesterday and also the reference to Dan Kaminsky who was mentioned on the reference to DNS and Bind, lot of root level security going on. It seems like this is like a Tiger team event where all the top alpha security gurus come together, Priyanka said, experts bottoms up, developer first practitioners, that's the vibe. Is that kind of how you guys want it to be more practitioners hardcore? >> Taylor: Absolutely, absolutely. I think that when it comes to security, we really want to help. It's definitely a grassroots movement. It's great to have the people that have such a deep understanding of certain security, just bits of knowledge really when it comes to EBPF. You know, we have high surveillance here that we're talking things through. Falco is here with Sysdig and so it it's great to have all of these people here, though I have seen a good spread of folks that are, you know, most people have started their security journey but they're not where they want to be. And so people that are starting at a 2 0 1, 3 0 1, 4 0 1 level of understanding definitely seeing a good spread of knowledge on that front. But it's really, it's been great to have folks from all varying experiences, but then to have the expertise of the folks that are writing these specifications and pushing the boundaries of what's possible with security to to ensure that we're all okay and updated on that front too, I think was most notable yesterday. Like you had said >> Lisa: Sorry Taylor, when we think of security, again this is an issue that, that organizations in every industry face, nobody is immune to this. We can talk about the value in it for the hackers in terms of ransomware alone for example. But you mentioned a stat that there's a good amount of organizations that are really either early in their security journeys or haven't started yet which kind of sounds a bit scary given the landscape and how much has changed in the last couple of years. But it sounds like on the good news front it isn't too late for organizations. Talk a little bit about some of the recommendations and best practices for those organizations who are behind the curve knowing that the next attack is going to happen. >> Taylor: Absolutely. So fantastic question. I think that when it comes to understanding the fact that people need to implement security and abide by best practices, it's like I I'm sure that many of us can agree on that front, you know, hopefully all of us. But when it comes to actually implementing that, that's I agree with you completely. That's where it's really difficult to find where where do I start, where do I actually look at? And there are a couple of answers on that front. So within the CNTF ecosystem we have a technical action group security, so tag security and they have a whole bunch of working groups that cover different facets of the Cloud Native experience. So if you, for example, are concerned about runtime security or application delivery concerns within there, those are some really good places to find people knowledgeable about, that even when the conference isn't going on to get a sense of what's going on. And then TAG security has also published recently version two of their security report which is free accessible online. They can actually look through that, see what some of the recent topics are and points of focus and of interest are within our community. There are also other organizations like Open SSF which is taking a deeper dive into security. You know, initially kind of having a little bit more of an academic focus on that space and then now getting further into things around software bill materials or SBOMs supply chain security and other topics as well. >> John: Well we love you guys doing this. We think it's very big deal. We think it's important. We're starting to see events post COVID take a certain formation, you know joking aside about the event operating systems smaller events are happening, but they're tied together. And so this is key. And of course the critical need is our businesses are under siege with threats, ransomware, security challenges, that's IT moves to Cloud Native, not everyone's moved over yet. So that's in progress. So there's a huge business imperative and the hackers have a business model. So this isn't like pie in the sky, this is urgent. So, that being said, how do you see this developing from who should attend the next one or who are you looking for to be involved to get input from you guys are open arms and very diverse and great great culture there, but who are you looking for? What's the makeup persona that you hope to attract and nurture and grow? >> Taylor: Absolutely. I, think that when it comes to trying the folks that we're looking for the correct answer is it varies you know, from, you know, you're asking Priyanka or our executive director or Chris Aniszczyk our CTO, I work mostly with the end users, so for me personally I really want to see folks that are operating within our ecosystem and actually pulling these down, these projects down and using them and sharing those stories. Because there are people creating these projects and contributing to them might not always have an idea of how they're used or how they can be exploited too. A lot of these groups that I work with like Mercedes or Intuit for example, they're out there in the world using these, these projects and getting a sense for, you know, what can come up. And by sharing that knowledge I think that's what's most important across the board. So really looking for those stories to be told and novel ways in which people are trying to exploit security and attacking the supply chain, or building applications, or just things we haven't thought about. So truly that that developer archetype is really helpful to have the consumers, the end users, the folks that are actually using these. And then, yeah, and I'm truly anywhere knowledgeable about security or that wants to learn more >> John: Super important, we're here to help you scale those stories up whatever you need, send them our way. We're looking forward to getting those. This is a super important movement getting the end users who are on the front lines bringing it back into the open, building, more software, making it secure and verified, all super important. We really appreciate the mission you guys are on and again we're here to help. So send those stories our way. >> Taylor: Cool, cool. We couldn't do it without you. Yeah, just everyone contributing, everyone sharing the news. This is it's people, people is the is the true operating system of our ecosystem. So really great to, really great to share. >> Lisa: That's such a great point Taylor. It is all about people. You talked about this event having a different vibe. I wanted to learn a little bit more about that as we, as we wrap up because there's so much cultural change that's required for organizations to evolve their security practices. And so people of course are at the center of culture. Talk a little bit about why that vibe is different and do you think that yeah, it's finally time. Everyone's getting on the same page here we're understanding, we're learning from each other. >> Taylor: Yes. So, so to kind of answer that, I think it's really a focus on, there's this term shift left and shift right. And talking about where do we actually put security in the mix as it comes to people adopting this and and figuring out where things go. And if you keep shifting at left, that meaning that the developers should care more deeply about this and a deeper understanding of all of these, you know, even if it's, even if they don't understand how to put it together, maybe understand a little bit about it or how these topics and, and facets of knowledge work. But you know, like with anything, if you shift everything off to one side or the other that's also not going to be efficient. You know, you want a steady stream of knowledge flowing throughout your whole organization. So I think that that's been something that has been a really interesting topic and, and hearing people kind of navigate and try to get through, especially groups that have had, you know, deployed an app and it's going to be around for 40 years as well. So I think that those are some really interesting and unique areas of focus that I've come up on the floor and then in a couple of the sessions here >> Lisa: There's got to be that, that balance there. Last question as we wrap the last 30 seconds or so what are you excited about given the success and the momentum of day one? What excites you about what's ahead for us on day two? >> Taylor: So on day two, I'm really, it's, there's just so many sessions. I think that it was very difficult for me to, you know pick which one I was actually going to go see. There are a lot of favorites that I had kind of doubled up at each of the time so I'm honestly going to be in a lot of the sessions today. So really excited about that. Supply chain security is definitely one that's close to my heart as well but I'm really curious to see what new topics, concepts or novel ideas people have to kind of exploit things. Like one for example is a package is out there it's called Browser Test but somebody came up with one called Bowser Test. Just a very simple misname and then when you go and run that it does a fake kind of like, hey you've been exploited and just even these incorrect name attacks. That's something that is really close and dear to me as well. Kind of hearing about all these wild things people wouldn't think about in terms of exploitation. So really, really excited to hear more stories on that front and better protect myself both at home and within the Cloud Community as I stand these things up. >> Lisa: Absolutely you need to clone yourself so that you can, there's so many different sessions. There needs to be multiple versions of Taylor that you can attend and then you can all get together and talk about and learn. But that's actually a really good problem to have as we mentioned when we started 72 sessions yesterday and today. Lots of great content. Taylor, we thank you for your participation. We thank you for bringing the vibe and the buzz of the event to us and we look forward as well to hearing and seeing what day two brings us today. Thank you so much for your time Taylor. >> Taylor: Thank you for having me. >> John: All right >> Lisa: Right, for our guest and John Furrier, I'm Lisa Martin. You're watching theCube's Day two coverage of Cloud Native Security Con 23. (energetic music plays)

>> From theCUBE studios in Palo Alto, in Boston, bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vollante. >> The rise of Kubernetes came about through a combination of forces that were, in hindsight, quite a long shot. Amazon's dominance created momentum for Cloud native application development, and the need for newer and simpler experiences, beyond just easily spinning up computer as a service. This wave crashed into innovations from a startup named Docker, and a reluctant competitor in Google, that needed a way to change the game on Amazon and the Cloud. Now, add in the effort of Red Hat, which needed a new path beyond Enterprise Linux, and oh, by the way, it was just about to commit to a path of a Kubernetes alternative for OpenShift and figure out a governance structure to hurt all the cats and the ecosystem and you get the remarkable ascendancy of Kubernetes. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this breaking analysis, we tapped the back stories of a new documentary that explains the improbable events that led to the creation of Kubernetes. We'll share some new survey data from ETR and commentary from the many early the innovators who came on theCUBE during the exciting period since the founding of Docker in 2013, which marked a new era in computing, because we're talking about Kubernetes and developers today, the hoodie is on. And there's a new two part documentary that I just referenced, it's out and it was produced by Honeypot on Kubernetes, part one and part two, tells a story of how Kubernetes came to prominence and many of the players that made it happen. Now, a lot of these players, including Tim Hawkin Kelsey Hightower, Craig McLuckie, Joe Beda, Brian Grant Solomon Hykes, Jerry Chen and others came on theCUBE during formative years of containers going mainstream and the rise of Kubernetes. John Furrier and Stu Miniman were at the many shows we covered back then and they unpacked what was happening at the time. We'll share the commentary from the guests that they interviewed and try to add some context. Now let's start with the concept of developer defined structure, DDI. Jerry Chen was at VMware and he could see the trends that were evolving. He left VMware to become a venture capitalist at Greylock. Docker was his first investment. And he saw the future this way. >> What happens is when you define infrastructure software you can program it. You make it portable. And that the beauty of this cloud wave what I call DDI's. Now, to your point is every piece of infrastructure from storage, networking, to compute has an API, right? And, and AWS there was an early trend where S3, EBS, EC2 had API. >> As building blocks too. >> As building blocks, exactly. >> Not monolithic. >> Monolithic building blocks every little building bone block has it own API and just like Docker really is the API for this unit of the cloud enables developers to define how they want to build their applications, how to network them know as Wills talked about, and how you want to secure them and how you want to store them. And so the beauty of this generation is now developers are determining how apps are built, not just at the, you know, end user, you know, iPhone app layer the data layer, the storage layer, the networking layer. So every single level is being disrupted by this concept of a DDI and where, how you build use and actually purchase IT has changed. And you're seeing the incumbent vendors like Oracle, VMware Microsoft try to react but you're seeing a whole new generation startup. >> Now what Jerry was explaining is that this new abstraction layer that was being built here's some ETR data that quantifies that and shows where we are today. The chart shows net score or spending momentum on the vertical axis and market share which represents the pervasiveness in the survey set. So as Jerry and the innovators who created Docker saw the cloud was becoming prominent and you can see it still has spending velocity that's elevated above that 40% red line which is kind of a magic mark of momentum. And of course, it's very prominent on the X axis as well. And you see the low level infrastructure virtualization and that even floats above servers and storage and networking right. Back in 2013 the conversation with VMware. And by the way, I remember having this conversation deeply at the time with Chad Sakac was we're going to make this low level infrastructure invisible, and we intend to make virtualization invisible, IE simplified. And so, you see above the two arrows there related to containers, container orchestration and container platforms, which are abstraction layers and services above the underlying VMs and hardware. And you can see the momentum that they have right there with the cloud and AI and RPA. So you had these forces that Jerry described that were taking shape, and this picture kind of summarizes how they came together to form Kubernetes. And the upper left, Of course you see AWS and we inserted a picture from a post we did, right after the first reinvent in 2012, it was obvious to us at the time that the cloud gorilla was AWS and had all this momentum. Now, Solomon Hykes, the founder of Docker, you see there in the upper right. He saw the need to simplify the packaging of applications for cloud developers. Here's how he described it. Back in 2014 in theCUBE with John Furrier >> Container is a unit of deployment, right? It's the format in which you package your application all the files, all the executables libraries all the dependencies in one thing that you can move to any server and deploy in a repeatable way. So it's similar to how you would run an iOS app on an iPhone, for example. >> A Docker at the time was a 30% company and it just changed its name from .cloud. And back to the diagram you have Google with a red question mark. So why would you need more than what Docker had created. Craig McLuckie, who was a product manager at Google back then explains the need for yet another abstraction. >> We created the strong separation between infrastructure operations and application operations. And so, Docker has created a portable framework to take it, basically a binary and run it anywhere which is an amazing capability, but that's not enough. You also need to be able to manage that with a framework that can run anywhere. And so, the union of Docker and Kubernetes provides this framework where you're completely abstracted from the underlying infrastructure. You could use VMware, you could use Red Hat open stack deployment. You could run on another major cloud provider like rec. >> Now Google had this huge cloud infrastructure but no commercial cloud business compete with AWS. At least not one that was taken seriously at the time. So it needed a way to change the game. And it had this thing called Google Borg, which is a container management system and scheduler and Google looked at what was happening with virtualization and said, you know, we obviously could do better Joe Beda, who was with Google at the time explains their mindset going back to the beginning. >> Craig and I started up Google compute engine VM as a service. And the odd thing to recognize is that, nobody who had been in Google for a long time thought that there was anything to this VM stuff, right? Cause Google had been on containers for so long. That was their mindset board was the way that stuff was actually deployed. So, you know, my boss at the time, who's now at Cloudera booted up a VM for the first time, and anybody in the outside world be like, Hey, that's really cool. And his response was like, well now what? Right. You're sitting at a prompt. Like that's not super interesting. How do I run my app? Right. Which is, that's what everybody's been struggling with, with cloud is not how do I get a VM up? How do I actually run my code? >> Okay. So Google never really did virtualization. They were looking at the market and said, okay what can we do to make Google relevant in cloud. Here's Eric Brewer from Google. Talking on theCUBE about Google's thought process at the time. >> One interest things about Google is it essentially makes no use of virtual machines internally. And that's because Google started in 1998 which is the same year that VMware started was kind of brought the modern virtual machine to bear. And so Google infrastructure tends to be built really on kind of classic Unix processes and communication. And so scaling that up, you get a system that works a lot with just processes and containers. So kind of when I saw containers come along with Docker, we said, well, that's a good model for us. And we can take what we know internally which was called Borg a big scheduler. And we can turn that into Kubernetes and we'll open source it. And suddenly we have kind of a cloud version of Google that works the way we would like it to work. >> Now, Eric Brewer gave us the bumper sticker version of the story there. What he reveals in the documentary that I referenced earlier is that initially Google was like, why would we open source our secret sauce to help competitors? So folks like Tim Hockin and Brian Grant who were on the original Kubernetes team, went to management and pressed hard to convince them to bless open sourcing Kubernetes. Here's Hockin's explanation. >> When Docker landed, we saw the community building and building and building. I mean, that was a snowball of its own, right? And as it caught on we realized we know what this is going to we know once you embrace the Docker mindset that you very quickly need something to manage all of your Docker nodes, once you get beyond two or three of them, and we know how to build that, right? We got a ton of experience here. Like we went to our leadership and said, you know, please this is going to happen with us or without us. And I think it, the world would be better if we helped. >> So the open source strategy became more compelling as they studied the problem because it gave Google a way to neutralize AWS's advantage because with containers you could develop on AWS for example, and then run the application anywhere like Google's cloud. So it not only gave developers a path off of AWS. If Google could develop a strong service on GCP they could monetize that play. Now, focus your attention back to the diagram which shows this smiling, Alex Polvi from Core OS which was acquired by Red Hat in 2018. And he saw the need to bring Linux into the cloud. I mean, after all Linux was powering the internet it was the OS for enterprise apps. And he saw the need to extend its path into the cloud. Now here's how he described it at an OpenStack event in 2015. >> Similar to what happened with Linux. Like yes, there is still need for Linux and Windows and other OSs out there. But by and large on production, web infrastructure it's all Linux now. And you were able to get onto one stack. And how were you able to do that? It was, it was by having a truly open consistent API and a commitment into not breaking APIs and, so on. That allowed Linux to really become ubiquitous in the data center. Yes, there are other OSs, but Linux buy in large for production infrastructure, what is being used. And I think you'll see a similar phenomenon happen for this next level up cause we're treating the whole data center as a computer instead of trading one in visual instance is just the computer. And that's the stuff that Kubernetes to me and someone is doing. And I think there will be one that shakes out over time and we believe that'll be Kubernetes. >> So Alex saw the need for a dominant container orchestration platform. And you heard him, they made the right bet. It would be Kubernetes. Now Red Hat, Red Hat is been around since 1993. So it has a lot of on-prem. So it needed a future path to the cloud. So they rang up Google and said, hey. What do you guys have going on in this space? So Google, was kind of non-committal, but it did expose that they were thinking about doing something that was you know, pre Kubernetes. It was before it was called Kubernetes. But hey, we have this thing and we're thinking about open sourcing it, but Google's internal debates, and you know, some of the arm twisting from the engine engineers, it was taking too long. So Red Hat said, well, screw it. We got to move forward with OpenShift. So we'll do what Apple and Airbnb and Heroku are doing and we'll build on an alternative. And so they were ready to go with Mesos which was very much more sophisticated than Kubernetes at the time and much more mature, but then Google the last minute said, hey, let's do this. So Clayton Coleman with Red Hat, he was an architect. And he leaned in right away. He was one of the first outside committers outside of Google. But you still led these competing forces in the market. And internally there were debates. Do we go with simplicity or do we go with system scale? And Hen Goldberg from Google explains why they focus first on simplicity in getting that right. >> We had to defend of why we are only supporting 100 nodes in the first release of Kubernetes. And they explained that they know how to build for scale. They've done that. They know how to do it, but realistically most of users don't need large clusters. So why create this complexity? >> So Goldberg explains that rather than competing right away with say Mesos or Docker swarm, which were far more baked they made the bet to keep it simple and go for adoption and ubiquity, which obviously turned out to be the right choice. But the last piece of the puzzle was governance. Now Google promised to open source Kubernetes but when it started to open up to contributors outside of Google, the code was still controlled by Google and developers had to sign Google paper that said Google could still do whatever it wanted. It could sub license, et cetera. So Google had to pass the Baton to an independent entity and that's how CNCF was started. Kubernetes was its first project. And let's listen to Chris Aniszczyk of the CNCF explain >> CNCF is all about providing a neutral home for cloud native technology. And, you know, it's been about almost two years since our first board meeting. And the idea was, you know there's a certain set of technology out there, you know that are essentially microservice based that like live in containers that are essentially orchestrated by some process, right? That's essentially what we mean when we say cloud native right. And CNCF was seated with Kubernetes as its first project. And you know, as, as we've seen over the last couple years Kubernetes has grown, you know, quite well they have a large community a diverse con you know, contributor base and have done, you know, kind of extremely well. They're one of actually the fastest, you know highest velocity, open source projects out there, maybe. >> Okay. So this is how we got to where we are today. This ETR data shows container orchestration offerings. It's the same X Y graph that we showed earlier. And you can see where Kubernetes lands not we're standing that Kubernetes not a company but respondents, you know, they doing Kubernetes. They maybe don't know, you know, whose platform and it's hard with the ETR taxon economy as a fuzzy and survey data because Kubernetes is increasingly becoming embedded into cloud platforms. And IT pros, they may not even know which one specifically. And so the reason we've linked these two platforms Kubernetes and Red Hat OpenShift is because OpenShift right now is a dominant revenue player in the space and is increasingly popular PaaS layer. Yeah. You could download Kubernetes and do what you want with it. But if you're really building enterprise apps you're going to need support. And that's where OpenShift comes in. And there's not much data on this but we did find this chart from AMDA which show was the container software market, whatever that really is. And Red Hat has got 50% of it. This is revenue. And, you know, we know the muscle of IBM is behind OpenShift. So there's really not hard to believe. Now we've got some other data points that show how Kubernetes is becoming less visible and more embedded under of the hood. If you will, as this chart shows this is data from CNCF's annual survey they had 1800 respondents here, and the data showed that 79% of respondents use certified Kubernetes hosted platforms. Amazon elastic container service for Kubernetes was the most prominent 39% followed by Azure Kubernetes service at 23% in Azure AKS engine at 17%. With Google's GKE, Google Kubernetes engine behind those three. Now. You have to ask, okay, Google. Google's management Initially they had concerns. You know, why are we open sourcing such a key technology? And the premise was, it would level the playing field. And for sure it has, but you have to ask has it driven the monetization Google was after? And I would've to say no, it probably didn't. But think about where Google would've been. If it hadn't open source Kubernetes how relevant would it be in the cloud discussion. Despite its distant third position behind AWS and Microsoft or even fourth, if you include Alibaba without Kubernetes Google probably would be much less prominent or possibly even irrelevant in cloud, enterprise cloud. Okay. Let's wrap up with some comments on the state of Kubernetes and maybe a thought or two about, you know, where we're headed. So look, no shocker Kubernetes for all its improbable beginning has gone mainstream in the past year or so. We're seeing much more maturity and support for state full workloads and big ecosystem support with respect to better security and continued simplification. But you know, it's still pretty complex. It's getting better, but it's not VMware level of maturity. For example, of course. Now adoption has always been strong for Kubernetes, for cloud native companies who start with containers on day one, but we're seeing many more. IT organizations adopting Kubernetes as it matures. It's interesting, you know, Docker set out to be the system of the cloud and Kubernetes has really kind of become that. Docker desktop is where Docker's action really is. That's where Docker is thriving. It sold off Docker swarm to Mirantis has made some tweaks. Docker has made some tweaks to its licensing model to be able to continue to evolve its its business. To hear more about that at DockerCon. And as we said, years ago we expected Kubernetes to become less visible Stu Miniman and I talked about this in one of our predictions post and really become more embedded into other platforms. And that's exactly what's happening here but it's still complicated. Remember, remember the... Go back to the early and mid cycle of VMware understanding things like application performance you needed folks in lab coats to really remediate problems and dig in and peel the onion and scale the system you know, and in some ways you're seeing that dynamic repeated with Kubernetes, security performance scale recovery, when something goes wrong all are made more difficult by the rapid pace at which the ecosystem is evolving Kubernetes. But it's definitely headed in the right direction. So what's next for Kubernetes we would expect further simplification and you're going to see more abstractions. We live in this world of almost perpetual abstractions. Now, as Kubernetes improves support from multi cluster it will be begin to treat those clusters as a unified group. So kind of abstracting multiple clusters and treating them as, as one to be managed together. And this is going to create a lot of ecosystem focus on scaling globally. Okay, once you do that, you're going to have to worry about latency and then you're going to have to keep pace with security as you expand the, the threat area. And then of course recovery what happens when something goes wrong, more complexity, the harder it is to recover and that's going to require new services to share resources across clusters. So look for that. You also should expect more automation. It's going to be driven by the host cloud providers as Kubernetes supports more state full applications and begins to extend its cluster management. Cloud providers will inject as much automation as possible into the system. Now and finally, as these capabilities mature we would expect to see better support for data intensive workloads like, AI and Machine learning and inference. Schedule with these workloads becomes harder because they're so resource intensive and performance management becomes more complex. So that's going to have to evolve. I mean, frankly, many of the things that Kubernetes team way back when, you know they back burn it early on, for example, you saw in Docker swarm or Mesos they're going to start to enter the scene now with Kubernetes as they start to sort of prioritize some of those more complex functions. Now, the last thing I'll ask you to think about is what's next beyond Kubernetes, you know this isn't it right with serverless and IOT in the edge and new data, heavy workloads there's something that's going to disrupt Kubernetes. So in that, by the way, in that CNCF survey nearly 40% of respondents were using serverless and that's going to keep growing. So how is that going to change the development model? You know, Andy Jassy once famously said that if they had to start over with Amazon retail, they'd start with serverless. So let's keep an eye on the horizon to see what's coming next. All right, that's it for now. I want to thank my colleagues, Stephanie Chan who helped research this week's topics and Alex Myerson on the production team, who also manages the breaking analysis podcast, Kristin Martin and Cheryl Knight help get the word out on socials, so thanks to all of you. Remember these episodes, they're all available as podcasts wherever you listen, just search breaking analysis podcast. Don't forget to check out ETR website @etr.ai. We'll also publish. We publish a full report every week on wikibon.com and Silicon angle.com. You can get in touch with me, email me directly david.villane@Siliconangle.com or DM me at D Vollante. You can comment on our LinkedIn post. This is Dave Vollante for theCUBE insights powered by ETR. Have a great week, everybody. Thanks for watching. Stay safe, be well. And we'll see you next time. (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hi, I'm Stu Miniman, and welcome to this CUBE Conversation. I'm coming to you from our Boston area studio. I'm happy to welcome to the program someone we've known for many years, but a first time on the program. Priyanka Sharma, thank you so much for joining us. >> Hi, Stu. Thank you so much for having me. >> All right, and Priyanka, let's not bury the lead or anything. The reason we're talking to you is the news. You've got a new job, but in an area that you know really well. So we've known you through the cloud native communities for a number of years. We see you at the shows. We see you online. So happy to share with our community you are now the general manager of the CNCF, so congratulations so much on the job. >> Thank you so much. I am so honored to have this opportunity, and I can't wait to work even more closely with the cloud native community than I have already. I mean, as you said, I've been involved for a long time. I actually just saw on my LinkedIn today that 2016 was when my conversation within the CNCF started. I was then working on the OpenTracing Project, which was the third project to join the foundation, and CNCF had started in 2015, so it was all very new. We were in conversations, and it was just such an exciting time, and that just kept getting bigger and bigger, and then with GitLab I served, I actually still serve, until the 31st, on the board. And now this, so I'm very, very excited. >> Yeah, well right. So you're a board member of the CNCF, but Priyanka, if you go back even further, we look at how did CNCF start. It was all around Kubernetes. Where did Kubernetes come from? It came from Google, and when I dug back far enough into your CV I found Google on there, too. So maybe just give us a little bit of your career arc, and what you're involved with for people that don't know you from all these communities and events. >> Sure, absolutely. So my career started at Google in Mountain View, and I was on the business side of things. I worked with AdSense products, and around that same time I had a bit of the entrepreneurial bite, so the bug bit me, and I first joined a startup that was acquired by GoDaddy later on, and then I went off on my own. That was a very interesting time for me, because that was when I truly learned about the power of opensource. One of the products that me and my co-founder were building was an opensource time tracker, and I just saw the momentum on these communities, and that's when the dev tools love started. And then I got involved with Heavybit Industries, which is an accelerator for dev tools. There I met so many companies that were either in the cloud space, or just general other kinds of dev tools, advised a few, ended up joining LightStep, where the founders, them and a few community members were the creators of the OpenTracing standard. Got heavily, heavily involved in that project, jumped into cloud native with that, was a project contributor, organizer, educator, documentarian, all kinds of things, right, for two-plus years, and then GitLab with the board membership, and that's how I saw, actually, the governance side. Until then it had all been the community, the education, that aspect, and then I understood how Chris and Dan had built this amazing foundation that's done so much from the governance perspective. So it's been a long journey and it all feels that it's been coming towards in this awesome new direction. >> Well, yeah. Congratulations to you, and right, CNCF, in their press release I see Dan talked about you've been a speaker, you've been a governing board member, you participate in this, and you're going to help with that next phase, and you teased out a little bit, there's a lot of constituencies in the CNCF. There's a large user participation. We always love talking at KubeCon about the people not only just using the technology, but contributing back, the role of opensource, the large vendor ecosystem, a lot there. So give us your thought as to kind of where the CNCF is today, and where it needs to continue and go in the future. >> Absolutely. So in my opinion the CNCF is a breakout organization. I mean, we're approaching 600 members, of which 142 are end users. So with that number the CNCF is actually the largest, has the largest end user community of all opensource foundations. So tremendous progress has been made, especially from those days back in 2016 when we were the third project being considered. So leaps and bounds, so impressive. And I think... If you think about what's the end user storyline right now, so the CNCF did a survey last year, and so 84% of the people surveyed were using containers in production, and 78% were using Kubernetes in production. Amazing numbers, especially since both are up by about 15, 20% year over year. So this move towards devops, towards cloud native, towards Kubernetes is happening and happening really strong. The project has truly established itself. Kubernetes has won, in my opinion, and that's really good. I think now when it comes to the second wave, it is my perspective that the end user communities and the... Just the momentum that we have right now, we need to build and grow it. We need deeper developer engagement, because if you think about it, there's not just one graduated project in CNCF. There are 10. So Kubernetes being one of them, but there's Prometheus, there's Envoy, Jaeger, et cetera, et cetera. So we have amazing technologies that are all gaining adoption. Being graduated means that they have fast security audits, they have diverse contributors, they have safe, good governance, so as an end user you can feel very secure adopting them, and so we have so much to do to expand on the knowledge of those projects. We have so much to make software just better every day, so that's my one vector in my opinion. The second vector, I would say it has been more opportunistic. As you know, we are all living in a very unprecedented time with a global pandemic. Many of us are sheltering in place. Many are... Generally, life is changed. You are in media. You know this much better than me, I'm sure, that the number of, the amount of digital consumption has just skyrocketed. People are reading that many more articles. I'm watching that many more memes and jokes online, right? And what that means is that more and more companies are reaching that crazy web scale that started this whole cloud native and devops space in the first time, first place with Google and Netflix being D-to-C companies just building out what eventually became cloud native, SRE, that kind of stuff. So in general, online consumption's higher, so more and more companies need to be cloud native to support that kind of traffic. Secondly, even for folks that are not creating content, just a lot of the workflows have to move online. More people will do online banking. More people will do ecommerce. It's just the shift is happening, and for that we, as the foundation, need to be ready to support the end users with education, enablement, certifications, training programs, just to get them across that chasm into a new, even more online-focused reality. >> Yeah, and I say, Priyanka, that tees up one of the ways that most people are familiar with the CNCF is through the event. So KubeCon and CloudNativeCon, really the signature event. Tremendous growth over the last few years. You actually had involvement in a virtual event, the Cloud Native Summit recently. For KubeCon-- >> Yes. >> The European show is announced virtual. We know that there's still some uncertainty when it comes to the North America show. Supposed to be in my backyard here in Boston, so we'd love for it to happen. If it happens-- >> Of course. >> If not, we'll be there virtually or not. Give us a little bit your experience with the Cloud Native Summit, and what's your thinking today? We understand, as you said, a lot of uncertainty as to what goes on. Absolutely, even when physical events come back in the future, we expect this hybrid model to be with us for a long time. >> I definitely hear that. Completely agree that everything is uncertain and things have changed very rapidly for our world, particularly when it comes to events. We're lucky at the CNCF to be working with the LF Events team, which is just best in class, and we are working very hard every day, them, doing a lot of the lion's share of the work of building the best experience we can for KubeCon, CloudNativeCon EU, which, as you said, went virtual. I'm really looking forward to it because what I learned from the Cloud Native Summit Online, which was the event you mentioned that I had hosted in April, is that people are hungry to just engage, to see each other, to communicate however they can in this current time. Today I don't think the technology's at a point where physical events can be overshadowed by virtual, so there's still something very special about seeing someone face-to-face, having a coffee, and having that banter, conversations. But at the same time there are some benefits to online. So as an example, with the Cloud Native Summit, really, it was just me and a few community folks who were sad we didn't get to go to Amsterdam, so we're like, "Let's just get together in a group, "have some fun, talk to some maintainers," that kind of thing. I expected a few hundred, max. Thousands of people showed up, and that was just mind blowing because I was like, "Wait, what?" (chuckling) But it was so awesome because not only were there a lot of people, there were people from just about every part of the globe. So normally you have US, Europe, that kind of focus, and there's the Asia-PAC events that cater to that, but here in that one event where, by the way, we were talking to each other in realtime, there were folks from Asia-PAC, there were folks from Americas, EU, also the African continent, so geo meant nothing anymore. And that was very awesome. People from these different parts of the world were talking, engaging, learning, all at the same time, and I think with over 20,000 people expected at KubeCon EU, with it being virtual, we'll see something similar, and I think that's a big opportunity for us going forward. >> Yeah, no, absolutely. There are some new opportunities, some new challenges. I think back to way back in January I got to attend the GitLab event, and you look at GitLab, a fully remote company, but talking about the benefits of still getting together and doing things online. You think of the developer communities, they're used to working remote and working across different timezones, but there is that need to be able to get together and collaborate, and so we've got some opportunities, we've got some challenges when remote, so I guess, yeah, Priyanka. Give me the final word, things you want to look forward to, things we should be expecting from you and the CNCF team going forward. I guess I'll mention for our audience, I guess, Dan Kohn staying part of Linux Foundation, doing some healthcare things, will still stay a little involved, and Chris Aniszczyk, who's the CTO, still the CTO. I just saw him. Did a great panel for DockerCon with Kelsey Hightower, Michelle Noorali, and Sean Connelly, and all people we know that-- >> Right. >> Often are speaking at KubeCon, too. So many of the faces staying the same. I'm not expecting a big change, but what should we expect going forward? >> That's absolutely correct, Stu. No big changes. My first big priority as I join is, I mean, as you know, coming with the community background, with all this work that we've put into education and learning from each other, my number one goal is going to be to listen and learn in a very diverse set of personas that are part of this whole community. I mean, there's the board, there is the technical oversight committee, there is the project maintainers, there's the contributors, there are the end users, potential developers who could be contributors. There's just so many different types of people all united in our interest and desire to learn more about cloud native. So my number one priority is going to listen and learn, and as I get more and more up to speed I'm very lucky that Chris Aniszczyk, who has built this with Dan, is staying on and is going to be advising me, guiding me, and working with me. Dan as well is actually going to be around to help advise me and also work on some key initiatives, in addition to his big, new thing with public health and the Linux Foundation. You never expect anything average with Dan, so it's going to be amazing. He's done so much for this foundation and brought it to this point, which in my mind, I mean, it's stupendous the amount of work that's happened. It's so cool. So I'm really looking forward to building on this amazing foundation created by Dan and Chris under Jim. I think that what they have done by not only providing a neutral IP zone where people can contribute and use projects safely, they've also created an ecosystem where there is events, there is educational activity, projects can get documentation support, VR support. It's a very holistic view, and that's something, in my opinion, new, at least in the way it's done. So I just want to build upon that, and I think the end user communities will keep growing, will keep educating, will keep working together, and this is a team effort that we are all in together. >> Well, Priyanka, congratulations again. We know your community background and strong community at the CNCF. Looking forward to seeing that both in the virtual events in the near term and back when we have physical events again in the future, so thanks so much for joining us. >> Thank you for having me. >> All right. Be sure to check out thecube.net. You'll see all the previous events we've done with the CNCF, as well as, as mentioned, we will be helping keep cloud native connected at KubeCon, CloudNativeCon Europe, the virtual event in August, as well as the North American event later in the year. I'm Stu Miniman, and thank you for watching theCUBE. (smooth music)

>> Announcer: From around the globe, it's the queue with digital coverage of DockerCon live 2020. Brought to you by Docker and its ecosystem partners. >> Welcome, welcome, welcome to DockerCon 2020. We got over 50,000 people registered so there's clearly a ton of interest in the world of Docker and Eddie's as I like to call it. And we've assembled a power panel of Open Source and cloud native experts to talk about where things stand in 2020 and where we're headed. I'm Shawn Conley, I'll be the moderator for today's panel. I'm also a proud alum of JBoss, Red Hat, SpringSource, VMware and Hortonworks and I'm broadcasting from my hometown of Philly. Our panelists include; Michelle Noorali, Senior Software Engineer at Microsoft, joining us from Atlanta, Georgia. We have Kelsey Hightower, Principal developer advocate at Google Cloud, joining us from Washington State and we have Chris Aniszczyk, CTO CIO at the CNCF, joining us from Austin, Texas. So I think we have the country pretty well covered. Thank you all for spending time with us on this power panel. Chris, I'm going to start with you, let's dive right in. You've been in the middle of the Docker netease wave since the beginning with a clear focus on building a better world through open collaboration. What are your thoughts on how the Open Source landscape has evolved over the past few years? Where are we in 2020? And where are we headed from both community and a tech perspective? Just curious to get things sized up? >> Sure, when CNCF started about roughly four, over four years ago, the technology mostly focused on just the things around Kubernetes, monitoring communities with technology like Prometheus, and I think in 2020 and the future, we definitely want to move up the stack. So there's a lot of tools being built on the periphery now. So there's a lot of tools that handle running different types of workloads on Kubernetes. So things like Uvert and Shay runs VMs on Kubernetes, which is crazy, not just containers. You have folks that, Microsoft experimenting with a project called Kruslet which is trying to run web assembly workloads natively on Kubernetes. So I think what we've seen now is more and more tools built around the periphery, while the core of Kubernetes has stabilized. So different technologies and spaces such as security and different ways to run different types of workloads. And at least that's kind of what I've seen. >> So do you have a fair amount of vendors as well as end users still submitting in projects in, is there still a pretty high volume? >> Yeah, we have 48 total projects in CNCF right now and Michelle could speak a little bit more to this being on the DOC, the pipeline for new projects is quite extensive and it covers all sorts of spaces from two service meshes to security projects and so on. So it's ever so expanding and filling in gaps in that cloud native landscape that we have. >> Awesome. Michelle, Let's head to you. But before we actually dive in, let's talk a little glory days. A rumor has it that you are the Fifth Grade Kickball Championship team captain. (Michelle laughs) Are the rumors true? >> They are, my speech at the end of the year was the first talk I ever gave. But yeah, it was really fun. I wasn't captain 'cause I wasn't really great at anything else apart from constantly cheer on the team. >> A little better than my eighth grade Spelling Champ Award so I think I'd rather have the kickball. But you've definitely, spent a lot of time leading an Open Source, you've been across many projects for many years. So how does the art and science of collaboration, inclusivity and teamwork vary? 'Cause you're involved in a variety of efforts, both in the CNCF and even outside of that. And then what are some tips for expanding the tent of Open Source projects? >> That's a good question. I think it's about transparency. Just come in and tell people what you really need to do and clearly articulate your problem, more clearly articulate your problem and why you can't solve it with any other solution, the more people are going to understand what you're trying to do and be able to collaborate with you better. What I love about Open Source is that where I've seen it succeed is where incentives of different perspectives and parties align and you're just transparent about what you want. So you can collaborate where it makes sense, even if you compete as a company with another company in the same area. So I really like that, but I just feel like transparency and honesty is what it comes down to and clearly communicating those objectives. >> Yeah, and the various foundations, I think one of the things that I've seen, particularly Apache Software Foundation and others is the notion of checking your badge at the door. Because the competition might be between companies, but in many respects, you have engineers across many companies that are just kicking butt with the tech they contribute, claiming victory in one way or the other might make for interesting marketing drama. But, I think that's a little bit of the challenge. In some of the, standards-based work you're doing I know with CNI and some other things, are they similar, are they different? How would you compare and contrast into something a little more structured like CNCF? >> Yeah, so most of what I do is in the CNCF, but there's specs and there's projects. I think what CNCF does a great job at is just iterating to make it an easier place for developers to collaborate. You can ask the CNCF for basically whatever you need, and they'll try their best to figure out how to make it happen. And we just continue to work on making the processes are clearer and more transparent. And I think in terms of specs and projects, those are such different collaboration environments. Because if you're in a project, you have to say, "Okay, I want this feature or I want this bug fixed." But when you're in a spec environment, you have to think a little outside of the box and like, what framework do you want to work in? You have to think a little farther ahead in terms of is this solution or this decision we're going to make going to last for the next how many years? You have to get more of a buy in from all of the key stakeholders and maintainers. So it's a little bit of a longer process, I think. But what's so beautiful is that you have this really solid, standard or interface that opens up an ecosystem and allows people to build things that you could never have even imagined or dreamed of so-- >> Gotcha. So I'm Kelsey, we'll head over to you as your focus is on, developer advocate, you've been in the cloud native front lines for many years. Today developers are faced with a ton of moving parts, spanning containers, functions, Cloud Service primitives, including container services, server-less platforms, lots more, right? I mean, there's just a ton of choice. How do you help developers maintain a minimalist mantra in the face of such a wealth of choice? I think minimalism I hear you talk about that periodically, I know you're a fan of that. How do you pass that on and your developer advocacy in your day to day work? >> Yeah, I think, for most developers, most of this is not really the top of mind for them, is something you may see a post on Hacker News, and you might double click into it. Maybe someone on your team brought one of these tools in and maybe it leaks up into your workflow so you're forced to think about it. But for most developers, they just really want to continue writing code like they've been doing. And the best of these projects they'll never see. They just work, they get out of the way, they help them with log in, they help them run their application. But for most people, this isn't the core idea of the job for them. For people in operations, on the other hand, maybe these components fill a gap. So they look at a lot of this stuff that you see in the CNCF and Open Source space as number one, various companies or teams sharing the way that they do things, right? So these are ideas that are put into the Open Source, some of them will turn into products, some of them will just stay as projects that had mutual benefit for multiple people. But for the most part, it's like walking through an ion like Home Depot. You pick the tools that you need, you can safely ignore the ones you don't need, and maybe something looks interesting and maybe you study it to see if that if you have a problem. And for most people, if you don't have that problem that that tool solves, you should be happy. No one needs every project and I think that's where the foundation for confusion. So my main job is to help people not get stuck and confused in LAN and just be pragmatic and just use the tools that work for 'em. >> Yeah, and you've spent the last little while in the server-less space really diving into that area, compare and contrast, I guess, what you found there, minimalist approach, who are you speaking to from a server-less perspective versus that of the broader CNCF? >> The thing that really pushed me over, I was teaching my daughter how to make a website. So she's on her Chromebook, making a website, and she's hitting 127.0.0.1, and it looks like geo cities from the 90s but look, she's making website. And she wanted her friends to take a look. So she copied and paste from her browser 127.0.0.1 and none of her friends could pull it up. So this is the point where every parent has to cross that line and say, "Hey, do I really need to sit down "and teach my daughter about Linux "and Docker and Kubernetes." That isn't her main goal, her goal was to just launch her website in a way that someone else can see it. So we got Firebase installed on her laptop, she ran one command, Firebase deploy. And our site was up in a few minutes, and she sent it over to her friend and there you go, she was off and running. The whole server-less movement has that philosophy as one of the stated goal that needs to be the workflow. So, I think server-less is starting to get closer and closer, you start to see us talk about and Chris mentioned this earlier, we're moving up the stack. Where we're going to up the stack, the North Star there is feel where you get the focus on what you're doing, and not necessarily how to do it underneath. And I think server-less is not quite there yet but every type of workload, stateless web apps check, event driven workflows check, but not necessarily for things like machine learning and some other workloads that more traditional enterprises want to run so there's still work to do there. So server-less for me, serves as the North Star for why all these Projects exists for people that may have to roll their own platform, to provide the experience. >> So, Chris, on a related note, with what we were just talking about with Kelsey, what's your perspective on the explosion of the cloud native landscape? There's, a ton of individual projects, each can be used separately, but in many cases, they're like Lego blocks and used together. So things like the surface mesh interface, standardizing interfaces, so things can snap together more easily, I think, are some of the approaches but are you doing anything specifically to encourage this cross fertilization and collaboration of bug ability, because there's just a ton of projects, not only at the CNCF but outside the CNCF that need to plug in? >> Yeah, I mean, a lot of this happens organically. CNCF really provides of the neutral home where companies, competitors, could trust each other to build interesting technology. We don't force integration or collaboration, it happens on its own. We essentially allow the market to decide what a successful project is long term or what an integration is. We have a great Technical Oversight Committee that helps shepherd the overall technical vision for the organization and sometimes steps in and tries to do the right thing when it comes to potentially integrating a project. Previously, we had this issue where there was a project called Open Tracing, and an effort called Open Census, which is basically trying to standardize how you're going to deal with metrics, on the tree and so on in a cloud native world that we're essentially competing with each other. The CNCF TC and committee came together and merged those projects into one parent ever called Open Elementary and so that to me is a case study of how our committee helps, bridges things. But we don't force things, we essentially want our community of end users and vendors to decide which technology is best in the long term, and we'll support that. >> Okay, awesome. And, Michelle, you've been focused on making distributed systems digestible, which to me is about simplifying things. And so back when Docker arrived on the scene, some people referred to it as developer dopamine, which I love that term, because it's simplified a bunch of crufty stuff for developers and actually helped them focus on doing their job, writing code, delivering code, what's happening in the community to help developers wire together multi-part modern apps in a way that's elegant, digestible, feels like a dopamine rush? >> Yeah, one of the goals of the(mumbles) project was to make it easier to deploy an application on Kubernetes so that you could see what the finished product looks like. And then dig into all of the things that that application is composed of, all the resources. So we're really passionate about this kind of stuff for a while now. And I love seeing projects that come into the space that have this same goal and just iterate and make things easier. I think we have a ways to go still, I think a lot of the iOS developers and JS developers I get to talk to don't really care that much about Kubernetes. They just want to, like Kelsey said, just focus on their code. So one of the projects that I really like working with is Tilt gives you this dashboard in your CLI, aggregates all your logs from your applications, And it kind of watches your application changes, and reconfigures those changes in Kubernetes so you can see what's going on, it'll catch errors, anything with a dashboard I love these days. So Yali is like a metrics dashboard that's integrated with STL, a service graph of your service mesh, and lets you see the metrics running there. I love that, I love that dashboard so much. Linkerd has some really good service graph images, too. So anything that helps me as an end user, which I'm not technically an end user, but me as a person who's just trying to get stuff up and running and working, see the state of the world easily and digest them has been really exciting to see. And I'm seeing more and more dashboards come to light and I'm very excited about that. >> Yeah, as part of the DockerCon just as a person who will be attending some of the sessions, I'm really looking forward to see where DockerCompose is going, I know they opened up the spec to broader input. I think your point, the good one, is there's a bit more work to really embrace the wealth of application artifacts that compose a larger application. So there's definitely work the broader community needs to lean in on, I think. >> I'm glad you brought that up, actually. Compose is something that I should have mentioned and I'm glad you bring that up. I want to see programming language libraries, integrate with the Compose spec. I really want to see what happens with that I think is great that they open that up and made that a spec because obviously people really like using Compose. >> Excellent. So Kelsey, I'd be remiss if I didn't touch on your January post on changelog entitled, "Monoliths are the Future." Your post actually really resonated with me. My son works for a software company in Austin, Texas. So your hometown there, Chris. >> Yeah. >> Shout out to Will and the chorus team. His development work focuses on adding modern features via micro services as extensions to the core monolith that the company was founded on. So just share some thoughts on monoliths, micro services. And also, what's deliverance dopamine from your perspective more broadly, but people usually phrase as monoliths versus micro services, but I get the sense you don't believe it's either or. >> Yeah, I think most companies from the pragmatic so one of their argument is one of pragmatism. Most companies have trouble designing any app, monolith, deployable or microservices architecture. And then these things evolve over time. Unless you're really careful, it's really hard to know how to slice these things. So taking an idea or a problem and just knowing how to perfectly compartmentalize it into individual deployable component, that's hard for even the best people to do. And double down knowing the actual solution to the particular problem. A lot of problems people are solving they're solving for the first time. It's really interesting, our industry in general, a lot of people who work in it have never solved the particular problem that they're trying to solve for the first time. So that's interesting. The other part there is that most of these tools that are here to help are really only at the infrastructure layer. We're talking freeways and bridges and toll bridges, but there's nothing that happens in the actual developer space right there in memory. So the libraries that interface to the structure logging, the libraries that deal with rate limiting, the libraries that deal with authorization, can this person make this query with this user ID? A lot of those things are still left for developers to figure out on their own. So while we have things like the brunettes and fluid D, we have all of these tools to deploy apps into those target, most developers still have the problem of everything you do above that line. And to be honest, the majority of the complexity has to be resolved right there in the app. That's the thing that's taking requests directly from the user. And this is where maybe as an industry, we're over-correcting. So we had, you said you come from the JBoss world, I started a lot of my Cisco administration, there's where we focus a little bit more on the actual application needs, maybe from a router that as well. But now what we're seeing is things like Spring Boot, start to offer a little bit more integration points in the application space itself. So I think the biggest parts that are missing now are what are the frameworks people will use for authorization? So you have projects like OPA, Open Policy Agent for those that are new to that, it gives you this very low level framework, but you still have to understand the concepts around, what does it mean to allow someone to do something and one missed configuration, all your security goes out of the window. So I think for most developers this is where the next set of challenges lie, if not actually the original challenge. So for some people, they were able to solve most of these problems with virtualization, run some scripts, virtualize everything and be fine. And monoliths were okay for that. For some reason, we've thrown pragmatism out of the window and some people are saying the only way to solve these problems is by breaking the app into 1000 pieces. Forget the fact that you had trouble managing one piece, you're going to somehow find the ability to manage 1000 pieces with these tools underneath but still not solving the actual developer problems. So this is where you've seen it already with a couple of popular blog posts from other companies. They cut too deep. They're going from 2000, 3000 microservices back to maybe 100 or 200. So to my world, it's going to be not just one monolith, but end up maybe having 10 or 20 monoliths that maybe reflect the organization that you have versus the architectural pattern that you're at. >> I view it as like a constellation of stars and planets, et cetera. Where you you might have a star that has a variety of, which is a monolith, and you have a variety of sort of planetary microservices that float around it. But that's reality, that's the reality of modern applications, particularly if you're not starting from a clean slate. I mean your points, a good one is, in many respects, I think the infrastructure is code movement has helped automate a bit of the deployment of the platform. I've been personally focused on app development JBoss as well as springsSource. The Spring team I know that tech pretty well over the years 'cause I was involved with that. So I find that James Governor's discussion of progressive delivery really resonates with me, as a developer, not so much as an infrastructure Deployer. So continuous delivery is more of infrastructure notice notion, progressive delivery, feature flags, those types of things, or app level, concepts, minimizing the blast radius of your, the new features you're deploying, that type of stuff, I think begins to speak to the pain of application delivery. So I'll guess I'll put this up. Michelle, I might aim it to you, and then we'll go around the horn, what are your thoughts on the progressive delivery area? How could that potentially begin to impact cloud native over 2020? I'm looking for some rallying cries that move up the stack and give a set of best practices, if you will. And I think James Governor of RedMonk opened on something that's pretty important. >> Yeah, I think it's all about automating all that stuff that you don't really know about. Like Flagger is an awesome progressive delivery tool, you can just deploy something, and people have been asking for so many years, ever since I've been in this space, it's like, "How do I do AB deployment?" "How do I do Canary?" "How do I execute these different deployment strategies?" And Flagger is a really good example, for example, it's a really good way to execute these deployment strategies but then, make sure that everything's happening correctly via observing metrics, rollback if you need to, so you don't just throw your whole system. I think it solves the problem and allows you to take risks but also keeps you safe in that you can be confident as you roll out your changes that it all works, it's metrics driven. So I'm just really looking forward to seeing more tools like that. And dashboards, enable that kind of functionality. >> Chris, what are your thoughts in that progressive delivery area? >> I mean, CNCF alone has a lot of projects in that space, things like Argo that are tackling it. But I want to go back a little bit to your point around developer dopamine, as someone that probably spent about a decade of his career focused on developer tooling and in fact, if you remember the Eclipse IDE and that whole integrated experience, I was blown away recently by a demo from GitHub. They have something called code spaces, which a long time ago, I was trying to build development environments that essentially if you were an engineer that joined a team recently, you could basically get an environment quickly start it with everything configured, source code checked out, environment properly set up. And that was a very hard problem. This was like before container days and so on and to see something like code spaces where you'd go to a repo or project, open it up, behind the scenes they have a container that is set up for the environment that you need to build and just have a VS code ID integrated experience, to me is completely magical. It hits like developer dopamine immediately for me, 'cause a lot of problems when you're going to work with a project attribute, that whole initial bootstrap of, "Oh you need to make sure you have this library, this install," it's so incredibly painful on top of just setting up your developer environment. So as we continue to move up the stack, I think you're going to see an incredible amount of improvements around the developer tooling and developer experience that people have powered by a lot of this cloud native technology behind the scenes that people may not know about. >> Yeah, 'cause I've been talking with the team over at Docker, the work they're doing with that desktop, enable the aim local environment, make sure it matches as closely as possible as your deployed environments that you might be targeting. These are some of the pains, that I see. It's hard for developers to get bootstrapped up, it might take him a day or two to actually just set up their local laptop and development environment, and particularly if they change teams. So that complexity really corralling that down and not necessarily being overly prescriptive as to what tool you use. So if you're visual code, great, it should feel integrated into that environment, use a different environment or if you feel more comfortable at the command line, you should be able to opt into that. That's some of the stuff I get excited to potentially see over 2020 as things progress up the stack, as you said. So, Michelle, just from an innovation train perspective, and we've covered a little bit, what's the best way for people to get started? I think Kelsey covered a little bit of that, being very pragmatic, but all this innovation is pretty intimidating, you can get mowed over by the train, so to speak. So what's your advice for how people get started, how they get involved, et cetera. >> Yeah, it really depends on what you're looking for and what you want to learn. So, if you're someone who's new to the space, honestly, check out the case studies on cncf.io, those are incredible. You might find environments that are similar to your organization's environments, and read about what worked for them, how they set things up, any hiccups they crossed. It'll give you a broad overview of the challenges that people are trying to solve with the technology in this space. And you can use that drill into the areas that you want to learn more about, just depending on where you're coming from. I find myself watching old KubeCon talks on the cloud native computing foundations YouTube channel, so they have like playlists for all of the conferences and the special interest groups in CNCF. And I really enjoy talking, I really enjoy watching excuse me, older talks, just because they explain why things were done, the way they were done, and that helps me build the tools I built. And if you're looking to get involved, if you're building projects or tools or specs and want to contribute, we have special interest groups in the CNCF. So you can find that in the CNCF Technical Oversight Committee, TOC GitHub repo. And so for that, if you want to get involved there, choose a vertical. Do you want to learn about observability? Do you want to drill into networking? Do you care about how to deliver your app? So we have a cig called app delivery, there's a cig for each major vertical, and you can go there to see what is happening on the edge. Really, these are conversations about, okay, what's working, what's not working and what are the next changes we want to see in the next months. So if you want that kind of granularity and discussion on what's happening like that, then definitely join those those meetings. Check out those meeting notes and recordings. >> Gotcha. So on Kelsey, as you look at 2020 and beyond, I know, you've been really involved in some of the earlier emerging tech spaces, what gets you excited when you look forward? What gets your own level of dopamine up versus the broader community? What do you see coming that we should start thinking about now? >> I don't think any of the raw technology pieces get me super excited anymore. Like, I've seen the circle of around three or four times, in five years, there's going to be a new thing, there might be a new foundation, there'll be a new set of conferences, and we'll all rally up and probably do this again. So what's interesting now is what people are actually using the technology for. Some people are launching new things that maybe weren't possible because infrastructure costs were too high. People able to jump into new business segments. You start to see these channels on YouTube where everyone can buy a mic and a B app and have their own podcasts and be broadcast to the globe, just for a few bucks, if not for free. Those revolutionary things are the big deal and they're hard to come by. So I think we've done a good job democratizing these ideas, distributed systems, one company got really good at packaging applications to share with each other, I think that's great, and never going to reset again. And now what's going to be interesting is, what will people build with this stuff? If we end up building the same things we were building before, and then we're talking about another digital transformation 10 years from now because it's going to be funny but Kubernetes will be the new legacy. It's going to be the things that, "Oh, man, I got stuck in this Kubernetes thing," and there'll be some governor on TV, looking for old school Kubernetes engineers to migrate them to some new thing, that's going to happen. You got to know that. So at some point merry go round will stop. And we're going to be focused on what you do with this. So the internet is there, most people have no idea of the complexities of underwater sea cables. It's beyond one or two people, or even one or two companies to comprehend. You're at the point now, where most people that jump on the internet are talking about what you do with the internet. You can have Netflix, you can do meetings like this one, it's about what you do with it. So that's going to be interesting. And we're just not there yet with tech, tech is so, infrastructure stuff. We're so in the weeds, that most people almost burn out what's just getting to the point where you can start to look at what you do with this stuff. So that's what I keep in my eye on, is when do we get to the point when people just ship things and build things? And I think the closest I've seen so far is in the mobile space. If you're iOS developer, Android developer, you use the SDK that they gave you, every year there's some new device that enables some new things speech to text, VR, AR and you import an STK, and it just worked. And you can put it in one place and 100 million people can download it at the same time with no DevOps team, that's amazing. When can we do that for server side applications? That's going to be something I'm going to find really innovative. >> Excellent. Yeah, I mean, I could definitely relate. I was Hortonworks in 2011, so, Hadoop, in many respects, was sort of the precursor to the Kubernetes area, in that it was, as I like to refer to, it was a bunch of animals in the zoo, wasn't just the yellow elephant. And when things mature beyond it's basically talking about what kind of analytics are driving, what type of machine learning algorithms and applications are they delivering? You know that's when things tip over into a real solution space. So I definitely see that. I think the other cool thing even just outside of the container and container space, is there's just such a wealth of data related services. And I think how those two worlds come together, you brought up the fact that, in many respects, server-less is great, it's stateless, but there's just a ton of stateful patterns out there that I think also need to be addressed as these richer applications to be from a data processing and actionable insights perspective. >> I also want to be clear on one thing. So some people confuse two things here, what Michelle said earlier about, for the first time, a whole group of people get to learn about distributed systems and things that were reserved to white papers, PhDs, CF site, this stuff is now super accessible. You go to the CNCF site, all the things that you read about or we used to read about, you can actually download, see how it's implemented and actually change how it work. That is something we should never say is a waste of time. Learning is always good because someone has to build these type of systems and whether they sell it under the guise of server-less or not, this will always be important. Now the other side of this is, that there are people who are not looking to learn that stuff, the majority of the world isn't looking. And in parallel, we should also make this accessible, which should enable people that don't need to learn all of that before they can be productive. So that's two sides of the argument that can be true at the same time, a lot of people get caught up. And everything should just be server-less and everyone learning about distributed systems, and contributing and collaborating is wasting time. We can't have a world where there's only one or two companies providing all infrastructure for everyone else, and then it's a black box. We don't need that. So we need to do both of these things in parallel so I just want to make sure I'm clear that it's not one of these or the other. >> Yeah, makes sense, makes sense. So we'll just hit the final topic. Chris, I think I'll ask you to help close this out. COVID-19 clearly has changed how people work and collaborate. I figured we'd end on how do you see, so DockerCon is going to virtual events, inherently the Open Source community is distributed and is used to not face to face collaboration. But there's a lot of value that comes together by assembling a tent where people can meet, what's the best way? How do you see things playing out? What's the best way for this to evolve in the face of the new normal? >> I think in the short term, you're definitely going to see a lot of virtual events cropping up all over the place. Different themes, verticals, I've already attended a handful of virtual events the last few weeks from Red Hat summit to Open Compute summit to Cloud Native summit, you'll see more and more of these. I think, in the long term, once the world either get past COVID or there's a vaccine or something, I think the innate nature for people to want to get together and meet face to face and deal with all the serendipitous activities you would see in a conference will come back, but I think virtual events will augment these things in the short term. One benefit we've seen, like you mentioned before, DockerCon, can have 50,000 people at it. I don't remember what the last physical DockerCon had but that's definitely an order of magnitude more. So being able to do these virtual events to augment potential of physical events in the future so you can build a more inclusive community so people who cannot travel to your event or weren't lucky enough to win a scholarship could still somehow interact during the course of event to me is awesome and I hope something that we take away when we start all doing these virtual events when we get back to physical events, we find a way to ensure that these things are inclusive for everyone and not just folks that can physically make it there. So those are my thoughts on on the topic. And I wish you the best of luck planning of DockerCon and so on. So I'm excited to see how it turns out. 50,000 is a lot of people and that just terrifies me from a cloud native coupon point of view, because we'll probably be somewhere. >> Yeah, get ready. Excellent, all right. So that is a wrap on the DockerCon 2020 Open Source Power Panel. I think we covered a ton of ground. I'd like to thank Chris, Kelsey and Michelle, for sharing their perspectives on this continuing wave of Docker and cloud native innovation. I'd like to thank the DockerCon attendees for tuning in. And I hope everybody enjoys the rest of the conference. (upbeat music)