>> Announcer: Live from Copenhagen, Denmark, it's theCUBE covering KubeCon and CloudNativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation and its ecosystem partners. >> Hello, everyone, welcome back to theCUBE's exclusive coverage here in Copenhagen, Denmark for coverage of KubeCon 2018, part of the CNCF CloudNative Compute Foundation, part of the Linux Foundation, I'm John Furrier with my cohost, Lauren Cooney, the founder of Spark Labs. We're here with Kelsey Hightower, co-chair of the program as well as a staff engineer, developer, advocate, at Google Cloud Platform, a celebrity in the industry, dynamic, always great to have you on, welcome back. >> Awesome, good to be back. >> How are you feeling, tired? You've got the energy, day two? >> I'm good, I finished my keynote yesterday. My duties are done, so I get to enjoy the conference like most attendees. >> Great. Keynote was phenomenal, got good props. Great content format, very tight, moving things along. A little bit of a jab at some of the cloud providers. Someone said, "Oh, Kelsey took a jab at the cloud guys." What was that about, I mean, there was some good comments on Twitter, but, keeping it real. >> Honestly, so I work at a cloud provider, so I'm part of the cloud guys, right? So I'm at Google Cloud, and what I like to do is, and I was using Amazon's S3 in my presentation, and I was showing people basically like the dream of, in this case, serverless, here's how this stuff actually works together right now. We don't really need anything else from the cloud providers. Here's what you can do right now, so, I like to take a community perspective, When I'm on the stage, so I'm not here only to represent Google and sell for Google. I'm here to say, "Hey, here's what's possible," and my job is to kind of up-level the thinking. So that was kind of the goal of that particular presentation is like, here's all this stuff, let's not lock it all down to one particular provider, 'cause this is what we're here for, KubeCon, CloudNativeCon, is about taking all of that stuff and standardizing it and making it accessible. >> And then obviously, people are talking about the outcome, that that's preferred right now in the future, which is a multi-cloud workload portability. Kubernetes is playing a very key role in obviously the dev ops, people who have been doing it for many many years, have eaten glass, spit nails, custom stuff, have put, reaped the benefits, but now they want to make it easy. They don't want to repeat that, so with Kubernetes nice formation, a lot of people saying here on theCUBE and in the hallways that a de facto standard, the word actually said multiple times here. Interesting. >> Yeah, so you got Kubernetes becoming the de facto standard for computes, but not events, not data, not the way you want to compute those events or data, so the job isn't complete. So I think Kubernetes will solve a large portion of compute needs, thumbs up, we're good to go. Linux has done this for the virtualization layer, Kubernetes is doing it for the containerization, but we don't quite have that on the serverless side. So it's important for us all to think about where the industry is going and so it's like, hey, where the industry is moving to, where we are now, but it's also important for us to get ahead of it, and also be a part of defining what the next de facto standard should be. >> And you mentioned community, which is important, because I want to just bring this up, there's a lot of startups in the membership of CNCF, and when you have that first piece done, you mentioned the other work to be done, that's an opportunity to differentiate. This is the commercialization opportunity to strike that balance. Your reaction to that, how do you see that playing out? Because it is an opportunity to create some value. >> Honestly I'm wearing a serverless.com T-shirt right now, right, that's the startup in the space. They're trying to make serverless easy to use for everyone, regardless of the platform. I think no matter what side of the field you stand on, we need these groups to be successful. They're independent companies, they're going for ambition, they're trying to fill the gaps in what we're all doing, so if they're successful, they just make a bigger market for everyone else, so this is why not only do we try to celebrate them, we try to give them this feedback, like, "Hey, here's what we're doing, "here's what the opportunities are," so I think we need them to be successful. If they all die out every time they start something, then we may not have people trying anymore. >> And I think there's actually a serverless seg in the CNCF, right? And I think that they're doing a lot of great work to kind of start to figure out what's going on. I mean, are you aware what those guys are up to? >> Exactly, so the keynote yesterday was largely about some of the work they're doing. So you mentioned the serverless seg, and CNCF. So some of the work that they're doing is called cloud events. But they wanted to standardize the way we take these events from the various providers, we're not going to make them all work the same way, but what we can do is capture those events in a standard way, and then help define a way to transport those between different providers if you will, and then how those responses come back. So at least we can start to standardize at least that part of the layer, and if Google offers you value, or Amazon offers you value, you own the data, and that data generates events, you can actually move it wherever you want, so that's the other piece, and I'm glad that they're getting in front of it. >> Well I think goal is, obviously, if I'm using AWS, and then I want to use Asher, and then I want to go to Google Cloud, or I want my development teams are using different components, and features, in all of them, right? You want to be able to have that portability across the cloud-- >> And we say together, so the key part of that demo was, if you're using one cloud provider for a certain service, in this case, I was using Google Translate to translate some data, but maybe your data lives in Amazon, the whole point was that, be notified that your data's in Amazon, so that it can be fired off an event into Google, function runs a translation, and writes the data back to Amazon. There are customers that actually do this today, right? There are different pieces of stacks that they want to be able to access, our goal is to make sure they can actually do that in a standard way, and then, show them how to do it. >> A lot of big buzz too also going on around Kubeflow, that Google co-chaired, or co-founded, and now part of the CNCF, Istio service meshes, again, this points to the dots that are connecting, which is okay, I got Kubernetes, we got containers, now Istio, what's your vision on that, how did that play out? An opportunity certainly to abstract the weights of complexity, what's your thoughts on Istio? >> So I think there's going to be certain things, things like Istio, there are parts of Istio that are very low level, that if done right, you may never see them. That's a good thing, so Istio comes in, and says, "Look, it's one thing to connect applications together, "which Kubernetes can help you do "with this built-in service discovery, "how does one app find the other app," but then it's another thing to lock down security and implement policy, this app can talk to this app under these conditions. Istio comes in, brings that to the playing field. Great, that's a great addition. Most people will probably wrap that in some higher-level platform, and you may never see it! Great! Then you mention Kubeflow, now this is a workflow, or at least an opinionated workflow, for doing machine-learning, or some analytics work. There's too many pieces! So if we start naming every single piece that you have to do, or we can say, "Look, we know there's a way that works, "we'll give it a name, we'll call it Kubeflow," and then what's going to happen there is the community's going to rally around actually more workflow, we have lots of great technology wrapped underneath all of that, but how should people use it? And I think that's what I'm actually happy to see now that we're in like year four or five of this thing, as people are actually talking about how to people leverage all of these things that fall below? >> As the IQ starts to increase with cloud-native, you're seeing enterprises, and there's levels of adoption, the early adopters, you know, the shiny new toy, are pushing the envelope, fast followers coming in, then you got the mainstream coming in, so mainstream, there's a lot of usage and consumption of containers, very comfortable with that, now they're bumping into Kubernetes, "Oh wow, this is great," different positions of the adoption. What's your message to each one, mainstream, fast followers, early adoptives, the early adoptives keep pushing, keep bringing that community together, form the community, fast forward. What's the position, what's the Kelsey Hightower view of each one of those points of the evolution? >> So I think we need a new model. So I think that model is kind of out now. Because if you look at the vendor relationships now, so the enterprise typically buys off the shelf when it's mature and ready to go. But at this point now, a lot of the library is all in the programming languages, if you see a language or library that you need, if it's on GitHub, you look around, it's like, "We're going to use this open-source library, "'cause we got to ship," right? So, they started doing early adoption maybe at the library level. Now you're starting to see it at the service level. So if I go to my partner or my vendor, and they say, "Hey, the new version of our software requires Kubernetes." Now, that's a little bit early for some of these enterprises to adopt, but now you're having the vendor relationship saying, "We will help you with Kubernetes." And also, a lot of these enterprises, it's early? Guess what, they have contributors to these projects. They helped design them. I remember back in the day, when I was in financial services, JPMC came out with their own messaging standard, so banks could communicate with each other. They gave that to Red Hat, and Red Hat turns it into a product, and now there's a new messaging standard. That kicked off ten years ago, and now we're starting to see these same enterprises contribute to Kubernetes. So I think now, there's a new model where, if it's early, enterprises are becoming the contributors, donating to the foundations, becoming members of things like CNCF, and on the flip side, they may still use their product, but they want a say in their future. >> So you can jump in at any level as a company, you don't need to wait for the mainstream, you can have a contributor, and in the front wave, to help shepherd through. >> Yeah, you need more say, I think when people bought typical enterprise software, if there wasn't a feature in there, you waited for the vendor to do it, the vendor comes up with their feature, and tells you it's going to cost another 200 million dollars for this add-on, and you have no say into the progress of it, or the speed of it. And then we moved to a world where there was APIs. Look, here's APIs, you can kind of build your own thing on top, now, the vendor's like, "You know what? "I'm going to help actually build the product that I rely on," so if vendor A is not my best partner right now, I could pick a different vendor and say, "Hey, I want a relationship, around this open-source "ecosystem, you have some features I like right now, "but I may want to able to modify them later." I think that's where we are right now. >> Well I think also the emergence of open-source offices, and things like that, and, you know, enterprises that are more monolithic, have really helped to move things forward with their users and their developers. I'm seeing a lot of folks here that are actually coming from larger companies inside of Europe, and they're actually trying to learn Kubernetes now, and they are here to bring that back into their companies, that they want to know about what's going on, right? >> That's a good observation-- >> It's great. >> That open-source office is replacing the I'm the vendor management person. >> Well you need legal-- >> Exactly. >> And you need all of those folks to just get the checkmarks, and get the approval, so that folks can actually take code in, and if it's under the right license, which is super important, or put code back out. >> And it seemed to be some of the same people that were managing the IBM relationship. The people that were managing the big vendor relationship, right? This thing's going to cost us all this cash, we got to make sure that we're getting the right, we're complying with the licensing model, that we're not using more than we paid for, in case we get an audit, the same group has some of the similar skills needed to shepherd their way through the open-source landscape, and then, in many cases, hiring in some of those core developers, to sit right in the organization, to give back, and to kind of have that first-tier support. >> That's a really good point, Lauren. I think this is why I think CNCF has been so successful is, they've kind of established the guardrails, and kind of the cultural notion of commercializing, while not foregoing the principles of open-source, so the operationalizing of open-source is really huge-- >> I'm kind of laughing over here, because, I started the open-source organization at Cisco, and Cisco was not, was new to open-source, and we had to put open data into the Linux Foundation, and I just remember the months of calls I was on, and the lawyers that I got to know, and-- >> You got scar tissue to prove it, too. >> I do, and I think when we did CNCF, I was talking to Craig years ago when we kind of kicked that off, it was really something that we wanted to do differently, we wanted to fast track it, we had the exact license that we wanted, we had the players that we wanted, and we really wanted to have this be something community-based, which I think, Kelsey, you've said it right there. It's really the communities that are coming together that you're seeing here. What else are you seeing here? What are the interesting projects that you see, that are kind of popping up, we have some, but are there others that you see? >> Well, so now, these same enterprises, now they have the talent, or at least not letting the talent leave, the talent now is like, "Well, we have an idea, and it's not core "to our business, let's open-source it." So, Intuit just inquired this workflow, small little start-up project, Argo, they're Intuit now, and maybe they had a need internally, suck in the right people, let the project continue, throw that Intuit logo there, and then sometimes you just see tools that are just being built internally, also be product ties from this open-source perspective, and it's a good way for these companies to stay engaged, and also to say, "Hey, if we're having this problem, "so are other people," so this is new, right? This open-source usually comes from the vendors, maybe a small group of developers, but now you're starting to see the companies say, "You know what, let's open-source our tool as well," and it's really interesting, because also they're pretty mature. They've been banked, they've been used, they're real, someone depends on them, and they're out. Interesting to see where that goes. >> Well yeah, Derek Hondell, from VMware, former Linux early guy, brought the same question. He says, "Don't confuse project with product." And to your point about being involved in the project, you can still productize, and then still have that dual relationship in a positive way, that's really a key point. >> Exactly, we're all learning how to share, and we're learning what to share. >> Okay, well let's do some self awareness here, well, for you, program's great, give you some props on that, you did a great job, you guys are the team, lot of high marks, question marks that are here that we've heard is security. Obviously, love Kubernetes, everyone's high-fiving each other, got to get back to work to reality, security is a conversation. Your thoughts on how that's evolving, obviously, this is front and center conversation, with all this service meshes and all these new services coming up, security is now being fought in the front end of this. What's your view? >> So I think the problem with security from certain people is that they believe that a product will come out that they can buy, to do security. Every time some new platform, oh, virtualization security. Java security. Any buzzword, then someone tries to attach security. >> It's a bolt-on. >> It's, yeah. So, I mean, most people think it's a practice. The last stuff that I seen on security space still applies to the new stack, it's not that the practice changed. Some of the threat models are the same, maybe some new threat models come up, or new threat models are aggravated because of the way people are using these platforms. But I think a lot of companies have never understood that. It's a practice, it will never be solved, there's nothing you can buy or subscribe to-- >> Not a silver bullet. >> Like antivirus, right? I'm only going to buy antivirus, as long as I run it, I should never get a virus. It's like, "No!" That's not how that works. The antivirus will be able to find things it knows about. And then you have to have good behavior to prevent having a problem in the first place. And I think security should be the same way, so I think what people need to do now, is they're being forced back into the practice of security. >> John: Security everywhere, basically. >> It's just a thing you have to do no matter what, and I think what people have to start doing with this conversation is saying, "If I adopt Kubernetes, does my threat model change?" "Does the container change the way I've locked down the VM?" In some cases, no, in some cases, yes. So I think when we start to have these conversations, everyone needs to understand the question you should ask of everyone, "What threat model should I be worried about, "and if it's something that I don't understand or know," that's when you might want to go look for a vendor, or go get some more training to figure out how you can solve it. >> And I think, Tyler Jewell was on from Ballerina, and he was talking about that yesterday, in terms of how they actually won't, they assume that the code is not secure. That is the first thing that they do when they're looking at Ballerina in their programming language, and how they actually accept code into it, is just they assume it's not secure. >> Oh exactly, like at Google we had a thing, we called it BeyondCorp. And there's other aspects to that, if you assume that it's going to be bad if someone was inside of your network, then pretend that someone is already inside your network and act accordingly. >> Yep, exactly, it's almost the reverse of the whitelisting. Alright, so let me ask you a question, you're in a unique position, glad to have you here on theCUBE, thanks for coming on and sharing your insights and perspective, but you also are the co-chair of this progress, so you get to see the landscape, you see the 20 mile stare, you have to have that long view, you also work at Google, which gives a perspective of things like BeyondCorp, and all of the large-scale work at Google, a lot of people want to, they're buying into the cloud-native, no doubt about it, there's still some educational work on the peoples' side, and process, and operationalizing it, with open-source, et cetera, but they want to know where the headroom is, they want to know, as you said, where's the directionally correct vector of the industry. So I got to ask you, in your perspective, where's all this going? For the folks watching who just want to have a navigation, paint the picture, what's coming directionally, shoot the arrow forward, as service meshes, as you start having this service layer, highly valuable, creative freedom to do things, what's the Kelsey vision on-- >> So I think this world of computing, after the mainframe, the mainframe, you want to process census data, you walk up, give it, it spits it back out. To me, that is beautiful. That's like almost the ultimate developer workflow. In, out. Then everyone's like, "I want my own computer, "and I want my own programming language, "and I want to write it in my basement, "without the proper power, or cords, or everything, "and we're all going to learn how "to do computing from scratch." And we all learnt, and we have what we call a legacy. All the mistakes I've made, but I maintain, and that's what we have! But the ultimate goal of computing is like the calculator, I want to be able to have a very simple interface, and the computer should give me an answer back. So where all this is going, Istio, service mesh, Kubernetes, cloud-native, all these patterns. Here's my app, run it for me. Don't ask me about auto scale groups, and all, run it for me. Give me a security certificate by default. Let's encrypt. Makes it super easy for anyone to get a tailored certificate rotated to all the right things. So we're slowly getting to a world where you can ask the question, "Here's my app, run it for me," and they say, "Here's the URL, "and when you hit this URL, we're going to do "everything that we've learned in the past "to make it secure, scalable, work for you." So that may be called open-shift, in its current implementation with Red Hat, Amazon may call it Lambda, Google Cloud may call it GKE plus some services, and we're never going to stop until the experience becomes, "Here's my app, run it for me." >> A resource pool, just programmability. And it's good, I think the enterprises are used to lifting and shifting, I mean, we've been through the evolution of IT, as we build the legacy, okay, consolidation, server consolidation, oh, hello VMs, now you have lift and shift. This is not a lift and shift kind of concept, cloud-native. It is a-- >> It doesn't have to be a lift and shift. So some people are trying to make it a lift and shift thing, where they say, "Look, you can bolt-on some of the stuff "that you're seeing in the new," and some consultants are like, "Hey, we'll sit their and roll up the sleeves, "and give you what we can," and I think that's an independent thing from where we're pushing towards. If you're ready, there's going to be a world, where you give us your code, and we run it, and it's scary for a lot of people, because they're going to be like, "Well, what do I do?" "What knobs do I twist in that world?" So I think that's just, that's where it's going. >> Well, in a world of millions of services coming out on the line, it's in operating, automation's got to be key, these are principles that have to go get bought into. I mean, you got to understand, administration is the exception, not the rule. This is the new world. It's kind of the Google world, and large-scale world, so it could be scary for some. I mean, you just bump into people all the time, "Hey Kelsey, what do I do?" And what do you say to them? You say, "Hey, what do I do?" What's the playbook? >> Often, so, it's early enough. I wasn't born in the mainframe time. So I'm born in this time. And right now when you look at this, it's like, well, this is your actual opportunity to contribute to what it should do. So if you want to sit on the sidelines, 'cause we're in that period now, where that isn't the case. And everyone right now is trying to figure out how to make it the case, so they're going to come up with their ways of doing things, and their standards, and then maybe in about ten years, you'll be asked to just use what we've all produced. Or, since you're actually around early enough, you can participate. That's what I tell people, so if you don't want to participate, then you get the checkpoints along the way. Here's what we offer, here's what they offer, you pick one, and then you stay on this digital transformation to the end of time. Or, you jump in, and realize that you're going to have a little bit more control over the way you operate in this landscape. >> Well, jumping in the deep end of the pool has always been the philosophy, get in and learn, and you'll survive, with a lot of community support, Kelsey, thanks for coming on, final question for you, surprise is, you're no longer going to be the co-chair, you've co-chaired up to this point, you've done a great job, what surprised you about KubeCon, the growth, the people? What are some of the things that have jumped out at you, either good, surprise, what you did expect, not expect, share some commentary on this movement, KubeCon and CloudNative. >> Definitely surprised that it's probably this big this fast, right? I thought people, definitely when I saw the technology earlier on, I was like, "This is definitely a winner," "regardless of who agrees." So, I knew that early on. But to be this big, this fast, and all the cloud providers agreeing to use it and sell it, that is a surprise, I figured one or two would do it. But to have all of them, if you go to their website, and you read the words Kubernetes' strong competitors, well alright, we all agree that Kubernetes is okay. That to me is a surprise that they're here, they have booths, they're celebrating it, they're all innovating on it, and honestly, this is one of those situations that, no matter how fast they move, everyone ends up winning on this particular deal, just the way Kubernetes was set up, and the foundation as a whole, that to me is surprising that it's still true, four years later. >> Yeah, I mean rising tide floats all boats, when you have an enabling, disruptive technology like Kubernetes, that enables people to be successful, there's enough cake to be eating for everybody. >> Awesome. >> Kelsey Hightower, big time influencer here, inside theCUBE cloud, computing influencer, also works at Google as a developer advocate, also co-chair of KubeCon 2018, I wish you luck in the next chapter, stepping down from the co-chair role-- >> Stepping down from the co-chair, but always in the community. >> Always in the community. Great voice, great guy to have on theCUBE, check him out online, his great Twitter feed, check him out on Twitter, Kelsey Hightower, here on theCUBE, I'm joined here by Lauren Cooney, be right back with more coverage here at KubeCon 2018, stay with us, we'll be right back. (bright electronic music)