(upbeat music) >> theCUBE presents KubeCon and CloudNativeCon Europe 22, brought to you by the Cloud Native Computing Foundation. >> Valencia, Spain, a KubeCon, CloudNativeCon Europe 2022. I'm Keith Towns along with Paul Gillon, Senior Editor Enterprise Architecture for Silicon Angle. Welcome Paul. >> Thank you Keith, pleasure to work with you. >> We're going to have some amazing people this week. I think I saw stat this morning, 65% of the attendees, 7,500 folks. First time KubeCon attendees, is this your first conference? >> It is my first KubeCon and it is amazing to see how many people are here and to think of just a couple of years ago, three years ago, we were still talking about, what the Cloud was, what the Cloud was going to do and how we were going to integrate multiple Clouds. And now we have this whole new framework for computing that is just rifled out of nowhere. And as we can see by the number of people who are here this has become the dominant trend in Enterprise Architecture right now how to adopt Kubernetes and containers, build microservices based applications, and really get to that transparent Cloud that has been so elusive. >> It has been elusive. And we are seeing vendors from startups with just a few dozen people, to some of the traditional players we see in the enterprise space with 1000s of employees looking to capture kind of lightning in a bottle so to speak, this elusive concept of multicloud. >> And what we're seeing here is very typical of an early stage conference. I've seen many times over the years where the floor is really dominated by companies, frankly, I've never heard of that. The many of them are only two or three years old, you don't see the big dominant computing players with the presence here that these smaller companies have. That's very typical. We saw that in the PC age, we saw it in the early days of Unix and it's happening again. And what will happen over time is that a lot of these companies will be acquired, there'll be some consolidation. And the nature of this show will change, I think dramatically over the next couple or three years but there is an excitement and an energy in this auditorium today that is really a lot of fun and very reminiscent of other new technologies just as they requested. >> Well, speaking of new technologies, we have Dave Cole, CRO, Chief Revenue Officer. >> That's right. >> Chief Marketing Officer of Spectrum Cloud. Welcome to the show. >> Thank you. It's great to be here. >> So let's talk about this big ecosystem, Kubernetes. >> Yes. >> Solve problem? >> Well the dream is... Well, first of all applications are really the lifeblood of a company, whether it's our phone or whether it's a big company trying to connect with its customers about applications. And so the whole idea today is how do I build these applications to build that tight relationship with my customers? And how do I reinvent these applications rapidly in along comes containerization which helps you innovate more quickly? And certainly a dominant technology there is Kubernetes. And the question is, how do you get Kubernetes to help you build applications that can be born anywhere and live anywhere and take advantage of the places that it's running? Because everywhere has pluses and minuses. >> So you know what, the promise of Kubernetes from when I first read about it years ago is, runs on my laptop? >> Yeah. >> I can push it to any Cloud, any platforms. >> That's right, that's right. >> Where's the gap? Where are we in that phase? Like talk to me about scale? Is it that simple? >> Well, that is actually the problem is that today, while the technology is the dominant containerization technology in orchestration technology, it really still takes a power user, it really hasn't been very approachable to the masses. And so was these very expensive highly skilled resources that sit in a dark corner that have focused on Kubernetes, but that now is trying to evolve to make it more accessible to the masses. It's not about sort of hand wiring together, what is a typical 20 layer stack, to really manage Kubernetes and then have your engineers manually can reconfigure it and make sure everything works together. Now it's about how do I create these stacks, make it easy to deploy and manage at scale? So we've gone from sort of DIY Developer Centric to all right, now how do I manage this at scale? >> Now this is a point that is important, I think is often overlooked. This is not just about Kubernetes. This is about a whole stack of Cloud Native Technologies. And you who is going to integrate that all that stuff, piece that stuff together? Obviously, you have a role in that. But in the enterprise, what is the awareness level of how complex this stack is and how difficult it is to assemble? >> We see a recognition of that we've had developers working on Kubernetes and applications, but now when we say, how do we weave it into our production environments? How do we ensure things like scalability and governance? How do we have this sort of interesting mix of innovation, flexibility, but with control? And that's sort of an interesting combination where you want developers to be able to run fast and use the latest tools, but you need to create these guardrails to deploy it at scale. >> So where do the developers fit in that operation stack then? Is Kubernetes an AIOps or an ops task or is it sort of a shared task across the development spectrum? >> Well, I think there's a desire to allow application developers to just focus on the application and have a Kubernetes related technology that ensures that all of the infrastructure and related application services are just there to support them. And because the typical stack from the operating system to the application can be up to 20 different layers, components, you just want all those components to work together, you don't want application developers to worry about those things. And the latest technologies like Spectra Cloud there's others are making that easy application engineers focus on their apps, all of the infrastructure and the services are taken care of. And those apps can then live natively on any environment. >> So help paint this picture for us. I get AKS, EKS, Anthos, all of these distributions OpenShift, the Tanzu, where's Spectra Cloud helping me to kind of cobble together all these different distros, I thought distro was the thing just like Linux has different distros, Randy said different distros. >> That actually is the irony, is that sort of the age of debating the distros largely is over. There are a lot of distros and if you look at them there are largely shades of gray in being different from each other. But the Kubernetes distribution is just one element of like 20 elements that all have to work together. So right now what's happening is that it's not about the distribution it's now how do I again, sorry to repeat myself, but move this into scale? How do I move it into deploy at scale to be able to manage ongoing at scale to be able to innovate at-scale, to allow engineers as I said, use the coolest tools but still have technical guardrails that the enterprise knows, they'll be in control of. >> What does at-scale mean to the enterprise customers you're talking to now? What do they mean when they say that? >> Well, I think it's interesting because we think scale's different because we've all been in the industry and it's frankly, sort of boring old word. But today it means different things, like how do I automate the deployment at-scale? How do I be able to make it really easy to provision resources for applications on any environment, from either a virtualized or bare metal data center, Cloud, or today Edge is really big, where people are trying to push applications out to be closer to the source of the data. And so you want to be able to deploy it-scale, you want to manage at-scale, you want to make it easy to, as I said earlier, allow application developers to build their applications, but ITOps wants the ability to ensure security and governance and all of that. And then finally innovate at-scale. If you look at this show, it's interesting, three years ago when we started Spectra Cloud, there are about 1400 businesses or technologies in the Kubernetes ecosystem, today there's over 1800 and all of these technologies made up of open source and commercial all version in a different rates, it becomes an insurmountable problem, unless you can set those guardrails sort of that balance between flexibility, control, let developers access the technologies. But again, manage it as a part of your normal processes of a scaled operation. >> So Dave, I'm a little challenged here, because I'm hearing two where I typically consider conflicting terms. Flexibility, control. >> Yes. >> In order to achieve control, I need complexity, in order to choose flexibility, I need t-shirt, one t-shirt fits all and I get simplicity. How can I get both that just doesn't compute. >> Well, that's the opportunity and the challenge at the same time. So you're right. So developers want choice, good developers want the ability to choose the latest technology so they can innovate rapidly. And yet ITOps, wants to be able to make sure that there are guardrails. And so with some of today's technologies, like Spectra Cloud, it is, you have the ability to get both. We actually worked with dimensional research, and we sponsor an annual state of Kubernetes survey. We found this last summer, that two out of three IT executives said, you could not have both flexibility and control together, but in fact they want it. And so it is this interesting balance, how do I give engineers the ability to get anything they want, but ITOps the ability to establish control. And that's why Kubernetes is really at its next inflection point. Whereas I mentioned, it's not debates about the distro or DIY projects. It's not big incumbents creating siloed Kubernetes solutions, but in fact it's about allowing all these technologies to work together and be able to establish these controls. And that's really where the industry is today. >> Enterprise , enterprise CIOs, do not typically like to take chances. Now we were talking about the growth in the market that you described from 1400, 1800 vendors, most of these companies, very small startups, our enterprises are you seeing them willing to take a leap with these unproven companies? Or are they holding back and waiting for the IBMs, the HPS, the MicrosoftS to come in with the VMwares with whatever they solution they have? >> I think so. I mean, we sell to the global 2000. We had yesterday, as a part of Edge day here at the event, we had GE Healthcare as one of our customers telling their story, and they're a market share leader in medical imaging equipment, X-rays, MRIs, CAT scans, and they're starting to treat those as Edge devices. And so here is a very large established company, a leader in their industry, working with people like Spectra Cloud, realizing that Kubernetes is interesting technology. The Edge is an interesting thought but how do I marry the two together? So we are seeing large corporations seeing so much of an opportunity that they're working with the smaller companies, the latest technology. >> So let's talk about the Edge a little, you kind of opened it up there. How should customers think about the Edge versus the Cloud Data Center or even bare metal? >> Actually it's a... Well bare metal is fairly easy is that many people are looking to reduce some of the overhead or inefficiencies of the virtualized environment. But we've had really sort of parallel little white tornadoes, we've had bare metal as infrastructure that's been developing, and then we've had orchestration developing but they haven't really come together very well. Lately, we're finally starting to see that come together. Spectra Cloud contributed to open source a metal as a service technology that finally brings these two worlds together, making bare metal much more approachable to the enterprise. Edge is interesting, because it seems pretty obvious, you want to push your application out closer to your source of data, whether it's AI inferencing, or IoT or anything like that, you don't want to worry about intermittent connectivity or latency or anything like that. But people have wanted to be able to treat the Edge as if it's almost like a Cloud, where all I worry about is the app. So really, the Edge to us is just the next extension in a multi-Cloud sort of motif where I want these Edge devices to require low IT resources, to automate the provisioning, automate the ongoing version management, patch management, really act like a Cloud. And we're seeing this as very popular now. And I just used the GE Healthcare example of that, imagine a CAT scan machine, I'm making this part up in China and that's just an Edge device and it's doing medical imagery which is very intense in terms of data, you want to be able to process it quickly and accurately, as close to the endpoint, the healthcare provider is possible. >> So let's talk about that in some level of details, we think about kind of Edge and these fixed devices such as imaging device, are we putting agents on there, or we looking at something talking back to the Cloud? Where does special Cloud inject and help make that simple, that problem of just having dispersed endpoints all over the world simpler? >> Sure. Well we announced our Edge Kubernetes, Edge solution at a big medical conference called HIMMS, months ago. And what we allow you to do is we allow the application engineers to develop their application, and then you can de you can design this declarative model this cluster API, but beyond Cluster profile which determines which additional application services you need and the Edge device, all the person has to do with the endpoint is plug in the power, plug in the communications, it registers the Edge device, it automates the deployment of the full stack and then it does the ongoing versioning and patch management, sort of a self-driving Edge device running Kubernetes. And we make it just very easy. No IT resources required at the endpoint, no expensive field engineering resources to go to these endpoints twice a year to apply new patches and things like that, all automated. >> But there's so many different types of Edge devices with different capabilities, different operating systems, some have no operating system. I mean that seems, like a much more complex environment, just calling it the Edge is simple, but what you're really talking about is 1000s of different devices, that you have to run your applications on how are you dealing with that? >> So one of the ways is that we're really unbiased. In other words, we're OS and distro agnostic. So we don't want to debate about which distribution you like, we don't want to debate about which OS you want to use. The truth is, you're right. There's different environments and different choices that you'll want to make. And so the key is, how do you incorporate those and also recognize everything beyond those, OS and Kubernetes and all of that and manage that full stack. So that's what we do, is we allow you to choose which tools you want to use and let it be deployed and managed on any environment. >> And who's... >> So... >> I'm sorry Keith, who's responsible for making Kubernetes run on the Edge device. >> We do. We provision the entire stack. I mean, of course the company does using our product, but we provision the entire Kubernetes infrastructure stack, all the application services and the application itself on that device. >> So I would love to dig into like where pods happen and all that. But, provisioning is getting to the point that is a solve problem. Day two. >> Yes. >> Like you just mentioned HIMMS, highly regulated environments. How does Spectra Cloud helping with configuration management, change control, audit, compliance, et cetera, the hard stuff. >> Yep. And one of the things we do, you bring up a good point is we manage the full life cycle from day zero, which is sort of create, deploy, all the way to day two, which is about access control, security, it's about ongoing versioning in a patch management. It's all of that built into the platform. But you're right, like the medical industry has a lot of regulations. And so you need to be able to make sure that everything works, it's always up to the latest level have the highest level of security. And so all that's built into the platform. It's not just a fire and forget it really is about that full life cycle of deploying, managing on an ongoing basis. >> Well, Dave, I'd love to go into a great deal of detail with you about kind of this day two ops and I think we'll be covering a lot more of that topic, Paul, throughout the week, as we talk about just as we've gotten past, how do I deploy Kubernetes pod, to how do I actually operate IT? >> Absolutely, absolutely. The devil is in the details as they say. >> Well, and also too, you have to recognize that the Edge has some very unique requirements, you want very small form factors, typically, you want low IT resources, it has to be sort of zero touch or low touch because if you're a large food provider with 20,000 store locations, you don't want to send out field engineers two or three times a year to update them. So it really is an interesting beast and we have some exciting technology and people like GE are using that. >> Well, Dave, thanks a lot for coming on theCUBE, you're now KubeCon, you've not been on before? >> I have actually, yes its... But I always enjoy it. >> Great conversation. From Valencia, Spain. I'm Keith Towns, along with Paul Gillon and you're watching theCUBE, the leader in high tech coverage. (upbeat music)

>>The cube presents, Coon and cloud native con Europe, 2022. Brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and cuon cloud native con 20 Europe, 2022. I'm your host Keith towns alongside a new hope en Rico, senior reti, senior editor. I'm sorry, senior it analyst at <inaudible> Enrique. Welcome to the program. >>Thank you very much. And thank you for having me. It's exciting. >>So thoughts, high level thoughts of CU con first time in person again in couple years? >>Well, this is amazing for several reasons. And one of the reasons is that yeah, I had the chance to meet, uh, with, uh, you know, people like you again. I mean, we, we met several times over the internet over zoom calls. I, I started to eat these zoom codes. <laugh> because they're really impersonal in the end. And like last night we, we are together group of friends, industry folks. It's just amazing. And a part of that, I mean, the event is, uh, is a really cool, it's really cool. There are a lot from people interviews and, you know, real people doing real stuff, not just, uh, you know, again, in personal calls, you don't even know if they're telling the truth, but when you can, you know, look in their eyes, what they're doing, I, I think that's makes a difference. >>So speaking about real people, meeting people for the first time, new jobs, new roles, Greg Moscarella, enterprise container management and general manager at SUSE. Welcome to the show, welcome back clue belong. >>Thank you very much. It's awesome to be here. It's awesome to be back in person. And I completely agree with you. Like there's a certain fidelity to the conversation and a certain, uh, ability to get to know people a lot more. So it's absolutely fantastic to be here. >>So Greg, tell us about your new role and what SUSE has gone on at KU coupon. >>Sure. So I joined SA about three months ago to lead the rancher business unit, right? So our container management pieces and, you know, it's a, it's a fantastic time. Cause if you look at the transition from virtual machines to containers and to moving to microservices, right alongside that transition from on-prem to cloud, like this is a very exciting time to be in this industry. And rancher has been setting the stage. And again, I'm go back to being here. Rancher's all about the community, right? So this is a very open, independent, uh, community driven product and project. And so this, this is kinda like being back to our people, right. And being able to reconnect here. And so, you know, doing it, digital is great, but, but being here is changes the game for us. So we, we feed off that community. We feed off the energy. So, uh, and again, going back to the space and what's happening in it, great time to be in this space. And you guys have seen the transitions you've seen, I mean, we've seen just massive adoption, uh, of containers and Kubernetes overall and ranchers been been right there with some amazing companies doing really interesting things that I'd never thought of before. Uh, so I'm, I'm still learning on this, but, um, but it's been great so far. >>Yeah. And you know, when we talk about strategy about Kubernetes today, we are talking about very broad strategies. I mean, not just the data center or the cloud with, you know, maybe smaller organization adopting Kubernetes in the cloud, but actually large organization thinking guide and more and more the edge. So what's your opinion on this, you know, expansion of Kubernetes towards the edge. >>So I think you're, I think you're exactly right. And that's actually a lot of meetings I've been having here right now is these are some of these interesting use cases. So people who, uh, whether it be, you know, ones that are easy to understand in the telco space, right? Especially the adoption of 5g and you have all these space stations, new towers, and they have not only the core radio functions or network functions that they're trying to do there, but they have other applications that wanna run on that same environment. Uh, I spoke recently with some of our, our good friends at a major automotive manufacturer, doing things in their factories, right. That can't take the latency of being somewhere else. Right. So they have robots on the factory floor, the latency that they would experience if they tried to run things in the cloud meant that robot would've moved 10 centimeters. >>By the time, you know, the signal got back, it may not seem like a lot to you, but if, if, if you're an employee, you know, there, you know, uh, a big 2000 pound robot being 10 centimeters closer to you may not be what you, you really want. Um, there's, there's just a tremendous amount of activity happening out there on the retail side as well. So it's, it's amazing how people are deploying containers in retail outlets. You know, whether it be fast food and predicting, what, what, how many French fries you need to have going at this time of day with this sort of weather. Right. So you can make sure those queues are actually moving through. It's, it's, it's really exciting and interesting to look at all the different applications that are happening. So yes, on the edge for sure, in the public cloud, for sure. In the data center and we're finding is people want a common platform across those as well. Right? So for the management piece too, but also for security and for policies around these things. So, uh, it really is going everywhere. >>So talk to me, how do, how are we managing that as we think about pushing stuff out of the data center, out of the cloud cloud, closer to the edge security and life cycle management becomes like top of mind thought as, as challenges, how is rancher and sushi addressing >>That? Yeah. So I, I think you're, again, spot on. So it's, it starts off with the think of it as simple, but it's, it's not simple. It's the provisioning piece. How do we just get it installed and running right then to what you just asked the management piece of it, everything from your firmware to your operating system, to the, the cluster, uh, the Kubernetes cluster, that's running on that. And then the workloads on top of that. So with rancher, uh, and with the rest of SUSE, we're actually tacking all those parts of the problems from bare metal on up. Uh, and so we have lots of ways for deploying that operating system. We have operating systems that are, uh, optimized for the edge, very secure and ephemeral container images that you can build on top of. And then we have rancher itself, which is not only managing your ES cluster, but can actually start to manage the operating system components, uh, as well as the workload components. >>So all from your single interface, um, we mentioned policy and security. So we, yeah, we'll probably talk about it more, um, uh, in a little bit, but, but new vector, right? So we acquired a company called new vector, just open sourced, uh, that here in January, that ability to run that level of, of security software everywhere again, is really important. Right? So again, whether I'm running it on, whatever my favorite public cloud providers, uh, managed Kubernetes is, or out at the edge, you still have to have security, you know, in there. And, and you want some consistency across that. If you have to have a different platform for each of your environments, that's just upping the complexity and the opportunity for error. So we really like to eliminate that and simplify our operators and developers' lives as much as possible. >>Yeah. From this point of view, are you implying that even you, you are matching, you know, self, uh, let's say managed clusters at the, at the very edge now with, with, you know, added security, because these are the two big problems lately, you know, so having something that is autonomous somehow easier to manage, especially if you are deploying hundreds of these that's micro clusters. And on the other hand, you need to know a policy based security that is strong enough to be sure again, if you have these huge robots moving too close to you, because somebody act the, the, the class that is managing them, that is, could be a huge problem. So are you, you know, approaching this kind of problems? I mean, is it, uh, the technology that you are acquired, you know, ready to, to do this? >>Yeah. I, I mean, it, it really is. I mean, there's still a lot of innovation happening. Don't, don't get me wrong. We're gonna see a lot of, a lot more, not just from, from SA and ranch here, but from the community, right. There's a lot happening there, but we've come a long way and we solved a lot of problems. Uh, if I think about, you know, how do you have this distributed environment? Uh, well, some of it comes down to not just, you know, all the different environments, but it's also the applications, you know, with microservices, you have very dynamic environment now just with your application space as well. So when we think about security, we really have to evolve from a fairly static policy where like, you might even be able to set an IP address and a port and some configuration on that. >>It's like, well, your workload's now dynamically moving. So not only do you have to have that security capability, like the ability to like, look at a process or look at a network connection and stop it, you have to have that, uh, manageability, right? You can't expect an operator or someone to like go in and manually configure a YAML file, right? Because things are changing too fast. It needs to be that combination of convenient, easy to manage with full function and ability to protect your, your, uh, your resources. And I think that's really one of the key things that new vector really brings is because we have so much intelligence about what's going on there. Like the configuration is pretty high level, and then it just runs, right? So it's used to this dynamic environment. It can actually protect your workloads wherever it's going from pod to pod. Uh, and it's that, that combination, again, that manageability with that high functionality, um, that, that is what's making it so popular. And what brings that security to those edge locations or cloud locations or your data center. >>So one of the challenges you're kind of, uh, touching on is this abstraction on, upon abstraction. When I, I ran my data center, I could put, uh, say this IP address, can't talk to this IP address on this port. Then I got next generation firewalls where I could actually do, uh, some analysis. Where are you seeing the ball moving to when it comes to customers, thinking about all these layers of abstraction IP address doesn't mean anything anymore in cloud native it's yes, I need one, but I'm not, I'm not protecting based on IP address. How are customers approaching security from the name space perspective? >>Well, so it's, you're absolutely right. In fact, even when you go to IPV six, like, I don't even recognize IP addresses anymore. <laugh> yeah. >>That doesn't mean anything like, oh, just a bunch of, yeah. Those are numbers, alpha Ric >>And colons. Right. You know, it's like, I don't even know anymore. Right. So, um, yeah, so it's, it comes back to that, moving from a static, you know, it's the pets versus cattle thing. Right? So this static thing that I can sort of know and, and love and touch and kind of protect to this almost living, breathing thing, which is moving all around, it's a swarm of, you know, pods moving all over the place. And so, uh, it, it is, I mean, that's what Kubernetes has done for the workload side of it is like, how do you get away from, from that, that pet to a declarative approach to, you know, identifying your workload and the components of that workload and what it should be doing. And so if we go on the security side some more like, yeah, it's actually not even namespace namespace. >>Isn't good enough if we wanna get, if we wanna get to zero trust, it's like, just cuz you're running in my namespace doesn't mean I trust you. Right. So, and that's one of the really cool things about new vectors because of the, you know, we're looking at protocol level stuff within the network. So it's pod to pod, every single connection we can look at and it's at the protocol layer. So if you say you're on my SQL database and I have a mye request going into it, I can confirm that that's actually a mye protocol being spoken and it's well formed. Right. And I know that this endpoint, you know, which is a, uh, container image or a pod name or some, or a label, even if it's in the same name, space is allowed to talk to and use this protocol to this other pod that's running in my same name space. >>Right. So I can either allow or deny. And if I can, I can look into the content that request and make sure it's well formed. So I'll give you an example is, um, do you guys remember the log four J challenges from not too long ago, right. It was a huge deal. So if I'm doing something that's IP and port based and name space based, so what are my protections? What are my options for something that's got logged four J embedded in like, I either run the risk of it running or I shut it down. Those are my options. Like those neither one of those are very good. So we can do, because again, we're at the protocol layer. It's like, ah, I can identify any log for J protocol. I can look at whether it's well formed, you know, or if it's malicious and it's malicious, I can block it. If it's well formed, I can let it go through. So I can actually look at those, those, um, those vulnerabilities. I don't have to take my service down. I can run and still be protected. And so that, that extra level, that ability to kind of peek into things and also go pod to pod, you know, not just same space level is one of the key differences. So I talk about the evolution or how we're evolving with, um, with the security. Like we've grown a lot, we've got a lot more coming. >>So let's talk about that a lot more coming what's in the pipeline for SUSE. >>Well, probably before I get to that, we just announced new vector five. So maybe I can catch us up on what was released last week. Uh, and then we can talk a little bit about going, going forward. So new vector five, introduce something called um, well, several things, but one of the things I can talk in more detail about is something called zero drift. So I've been talking about the network security, but we also have run time security, right? So any, any container that's running within your environment has processes that are running that container. What we can do is actually comes back to that manageability and configuration. We can look at the root level of trust of any process that's running. And as long as it has an inheritance, we can let that process run without any extra configuration. If it doesn't have a root level of trust, like it didn't spawn from whatever the, a knit, um, function was in that container. We're not gonna let it run. Uh, so the, the configuration that you have to put in there is, is a lot simpler. Um, so that's something that's in, in new vector five, um, the web application firewall. So this layer seven security inspection has gotten a lot more granular now. So it's that pod Topo security, um, both for ingress egress and internal on the cluster. Right. >>So before we get to what's in the pipeline, one question around new vector, how is that consumed and deployed? >>How is new vector consumed, >>Deployed? And yeah, >>Yeah, yeah. So, uh, again with new vector five and, and also rancher 2 65, which just were released, there's actually some nice integration between them. So if I'm a rancher customer and I'm using 2 65, I can actually deploy that new vector with a couple clicks of the button in our, uh, in our marketplace. And we're actually tied into our role-based access control. So an administrator who has that has the rights can just click they're now in a new vector interface and they can start setting those policies and deploying those things out very easily. Of course, if you aren't using, uh, rancher, you're using some other, uh, container management platform, new vector still works. Awesome. You can deploy it there still in a few clicks. Um, you're just gonna get into, you have to log into your new vector, uh, interface and, and use it from there. >>So that's how it's deployed. It's, it's very, it's very simple to use. Um, I think what's actually really exciting about that too, is we've opensourced it? Um, so it's available for anyone to go download and try, and I would encourage people to give it a go. Uh, and I think there's some compelling reasons to do that now. Right? So we have pause security policies, you know, depreciated and going away, um, pretty soon in, in Kubernetes. And so there's a few things you might look at to make sure you're still able to run a secure environment within Kubernetes. So I think it's a great time to look at what's coming next, uh, for your security within your Kubernetes. >>So Paul, we appreciate chief stopping by from ity of Spain, from Spain, I'm Keith Townsend, along with en Rico Sinte. Thank you. And you're watching the, the leader in high tech coverage.

>> Announcer: theCUBE presents Kubecon and Cloudnativecon Europe, 2022. Brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in Kubecon, Cloudnativecon Europe 2022. I'm Keith Townsend and alongside Enrico senior IT analyst for (indistinct). Welcome back to the show Enrico. >> Thank you again for having me here. >> First impressions of Kubecon. >> Well, great show. As I mentioned before, I think that we are really in this very positive mood of talking with each other and people wanting to see the projects, people that build the projects and it's amazing. A lot of interesting conversation in the show floor and in the various sessions, very positive mood. >> So this is going to be a fun one, we have some amazing builders on the show this week and none other than William Morgan, CEO of Buoyant. What's your role in the Linkerd project? >> So I was one of the original creators of Linkerd, but at this point I'm just the beautiful face of the project. (all laughing) >> Speaking of beautiful face of the project Linkerd just graduated from as a CNCF project. >> Yeah, that's right so last year we became the first service mesh to graduate in the CNCF, very proud of that and that's thanks largely to the incredible community around Linkerd that is just excited about the project and wants to talk about it and wants to be involved. >> So let's talk about the significance of that. Linkerd not the only service mesh project out there. Talk to me about the level effort to get it to the point that it's graduated. You don't see too many projects graduating CNCF in general so let's talk about kind of the work needed to get Linkerd to this point. >> Yeah so the bar is high and it's mostly a measure, not necessarily of like the project being technically good or bad or anything but it's really a measure of maturity of the community around it so is it being adopted by organizations that are really relying on it in a critical way? Is it being adopted across industries? Is it having kind of a significant impact on the Cloudnative community? And so for us there was the work involved in that was really not any different from the work involved in kind of maintaining Linkerd and growing the community in the first place, which is you try and make it really useful. You try and make it really easy to get started with, you try and be supportive and to have a friendly and welcoming community. And if you do those things and you kind of naturally get yourself to the point where it's a really strong community full of people who are excited about it. >> So from the point of view of users adopting this technology, so we are talking about everybody or do you see really large organization, large Kubernetes clusters infrastructure adopting it? >> Yeah, so the answer to that is changed a little bit over time but at this point we see Linkerd adoption across industries, across verticals, and we see it from very small companies to very large ones so one of the talks I'm really excited about at this conference is from the folks at Xbox cloud gaming who are going to talk about how they deployed Linkerd across 22,000 pods around the world to serve basically on demand video games. Never a use case I would ever have imagined for Linkerd and at the previous Kubecon virtually Kubecon EU, we had a whole keynote about how Linkerd was used to combat COVID 19. So all sorts of uses and it really doesn't, whether it's a small cluster or large cluster it's equally applicable. >> Wow so as we talk about Linkerd service mesh we obviously are going to talk about security, application control, etcetera. But in this climate software supply chain is critical and you think about open source software supply chain, talk to us about the recent security audit of Linkerd. >> Yeah so one of the things that we do as part of a CNCF project and also as part of, I think our relationship with our community is we have regular security audits where we engage security professionals who are very thorough and dig into all the details. Of course the source code is all out there, so anyone can read through the code but they'll build threat model analysis and things like that. And then we take their report and we publish it. We say, "Hey look, here's the situation." So we have earlier reports online and this newest one was done by a company called Trail of Bits and they built a whole threat model and looked through all the different ways that Linkerd could go wrong and they always find issues of course, it would be very scary, I think, to get a report that was like, no, we didn't find- >> Yeah everything's clean. >> Yeah everything's fine, should be okay, I don't know. But they did not find anything critical. They found some issues that we rapidly addressed and then everything gets written up in the report and then we publish it, as part of an open source artifact. >> How do you, let's say, do they give you and adds up something? So if something happens so that you can act on the code before somebody else discovers the- >> Yeah, they'll give you a preview of what they found and then often it's not like you're going before the judge and the judge makes a judgment and then like off to jail, it's a dialogue because they don't necessarily understand the project. Well, they definitely don't understand it as well as you do. So you are helping them understand which parts are interesting to look at from the security perspective, which parts are not that interesting. They do their own investigation of course but it's a dialogue the entire time. So you do have an opportunity to say, "Oh you told me that was a a minor issue. "I actually think that's larger or vice versa." You think that's a big problem actually, we thought about that and it's not a big problem because of whatever. So it's a collaborative process. >> So Linkerd been around, like when I first learned about service mesh Linkerd was the project that I learned about. It's been there for a long time, just mentioned 22,000 clusters. That's just mind boggling- >> Pods, 22,000 pods. >> That's pods. >> Clusters would be great. >> Yeah, clusters would be great too but it filled 22,000 pods. >> It's a big deployment. >> That's a big deployment of Linkerd, but all the way down to the smallest set of pods as well. What are some of the recent project updates some of the learnings you bought back from the community and updated the project as a result? >> Yeah so a big one for us, on the topic of security, Linkerd, a big driver of Linkerd adoption is security and less on the supply chain side and more on the traffic, like live traffic security. So things like mutual TLS, so you can encrypt the communication between pods and make sure it's authenticated. One of the recent feature additions is authorization policy so you can lock down connections between services and you can say Service A is only allowed to talk to Service B and I want to do that not based on network identity, not based on like IP addresses, 'cause those are spoofable and we've kind of like as an industry moved, we've gotten a little more advanced from that but actually based on the workload identity as captured by the mutual TLS certificate exchange. So we give you the ability now to restrict the types of communication that are allowed to happen on your cluster. >> So, okay this is what happened. What about the future? Can you give us into suggestion on what is going to happen in the medium and long term? >> I think we're done you know we graduated, so we're just going to stop. (all laughing) What else is there to do? There's no grad school. No, so for us, there's a clear roadmap ahead continuing down the security realm, for sure. We've given you kind of the very first building block which at the service level, but coming up in the 2.12 release we'll have route based policy as well, as you can say this service is only allowed to call these three routes on this end point. And we'll be working later to do things like mesh expansions so we can run the data plane outside of Kubernetes, so the control plane will stay in Kubernetes but the data plane will, you'll be able to run that on Vms and things like that. And then of course in the, we're also starting to look at things like, I like to make a fun of (indistinct) a lot but we are actually starting to look at (indistinct) in the ways that that might actually be useful for Linkerd users. >> So we talk a lot about the flexibility of a project like Linkerd you can do amazing things with it from a security perspective but we're talking still to a DevOps type cloud of developers who are spread thin across their skillset. How do you help balance the need for the flexibility which usually comes with more nerd knobs and servicing a crowd that wants even higher levels of abstraction and simplicity. >> Yeah, that's a great question and this is what makes Linkerd so unique in the service mesh spaces. We have a laser focus on simplicity and especially on operational simplicity so our audience, we can make it easy to install Linkerd but what we really care about is when you're running it and you're on call for it and it's sitting in this critical, vulnerable part of your infrastructure, do you feel confident in that? Do you feel like you understand it? Do you feel like you can observe it? Do you feel like you can predict what it's going to do? And so every aspect of Linkerd is designed to be as operationally simple as possible. So when we deliver features, that's always our primary consideration, is we have to reject the urge, we have an urge as engineers to like want to build everything, it's an ultimate platform to solve all problems and we have to really be disciplined and say we're not going to do that, we're going to look at solving the minimum possible problem with a minimum set are features because we need to keep things simple and then we need to look at the human aspect to that. And I think that's been a part of Linkerd's success. And then on the Buoyant side, of course, I don't just work on Linkerd, I also work on Buoyant which helps organizations adopt Linkerd and increasingly large organizations that are not service mesh experts don't want to be service mesh experts, they want to spend their time and energy developing their business, right? And building the business logic that powers their company. So for them we have actually recently introduced, fully managed Linkerd where we can take on, even though Linkerd has to run on your cluster, the sidecar proxies has to be alongside your application. We can actually take on the operational burden of upgrades and trust income rotation, and installation. And you could effectively treat it as a utility, and have a hosted-like experience even though the actual bits, at least most of them not all of them, most of 'em have to live on your cluster. >> I love the focus of most CNCF projects, it's peanut butter or jelly, not peanut butter trying to be become jelly. What's the peanut butter to Linkerd's jelly? Like where does Linkerd stop? And some of the things that customers should really consider when looking at service mesh? >> Yeah, now that's a great way of looking at it and I actually think that philosophy comes from Kubernetes. I think Kubernetes itself, one of the reasons it was so successful is because it had some clearly delineated boundaries. It said, "This is what we're going to do. "And this is what we're not going to do. "So we're going to do layer three, four networking, "but we're going to stop there, "we're not going to do anything with layer seven." And that allowed the service mesh. So I guess if I were to go down the bread of the sandwich is Kubernetes, and then Linkerd is the peanut butter, I guess. And then the jelly, so I think the jelly is every other aspect of of building a platform. So if you are the audience for Linkerd most of the time is a platform owners. They're building a platform an internal platform for their developers to write code and so, as part of that, of course you've got Kubernetes, you've got Linkerd, but you've also got a CICD system. You've also got a code repository that's GitLab or or GitHub or whatever, you've got other kind of tools that are enforcing various other constraints. All of that is the jelly in the, this is analogy it's getting complicated now, and like the platform sandwich that you're serving. >> So talk to us about trans and service mesh from the, as we think of the macro. >> Yeah, so it's been an interesting space because, we were talking a little bit about this before the show but, there was so much buzz and then what we saw was basically it took two years for that buzz to become actual adoption and now a lot of the buzz is off on other exciting things and the people who remain in the Linkerd space are very focused on, "Oh, I actually have a real problem "that I need to solve "and I need to solve it now." So that's been great. So in terms of broader trends, I think one thing we've seen for sure is the service mesh space is kind of notorious for complexity, and a lot of what we've been doing on the Linkerd side has been trying to reverse that idea, because it doesn't actually have to be complex. There's interesting stuff you can do, especially when you get into the way we handle the sidecar model. It's actually really, it's a wonderful model operationally. It's really, it feels weird at first and then you're like, "Oh, actually this makes my operations a lot easier." So a lot of the trends that I see at least for Linkerd is doubling down on the sidecar model trying to make side cars as small and as thin as possible and try and make them kind of transparent to the rest of the application. >> Well, William Morgan, one of the coolest Twitter handles I've seen at WM on Twitter, that's actually a really cool Twitter handle. >> William: Thank you. >> CEO of Buoyant. Thank you for joining theCube again, Cube alum. From Valencia Spain, I'm Keith Towns, along with Enrico's (indistinct) and you're watching theCube, the leader in high tech coverage. (upbeat music)

>> From Gillette Stadium in Foxboro, Massachusetts, if the queue covering Vita Winter warmer, twenty nineteen brought to you by Silicon Angle media. >> Hi, I'm stew Minutemen. And this is the Cube Worldwide Leader and live tech coverage. >> We're on the ground here at the V Tug winter warmer, and it is twenty nineteen. It's actually, the thirteenth year of this event was one of the original, if not the original Veum, where user groups covers virtual ization, cloud computing and even Mohr, always great to be able to get back to the community, get some good interviews and no better person helped me start with my first interview at a show of the year. But good friend of the program, Keith Towns and he is the CTO advisor. And he's also now a slew front architect with the M. Where Keith. Thanks for joining >> us. Thanks for having me on the cute. >> Yeah. So, Keith, I mean, you were host of our program for a number of years. You're now, you know, back working on the vendor side. But you know, you know this community. You know what I always say in my career, There, certain communities, an ecosystem where there's just love to be a part of it. And the virtual ization group. You know, I've been part of it for a long time. You know, Veum, wear and beyond, though, you know people that you know, they get excited, They geek out on the technology and they love to share. And that's why we come to events like this. >> Yeah, it is amazing. Just, you know, the every every show is getting smaller, but maybe with the session of a Ws re event, but I don't think the intensity has shrunk at all. You get around friends, you know, we're just at a desk and one of the ten days, actually, how did I get a job doing X? And the community was like, Oh, you just talk to the people at this table. So it is. It is a great, great commute. >> Yeah, it's an interesting dynamic you talk about. You know, we've seen the huge growth in Meetups in user groups and regional shows. You know, vm Where does Veum World but the VM world being where forums around the globe. I'm sure you probably have to go for a few of those they've been doing well. I'm right back in my emcee Daisy M. C. Did a number of those. So we see you. Amazon Reinvent is growing, but oh, my God, they're regional shows are ridiculous. I I've said some of those regional shows either different communities or different localities can actually be even better than some of the big shows on. You know, we love Keith. We're happy to welcome you here to the home of the NFC Championship. New England Patriots ur >> First off, Congratulations. The wait went a little better for you to bare sand and say, You know what? Tom Brady won't play forever, so enjoy it. This is amazing backdrop through him. Little finish that you've not involved. Invited me to a veto before now. >> Oh. Oh, I'm sorry, Keith. It's It's a community thing that absolutely got to come. Absolutely. I've had friends. Most of them. It is local. I'm talking to users from Maine and Massachusetts, Rhode Island and Connecticut and like so you gave a keynote this morning and you didn't True fashion. You did a block post about reality check leading in, and I thought it was a great way for us to start is, You know, there's so much change in the industry, uh, those of us that are technologies that you know, we're super excited because there's so much new stuff. It's not like Oh, jeez, you know, twenty nineteen is probably going to be just like twenty eighteen. It's like, Oh, my gosh, what did I do in twenty eighteen? What do I have to change? How do I keep up? How do I manage it? I would love to get your viewpoint. You know what's going on with Keith? And you're talking about a lot of users, so you know how help share, You know, what is the reality? Check that everybody's going >> to know. We're talking about a pre recording in the banter. Just, you know, whether it's, you know, Vienna where we're hip Theo and all the stuff that Casey Kelsey Hightower is going out with Cooper Netease. Then as you spent spent out to serve earless, uh, infrastructures Cole scripting it centre. There's much to learn that you're a bit overwhelmed and we're seeing this out. You know, as I'm talking to executive CTO CEOs, VP of infrastructure, they're filling the same kind of excitement at the same time. Overwhelmed this Like what? What's what's really You know, we had the big cloud movements over a few years ago where I think we're at the height cycle where organizations are starting to understand that. You know, Cloud isn't the destination is part of a strategy, and everyone seems to be in the throes of figuring out what that means for us. We're just on the crowd chat, talking about multi Cloud and the drivers around. Multi Cloud. You guys did a great job hosting that cloud shit chat, nothing. We saw the gambit off where people are. You know, uh, there's not really a business rationality people who are really in the throes of trying to figure it out. >> Yeah, actually, I love to comment friend of ours that we've had on the program before, Bobby Allen from Cloud General said when he's working with companies, if they ask for a three year strategy plan, he said, I will not do it unless we guarantee that we will go revisit it every six months because I looked back. You know, Clay Christensen, you no way talks about strategy is strategy is a point in time thing, not something that you write it in stone. I've been saying for a couple of years cloud strategies that companies today is, they wrote it in ink and the ink still drying. And, you know, you're probably going to need toe, you know, go through it and change it because it is changing fast and therefore, you know, huge. Out I started Deploy something. Oh, wait, what about the next thing? Or there's some new practice or something to do it. So it is challenging because I need to run my business. Today. I got to set my budget for the year, usually, um and it's I need to be agile. But, you know, I can't constantly be tearing everything up and you're not going to be throwing it out or re training and skills. I mean, there's so many challenges. >> So still, you might remember when when I was on the other side of the the table. I, uh it was meant at somewhat of a D that Veum where moves at the speed of the aisle, and it was picked up as Maury compliment. But >> it was a >> big I'll be honest that it was a dig. And what I've learned the past few months is that Veum, where has to move at the speed of the CIA, is no longer and It's not just being wherever the community has and the CIA always faced with that we could do a few years ago. A cloud strategy, and that thing can sit on the desk for a year, and it would still be valid. But the bobbies point, if you're going to do a strategy and three year strategy, got to revisit that every six months and this agility that were not accustomed to previously in the industry, we have to now become super agile and figure out how do we keep the lights on and innovate at the pace That business, these witches? Pretty good chance. >> Yeah, it's attorney were beginning the year I made a comment personally said, You know, I'm not a big believer in, you know, setting. You know, Resolutions. Mohr. You know, let's set goals Your runner, I do some biking and it's like, Okay, you know, I've got a big race I want to do this year. I'm gonna work myself, you know, towards that goal and raise the money. You've got a certain target and something that you could do over the year. It's and there's no way that you do that, cos you know they've got goals that they need to accomplish and business. And it's great to say, Oh, well, we need to be more efficient. We need to do some down something different. But, you know, reality is, you know, it's not just digital transformation of modernizing. It was, you know. Oh, okay. Do I need to transform my backup? You know, data protection, you know, huge activity going on in the marketplace right now, you know? So, what >> is sixty million noon investment in one >> week? Exactly. You know, the wave of hyper convergence is one that really changed a lot of architectures and had people change. You know, we've talked cloud computing. They're what are some of the, You know, some of the big, you know, movements that you see, you know, will you? Tracking the industry? It was kind of the the intel refunds for a cycle, and, you know, Oh, well, it's the next version of Microsoft or, you know, Veum, where operating system would be one of those big, you know, kind of ticked. Talks of what? What are some of the big commonalities that you're seeing Al? So they're actually moving people to >> new things without a doubt. There is one conversation that customers cannot get the enough of. And I had Ah, on my little vlog. I had game being from Vienna, where V P off the Storch and Business availability unit and I challenged her on the via Where? Vision around this. But customers cannot get enough of having a conversation around data. What they What do they do with data? And how does a move data? How did they get compute closest to data? How did we get data they're closest to? They're re sources. We talked about it on the multi cloud conversation, but by far conversations are around. Howto they extract value from data had really protect data, and howto they make sure their compliant with the data is something that that's driving a lot of innovation and a lot of conversation. A lot of interest. >> Yeah, Keith, it's a great one. When I look at you know, our research team, that wicked bond data is that the center of everything. In many ways, the failings of big data was talking about, You know, the challenges. I have infrastructure. No, the growth and the variety and blah, blah, blah and everything that's not what important to the business they don't care about, You know, it's like, Oh, well, there's a storage problem in a network problem. It's the business says there's data, you know? Do I protect my bird business to make sure that I'm not a risk? You know, all the things like DDP are coming And can I livered value? Do I Can I get new lines of business? Can I generate revenue out of that? And I've seen early signs that we've learned this whole, You know, a I m l movement. You know, data, Really? At the center. All right, we've seen enough storage. We went from talking about storing data to about, you know, that data ecosystem, Andi, even computing and I ot data where data needs to be, how I work it. Absolutely a center. So, yeah, it's great to hear that. Customers are identifying that. We've been doing like, chief data officer events for many years. You know, where does data live? Is that a CEO Thing? Is that a different part of the business? I don't know if you've got anything you're seeing from, you know, your customers is Tau, >> who owns the Data initiative, So it's really interesting. I had a conversation with a major bank, and it was a one on one with the CDO and what I thought was the most tricky part of the conversation is that here, Not only does he report directly into the CIA, which you know is to be expected, but he meets regularly with the board of directors. So data were seen. I've seen these seedy old rolls being popped up, and it's not just about the technology as you mentioned. It's about the whole approach about this asset that we have. It's so critical that worth creating a sea level position that today might reporting to the CEO but is most definitely accountable to the border director. >> Well, yeah, Keith, it's that the trend we've been watching for a while, as it used to be, it was a cost center. And, you know, it's kind of, you know, that's what it was considered today. If it isn't in, you know, direct relationship, working with the business, the business will go find somebody else to do it. The whole stealthy movement. You know, I can go find an answer for what I'm doing. I think about project I've worked on in my career and been like, I wish it was easy. You know, fifteen years ago, it was today to do those. But we see security's a board level discussion data as a board level discussion is excellent. And all of those things that traditionally you would think that own them. Having awareness and visibility and information communication flow between the board in the C suite is great progress. You >> know, it's interesting. I was a big proponent of this prior to coming on The vendor side is that vendors have to start having conversations outside of it. So traditional infrastructure of injustice, his goal. Hurry, right saw and where the whole the Dale emcee Dale Technologies they have to skill up and have conversations with CIA moles. Seo's CEO Ole's H R directors because the these buying centers now have power to go out and buy solutions. You know, talked about in my no keynote this morning. You know how many people have worked day? How many people have salesforce applications? They had nothing to do when I had no nothing to do with the procurement of off these solutions. The ball is moving outside of just traditional for court technology is starting to get to the point where regular users can consume business users can consume these massive, massive solutions based on technology and just happens to be a label. The technology, whether sales Force worked in >> Sochi, thought on this this whole point there want to ask you, In my career, there's often been groups inside a business that didn't get along. And we, you know, built silos. You know, the storage in the network team don't get along cloud and traditional I t You know what we're fighting? You know who owns it? Turf wars Managing that, You know, have we built silos in multi cloud today? Is everybody holding hands and, you know, pointing the business in the same direction, you could kind of give us the good the bad. So what? We need to work on going forward. >> I think the good is that you know that the umbrella of infrastructure starting to work as a single. Uh, you So you have storage, compu networking, even configuration man groups that were kind of confrontational before and territorial. Those groups are starting. Tio. Come on. Their one senior manager or one senior executive looking at? How do you provide services as a group and providing those services? I think we're we're starting to see Silos is actually the developer versus the infrastructure group is developers just wantto FBI, too. A set of services. They want infrastructure to get away. Developers themselves. Haven't you know, kind of katende enough of the scars from heaven have to do operations, So there's a different view off the world. And, uh, today I think developers haven't yet getting the budget power off operations. But the business wants solutions, and they're going out there competing with traditional Teo get the dollars to run the services in the cloud or or wherever, however they consumed them, whether it's, you know, just saw Chick fil a's deploying two thousand ten points to run six thousand containers at the edge. Is that something that's run by tears? That something wrong? Run by developers? I don't know. Check feeling well enough to know about. This is what we're seeing in >> industry. Yeah. All right. Well, keep towns. And always a pleasure to catch up with you. Thanks so much for joining us. Be sure to check him out see Teo advisor on Twitter, check out his blogged. And of course, thank you so much for watching. We'll be back. Uh, lots more coverage here at V tug. Winter warmer, twenty nineteen. Thanks for watching.