>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Confidential computing is a technology that aims to enhance data privacy and security, by providing encrypted computation on sensitive data and isolating data, and apps that are fenced off enclave during processing. The concept of, I got to start over. I fucked that up, I'm sorry. That's not right, what I said was not right. On Dave in five, four, three. Confidential computing is a technology that aims to enhance data privacy and security by providing encrypted computation on sensitive data, isolating data from apps and a fenced off enclave during processing. The concept of confidential computing is gaining popularity, especially in the cloud computing space, where sensitive data is often stored and of course processed. However, there are some who view confidential computing as an unnecessary technology in a marketing ploy by cloud providers aimed at calming customers who are cloud phobic. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we revisit the notion of confidential computing, and to do so, we'll invite two Google experts to the show. But before we get there, let's summarize briefly. There's not a ton of ETR data on the topic of confidential computing, I mean, it's a technology that's deeply embedded into silicon and computing architectures. But at the highest level, security remains the number one priority being addressed by IT decision makers in the coming year as shown here. And this data is pretty much across the board by industry, by region, by size of company. I mean we dug into it and the only slight deviation from the mean is in financial services. The second and third most cited priorities, cloud migration and analytics are noticeably closer to cybersecurity in financial services than in other sectors, likely because financial services has always been hyper security conscious, but security is still a clear number one priority in that sector. The idea behind confidential computing is to better address threat models for data in execution. Protecting data at rest and data in transit have long been a focus of security approaches, but more recently, silicon manufacturers have introduced architectures that separate data and applications from the host system, ARM, Intel, AMD, Nvidia and other suppliers are all on board, as are the big cloud players. Now, the argument against confidential computing is that it narrowly focuses on memory encryption and it doesn't solve the biggest problems in security. Multiple system images, updates, different services and the entire code flow aren't directly addressed by memory encryption. Rather to truly attack these problems, many believe that OSs need to be re-engineered with the attacker and hacker in mind. There are so many variables and at the end of the day, critics say the emphasis on confidential computing made by cloud providers is overstated and largely hype. This tweet from security researcher Rodrigo Bronco, sums up the sentiment of many skeptics. He says, "Confidential computing is mostly a marketing campaign from memory encryption. It's not driving the industry towards the hard open problems. It is selling an illusion." Okay. Nonetheless, encrypting data in use and fencing off key components of the system isn't a bad thing, especially if it comes with the package essentially for free. There has been a lack of standardization and interoperability between different confidential computing approaches. But the confidential computing consortium was established in 2019 ostensibly to accelerate the market and influence standards. Notably, AWS is not part of the consortium, likely because the politics of the consortium were probably a conundrum for AWS because the base technology defined by the consortium is seen as limiting by AWS. This is my guess, not AWS' words. But I think joining the consortium would validate a definition which AWS isn't aligned with. And two, it's got to lead with this Annapurna acquisition. It was way ahead with ARM integration, and so it's probably doesn't feel the need to validate its competitors. Anyway, one of the premier members of the confidential computing consortium is Google, along with many high profile names, including Aem, Intel, Meta, Red Hat, Microsoft, and others. And we're pleased to welcome two experts on confidential computing from Google to unpack the topic. Nelly Porter is Head of Product for GCP Confidential Computing and Encryption and Dr. Patricia Florissi is the Technical Director for the Office of the CTO at Google Cloud. Welcome Nelly and Patricia, great to have you. >> Great to be here. >> Thank you so much for having us. >> You're very welcome. Nelly, why don't you start and then Patricia, you can weigh in. Just tell the audience a little bit about each of your roles at Google Cloud. >> So I'll start, I'm owning a lot of interesting activities in Google and again, security or infrastructure securities that I usually own. And we are talking about encryption, end-to-end encryption, and confidential computing is a part of portfolio. Additional areas that I contribute to get with my team to Google and our customers is secure software supply chain because you need to trust your software. Is it operate in your confidential environment to have end-to-end security, about if you believe that your software and your environment doing what you expect, it's my role. >> Got it. Okay, Patricia? >> Well, I am a Technical Director in the Office of the CTO, OCTO for short in Google Cloud. And we are a global team, we include former CTOs like myself and senior technologies from large corporations, institutions and a lot of success for startups as well. And we have two main goals, first, we walk side by side with some of our largest, more strategic or most strategical customers and we help them solve complex engineering technical problems. And second, we advice Google and Google Cloud Engineering, product management on emerging trends and technologies to guide the trajectory of our business. We are unique group, I think, because we have created this collaborative culture with our customers. And within OCTO I spend a lot of time collaborating with customers in the industry at large on technologies that can address privacy, security, and sovereignty of data in general. >> Excellent. Thank you for that both of you. Let's get into it. So Nelly, what is confidential computing from Google's perspective? How do you define it? >> Confidential computing is a tool and one of the tools in our toolbox. And confidential computing is a way how we would help our customers to complete this very interesting end-to-end lifecycle of the data. And when customers bring in the data to cloud and want to protect it as they ingest it to the cloud, they protect it at rest when they store data in the cloud. But what was missing for many, many years is ability for us to continue protecting data and workloads of our customers when they run them. And again, because data is not brought to cloud to have huge graveyard, we need to ensure that this data is actually indexed. Again, there is some insights driven and drawn from this data. You have to process this data and confidential computing here to help. Now we have end-to-end protection of our customer's data when they bring the workloads and data to cloud thanks to confidential computing. >> Thank you for that. Okay, we're going to get into the architecture a bit, but before we do Patricia, why do you think this topic of confidential computing is such an important technology? Can you explain? Do you think it's transformative for customers and if so, why? >> Yeah, I would maybe like to use one thought, one way, one intuition behind why confidential computing matters because at the end of the day, it reduces more and more the customer's thrush boundaries and the attack surface. That's about reducing that periphery, the boundary in which the customer needs to mind about trust and safety. And in a way is a natural progression that you're using encryption to secure and protect data in the same way that we are encrypting data in transit and at rest. Now, we are also encrypting data while in the use. And among other beneficials, I would say one of the most transformative ones is that organizations will be able to collaborate with each other and retain the confidentiality of the data. And that is across industry, even though it's highly focused on, I wouldn't say highly focused but very beneficial for highly regulated industries, it applies to all of industries. And if you look at financing for example, where bankers are trying to detect fraud and specifically double finance where a customer is actually trying to get a finance on an asset, let's say a boat or a house, and then it goes to another bank and gets another finance on that asset. Now bankers would be able to collaborate and detect fraud while preserving confidentiality and privacy of the data. >> Interesting and I want to understand that a little bit more but I got to push you a little bit on this, Nellie if I can, because there's a narrative out there that says confidential computing is a marketing ploy I talked about this up front, by cloud providers that are just trying to placate people that are scared of the cloud. And I'm presuming you don't agree with that, but I'd like you to weigh in here. The argument is confidential computing is just memory encryption, it doesn't address many other problems. It is over hyped by cloud providers. What do you say to that line of thinking? >> I absolutely disagree as you can imagine Dave, with this statement. But the most importantly is we mixing a multiple concepts I guess, and exactly as Patricia said, we need to look at the end-to-end story, not again, is a mechanism. How confidential computing trying to execute and protect customer's data and why it's so critically important. Because what confidential computing was able to do, it's in addition to isolate our tenants in multi-tenant environments the cloud offering to offer additional stronger isolation, they called it cryptographic isolation. It's why customers will have more trust to customers and to other customers, the tenants running on the same host but also us because they don't need to worry about against rats and more malicious attempts to penetrate the environment. So what confidential computing is helping us to offer our customers stronger isolation between tenants in this multi-tenant environment, but also incredibly important, stronger isolation of our customers to tenants from us. We also writing code, we also software providers, we also make mistakes or have some zero days. Sometimes again us introduce, sometimes introduced by our adversaries. But what I'm trying to say by creating this cryptographic layer of isolation between us and our tenants and among those tenants, we really providing meaningful security to our customers and eliminate some of the worries that they have running on multi-tenant spaces or even collaborating together with very sensitive data knowing that this particular protection is available to them. >> Okay, thank you. Appreciate that. And I think malicious code is often a threat model missed in these narratives. You know, operator access. Yeah, maybe I trust my cloud's provider, but if I can fence off your access even better, I'll sleep better at night separating a code from the data. Everybody's ARM, Intel, AMD, Nvidia and others, they're all doing it. I wonder if Nell, if we could stay with you and bring up the slide on the architecture. What's architecturally different with confidential computing versus how operating systems and VMs have worked traditionally? We're showing a slide here with some VMs, maybe you could take us through that. >> Absolutely, and Dave, the whole idea for Google and now industry way of dealing with confidential computing is to ensure that three main property is actually preserved. Customers don't need to change the code. They can operate in those VMs exactly as they would with normal non-confidential VMs. But to give them this opportunity of lift and shift though, no changing the apps and performing and having very, very, very low latency and scale as any cloud can, some things that Google actually pioneer in confidential computing. I think we need to open and explain how this magic was actually done, and as I said, it's again the whole entire system have to change to be able to provide this magic. And I would start with we have this concept of root of trust and root of trust where we will ensure that this machine within the whole entire host has integrity guarantee, means nobody changing my code on the most low level of system, and we introduce this in 2017 called Titan. So our specific ASIC, specific inch by inch system on every single motherboard that we have that ensures that your low level former, your actually system code, your kernel, the most powerful system is actually proper configured and not changed, not tempered. We do it for everybody, confidential computing included, but for confidential computing is what we have to change, we bring in AMD or future silicon vendors and we have to trust their former, their way to deal with our confidential environments. And that's why we have obligation to validate intelligent not only our software and our former but also former and software of our vendors, silicon vendors. So we actually, when we booting this machine as you can see, we validate that integrity of all of this system is in place. It means nobody touching, nobody changing, nobody modifying it. But then we have this concept of AMD Secure Processor, it's special ASIC best specific things that generate a key for every single VM that our customers will run or every single node in Kubernetes or every single worker thread in our Hadoop spark capability. We offer all of that and those keys are not available to us. It's the best case ever in encryption space because when we are talking about encryption, the first question that I'm receiving all the time, "Where's the key? Who will have access to the key?" because if you have access to the key then it doesn't matter if you encrypted or not. So, but the case in confidential computing why it's so revolutionary technology, us cloud providers who don't have access to the keys, they're sitting in the hardware and they fed to memory controller. And it means when hypervisors that also know about this wonderful things saying I need to get access to the memories, that this particular VM I'm trying to get access to. They do not decrypt the data, they don't have access to the key because those keys are random, ephemeral and per VM, but most importantly in hardware not exportable. And it means now you will be able to have this very interesting world that customers or cloud providers will not be able to get access to your memory. And what we do, again as you can see, our customers don't need to change their applications. Their VMs are running exactly as it should run. And what you've running in VM, you actually see your memory clear, it's not encrypted. But God forbid is trying somebody to do it outside of my confidential box, no, no, no, no, no, you will now be able to do it. Now, you'll see cyber test and it's exactly what combination of these multiple hardware pieces and software pieces have to do. So OS is also modified and OS is modified such way to provide integrity. It means even OS that you're running in your VM box is not modifiable and you as customer can verify. But the most interesting thing I guess how to ensure the super performance of this environment because you can imagine Dave, that's increasing and it's additional performance, additional time, additional latency. So we're able to mitigate all of that by providing incredibly interesting capability in the OS itself. So our customers will get no changes needed, fantastic performance and scales as they would expect from cloud providers like Google. >> Okay, thank you. Excellent, appreciate that explanation. So you know again, the narrative on this is, well, you've already given me guarantees as a cloud provider that you don't have access to my data, but this gives another level of assurance, key management as they say is key. Now humans aren't managing the keys, the machines are managing them. So Patricia, my question to you is in addition to, let's go pre-confidential computing days, what are the sort of new guarantees that these hardware based technologies are going to provide to customers? >> So if I am a customer, I am saying I now have full guarantee of confidentiality and integrity of the data and of the code. So if you look at code and data confidentiality, the customer cares and they want to know whether their systems are protected from outside or unauthorized access, and that we covered with Nelly that it is. Confidential computing actually ensures that the applications and data antennas remain secret. The code is actually looking at the data, only the memory is decrypting the data with a key that is ephemeral, and per VM, and generated on demand. Then you have the second point where you have code and data integrity and now customers want to know whether their data was corrupted, tempered with or impacted by outside actors. And what confidential computing ensures is that application internals are not tempered with. So the application, the workload as we call it, that is processing the data is also has not been tempered and preserves integrity. I would also say that this is all verifiable, so you have attestation and this attestation actually generates a log trail and the log trail guarantees that provides a proof that it was preserved. And I think that the offers also a guarantee of what we call sealing, this idea that the secrets have been preserved and not tempered with, confidentiality and integrity of code and data. >> Got it. Okay, thank you. Nelly, you mentioned, I think I heard you say that the applications is transparent, you don't have to change the application, it just comes for free essentially. And we showed some various parts of the stack before, I'm curious as to what's affected, but really more importantly, what is specifically Google's value add? How do partners participate in this, the ecosystem or maybe said another way, how does Google ensure the compatibility of confidential computing with existing systems and applications? >> And a fantastic question by the way, and it's very difficult and definitely complicated world because to be able to provide these guarantees, actually a lot of work was done by community. Google is very much operate and open. So again our operating system, we working this operating system repository OS is OS vendors to ensure that all capabilities that we need is part of the kernels are part of the releases and it's available for customers to understand and even explore if they have fun to explore a lot of code. We have also modified together with our silicon vendors kernel, host kernel to support this capability and it means working this community to ensure that all of those pages are there. We also worked with every single silicon vendor as you've seen, and it's what I probably feel that Google contributed quite a bit in this world. We moved our industry, our community, our vendors to understand the value of easy to use confidential computing or removing barriers. And now I don't know if you noticed Intel is following the lead and also announcing a trusted domain extension, very similar architecture and no surprise, it's a lot of work done with our partners to convince work with them and make this capability available. The same with ARM this year, actually last year, ARM announced future design for confidential computing, it's called confidential computing architecture. And it's also influenced very heavily with similar ideas by Google and industry overall. So it's a lot of work in confidential computing consortiums that we are doing, for example, simply to mention, to ensure interop as you mentioned, between different confidential environments of cloud providers. They want to ensure that they can attest to each other because when you're communicating with different environments, you need to trust them. And if it's running on different cloud providers, you need to ensure that you can trust your receiver when you sharing your sensitive data workloads or secret with them. So we coming as a community and we have this at Station Sig, the community-based systems that we want to build, and influence, and work with ARM and every other cloud providers to ensure that they can interop. And it means it doesn't matter where confidential workloads will be hosted, but they can exchange the data in secure, verifiable and controlled by customers really. And to do it, we need to continue what we are doing, working open and contribute with our ideas and ideas of our partners to this role to become what we see confidential computing has to become, it has to become utility. It doesn't need to be so special, but it's what what we've wanted to become. >> Let's talk about, thank you for that explanation. Let's talk about data sovereignty because when you think about data sharing, you think about data sharing across the ecosystem in different regions and then of course data sovereignty comes up, typically public policy, lags, the technology industry and sometimes it's problematic. I know there's a lot of discussions about exceptions but Patricia, we have a graphic on data sovereignty. I'm interested in how confidential computing ensures that data sovereignty and privacy edicts are adhered to, even if they're out of alignment maybe with the pace of technology. One of the frequent examples is when you delete data, can you actually prove the data is deleted with a hundred percent certainty, you got to prove that and a lot of other issues. So looking at this slide, maybe you could take us through your thinking on data sovereignty. >> Perfect. So for us, data sovereignty is only one of the three pillars of digital sovereignty. And I don't want to give the impression that confidential computing addresses it at all, that's why we want to step back and say, hey, digital sovereignty includes data sovereignty where we are giving you full control and ownership of the location, encryption and access to your data. Operational sovereignty where the goal is to give our Google Cloud customers full visibility and control over the provider operations, right? So if there are any updates on hardware, software stack, any operations, there is full transparency, full visibility. And then the third pillar is around software sovereignty, where the customer wants to ensure that they can run their workloads without dependency on the provider's software. So they have sometimes is often referred as survivability that you can actually survive if you are untethered to the cloud and that you can use open source. Now, let's take a deep dive on data sovereignty, which by the way is one of my favorite topics. And we typically focus on saying, hey, we need to care about data residency. We care where the data resides because where the data is at rest or in processing need to typically abides to the jurisdiction, the regulations of the jurisdiction where the data resides. And others say, hey, let's focus on data protection, we want to ensure the confidentiality, and integrity, and availability of the data, which confidential computing is at the heart of that data protection. But it is yet another element that people typically don't talk about when talking about data sovereignty, which is the element of user control. And here Dave, is about what happens to the data when I give you access to my data, and this reminds me of security two decades ago, even a decade ago, where we started the security movement by putting firewall protections and logging accesses. But once you were in, you were able to do everything you wanted with the data. An insider had access to all the infrastructure, the data, and the code. And that's similar because with data sovereignty, we care about whether it resides, who is operating on the data, but the moment that the data is being processed, I need to trust that the processing of the data we abide by user's control, by the policies that I put in place of how my data is going to be used. And if you look at a lot of the regulation today and a lot of the initiatives around the International Data Space Association, IDSA and Gaia-X, there is a movement of saying the two parties, the provider of the data and the receiver of the data going to agree on a contract that describes what my data can be used for. The challenge is to ensure that once the data crosses boundaries, that the data will be used for the purposes that it was intended and specified in the contract. And if you actually bring together, and this is the exciting part, confidential computing together with policy enforcement. Now, the policy enforcement can guarantee that the data is only processed within the confines of a confidential computing environment, that the workload is in cryptographically verified that there is the workload that was meant to process the data and that the data will be only used when abiding to the confidentiality and integrity safety of the confidential computing environment. And that's why we believe confidential computing is one necessary and essential technology that will allow us to ensure data sovereignty, especially when it comes to user's control. >> Thank you for that. I mean it was a deep dive, I mean brief, but really detailed. So I appreciate that, especially the verification of the enforcement. Last question, I met you two because as part of my year-end prediction post, you guys sent in some predictions and I wasn't able to get to them in the predictions post, so I'm thrilled that you were able to make the time to come on the program. How widespread do you think the adoption of confidential computing will be in '23 and what's the maturity curve look like this decade in your opinion? Maybe each of you could give us a brief answer. >> So my prediction in five, seven years as I started, it will become utility, it will become TLS. As of freakin' 10 years ago, we couldn't believe that websites will have certificates and we will support encrypted traffic. Now we do, and it's become ubiquity. It's exactly where our confidential computing is heeding and heading, I don't know we deserve yet. It'll take a few years of maturity for us, but we'll do that. >> Thank you. And Patricia, what's your prediction? >> I would double that and say, hey, in the very near future, you will not be able to afford not having it. I believe as digital sovereignty becomes ever more top of mind with sovereign states and also for multinational organizations, and for organizations that want to collaborate with each other, confidential computing will become the norm, it will become the default, if I say mode of operation. I like to compare that today is inconceivable if we talk to the young technologists, it's inconceivable to think that at some point in history and I happen to be alive, that we had data at rest that was non-encrypted, data in transit that was not encrypted. And I think that we'll be inconceivable at some point in the near future that to have unencrypted data while we use. >> You know, and plus I think the beauty of the this industry is because there's so much competition, this essentially comes for free. I want to thank you both for spending some time on Breaking Analysis, there's so much more we could cover. I hope you'll come back to share the progress that you're making in this area and we can double click on some of these topics. Really appreciate your time. >> Anytime. >> Thank you so much, yeah. >> In summary, while confidential computing is being touted by the cloud players as a promising technology for enhancing data privacy and security, there are also those as we said, who remain skeptical. The truth probably lies somewhere in between and it will depend on the specific implementation and the use case as to how effective confidential computing will be. Look as with any new tech, it's important to carefully evaluate the potential benefits, the drawbacks, and make informed decisions based on the specific requirements in the situation and the constraints of each individual customer. But the bottom line is silicon manufacturers are working with cloud providers and other system companies to include confidential computing into their architectures. Competition in our view will moderate price hikes and at the end of the day, this is under-the-covers technology that essentially will come for free, so we'll take it. I want to thank our guests today, Nelly and Patricia from Google. And thanks to Alex Myerson who's on production and manages the podcast. Ken Schiffman as well out of our Boston studio. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters, and Rob Hoof is our editor-in-chief over at siliconangle.com, does some great editing for us. Thank you all. Remember all these episodes are available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com where you can get all the news. If you want to get in touch, you can email me at david.vellante@siliconangle.com or DM me at D Vellante, and you can also comment on my LinkedIn post. Definitely you want to check out etr.ai for the best survey data in the enterprise tech business. I know we didn't hit on a lot today, but there's some amazing data and it's always being updated, so check that out. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis. (subtle music)

>>Keon Cloud Native Con kicks off in Detroit on October 24th, and we're pleased to have Stewart Miniman, who's the director of Market Insights, hi, at, for hybrid platforms at Red Hat back in the studio to help us understand the key trends to look for at the events. Do welcome back, like old, old, old >>Home. Thank you, David. It's great to, great to see you and always love doing these previews, even though Dave, come on. How many years have I told you Cloud native con, It's a hoodie crowd. They're gonna totally call you out for where in a tie and things like that. I, I know you want to be an ESPN sportscaster, but you know, I I, I, I still don't think even after, you know, this show's been around for so many years that there's gonna be too many ties into Troy. I >>Know I left the hoodie in my off, I'm sorry folks, but hey, we'll just have to go for it. Okay. Containers generally, and Kubernetes specifically continue to show very strong spending momentum in the ETR survey data. So let's bring up this slide that shows the ETR sectors, all the sectors in the tax taxonomy with net score or spending velocity in the vertical axis and pervasiveness on the horizontal axis. Now, that red dotted line that you see, that marks the elevated 40% mark, anything above that is considered highly elevated in terms of momentum. Now, for years, the big four areas of momentum that shine above all the rest have been cloud containers, rpa, and ML slash ai for the first time in 10 quarters, ML and AI and RPA have dropped below the 40% line, leaving only cloud and containers in rarefied air. Now, Stu, I'm sure this data doesn't surprise you, but what do you make of this? >>Yeah, well, well, Dave, I, I did an interview with at Deepak who owns all the container and open source activity at Amazon earlier this year, and his comment was, the default deployment mechanism in Amazon is containers. So when I look at your data and I see containers and cloud going in sync, yeah, that, that's, that's how we see things. We're helping lots of customers in their overall adoption. And this cloud native ecosystem is still, you know, we're still in that Cambridge explosion of new projects, new opportunities, AI's a great workload for these type type of technologies. So it's really becoming pervasive in the marketplace. >>And, and I feel like the cloud and containers go hand in hand, so it's not surprising to see those two above >>The 40%. You know, there, there's nothing to say that, Look, can I run my containers in my data center and not do the public cloud? Sure. But in the public cloud, the default is the container. And one of the hot discussions we've been having in this ecosystem for a number of years is edge computing. And of course, you know, I want something that that's small and lightweight and can do things really fast. A lot of times it's an AI workload out there, and containers is a great fit at the edge too. So wherever it goes, containers is a good fit, which has been keeping my group at Red Hat pretty busy. >>So let's talk about some of those high level stats that we put together and preview for the event. So it's really around the adoption of open source software and Kubernetes. Here's, you know, a few fun facts. So according to the state of enterprise open source report, which was published by Red Hat, although it was based on a blind survey, nobody knew that that Red Hat was, you know, initiating it. 80% of IT execs expect to increase their use of enterprise open source software. Now, the CNCF community has currently more than 120,000 developers. That's insane when you think about that developer resource. 73% of organizations in the most recent CNCF annual survey are using Kubernetes. Now, despite the momentum, according to that same Red Hat survey, adoption barriers remain for some organizations. Stu, I'd love you to talk about this specifically around skill sets, and then we've highlighted some of the other trends that we expect to see at the event around Stu. I'd love to, again, your, get your thoughts on the preview. You've done a number of these events, automation, security, governance, governance at scale, edge deployments, which you just mentioned among others. Now Kubernetes is eight years old, and I always hear people talking about there's something coming beyond Kubernetes, but it looks like we're just getting started. Yeah, >>Dave, It, it is still relatively early days. The CMC F survey, I think said, you know, 96% of companies when they, when CMC F surveyed them last year, were either deploying Kubernetes or had plans to deploy it. But when I talked to enterprises, nobody has said like, Hey, we've got every group on board and all of our applications are on. It is a multi-year journey for most companies and plenty of them. If you, you look at the general adoption of technology, we're still working through kind of that early majority. We, you know, passed the, the chasm a couple of years ago. But to a point, you and I we're talking about this ecosystem, there are plenty of people in this ecosystem that could care less about containers and Kubernetes. Lots of conversations at this show won't even talk about Kubernetes. You've got, you know, big security group that's in there. >>You've got, you know, certain workloads like we talked about, you know, AI and ml and that are in there. And automation absolutely is playing a, a good role in what's going on here. So in some ways, Kubernetes kind of takes a, a backseat because it is table stakes at this point. So lots of people involved in it, lots of activities still going on. I mean, we're still at a cadence of three times a year now. We slowed it down from four times a year as an industry, but there's, there's still lots of innovation happening, lots of adoption, and oh my gosh, Dave, I mean, there's just no shortage of new projects and new people getting involved. And what's phenomenal about it is there's, you know, end user practitioners that aren't just contributing. But many of the projects were spawned out of work by the likes of Intuit and Spotify and, and many others that created some of the projects that sit alongside or above the, the, you know, the container orchestration itself. >>So before we talked about some of that, it's, it's kind of interesting. It's like Kubernetes is the big dog, right? And it's, it's kind of maturing after, you know, eight years, but it's still important. I wanna share another data point that underscores the traction that containers generally are getting in Kubernetes specifically have, So this is data from the latest ETR survey and shows the spending breakdown for Kubernetes in the ETR data set for it's cut for respondents with 50 or more citations in, in by the IT practitioners that lime green is new adoptions, the forest green is spending 6% or more relative to last year. The gray is flat spending year on year, and those little pink bars, that's 6% or down spending, and the bright red is retirements. So they're leaving the platform. And the blue dots are net score, which is derived by subtracting the reds from the greens. And the yellow dots are pervasiveness in the survey relative to the sector. So the big takeaway here is that there is virtually no red, essentially zero churn across all sectors, large companies, public companies, private firms, telcos, finance, insurance, et cetera. So again, sometimes I hear this things beyond Kubernetes, you've mentioned several, but it feels like Kubernetes is still a driving force, but a lot of other projects around Kubernetes, which we're gonna hear about at the show. >>Yeah. So, so, so Dave, right? First of all, there was for a number of years, like, oh wait, you know, don't waste your time on, on containers because serverless is gonna rule the world. Well, serverless is now a little bit of a broader term. Can I do a serverless viewpoint for my developers that they don't need to think about the infrastructure but still have containers underneath it? Absolutely. So our friends at Amazon have a solution called Fargate, their proprietary offering to kind of hide that piece of it. And in the open source world, there's a project called Can Native, I think it's the second or third can Native Con's gonna happen at the cncf. And even if you use this, I can still call things over on Lambda and use some of those functions. So we know Dave, it is additive and nothing ever dominates the entire world and nothing ever dies. >>So we have, we have a long runway of activities still to go on in containers and Kubernetes. We're always looking for what that next thing is. And what's great about this ecosystem is most of it tends to be additive and plug into the pieces there, there's certain tools that, you know, span beyond what can happen in the container world and aren't limited to it. And there's others that are specific for it. And to talk about the industries, Dave, you know, I love, we we have, we have a community event that we run that's gonna happen at Cubans called OpenShift Commons. And when you look at like, who's speaking there? Oh, we've got, you know, for Lockheed Martin, University of Michigan and I g Bank all speaking there. So you look and it's like, okay, cool, I've got automotive, I've got, you know, public sector, I've got, you know, university education and I've got finance. So all of you know, there is not an industry that is not touched by this. And the general wave of software adoption is the reason why, you know, not just adoption, but the creation of new software is one of the differentiators for companies. And that is what, that's the reason why I do containers, isn't because it's some cool technology and Kubernetes is great to put on my resume, but that it can actually accelerate my developers and help me create technology that makes me respond to my business and my ultimate end users. Well, >>And you know, as you know, we've been talking about the Supercloud a lot and the Kubernetes is clearly enabler to, to Supercloud, but I wanted to go back, you and John Furrier have done so many of, you know, the, the cube cons, but but go back to Docker con before Kubernetes was even a thing. And so you sort of saw this, you know, grow. I think there's what, how many projects are in CNCF now? I mean, hundreds. Hundreds, okay. And so you're, Will we hear things in Detroit, things like, you know, new projects like, you know, Argo and capabilities around SI store and things like that? Well, you're gonna hear a lot about that. Or is it just too much to cover? >>So I, I mean the, the good news, Dave, is that the CNCF really is, is a good steward for this community and new things got in get in. So there's so much going on with the existing projects that some of the new ones sometimes have a little bit of a harder time making a little bit of buzz. One of the more interesting ones is a project that's been around for a while that I think back to the first couple of Cube Cuban that John and I did service Mesh and Istio, which was created by Google, but lived under basically a, I guess you would say a Google dominated governance for a number of years is now finally under the CNCF Foundation. So I talked to a number of companies over the years and definitely many of the contributors over the years that didn't love that it was a Google Run thing, and now it is finally part. >>So just like Kubernetes is, we have SEO and also can Native that I mentioned before also came outta Google and those are all in the cncf. So will there be new projects? Yes. The CNCF is sometimes they, they do matchmaking. So in some of the observability space, there were a couple of projects that they said, Hey, maybe you can go merge down the road. And they ended up doing that. So there's still you, you look at all these projects and if I was an end user saying, Oh my God, there is so much change and so many projects, you know, I can't spend the time in the effort to learn about all of these. And that's one of the challenges and something obviously at Red Hat, we spend a lot of time figuring out, you know, not to make winners, but which are the things that customers need, Where can we help make them run in production for our, our customers and, and help bring some stability and a little bit of security for the overall ecosystem. >>Well, speaking of security, security and, and skill sets, we've talked about those two things and they sort of go hand in hand when I go to security events. I mean, we're at reinforced last summer, we were just recently at the CrowdStrike event. A lot of the discussion is sort of best practice because it's so complicated. And, and, and will you, I presume you're gonna hear a lot of that here because security securing containers now, you know, the whole shift left thing and shield right is, is a complicated matter, especially when you saw with the earlier data from the Red Hat survey, the the gaps are around skill sets. People don't have the skill. So should we expect to hear a lot about that, A lot of sort of how to, how to take advantage of some of these new capabilities? >>Yeah, Dave, absolutely. So, you know, one of the conversations going on in the community right now is, you know, has DevOps maybe played out as we expect to see it? There's a newer term called platform engineering, and how much do I need to do there? Something that I, I know your, your team's written a lot about Dave, is how much do you need to know versus what can you shift to just a platform or a service that I can consume? I've talked a number of times with you since I've been at Red Hat about the cloud services that we offer. So you want to use our offering in the public cloud. Our first recommendation is, hey, we've got cloud services, how much Kubernetes do you really want to learn versus you want to do what you can build on top of it, modernize the pieces and have less running the plumbing and electric and more, you know, taking advantage of the, the technologies there. So that's a big thing we've seen, you know, we've got a big SRE team that can manage that for use so that you have to spend less time worrying about what really is un differentiated heavy lifting and spend more time on what's important to your business and your >>Customers. So, and that's, and that's through a managed service. >>Yeah, absolutely. >>That whole space is just taken off. All right, Stu I'll give you the final word. You know, what are you excited about for, for, for this upcoming event and Detroit? Interesting choice of venue? Yeah, >>Look, first of off, easy flight. I've, I've never been to Detroit, so I'm, I'm willing to give it a shot and hopefully, you know, that awesome airport. There's some, some, some good things there to learn. The show itself is really a choose your own adventure because there's so much going on. The main show of QAN and cloud Native Con is Wednesday through Friday, but a lot of a really interesting stuff happens on Monday and Tuesday. So we talked about things like OpenShift Commons in the security space. There's cloud Native Security Day, which is actually two days and a SIG store event. There, there's a get up show, there's, you know, k native day. There's so many things that if you want to go deep on a topic, you can go spend like a workshop in some of those you can get hands on to. And then at the show itself, there's so much, and again, you can learn from your peers. >>So it was good to see we had, during the pandemic, it tilted a little bit more vendor heavy because I think most practitioners were pretty busy focused on what they could work on and less, okay, hey, I'm gonna put together a presentation and maybe I'm restricted at going to a show. Yeah, not, we definitely saw that last year when I went to LA I was disappointed how few customer sessions there were. It, it's back when I go look through the schedule now there's way more end users sharing their stories and it, it's phenomenal to see that. And the hallway track, Dave, I didn't go to Valencia, but I hear it was really hopping felt way more like it was pre pandemic. And while there's a few people that probably won't come because Detroit, we think there's, what we've heard and what I've heard from the CNCF team is they are expecting a sizable group up there. I know a lot of the hotels right near the, where it's being held are all sold out. So it should be, should be a lot of fun. Good thing I'm speaking on an edge panel. First time I get to be a speaker at the show, Dave, it's kind of interesting to be a little bit of a different role at the show. >>So yeah, Detroit's super convenient, as I said. Awesome. Airports too. Good luck at the show. So it's a full week. The cube will be there for three days, Tuesday, Wednesday, Thursday. Thanks for coming. >>Wednesday, Thursday, Friday, sorry, >>Wednesday, Thursday, Friday is the cube, right? So thank you for that. >>And, and no ties from the host, >>No ties, only hoodies. All right Stu, thanks. Appreciate you coming in. Awesome. And thank you for watching this preview of CubeCon plus cloud Native Con with at Stu, which again starts the 24th of October, three days of broadcasting. Go to the cube.net and you can see all the action. We'll see you there.

hi everybody welcome back to boston you're watching thecube's coverage of reinforce 2022 last time we were here live was 2019. had a couple years of virtual merit bear is here she's with the office of the cso for aws merit welcome back to the cube good to see you thank you for coming on thank you so much it's good to be back um yes cso chief information security officer for folks who are acronym phobia phobic yeah okay so what do you do for the office of the is it ciso or sizzo anyway ah whatever is it sim or theme um i i work in three areas so i sit in aws security and i help us do security we're a shop that runs on aws i empathize with folks who are running shops it is process driven it takes hard work but we believe in certain mechanisms and muscle groups so you know i work on getting those better everything from how we do threat intelligence to how we guard rail employees and think about vending accounts and those kinds of things i also work in customer-facing interactions so when a cso wants to meet awssc so that's often me and then the third is product side so ensuring that everything we deliver not just security services are aligned with security best practices and expectations for our customers so i have to ask you right off the bat so we do a lot of spending surveys we have a partner etr i look at the data all the time and for some reason aws never shows up in the spending metrics why do you think that is maybe that talks to your strategy let's double click on that yeah so first of all um turn on guard duty get shield advanced for the you know accounts you need the 3k is relatively small and a large enterprise event like this doesn't mean don't spend on security there is a lot of goodness that we have to offer in ess external security services but i think one of the unique parts of aws is that we don't believe that security is something you should buy it's something that you get from us it's something that we do for you a lot of the time i mean this is the definition of the shared responsibility model right everything that you interact with on aws has been subject to the same rigorous standards and we aws security have umbrella arms around those but we also ensure that service teams own the security of their service so a lot of times when i'm talking to csos and i say security teams or sorry service teams own the security of their service they're curious like how do they not get frustrated and the answer is we put in a lot of mechanisms to allow those to go through so there's automation there are robots that resolve those trouble tickets you know like and we have emissaries we call them guardian champions that are embedded in service teams at any rate the point is i think it's really beautiful the way that customers who are you know enabling services in general benefit from the inheritances that they get and in some definition this is like the value proposition of cloud when we take care of those lower layers of the stack we're doing everything from the concrete floors guards and gates hvac you know in the case of something like aws bracket which is our quantum computing like we're talking about you know near vacuum uh environments like these are sometimes really intricate and beautiful ways that we take care of stuff that was otherwise manual and ugly and then we get up and we get really intricate there too so i gave a talk this morning about ddos protection um and all the stuff that we're doing where we can see because of our vantage point the volume and that leads us to be a leader in volumetric attack signatures for example manage rule sets like that costs you nothing turn on your dns firewall like there are ways that you just as a as an aws customer you inherit our rigorous standards and you also are able to benefit from the rigor with which we you know exact ourselves to really you're not trying to make it a huge business at least as part of your your portfolio it's just it's embedded it's there take advantage of it i want everyone to be secure and i will go to bad to say like i want you to do it and if money is a blocker let's talk about that because honestly we just want to do the right thing by customers and i want customers to use more of our services i genuinely believe that they are enablers we have pharma companies um that have helped enable you know personalized medicine and some of the copic vaccines we have you know like there are ways that this has mattered to people in really intimate ways um and then fun ways like formula one uh you know like there are things that allow us to do more and our customers to do more and security should be a way of life it's a way of breathing you don't wake up and decide that you're going to bolt it on one day okay so we heard cj moses keynote this morning i presume you were listening in uh we heard a lot about you know cool tools you know threat detection and devops and container security but he did explicitly talked about how aws is simplifying the life of the cso so what are you doing in that regard and what's that that's let's just leave it there for now i talk to c sales every day and i think um most of them have two main concerns one is how to get their organization to grow up like to understand what security looks like in a cloudy way um and that means that you know your login monitoring is going to be the forensics it's not going to be getting into the host that's on our side right and that's a luxury like i think there are elements of the cso job that have changed but that even if you know cj didn't explicitly call them out these are beauties things like um least privilege that you can accomplish using access analyzer and all these ways that inspector for example does network reachability and then all of these get piped to security hub and there's just ways that make it more accessible than ever to be a cso and to enable and embolden your people the second side is how csos are thinking about changing their organization so what are you reporting to the board um how are you thinking about hiring and um in the metrics side i would say you know being and i get a a lot of questions that are like how do we exhibit a culture of security and my answer is you do it you just start doing it like you make it so that your vps have to answer trouble tickets you may and and i don't mean literally like every trouble ticket but i mean they are 100 executives will say that they care about security but so what like you know set up your organization to be responsive to security and to um have to answer to them because it matters and and notice that because a non-decision is a decision and the other side is workforce right and i think um i see a lot of promise some of it unfulfilled in folks being hired to look different than traditional security folks and act different and maybe a first grade teacher or an architect or an artist and who don't consider themselves like particularly technical like the gorgeousness of cloud is that you can one teach yourself this i mean i didn't go to school for computer science like this is the kind of thing we all have to teach ourselves but also you can abstract on top of stuff so you're not writing code every day necessarily although if you are that's awesome and we love debbie folks but you know there's there's a lot of ways in which the machine of the security organization is suggesting i think cj was part to answer your question pointedly i think cj was trying to be really responsive to like all the stuff we're giving you all the goodness all the sprinkles on your cupcake not at all the organizational stuff that is kind of like you know the good stuff that we know we need to get into so i think so you're saying it's it's inherent it's inherently helping the cso uh her life his life become less complex and i feel like the cloud you said the customers are trying to become make their security more cloudy so i feel like the cloud has become the first line of defense now the cso your customer see so is the second line of defense maybe the audit is the third line what does that mean for the role of the the cso how is that they become a compliance officer what does that mean no no i think actually increasingly they are married or marriable so um when you're doing so for example if you are embracing [Music] ephemeral and immutable infrastructure then we're talking about using something like cloud formation or terraform to vend environments and you know being able to um use control tower and aws organizations to dictate um truisms through your environment you know like there are ways that you are basically in golden armies and you can come back to a known good state you can embrace that kind of cloudiness that allows you to get good to refine it to kill it and spin up a new infrastructure and that means though that like your i.t and your security will be woven in in a really um lovely way but in a way that contradicts certain like existing structures and i think one of the beauties is that your compliance can then wake up with it right your audit manager and your you know security hub and other folks that do compliance as code so you know inspector for example has a tooling that can without sending a single packet over the network do network reachability so they can tell whether you have an internet facing endpoint well that's a pci standard you know but that's also a security truism you shouldn't have internet facing endpoints you don't approve up you know like so these are i think these can go in hand in hand there are certainly i i don't know that i totally disregard like a defense in-depth notion but i don't think that it's linear in that way i think it's like circular that we hope that these mechanisms work together that we also know that they should speak to each other and and be augmented and aware of one another so an example of this would be that we don't just do perimeter detection we do identity-based fine-grained controls and that those are listening to and reasoned about using tooling that we can do using security yeah we heard a lot about reasoning as well in the keynote but i want to ask about zero trust like aws i think resisted using that term you know the industry was a buzzword before the pandemic it's probably more buzzy now although in a way it's a mandate um depending on how you look at it so i mean you anything that's not explicitly allowed is denied in your world and you have tools and i mean that's a definition if it's a die that overrides if it's another it's a deny call that will override and allow yeah that's true although anyway finish your question yeah yeah so so my it's like if there's if there's doubt there's no doubt it seems in your world but but but you have a lot of capabilities seems to me that this is how you you apply aws internal security and bring that to your customers do customers talk to you about zero trust are they trying to implement zero trust what's the best way for them to do that when they don't have that they have a lack of talent they don't have the skill sets uh that it and the knowledge that aws has what are you hearing from customers in that regard yeah that's a really um nuanced phrasing which i appreciate because i think so i think you're right zero trust is a term that like means everything and nothing i mean like this this notebook is zero trust like no internet comes in or out of it like congratulations you also can't do business on it right um i do a lot of business online you know what i mean like you can't uh transact something to other folks and if i lose it i'm screwed yeah exactly i usually have a water bottle or something that's even more inanimate than your notebook um but i guess my point is we i don't think that the term zero trust is a truism i think it's a conceptual framework right and the idea is that we want to make it so that someone's position in the network is agnostic to their permissioning so whereas in the olden days like a decade ago um we might have assumed that when you're in the perimeter you just accept everything um that's no longer the right way to think about it and frankly like covid and work from home may have accelerated this but this was ripe to be accelerated anyway um what we are thinking about is both like you said under the network so like the network layer are we talking about machine to machine are we talking about like um you know every api call goes over the open internet with no inherent assurances human to app or it's protected by sig v4 you know like there is an inherent zero trust case that we have always built this goes back to a jeff bezos mandate from 2002 that everything be an api call that is again this kind of like building security into it when we say security is job zero it not only reflects the fact that like when you build a terraform or a cloud formation template you better have permission things appropriately or try to but also that like there is no cloud without security considerations you don't get to just bolt something on after the fact so that being said now that we embrace that and we can reason about it and we can use tools like access analyzer you know we're also talking about zero trust in that like i said augmentation identity centric fine grained controls so an example of this would be a vpc endpoint policy where it is a perm the perimeter is dead long live the perimeter right you'll have your traditional perimeter your vpc or your vpn um augmented by and aware of the fine-grained identity-centric ones which you can also reason about prune down continuously monitor and so on and that'll also help you with your logging and monitoring because you know what your ingress and egress points are how concerned should people be with quantum messing up all the encryption algos oh it's stopping created right okay so but we heard about this in the keynote right so is it just a quantum so far off by the time we get there is it like a y2k you're probably not old enough to remember y2k but y2k moment right i mean i can't take you anywhere what should we um how should we be thinking about quantum in the context of security and sure yeah i mean i think we should be thinking about quantum and a lot of dimensions as operationally interesting and how we can leverage i think we should be thinking about it in the security future for right now aes256 is something that is not broken so we shouldn't try to fix it yeah cool encrypt all the things you can do it natively you know like i love talking about quantum but it's more of an aspirational and also like we can be doing high power compute to solve problems you know but like for it to get to a security uh potentially uh vulnerable state or like something that we should worry about is a bit off yeah and show me an application that can yeah and i mean and i think at that point we're talking about homomorphic improvements about another thing i kind of feel the same way is that you know there's a lot of hype around it a lot of ibm talks about a lot you guys talked about in your keynote today and when i really talk to people who understand this stuff it seems like it's a long long way off i don't think it's a long long way off but everything is dog years in tech world but um but for today you know like for today encrypt yourself we will always keep our encryption up to standard and you know that will be for now like the the industry grade standard that folks i mean like i i have i have never heard of a case where someone had their kms keys broken into i um i always ask like awesome security people this question did you like how did you get into this did you have like did you have a favorite superhero as a kid that was going to save the world i um was always the kid who probably would have picked up a book about the cia and i like find this and i don't remember who i was before i was a security person um but i also think that as a woman um from an american indian family walking through the world i think about the relationship between dynamics with the government and companies and individuals and how we want to construct those and the need for voices that are observant of the ways that those interplay and i always saw this as a field where we can do a lot of good yeah amazing merritt thanks so much for coming on thecube great guest john said you would be really appreciate your time of course all right keep it ready you're very welcome keep it right there this is dave vellante for the cube we'll be right back at aws reinforced 2022 from boston keep right there [Music]

>>Hello, and welcome back to the cubes coverage of coop con cloud native con 2021. We're here in person at a real event. I'm John farrier host of the cube, but Dave Nicholson, Michael has got great guests here. Two founders of brand new startup, one week old cable on ASCII and Dave Lawrence, uh, with chain guard, former Google employees, open source community members decided to start a company with five other people on total five total. Congratulations. Welcome to the cube. >>Thank you. Thank you for >>Having us. So tell us like a product, you know, we know you don't have a price. So take us through the story because this is one of those rare moments. We got great chance to chat with you guys just a week into the new forms company and the team. What's the focus, what's the vision. >>How far back do you want to go with this story >>And why you left Google? So, you know, we're a gin and tonics. We get a couple of beers I can do that. We can do that. Let's just take over the world. >>Yeah. So we both been at Google, uh, for awhile. Um, the last couple of years we've been really worried about and focused on open-source security risk and supply chain security in general and software. Um, it's been a really interesting time as you probably noticed, uh, to be in that space, but it wasn't that interesting two years ago or even a year and a half ago. Um, so we were doing a bunch of this work at Google and the open source. Nobody really understood it. People kind of looked at us funny at talks and conferences. Um, and then beginning of this year, a bunch of attacks started happening, uh, things in the headlines like solar winds, solar winds attack, like you say, it attack all these different ransomware things happening. Uh, companies and governments are getting hit with supply chain attacks. So overnight people kind of started caring and being really worried about the stuff that we've been doing for a while. So it was a pretty cool thing to be a part of. And it seemed like a good time to start a company and keep your >>Reaction to this startup. How do you honestly feel, I suppose, feeling super excited. Yeah. >>I am really excited. I was in stars before Google. So then I went to Google where there for seven, I guess, Dan, a little bit longer, but I was there for seven years on the product side. And then yeah, we, we, the open source stuff, we were really there for protecting Google and we both came from cloud before that working on enterprise product. So then sorta just saw the opportunity, you know, while these companies trying to scramble and then sort of figure out how to better secure themselves. So it seemed like a perfect, >>The start-up bug and you back in the start up, but it's the timing's perfect. I got to say, this is a big conversation supply chain from whether it's components and software now, huge attack vector, people are taking advantage of it super important. So I'm really glad you're doing it. But first explain to the folks watching what is supply chain software? What's the challenge? What is the, what is the supply chain security challenge or problem? >>Sure. Yeah, it's the metaphor of software supply chain. It's just like physical supply chain. That's where the name came from. And it, it really comes down to how the code gets from your team's keyboard, your team's fingers on those keyboards into your production environment. Um, and that's just the first level of it. Uh, cause nobody writes all of the code. They use themselves. We're here at cloud native con it's hundreds of open source vendors, hundreds of open libraries that people are reusing. So your, your trust, uh, radius and your attack radius extends to not just your own companies, your own developers, but to everyone at this conference. And then everyone that they rely on all the way out. Uh, it's quite terrifying. It's a surface, the surface area explode pretty quickly >>And people are going and the, and the targeting to, because everyone's touching the code, it's open. It's a lot of action going on. How do you solve the problem? What is the approach? What's the mindset? What's the vision on the problems solving solutions? >>Yeah, that's a great question. I mean, I think like you said, the first step is awareness. Like Dan's been laughing, he's been, he felt like a crazy guy in the corner saying, you know, stop building software underneath your desk and you know, getting companies, >>Hey, we didn't do, why don't you tell them? I was telling him for five years. >>Yeah. But, but I think one of his go-to lines was like, would you pick up a thumb drive off the side of the street and plug it into your computer? Probably not. But when you download, you know, an open source package or something, that's actually can give you more privileges and production environments and it's so it's pretty scary. Um, so I think, you know, for the last few years we've been working on a number of open source projects in this space. And so I think that's where we're going to start is we're going to look at those and then try to grow out the community. And we're, we're watching companies, even like solar winds, trying to piece these parts together, um, and really come up with a better solution for themselves. >>Are there existing community initiatives or open source efforts that are underway that you plan to participate in or you chart? Are you thinking of charting a new >>Path? >>Oh, it's that looks like, uh, Thomas. Yeah, the, the SIG store project we kicked off back in March, if you've covered that or familiar with that at all. But we kicked that off back in March of 2021 kind of officially we'd look at code for awhile before then the idea there was to kind of do what let's encrypted, uh, for browsers and Webster, um, security, but for code signing and open source security. So we've always been able to get code signing certificates, but nobody's really using them because they're expensive. They're complicated, just like less encrypted for CAS. They made a free one that was automated and easy to use for developers. And now people do without thinking about it in six stores, we tried to do the same thing for open source and just because of the headlines that were happening and all of the attacks, the momentum has just been incredible. >>Is it a problem that people just have to just get on board with a certain platform or tool or people have too many tools, they abandoned them there, their focus shifts is there. Why what's the, what's the main problem right now? >>Well, I think, you know, part of the problem is just having the tools easy enough for developers are going to want to use them and it's not going to get in our way. I think that's going to be a core piece of our company is really nailing down the developer experience and these toolings and like the co-sign part of SIG store that he was explaining, like it's literally one command line to sign, um, a package, assign a container and then one line to verify on the other side. And then these organizations can put together sort of policies around who they trust and their system like today it's completely black box. They have no idea what they're running and takes a re >>You have to vape to rethink and redo everything pretty much if they want to do it right. If they just kind of fixing the old Europe's sold next solar with basically. >>Yeah. And that's why we're here at cloud native con when people are, you know, the timing is perfect because people are already rethinking how their software gets built as they move it into containers and as they move it into Kubernetes. So it's a perfect opportunity to not just shift to Kubernetes, but to fix the way you build software from this, >>What'd you say is the most prevalent change mindset change of developers. Now, if you had to kind of, kind of look at it and say, okay, current state-of-the-art mindset of a developer versus say a few years ago, is it just that they're doing things modularly with more people? Or is it more new approaches? Is there a, is there a, >>I think it's just paying attention to your building release process and taking it seriously. This has been a theme for, since I've been in software, but you have these very fancy production data centers with physical security and all these levels of, uh, Preston prevention and making sure you can't get in there, but then you've got a Jenkins machine that's three years old under somebody's desk building the code that goes into there. >>It gets socially engineered. It gets at exactly. >>Yeah. It's like the, it's like the movies where they, uh, instead of breaking into jail, they hide in the food delivery truck. And it's, it's that, that's the metaphor that I like perfectly. The fence doesn't work. If your truck, if you open the door once a week, it doesn't matter how big defenses. Yeah. So that's >>Good Dallas funny. >>And I, I think too, like when I used to be an engineer before I joined Google, just like how easy it is to bring in a third party package or something, you know, you need like an image editing software, like just go find one off the internet. And I think, you know, developers are slowly doing a mind shift. They're like, Hey, if I introduce a new dependency, you know, there's going to be, I'm going to have to maintain this thing and understand >>It's a little bit of a decentralized view too. Also, you got a little bit of that. Hey, if you sign it, you own it. If it tracks back to you, okay, you are, your fingerprints are, if you will, or on that chain of >>Custody and custody. >>Exactly. I was going to say, when I saw chain guard at first of course, I thought that my pant leg riding a bike, but then of course the supply chain things coming in, like on a conveyor belt, conveyor, conveyor belt. But that, that whole question of chain of custody, it isn't, it isn't as simple as a process where someone grabs some code, embeds it in, what's going on, pushes it out somewhere else. That's not the final step typically. Yeah. >>So somebody else grabs that one. And does it again, 35 more times, >>The one, how do you verify that? That's yeah, it seems like an obvious issue that needs to be addressed. And yet, apparently from what you're telling us for quite a while, people thought you were a little bit in that, >>And it's not just me. I mean, not so Ken Thompson of bell labs and he wrote the book >>He wrote, yeah, it was a seatbelt that I grew >>Up on in the eighties. He gave a famous lecture called uh, reflections on trusting trust, where he pranked all of his colleagues at bell labs by putting a back door in a compiler. And that put back doors into every program that compiled. And he was so clever. He even put it in, he made that compiler put a backdoor into the disassembler to hide the back door. So he spent weeks and, you know, people just kind of gave up. And I think at that point they were just like, oh, we can't trust any software ever. And just forgot about it and kept going on and living their lives. So this is a 40 year old problem. We only care about it now. >>It's totally true. A lot of these old sacred cows. So I would have done life cycles, not really that relevant anymore because the workflows are changing. These new Bev changes. It's complete dev ops is taken over. Let's just admit it. Right. So if we have ops is taken over now, cloud native apps are hitting the scene. This is where I think there's a structural industry change, not just the community. So with that in mind, how do you guys vector into that in terms of a market entry? What's just thinking around product. Obviously you got a higher, did you guys raise some capital in process? A little bit of a capital raise five, no problem. Todd market, but product wise, you've got to come in, get the beachhead. >>I mean, we're, we're, we're casting a wide net right now and talking to as many customers like we've met a lot of these, these customer potential customers through the communities, you know, that we've been building and we did a supply chain security con helped with that event, this, this Monday to negative one event and solar winds and Citibank were there and talking about their solutions. Um, and so I think, you know, and then we'll narrow it down to like people that would make good partners to work with and figure out how they think they're solving the problem today. And really >>How do you guys feel good? You feel good? Well, we got Jerry Chen coming off from gray lock next round. He would get a term sheet, Jerry, this guy's got some action on it in >>There. Probably didn't reply to him on LinkedIn. >>He's coming out with Kronos for him. He just invested 200 million at CrossFit. So you guys should have a great time. Congratulations on the leap. I know it's comfortable to beat Google, a lot of things to work on. Um, and student startups are super fun too, but not easy. None of the female or, you know, he has done it before, so. Right. Cool. What do you think about today? Did the event here a little bit smaller, more VIP event? What's your takeaway on this? >>It's good to be back in person. Obviously we're meeting, we've been associating with folks over zoom and Google meets for a while now and meeting them in person as I go, Hey, no hard to recognize behind the mask, but yeah, we're just glad to sort of be back out in a little bit of normalization. >>Yeah. How's everything in Austin, everyone everyone's safe and good over there. >>Yeah. It's been a long, long pandemic. Lots of ups and downs, but yeah. >>Got to get the music scene back. Most of these are comes back in the house. Everything's all back to normal. >>Yeah. My hair doesn't normally look like this. I just haven't gotten a haircut since this also >>You're going to do well in this market. You got a term sheet like that. Keep the hair, just to get the money. I think I saw your LinkedIn profile and I was wondering it's like, which version are we going to get? Well, super relevant. Super great topic. Congratulations. Thanks for coming on. Sharing the story. You're in the queue. Great jumper. Dave Nicholson here on the cube date, one of three days we're back in person of course, hybrid event. Cause the cube.net for all more footage and highlights and remote interviews. So stay tuned more coverage after this short break.

>>Welcome to this cube conversation. I'm Dave Nicholson and we're having this conversation in advance of cube con cloud native con north America, 2021. Uh, we are going to be talking specifically about a subject near and dear to my heart, and that is security. We have a very special guest from red hat, the security lead from the office of the CTO. New kinds. Welcome. Welcome to the cube Luke. >>Oh, it's great to be here. Thank you, David. Really looking forward to this conversation. >>So you have a session, uh, at a CubeCon slash cloud native con this year. And, uh, frankly, I look at the title and based on everything that's going on in the world today, I'm going to accuse you of clickbait because the title of your session is a secure supply chain vision. Sure. What other than supply chain has is in the news today, all of these things going on, but you're talking about the software supply chain. Aren't you tell, tell us about, tell us about this vision, where it came from Phyllis in. >>Yes, very much. So I do agree. It is a bit of a buzzword at the moment, and there is a lot of attention. It is the hot topic, secure supply chains, thanks to things such as the executive order. And we're starting to see an increase in attacks as well. So there's a recent statistic came out that was 620%. I believe increase since last year of supply chain attacks involving the open source ecosystem. So things are certainly ramping up. And so there is a bit of clickbait. You got me there. And um, so supply chains, um, so it's predominantly let's consider what is a supply chain. Okay. And we'll, we'll do this within the context of cloud native technology. Okay. Cause there's many supply chains, you know, many, many different software supply chains. But if we look at a cloud native one predominantly it's a mix of people and machines. >>Okay. So you'll have your developers, uh, they will then write code. They will change code and they'll typically use our, a code revision control system, like get, okay, so they'll make their changes there. Then push those changes up to some sort of repository, typically a get Harbor or get level, something like that. Then another human will then engage and they will review the code. So somebody that's perhaps a maintain will look at the code and they'll improve that a code. And then at the same time, the machine start to get involved. So you have your build servers that run tests and integration tests and they check the code is linted correctly. Okay. And then you have this sort of chain of events that start to happen. These machines, these various actors that start to play their parts in the chain. Okay. So your build system might generate a container image is a very common thing within a cloud native supply chain. >>Okay. And then that image is typically deployed to production or it's hosted on a registry, a container registry, and then somebody else might utilize that container image because it has software that you've packaged within that container. Okay. And then this sort of prolific expansion of use of coasts where people start to rely on other software projects for their own dependencies within their code. Okay. And you've got this kind of a big spaghetti of actors that are dependent on each other and feed him from each other. Okay. And then eventually that is deployed into production. Okay. So these machines are a lot of them non open source code. Okay. Even if there is a commercial vendor that manages that as a service, it's all based on predominantly open source code. Okay. And the security aspects with the supply chain is there's many junctures where you can exploit that supply chain. >>So you can exploit the human, or you could be a net ferrous human in the first place you could steal somebody's identity. Okay. And then there's the build systems themselves where they generate these artifacts and they run jobs. Okay. And then there are the production system, which pulls these down. Okay. And then there's the element of which we touched upon around libraries and dependencies. So if you look at a lot of projects, they will have approximately around a hundred, perhaps 500 dependencies that they all pull in from. Okay. So then you have the supply chains within each one of those, they've got their own set of humans and machines. And so it's a very large spaghetti beast of, of, of sort of dependence and actors and various identities that make up. >>Yeah. You're, you're describing a nightmarish, uh, scenario here. So, uh, so, so I definitely appreciate the setup there. It's a chain of custody nightmare. Yeah. >>Yes. Yeah. But it's also a wonderful thing because it's allowed us to develop in the paradigms that we have now very fast, you know, you can, you can, you can prototype and design and build and ship very fast, thanks to these tools. So they're wonderful. It's not to say that they're, you know, that there is a gift there, but security has arguably been left as a bit of an afterthought essentially. Okay. So security is always trying to it's at the back of the race. It's always trying to catch up with you. See what I mean? So >>Well, so is there a specific reason why this is particularly timely? Um, in, you know, when we, when we talk about deployment of cloud native applications, uh, something like 75% of what we think of is it is still on premesis, but definitely moving in the direction of what we loosely call cloud. Um, is why is this particularly timely? >>I think really because of the rampant adoption that we see. So, I mean, as you rightly say, a lot of, uh, it companies are still running on a, sort of a, more of a legacy model okay. Where deployments are more monolithic and statics. I mean, we've both been around for a while when we started, you would, you know, somebody would rack a server, they plug a network cable and you'd spend a week deploying the app, getting it to run, and then you'd walk away and leave it to a degree. Whereas now obviously that's really been turned on its head. So there is a, an element of not everybody has adopted this new paradigm that we have in development, but it is increasing, there is rapid adoption here. And, and many that aren't many that rather haven't made that change yet to, to migrate to a sort of a cloud type infrastructure. >>They certainly intend to, well, they certainly wished to, I mean, there's challenges there in itself, but it, I would say it's a safe bet to say that the prolific use of cloud technologies is certainly increasing as we see in all the time. So that also means the attack vectors are increasing as we're starting to see different verticals come into this landscape that we have. So it's not just your kind of a sort of web developer that are running some sort of web two.site. We have telcos that are starting to utilize cloud technology with virtual network functions. Uh, we have, um, health banking, FinTech, all of these sort of large verticals are starting to come into cloud and to utilize the cloud infrastructure model that that can save them money, you know, and it can make them, can make their develop more agile and, you know, there's many benefits. So I guess that's the main thing is really, there's a convergence of industries coming into this space, which is starting to increase the security risks as well. Because I mean, the security risks to a telco are a very different group to somebody that's developing a web platform, for example. >>Yeah. Yeah. Now you, you, uh, you mentioned, um, the sort of obvious perspective from the open source perspective, which is that a lot of this code is open source code. Um, and then I also, I assume that it makes a lot of sense for the open source community to attack this problem, because you're talking about so many things in that chain of custody that you described where one individual private enterprise is not likely to be able to come up with something that handles all of it. So, so what's your, what's your vision for how we address this issue? I know I've seen in, um, uh, some of the content that you've produced an allusion to this idea that it's very similar to the concept of a secure HTTP. And, uh, and so, you know, imagine a world where HTTP is not secure at any time. It's something we can't imagine yet. We're living in this parallel world where, where code, which is one of the four CS and cloud security, uh, isn't secure. So what do we do about that? And, and, and as you share that with us, I want to dive in as much as we can on six store explain exactly what that is and, uh, how you came up with this. >>Yes, yes. So, so the HTTP story's incredibly apt for where we are. So around the open source ecosystem. Okay. We are at the HTTP stage. Okay. So a majority of code is pulled in on trusted. I'm not talking about so much here, somebody like a red hat or, or a large sort of distributor that has their own sign-in infrastructure, but more sort of in the, kind of the wide open source ecosystem. Okay. The, um, amount of code that's pulled in on tested is it's the majority. Okay. So, so it is like going to a website, which is HTTP. Okay. And we sort of use this as a vision related to six store and other projects that are operating in this space where what happened effectively was it was very common for sites to run on HTTP. So even the likes of Amazon and some of the e-commerce giants, they used to run on HTTP. >>Okay. And obviously they were some of the first to, to, uh, deploy TLS and to utilize TLS, but many sites got left behind. Okay. Because it was cumbersome to get the TLS certificate. I remember doing this myself, you would have to sort of, you'd have to generate some keys, the certificate signing request, you'd have to work out how to run open SSL. Okay. You would then go to an, uh, a commercial entity and you'd probably have to scan your passport and send it to them. And there'll be this kind of back and forth. Then you'll have to learn how to configure it on your machine. And it was cumbersome. Okay. So a majority just didn't bother. They just, you know, they continue to run their, their websites on protected. What effectively happened was let's encrypt came along. Okay. And they disrupted that whole paradigm okay. >>Where they made it free and easy to generate, procure, and set up TLS certificates. So what happened then was there was a, a very large change that the kind of the zeitgeists changed around TLS and the expectations of TLS. So it became common that most sites would run HTTPS. So that allowed the browsers to sort of ring fence effectively and start to have controls where if you're not running HTTPS, as it stands today, as it is today is kind of socially unacceptable to run a site on HTTP is a bit kind of, if you go to HTTP site, it feels a bit, yeah. You know, it's kind of, am I going to catch a virus here? It's kind of, it's not accepted anymore, you know, and, and it needed that disruptor to make that happen. So we want to kind of replicate that sort of change and movement and perception around software signing where a lot of software and code is, is not signed. And the reason it's not signed is because of the tools. It's the same story. Again, they're incredibly cumbersome to use. And the adoption is very poor as well. >>So SIG stores specifically, where did this, where did this come from? And, uh, and, uh, what's your vision for the future with six? >>Sure. So six door, six doors, a lockdown project. Okay. It started last year, July, 2020 approximately. And, uh, a few people have been looking at secure supply chain. Okay. Around that time, we really started to look at it. So there was various people looking at this. So it's been speaking to people, um, various people at Purdue university in Google and, and other, other sort of people trying to address this space. And I'd had this idea kicking around for quite a while about a transparency log. Okay. Now transparency logs are actually, we're going back to HTTPS again. They're heavily utilized there. Okay. So when somebody signs a HTTPS certificate as a root CA, that's captured in this thing called a transparency log. Okay. And a transparency log is effectively what we call an immutable tamper proof ledger. Okay. So it's, it's kind of like a blockchain, but it's different. >>Okay. And I had this idea of what, if we could leverage this technology okay. For secure supply chain so that we could capture the provenance of code and artifacts and containers, all of these actions, these actors that I described at the beginning in the supply chain, could we utilize that to provide a tamper resistant publicly or DePaul record of the supply chain? Okay. So I worked on a prototype wherever, uh, you know, some, uh, a week or two and got something basic happening. And it was a kind of a typical open source story there. So I wouldn't feel right to take all of the glory here. It was a bit like, kind of, you look at Linux when he created a Linux itself, Linus, Torvalds, he had an idea and he shared it out and then others started to jump in and collaborate. So it's a similar thing. >>I, um, shared it with an engineer from Google's open source security team called Dan Lawrence. Somebody that I know of been prolific in this space as well. And he said, I'd love to contribute to this, you know, so can I work this? And I was like, yeah, sure though, you know, the, the more, the better. And then there was also Santiago professor from Purdue university took an interest. So a small group of people started to work on this technology. So we built this project that's called Rico, and that was effectively the transparency log. So we started to approach projects to see if they would like to, to utilize this technology. Okay. And then we realized there was another problem. Okay. Which was, we now have a storage for signed artifacts. Okay. A signed record, a Providence record, but nobody's signing anything. So how are we going to get people to sign things so that we can then leverage this transparency log to fulfill its purpose of providing a public record? >>So then we had to look at the signing tools. Okay. So that's where we came up with this really sort of clever technology where we've managed to create something called ephemeral keys. Okay. So we're talking about a cryptographic key pair here. Okay. And what we could do we found was that we could utilize other technologies so that somebody wouldn't have to manage the private key and they could generate keys almost point and click. So it was an incredibly simple user experience. So then we realized, okay, now we've got an approach for getting people to sign things. And we've also got this immutable, publicly audited for record of people signing code and containers and artifacts. And that was the birth of six store. Then. So six store was created as this umbrella project of all of these different tools that were catering towards adoption of signing. And then being able to provide guarantees and protections by having this transparency log, this sort of blockchain type technology. So that was where we really sort of hit the killer application there. And things started to really lift off. And the adoption started to really gather steam then. >>So where are we now? And where does this go into the future? One of the, one of the wonderful things about the open source community is there's a sense of freedom in the creativity of coming up with a vision and then collaborating with others. Eventually you run headlong into expectations. So look, is this going to be available for purchase in Q1? What's the, >>Yeah, I, I will, uh, I will fill you in there. Okay. So, so with six door there's, um, there's several different models that are at play. Okay. I'll give you the, the two predominant ones. So one, we plan, we plan to run a public service. Okay. So this will be under the Linux foundation and it'll be very similar to let's encrypt. So you as a developer, if you want to sign your container, okay. And you want to use six door tooling that will be available to you. There'll be non-profit three to use. There's no specialties for anybody. It's, it's there for everybody to use. Okay. And that's to get everybody doing the right thing in signing things. Okay. The, the other model for six stories, this can be run behind a firewall as well. So an enterprise can stand up their own six store infrastructure. >>Okay. So the transparency log or code signing certificates, system, client tools, and then they can sign their own artifacts and secure, better materials, all of these sorts of things and have their own tamper-proof record of everything that's happened. So that if anything, untoward happens such as a key compromise or somebody's identity stolen, then you've got a credible source of truth because you've got that immutable record then. So we're seeing, um, adoption around both models. We've seen a lot of open source projects starting to utilize six store. So predominantly key, um, Kubernetes is a key one to mention here they are now using six store to sign and verify their release images. Okay. And, uh, there's many other open-source projects that are looking to leverage this as well. Okay. And then at the same time, various people are starting to consider six door as being a, sort of an enterprise signing solution. So within red hat, our expectations are that we're going to leverage this in open shift. So open shift customers who wish to sign their images. Okay. Uh, they want to sign their conflicts that they're using to deploy within Kubernetes and OpenShift. Rather they can start to leverage this technology as open shift customers. So we're looking to help the open source ecosystem here and also dog food, this, and make it available and useful to our own customers at red hat. >>Fantastic. You know, um, I noticed the red hat in the background and, uh, and, uh, you know, I just a little little historical note, um, red hat has been there from the beginning of cloud before, before cloud was cloud before there was anything credible from an enterprise perspective in cloud. Uh, I, I remember in the early two thousands, uh, doing work with tree AWS and, uh, there was a team of red hat folks who would work through the night to do kernel level changes for the, you know, for the Linux that was being used at the time. Uh, and so a lot of, a lot of what you and your collaborators do often falls into the category of, uh, toiling in obscurity, uh, to a certain degree. Uh, we hope to shine light on the amazing work that you're doing. And, um, and I, for one appreciate it, uh, I've uh, I've, I've suffered things like identity theft and, you know, we've all had brushes with experiences where compromise insecurity is not a good thing. So, um, this has been a very interesting conversation. And again, X for the work that you do, uh, do you have any other, do you have any other final thoughts or, or, uh, you know, points that we didn't cover on this subject that come to mind, >>There is something that you touched upon that I'd like to illustrate. Okay. You mentioned that, you know, identity theft and these things, well, the supply chain, this is critical infrastructure. Okay. So I like to think of this as you know, there's, sir, they're serving, you know, they're solving technical challenges and, you know, and the kind of that aspect of software development, but with the supply chain, we rely on these systems. When we wake up each morning, we rely on them to stay in touch with our loved ones. You know, we are our emergency services, our military, our police force, they rely on these supply chains, you know, so I sort of see this as there's a, there's a bigger vision here really in protecting the supply chain is, is for the good of our society, because, you know, a supply chain attack can go very much to the heart of our society. You know, it can, it can be an attack against our democracies. So I, you know, I see this as being something that's, there's a humanistic aspect to this as well. So that really gets me fired up to work on this technology., >>it's really important that we always keep that perspective. This isn't just about folks who will be attending CubeCon and, uh, uh, uh, cloud con uh, this is really something that's relevant to all of us. So, so with that, uh, fantastic conversation, Luke, it's been a pleasure to meet you. Pleasure to talk to you, David. I look forward to, uh, hanging out in person at some point, whatever that gets me. Uh, so with that, uh, we will sign off from this cube conversation in anticipation of cloud con cube con 2021, north America. I'm Dave Nicholson. Thanks for joining us.

(cheery synth music) >> Hello, this is theCUBE. I'm John Furrier, your host. We're here for a KubeCon CloudNativeCon preview for the North America show in Los Angeles, here in person and a virtual event. Two of the co-chairs are with me again this year, Constance Caramanolis, principal engineer at Splunk, and of course, Stephen Augustus, head of Open Source at Cisco. Great to see you guys. Hey, thanks for coming on, virtually, for the preview. >> Great to be had! >> Constance: Thank you for having us. >> Stephen: Great to see you again John. (laughing) >> Constance: Yeah. >> So I love... well, KubeCon has gotten, It's my favorite event every year. This is where the DevOps actually, where the people are reading the tea leaves, connecting the dots, but also meeting up and doing what communities do best, which is set the agenda for the next, next generation that's happening in person. Last year, it was virtual. We had the European virtual KubeCon, CloudNativeCon. This year a mix. Give us a taste of updates that you want to share. Let's get, let's get into it. >> Sure. Uh, so I think, you know, um, I-I-I think uh, seeing this event in particular and uh, you know, one, we've got this, we've got this hopeful r-return to you know, some semblance of normalcy. I know that you know, over the last year and change, we've been uh, we've been kind of itching t-t-to see each other in person. And, and you know, and, and I-I think I say on a lot of uh, interviews that I, you know, one of my favorite parts of any conference is the, is the hallway track, right? It's really hard to, and, and we've- we've made, you know, we've made strides to replicate it, but there's- I don't think there's anything uh, you know, close t-to being in person, right? And, and getting to, to bounce i-ideas off of uh, your, your co-conspirators, (laughs) co-conspirators or compatriots. Um, so I'm- I'm really excited for that, um, I love the, I love the um, the mandates that we've put in place, uh, to make sure that people are uh, a little bit more safe. Um, and, you know, overall, like seeing uh- I-I think one of the things that gets me most excited is the, is the uh, the set of day zero events, right? Um, I-I think the, the increase in the uh, day zero events, we, we've got uh, Constance, what's the, what's the count at now? I'm, I'm looking over it and, and it's uh, it's, it's massive, right? You know, SupplyChainSecurityCon, Uh, the, you know, the Cloud Native for Eclipse Foundation, it's beyond, >> Too, hmm, too many to count right off the bat when I'm looking at it. >> Too many, too many to count! >> And it's also like, this is a reduced number because some people decide or some, not people, like projects, decide to do virtual uh, days or a non-conference outside of the normal KubeCon cycle because of... >> Yeah, well, let's get, let's get- >> that thing that should not be named. >> Let's get into some of the data. >> I want to jump into the trends. But just for the folks watching, this is a hybrid event, and- >> Yeah. >> There's going to be this day zero, which is the pre-programming. Which by the way, I think has evolved into a format that's just tremendous. You got the pregame, pre-event action. Very dynamic, very ad-hoc, ephemeral in the, in the, in the, in the, in the people getting together and making things happen. Then you got the structured event. It's uh, the 11th to the 12th on the pre-programming, day zero stuff, which you talked about, and then the 13th to the 15th, the main conference. It's in-person and virtual, so it's going to be a hybrid event, which should be dynamic because you have an in-person dynamic where it's a scarce resource of the face-to-face, working and trying to create synchronicity with the asynchronous environment on virtuals. So it should be an action packed and a must-watch event. So I'm personally excited, we'll be there in person. But I got to ask you guys, the co-chairs, how are you guys handling this? How are the papers coming, what's the call for talks? How are you structuring things? Can you just give a quick overview of what's, what's happening on the talks? >> Uh, talks, uh, I feel like it went really well this round. >> Um, really like, wide variety. I know it's pretty vague, but there's a wide variety of topics, uh, things that are getting I think, I feel like more popularity, like security is getting more popular. Uh, business value, one thing that I'm really passionate about, is getting a lot more traction. Uh, student track 101 is also, as always, I guess, as ever since it's been, since inception has been popular, um, it's definitely getting to the point where we're actually, well not to the point, but maybe it's just being more highlighted that a lot of the, like, like, some of the like great content from the day zeros are also showing up in KubeCon and then like, vice versa and they're kind of everywhere. Uh, Yeah, the talks I think was really- >> John: The sessions, the sessions are always driving it. Stephen I'm like from a, from a, from a maturisation standpoint, you have the, the, the people developing and then you got the f... the things are getting hardened. Can you talk about the trends around, what's kind of hardening out from a project basis on these sessions and what's forming relative to the trend line this year. >> Yeah. So, you know, so to Constance's point, I think that we're, we're starting to see some diversity in, or continued diversity and kind of the personas that are coming into the conference, right? So whether you're talking about that continuing 101 track or, the student track, which, you know, a lot of people have, have kind of jumped in and seeing that as an opportunity to, to, to not only start becoming part of the community, but also to immediately contribute to content. And then you've got that For me? It's, it's security, all day, right? I think, you know, I think that, you know, there's not a week, there's not a week that passes that I don't have a chat with someone around what's happening in security lately. And I think you'll see that highlighted in in all of the keynotes that we have planned there are, there's not one, not two, but three uh, keynotes around software supply chain security, and some of the different things that you have to consider as we're kind of walking into the space of you know, protecting, protecting your, your build pipeline, protecting your production artifacts, so that's something that really, you know, that goes to that, you know, that goes to my work on that, you know, in Kubernetes for SIG release, release engineering, that's, you know, something that we, we know that there are countless downstream consumers, right? So, some, you know, some that we may not have even had contact with yet from the upstream perspective, right? So it's, it's paramount for us to make sure that, you know, everything that we're pushing out to the community and to the wider world is safe to consume. So, so security is definitely top of mind for me. I would say for, you know, lots of things around you know, continue, continuing to talk about uh, GitOps observability. And I think, and I think that, you know, each of these, what's, you know, what's fun about um, each of these, uh, the, each of these topics, each of these areas is that they're all interconnected, right? So more and more you're seeing, you're seeing, oh, well, you know, the, you know, the Tekton folks are, you know, are talking to the Flux folks. And, and they're talking to the, the folks who are working on uh, Sigstore and Rekor and, and, and all of these fun tools about how to integrate into, you know, how to integrate into those respective areas. Um, so it's, it's, it's really a time of um, collaboration underscored by um, you know, protecting, protecting the community and the, and the end users. >> John: Yeah. We're seeing a lot of ah, um, you know, the security discussions. I mean, how far can you shift left before it becomes like standard, right? So like, you know, we're seeing that being built in. I got to ask you guys also on the trend of DevOps there's been a lot of conversations around Cloud Native, around obsolete management and in terms of ability, but data, the role of data has been different approaches on how people are leveraging machine learning and AI, can you, did that come up a lot in, in some of the, the discussions and the analysis? Because everyone's slapping machine learning on things these days, and there's a little bit of that going on, but it seems to be data and machine learning and horizontal scale, classic DevOps, things are happening. What's your reaction to, to some of those things that are happening? Can you guys, is there anything happening there? >> I feel like this year wasn't that big of a machine learning year in terms of submissions. >> Yes. >> I'm certain you agree with that, but it wasn't, as I think, like, security took a lot and, and, like, and this might also just be like, thinking about it holistically now, like security was, had such amazing submissions that it probably took a little bit of the spotlight off of when we were looking at the machine learning ones. Um... >> John: So security... >> Also I'm biased, so I think >> John: So security dominated more than, than everyone else did. >> Yeah. I think, you know, I think for this year, security is, security is dominating. I, you know, I think we even talked about this in the last uh, chat we had, um, the, you know, kind of from the AI side, I think you're, we're, we're running, there have been discussions around the, uh, you know, bias in, in AI models and um, you know, how we work through that, um, I'm not sure that we have any content for that this time around, but I think it, yeah, but I think, you know, as we start to talk about like how we collect data, you know, are, are we collecting the right types of data, how we serve it, especially as a, those relate to like collecting data at the edge, right? Like, how do we, how do we, how, how do we even deploy applications at the edge? We, we have a lot of potential solutions for that. But when you combine that with, well, how do we, how do we scrape information from the things that we're deploying from the edge, right? Or, or, or some, some of the things you'll see in the, in the program. >> Constance and Stephen, talk about the community vibe right now, because you know, that's the biggest part of this conference is seeing how the people come together, but it's also the vibe sets the tone. What's, what's the current vibe in the community that you're seeing and what do we expect this year at KubeCon, CloudNativeCon? >> Yeah, I'm going to say, I imagine the community's tired and it's been a long few, two years. It feels like 10 years, it feels like forever. And a lot of the in-person aspect that used to be like social validation, we just get like is lacking, so, but that being said, there's still been amazing, like collaboration from like the open, from like the Observability and Open Telemetry part. Like, I am seeing so many projects within the tag Observability collaborate together and making that a focus. And so even though we are tired, it's still, we're still doing good work. And we're still making a point of trying to keep that community tight even though it's much harder on Zoom and right, you know, it's going to try and do the awkward, like Zoom handshake. It just doesn't do the same thing there. But to Stephen's keynote, can't remember how long ago it is, about like resiliency. We are pretty resilient. And we're also, I think we're all learning to work at a slower pace because maybe we were working too fast beforehand. And I think that, I think that's a really good takeaway from all of this. So I think it's going to, for as safe as it can be to have some variation, it's probably going to just be like, it's going to be a big party because we're going to finally get to see each other after a long time then. >> John: Yeah. >> I hope we get to do that in a safe way. >> Stephen, you bring it in, Steve, you go. Oh, Steve, you always got the energy certainly on camera, but in person as well. >> (laughs) >> This in-person dynamic this year is huge. >> Yeah, we, >> Wh-what do you think is going to happen? What, give us your take. >> Yeah, so I mean, I, you know, I would echo Constance in saying that, you know, we're, we're, we're all tired, we're all very tired at this point. Um, but I, you know, but, they, they, the conference tagline for, for North America is, uh, is 'Resilience Realized', right? I think that, you know, throughout this, this year, um, the, the contributors, maintainers of, of all of these, you know, CNCF projects have made incredible strides uh, to empower the communities to, to, uh, to be together, to be family, to, to work better together, um, in spite of, you know, in spite of uh, location, location uh, boundaries, in spite of, you know, uh, uh, health concerns, like we've, we've really made the effort to um, to show up for each other. Um, so I think that, you know, what we'll see in the conference and, and, you know, one of my favorite tracks personally um, is the, the community track, um, so lots of, lots of content around, you know, a-around community building, around uh, I think more of the, the meta of, of maintaining communities, right? So the, you know, the, the, the, the code of conduct committee, as well as uh, steering committee uh, for Kubernetes got together um, last conference to, to talk about the values and principles of the community, right? And, and I think that, you know, that, that needs to continue to be highlighted, um, you know, some of the conversations that we've had around um, how you maintain groups, you know, how do you maintain groups, especially as um, especially as a, the, the, the size of the group grows, right? Once you escape that kind of like Dunbar's number uh, area, like it gets harder and harder to s have the s the same bandwidth conversations that you would in a smaller group, right? So making sure that we're continuing to, to have valuable conversations, but also be inclusive while we're doing that is, um, is something that will continue to be highlighted over the next year and change really. >> Well. I'm really impressed by what you guys do. And I know we're all tired getting, and we want to get back and, hats off to pulling it together and creating a great program because your, your group and your community is a social construct. It's, it's, we're all social animals. And this whole COVID virtual, now hybrid really is going to, going to show in real world as all playing out, and we're going to see how it evolves, and evolution is part of social communities. And I think that the progress has been made and, you know, and with the team and you guys putting together this great event. So my hat's off to you guys, thanks for, for doing that. Appreciate, great stuff. >> Thank you, thank you. >> Now, final question, um, what do you expect? Given, I mean, this is a social organization, um, things evolve, we're social organisms. We're going to be face to face. We're going to have virtual. We're going to have great talks, security obviously is prime time, Mainstream Enterprise Adoption in Kubernetes and Cloud Native. This is crunch time, so what do you guys expect for this event? Share your thoughts. >> Yeah, I-I think there's going to be lots of um, lots of fun, uh, I think uh more social conversations, less structured. Um, you know, i-if you have, if you haven't had the opportunity to kind of hang out on CNCF Slack, while one of these events are happening, we, we've spun up something of like a hallway track. Um, so, so people are hanging out, they're giving their takes during the um, you know, you know, in between uh talks, there, there was also a, you know, kind of after conference uh, hangout for, for the hallway track that we did. Um, so w we definitely want to continue some of that stuff. Um, as you know, between the last few conferences we've launched uh, Cloud Native TV um, and lots of great producers uh, and, and, and content over there. So you'll see, you'll see, kind of, us start to break the wall between um, that virtual content that we've created uh, across the last few months, as well as, you know, th s seeing that turn physical, right? Um, so how do we, you know, how, how do we, how do we manage that and h-how do we make that seamless for people who may be maybe participating virtually as opposed to physically, right. That there's going to be a bit of um, there, there's an aspect of like, you're, you're almost running two conferences, right. Simultaneously. So. >> It's a total experiment in the real world, but it's, it's all important. It's super important. Constance, your thoughts on, on the event, what people are expecting to see and surprises that might emerge, what do you, what's your thoughts? >> Um, I, well actually, see while you were saying something, I had an idea that I think we can make it more connected, So I just wrote it down, um, uh, I, I have some silly ideas when it comes to the conference stuff, which is why Stephen's laughing, although you can't see it. >> (both men laughing) >> Um, my, I, like, I'm, I'm trying to go in with no expectations, mostly because I'm so excited. I don't want to be disappointed um, and I don't want to miss out. I think, I actually think that probably a lot of the discussions are just going to be like, hi, like, it's so nice to actually meet you and just talk about random things. Maybe not as much technology discussions as maybe there would be at a normal, I like, ah, I don't want to say normal, right? Because we are in a new normal, like what KubeCon was several years ago. Um, I think that I do. I think that it would be probably a little painful, this hybrid part, since we don't know what to expect. I think there's going to be so many things that we're going to look back and be like, face palm and be like, oh, we should've thought about these things. So for anyone who's attending virtually, apologies in advance, and please give us feedback. There's so many things I know we're going to have to improve, we just, we don't know them yet. So please be patient with us and know that we wish that you could be there in person with us too. >> Um, uh, I don't know. >> Well, that's the thing, that's the thing. >> I'm just going to go in there with an open mind. Well that's the thing, it's, it's new, it's all new, virtual. So it's, it's, we're learning together. That's, I think, people put too much pressure. I think people like expecting, you know, some magic to happen, but it's all evolving. And I think the magic is the event. And I think, I think it's going to work out great. And by the way, there's no downside it's, you know, learn. >> Exactly! >> So, yeah. So, you know, so one of the things that I um, I, I have this spiel that I give to um, the release team, the Kubernetes release team, every time we start a new cycle, right? Um, you've got a set of returning contributors. You've got a set of uh, net new contributors, right? And um, and, and moving into the release team, you're kind of like thrown right into the fire of Kubernetes, right? So it's, it's, it's one of those things. I, I, I come in and, and, and, essentially say, um, be curious, question everything. Um, this is like, it's a, it's, it's very much like a human experience, right? And I think that, you know uh, to, to Constance's point, we're all here to, to learn and grow, make this a better experience for everyone. Um, so bring yourself, like bring yourself to the conference, right? I think it's, you know, in, in terms of offering feedback, we have, you know, feedback forms for every one of the, you know, every one of the, the talks that you attend, um, you can feel free to reach out to Constance, and myself and, and Jasmine, um, if you have feedback that you want to give personally, you know, there, there are, there are ways to get in touch with us. There are ways to make the event better. And I think that every time we, we uh, we incorporate, like, we incorporate a lot of this feedback into the next conference. So every time um, you provide some piece of information for us, that gives us an opportunity to make it better, right? So this conference is built, uh, this conference is built by the community, right? The, you know, it's not just a, you know, it's not a, you know, it's not a body just uh making, making decisions kind of off the cuff, it's, we are taking your ideas and we're trying to turn them into a program, right? So it's, it's the maintainers, it's the end users. It's the students, it's people who have never used Kubernetes in their lives, or never used Cloud Native technology in their lives. It's folks who are coming from the, you know, the, the corporate IT kind of classic uh, background, and, and just trying to understand how to be effective in this, in this new world for them. Um so it's like, it takes all kinds and we, we don't get it done without your feedback. So please, um, as you're coming to the conference, whether it's in-person or virtually, like, bring yourselves, be curious, ask questions, um, provide that feedback. And then um, and I think, you know, from the, you know, th-the kind of from the uh, the, yes, we need to be human, but we also need to um recognize some of the, the requirements, uh, that, that are, that we have going into this conference. So reminder that, you know, all of, all of the events are under, you know, under a code of conduct, please make sure to familiarize yourself with uh, code of conduct. I think that um, you know, I-I think that coming back into a physical space for a lot of people, the um, the, some of the social skills can, can erode over time. So please not just bring yourself, bring your best self. And, you know, be sure to review all of the policies around health and, and safety as we go into this. >> Constance, Stephen, that's great stuff. Love talking with you guys. Constance, you want to add something? Go ahead. >> I want to add one thing, also be gentle with yourself and like, be really kind to yourself and others, because this is going to be really overwhelming. I haven't been around more than 10 people at once in almost two years. And so, just remember to be kind as well, always be curious and question everything. >> Yeah. That's great stuff. Great reminder. This is what it's all about, face-to-face. Face-to-face, presence, being together, but also having the openness and the community around you. A lot of mentoring, you guys have a great community for people coming in that are new and there's great mentors, people are open and cool, great community. Thanks for coming on for this special preview for KubeCon CloudNativeCon, thank you so much. >> Thanks for having us. >> Thank you. >> Okay, this is theCUBE's coverage of Kubecon CloudNative, and we've been every year of KubeCon. It's been in fantastic growth. Going the next level again in person, a lot of security, real time adoption should be uh, should be great, virtual and in-person. I'm John Furrier, thanks for watching. (cheery synth music)

>> Narrator: From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon Europe, 2021 Virtual brought to you by Red Hat, the Cloud Native Computing Foundation and Ecosystem Partners. >> Hello, welcome back to theCUBE'S coverage of KubeCon and CloudNativeCon 2021 Virtual, I'm John Furrier your host of theCUBE. We've got two great guests here, always great to talk to the KubeCon co-chairs and we have Stephen Augustus Head of Open Source at Cisco and also the KubeCon co-chair great to have you back. And Jasmine James Manager and Engineering Effectives at Twitter, the KubeCon co-chair, she's new on the job so we're not going to grill her too hard but she's excited to share her perspective, Jasmine, Stephen great to see you. Thanks for coming on theCUBE. >> Thanks for having us. >> Thank you. >> So obviously the co-chairs you guys see everything upfront Jasmine, you're going to learn that this is a really kind of key fun position because you've got to multiple hats you got to wear, you got to put a great program together, you got to entertain and surprise and delight the attendees and also can get the right trends, pick everything right and then keep that harmonious vibe going at CNCF and KubeCon is hard so it's a hard job. So I got to ask you out of the gate, what are the top trends that you guys have selected and are pushing forward this year that we're seeing evolve and unfold here at KubeCon? >> For sure yeah. So I'm excited to see, and I would say that some of the top trends for Cloud Native right now are just changes in the ecosystem, how we think about different use cases for Cloud Native technology. So you'll see lot's of talk about new architectures being introduced into Cloud Native technologies or things like WebAssembly. WebAssembly Wasm used cases and really starting to and again, I think I mentioned this every time, but like what are the customer used cases actually really thinking about how all of these building blocks connect and create a cohesive story. So I think a lot of it is enduring and will always be a part. My favorite thing to see is pretty much always maintainer and user stories, but yeah, but architecture is Wasm and security. Security is a huge focus and it's nice to see it comes to the forefront as we talked about having these like the security day, as well as all of the talk arounds, supply chain security, it has been a really, really, really big event (laughs) I'll say. >> Yeah. Well, great shot from last year we have been we're virtual again, but we're back in, the real world is coming back in the fall, so we hopefully in North America we'll be in person. Jasmine, you're new to the job. Tell us a little about you introduce yourself to the community and tell more about who you are and why you're so excited to be the co-chair with Stephen. >> Yeah, absolutely. So I'm Jasmine James, I've been in the industry for the past five or six years previous at Delta Airlines, now at Twitter, as a part of my job at Delta we did a huge drive on adopting Kubernetes. So a lot of those experiences, I was very, very blessed to be a part of in making the adoption and really the cultural shift, easy for developers during my time there. I'm really excited to experience like Cloud Native from the co-chair perspective because historically I've been like on the consumer side going to talk, taking all those best practices, stealing everything I could into bring it back into my job. So make everyone's life easier. So it's really, really great to see all of the fantastic ideas that are being presented, all of the growth and maturity within the Cloud Native world. Similar to Stephen, I'm super excited to hear about the security stuff, especially as it relates to making it easy for developers to shift left on security versus it being such an afterthought and making it something that you don't really have to think about. Developer experience is huge for me which is why I took the job at Twitter six months ago, so I'm really excited to see what I can learn from the other co-chairs and to bring it back to my day-to-day. >> Yeah, Twitter's been very active in open source. Everyone knows that and it's a great chance to see you land there. One of the interesting trends is this year I'll see besides security is GitOps but the one that I think is relevant to your background so fresh is the end user contributions and involvement has been really exploding on the scene. It's always been there. We've covered, Envoy with Lyft but now enterprise is now mainstream enterprises have been kind of going to the open source well and bringing those goodies back to their camps and building out and bringing it back. So you starting to see that flywheel developing you've been on that side now here. Talk about that dynamic and how real that is an important and share some perspective of what's really going on around this explosion around more end user contribution, more end user involvement. >> Absolutely. So I really think that a lot of industry like players are starting to see the importance of contributing back to open source because historically we've done a lot of taking, utilizing these different components to drive the business logic and not really making an investment in the product itself. So it's really, really great to see large companies invest in open source, even have whole teams dedicated to open source and how it's consumed internally. So I really think it's going to be a big win for the companies and for the open source community because I really am a big believer in like giving back and making sure that you should give back as much as you're taking and by making it easy for companies to do the right thing and then even highlighting it as a part of CNCF, it'll be really, really great, just a drive for a great environment for everyone. So really excited to see that. >> That's really good. She has been awesome stuff. Great, great insight. Stephen, I just have you piggyback off that and comment on companies enterprises that want to get more involved with the Cloud Native community from their respective experiences, what's the playbook, is there a new on-ramps? Is there new things? Is there a best practice? What's your view? I mean, obviously everyone's growing and changing. You look at IT has changed. I mean, IT is evolving completely to CloudOps, SRE get ops day two operations. It's pretty much standard now but they need to learn and change. What's your take on this? >> Yeah, so I think that to Jasmine's point and I'm not sure how much we've discussed my background in the past, but I actually came from the corporate IT background, did Desktop Sr, Desktop helped us support all of that stuff up into operations, DevOps, SRE, production engineering. I was an SRE at a startup who used core West technologies and started using Kubernetes back when Kubernetes is that one, two, I think. And that was my first journey into Cloud Native. And I became core less is like only customer to employee convert, right? So I'm very much big on that end user story and figuring out how to get people involved because that was my story as well. So I think that, some of the work that we do or a lot of the work that we do in contributor strategy, the SIG CNCF St. Contributor Strategy is all around thinking through how to bring on new contributors to these various Cloud Native projects, Right? So we've had chats with container D and linker D and a bunch of other folks across the ecosystem, as well as the kind of that maintainer circle sessions that we hold which are kind of like a private, not recorded. So maintainers can kind of get raw and talk about what they're feeling, whether it be around bolstering contributions or whether it'd be like managing burnout, right? Or thinking about how you talk through the values and the principles for your projects. So I think that, part of that story is building for multiple use cases, right? You take Kubernetes for example, right? So Ameritas chair for sync PM over in Kubernetes, one of the sub project owners for the enhancements sub project which involves basically like figuring out how we intake new enhancements to the community but as well as like what the end user cases are all of the use cases for that, right? How do we make it easy to use the technology and how we make it more effective for people to have conversations about how they use technology, right? So I think it's kind of a continuing story and it's delightful to see all of the people getting involved in a SIG Contributor Strategy, because it means that they care about all of the folks that are coming into their projects and making it a more welcoming and easier to contribute place so. >> Yeah. That's great stuff. And one of the things you mentioned about IT in your background and the scale change from IT and just the operational change over is interesting. I was just talking with a friend and we were talking about, get Op and, SRAs and how, in colleges is that an engineering track or is it computer science and it's kind of a hybrid, right? So you're seeing essentially this new operational model at scale that's CloudOps. So you've got hybrid, you've got on-premise, you've got Cloud Native and now soon to be multi-cloud so new things come into play architecture, coding, and programmability. All these things are like projects now in CNCF. And that's a lot of vendors and contributors but as a company, the IT functions is changing fast. So that's going to require more training and more involvement and yet open source is filling the void if you look at some of the successes out there, it's interesting. Can you comment on the companies that are out there saying, "Hey, I know my IT department is going to be turning into essentially SRE operations or CloudOps at scale. How do they get there? How could they work with KubeCon and what's the key playbook? How would you answer that? >> Yeah, so I would say, first off the place to go is the one-on-one track. We specifically craft that one-on-one track to make sure that people who are new to Cloud Native get a very cohesive story around what they're trying to get into, right? At any one time. So head to the one-on-one track, please add to the one-on-one track, hang out, definitely check out all of the keynotes that again, the keynotes, we put a lot of work into making sure these keynotes tell a very nice story about all of the technology and the amount of work that our presenters put into it as well is phenomenal. It's top notch. It's top notch every time. So those will always be my suggestions. Actually go to the keynotes and definitely check out the one-on-one track. >> Awesome. Jasmine, I got to get your take on this now that you're on the KubeCon and you're co-chairing with Stephen, what's your story to the folks that are in the end user side out there that were in your old position that you were at Delta doing some great Kubernetes work but now it's going beyond Kubernetes. I was just talking with another participant in the KubeCon ecosystem is saying, "It's not just Kubernetes anymore. There's other systems that we're going to deploy our real-time metrics on and whatnot". So what's the story? What's the update? What do you see on the inside now now that you're on board and you're at a Hyperscale at Twitter, what's your advice? What's your commentary to your old friends and the end user world? >> Yeah. It's not an easy task. I think that was, you had mentioned about starting with the one-on-one is like super key. Like that's where you should start. There's so many great stories out there in previous KubeCon that have been told. I was listening to those stories and the great thing about our community is that it's authentic, right? We're telling like all of the ways we tripped up so we can prevent you from doing this same thing and having an easier path, which is really awesome. Another thing I would say is do not underestimate the cultural shift, right? There are so many tools and technologies out there, but there's also a cultural transformation that has to happen. You're shifting from, traditional IT roles to a really holistic like so many different things are changing about the way infrastructure was interacted with the way developers are developing. So don't underestimate the cultural shift and make sure you're bringing everyone to the party because there's a lot of perspectives from the development side that needs to be considered before you make the shift initially So that way you can make sure you're approaching the problem in the right way. So those would be my recommendation. >> Also, speaking of cultural shifts, Stephen I know this is a big passion of yours is diversity in the ecosystem. I think with COVID we've seen probably in the past two years a major cultural shifts on the personnel involved, the people participating, still a lot more work to get done. Where are we on diversity in the ecosystem? How would you rate the progress and the overall achievements? >> I would say doing better, but never stop what has happened in COVID I think, if you look across companies, if you look across the opportunities that have opened up for people in general, there have been plenty of doors that have shut, right? And doors that have really made the assumption that you need to be physical are in person to do good work. And I think that the Cloud Native ecosystem the work that the LF and CNCF do, and really the way that we interact in projects has kind of pushed towards this async first, this remote first work culture, right? So you see it in these large corporations that have had to change the travel policies because of COVID and really for someone who's coming off being like a field engineer and solutions architect, right? The bread and butter is hopping on and off a plane, shaking hands, going to dinner, doing the song and dance, right? With customers. And for that model to functionally shift, right? Having conversations in different ways, right? And yeah, sometimes it's a lot of Zoom calls, right? Zoom calls, webinars, all of these things but I think some of what has happened is, you take the release team, for example, the Kubernetes release team. This is our first cycle with Dave Vellante who's our 121 released team lead is based in India, right? And that's the first time that we've had APAC region release team lead and what that forced us to do, we were already working on it. But what that forced us to do is really focused on asynchronous communication. How can we get things done without having to have people in the room? And we were like, "With Dave Vellante in here, it either works or it doesn't like, we're either going to prove that what we've put in place works for asynchronous communication or it doesn't." And then, given that a project of this scale can operate just fine, right? Right just fine delivering a release with people all across the globe. It proves that we have a lot of flexibility in the way that we offer opportunities, both on the open source side, as well as on the company side. >> Yeah. And I got to say KubeCon has always been global from day one. I was in Shanghai and I was in hung, Jo, visiting Ali Baba. And who do I see in the lobby? The CNCF crew. And I'm like, "What are you guys doing here?" "Oh, we're here talking to the cloud with Alibaba." So global is huge. You guys have nailed that. So congratulations and keep that going. Jasmine, your perspective is women in tech. I mean, you're seeing more and more focus and some great doors opening. It's still not enough. We've been covering this for a long time. Still the numbers are down, but we had a great conference recently at Stanford Women in Data Science amazing conference, a lot of power players coming in, women in tech is evolving. What's your take on this still a lot more work to done. You're an inspiration. Share your story. >> Yeah. We have a long way to go. There's no question about it. I do think that there's a lot of great organizations CNCF being one of them, really doing a great job at sharing, networking opportunities, encouraging other women to contribute to open source and letting that be sort of the gateway into a tech career. My journey is starting as a systems engineer at Delta, working my way into leadership, somehow I'm not sure I ended up there but really sort of shifting and being able to lift other women up has been like so fortunate to be able to do that. Women who code being a mentor, things of that nature has been a great opportunity, but I do feel like the open source community has a long way go to be a more welcoming place for women contributors, things like code of conduct, that being very prevalent making sure that it's not daunting and scary, going into GitHub and starting to create a PR for out of fear of what someone might say about your contributions instead of it being sort of an educational experience. So I think there's a lot of opportunities but there's a lot of programs, networking opportunities out there, especially everyone being remote now that have presented themselves. So I'm very hopeful. And the CNCF, like I said is doing a great job at highlighting these women contributors that are making changes to CNCF projects in really making it something that is celebrated which is really great. >> Yeah. You know that I love Stephen and we thought this last time and the Clubhouse app has come online since we were last talking and it's all audio. So there's a lot of ideas and it's all open. So with a synchronous first you have more access but still context matters. So the language, so there's still more opportunities potentially to offend or get it right so this is now becoming a new cultural shift. You brought this up last time we chatted around the language, language is important. So I think this is something that we're keeping an eye on and trying to keep open dialogue around, "Hey it matters what you say, asynchronously or in texts." We all know that text moment where someone said, "I didn't really mean that." But it was offensive or- >> It's like you said it. (laughs) >> (murmurs) you passionate about this here. This is super important how we work. >> Yeah. So you mentioned Clubhouse and it's something that I don't like. (laughs) So no offense to anyone who is behind creating new technologies for sure. But I think that Clubhouse from, if you take platforms like that, let's generalize, you take platforms like that and you think about the unintentional exclusion that those platforms involve, right? If you think about folks with disabilities who are not necessarily able to hear a conversation, right? Or you don't provide opportunities to like caption your conversations, right? That either intentionally or unintentionally excludes a group of folks, right? So I've seen Cloud Native, I've seen Cloud Native things happen on a Clubhouse, on a Twitter Spaces. I won't personally be involved in them until I know that it's a platform that is not exclusive. So I think that it's great that we're having new opportunities to engage with folks that are not necessarily, you've got people prefer the Slack and discord vibe, you've got people who prefer the text over phone calls, so to speak thing, right? You've got people who prefer phone calls. So maybe like, maybe Clubhouse, Twitter Spaces, insert new, I guess Disco is doing a thing too- >> They call it stages. Disco has stages, which is- >> Stages. They have stages. Okay. All right. So insert, Clubhouse clone here and- >> Kube House. We've got a Kube House come on in. >> Kube House. Kube House. >> Trivial (murmurs). >> So we've got great ways to engage there for people who prefer that type of engagement and something that is explicitly different from the I'm on a Zoom call all day kind of vibe enjoy yourselves, try to make it as engaging as possible, just realize what you may unintentionally be doing by creating a community that not everyone can be a part of. >> Yeah. Technical consequences. I mean, this is key language matters to how you get involved and how you support it. I mean, the accessibility piece, I never thought about that. If you can't listen, I mean, you can't there's no content there. >> Yeah. Yeah. And that's a huge part of the Cloud Native community, right? Thinking through accessibility, internationalization, localization, to make sure that our contributions are actually accessible, right? To folks who want to get involved and not just prioritizing, let's say the U.S. or our English speaking part of the world so. >> Awesome. Jasmine, what's your take? What can we do better in the world to make the diversity and inclusion not a conversation because when it's not a conversation, then it's solved. I mean, ultimately it's got a lot more work to do but you can't be exclusive. You got to be diverse more and more output happens. What's your take on this? >> Yeah. I feel like they'll always be work to do in this space because there's so many groups of people, right? That we have to take an account for. I think that thinking through inclusion in the onset of whatever you're doing is the best way to get ahead of it. There's so many different components of it and you want to make sure that you're making a space for everyone. I also think that making sure that you have a pipeline of a network of people that represent a good subset of the world is going to be very key for shaping any program or any sort of project that anyone does in the future. But I do think it's something that we have to consistently keep at the forefront of our mind always consider. It's great that it's in so many conversations right now. It really makes me happy especially being a mom with an eight year old girl who's into computer science as well. That there'll be better opportunities and hopefully more prevalent opportunities and representation for her by the time she grows up. So really, really great. >> Get her coding early, as I always say. Jasmine great to have you and Stephen as well. Good to see you. Final question. What do you hope people walk away with this year from KubeCon? What's the final kind of objective? Jasmine, we'll start with you. >> Wow. Final objective. I think that I would want people to walk away with a sense of community. I feel like the KubeCon CNCF world is a great place to get knowledge, but also an established sense of community not stopping at just the conference and taking part of the community, giving back, contributing would be a great thing for people to walk away with. >> Awesome. Stephen? >> I'm all about community as well. So I think that one of the fun things that we've been doing, is just engaging in different ways than we have normally across the kind of the KubeCon boundaries, right? So you take CNCF Twitch, you take some of the things that I can't mention yet, but are coming out you should see around and pose KubeCon week, the way that we're engaging with people is changing and it's needed to change because of how the world is right now. So I hope that to reinforce the community point, my favorite part of any conference is the hallway track. And I think I've mentioned this last time and we're trying our best. We're trying our best to create it. We've had lots of great feedback about, whether it be people playing among us on CNCF Twitch or hanging out on Slack silly early hours, just chatting it up. And are kind of like crafted hallway track. So I think that engage, don't be afraid to say hello. I know that it's new and scary sometimes and trust me, we've literally all been here. It's going to be okay, come in, have some fun, we're all pretty friendly. We're all pretty friendly and we know and understand that the only way to make this community survive and thrive is to bring on new contributors, is to get new perspectives and continue building awesome technology. So don't be afraid. >> I love it. You guys have a global diverse and knowledgeable and open community. Congratulations. Jasmine James, Stephen Augustus, co-chairs for KubeCon here on theCUBE breaking it down, I'm John Furrier for your host, thanks for watching. (upbeat music)

>> Voiceover: From around the globe, it's theCUBE, with coverage of Kubecon and CloudNativeCon, North America, 2020, virtual brought to you by Red Hat, the Cloud Native Computing Foundation and Ecosystem Partners. >> Welcome back to theCUBE's coverage, virtual coverage of Kubecon and CloudNativeCon 2020. We're not in person this year, normally we're there in person. We have to do remote because of the pandemic, but hey, it opens up more conversations. And this is theCUBE virtual. I'm John Furrier, your host. And you'll see a lot of interviews. We've got some great guests, Talking to the leaders, the developers, the end users, as well as the vendors with the CNCF, we got two great guests, Priyanka Sharma, the General Manager of the CNCF, great to see you and Stephen Augustus OSS Engineer at VMware. He's also the KubeCon co-chair back on the cube. Thanks for coming on folks. I appreciate it. >> Thank you for having us. So, thanks for coming on, actually, remote and virtual. We're doing a lot of interviews, we're getting some perspectives, people are chatting in Slack. It's still got the hallway vibe feel, a lot of talks, a lot of action, keynotes happening, but I think the big story for me, and I would like to talk about, I want to get your perspective is this new working group that's out there. So I know there's some news around it. Could you take a minute to explain kind of what this is all about? >> Sure. I'll give a little bit of context for those who may have missed my keynote which... very bad. (Priyanka laughs) As I announced, I'm so proud to be working with the likes of Stephen Augustus here, and a bunch of other folks from different companies, different open source projects, et cetera, to bring inclusive naming to code. I think it's been a forever issue. Quite frankly. We've had many problematic terms in software out there. The most obvious one being master-slave. That really shouldn't be there. That have no place in an inclusive world, inclusive software, inclusive community with the help of amazing people like Stephen, folks from IBM, Red Hat, and many, many others. We came together because while there's a lot of positive enthusiasm and excitement for people to make the changes that are necessary to make the community welcome for all, there's a lot of different work streams happening. And we really wanted to make sure there is a centralized place for guidelines and discussion for everybody in a very non...pan-organizational kind of way. And so that's the working group that John is talking about. With that said, Stephen, I think you can do the best justice to speak to the overall initiative. >> Yeah, absolutely. So I think that's to Priyanka's point, there are lots of people who are interested in this work and again, lots of work where this is already happening, which is very exciting to say, but as any good engineer, I think that's it's important to not duplicate your work. It's important to recognize the efforts that are happening elsewhere and work towards bringing people together. So part of this is providing, being able to provide a forum for discussion for a variety of companies, for a variety of associations that... and foundations that are involved in inclusive naming efforts. And then to also provide a framework for walking people through how we evaluate language and how we make these kinds of changes. As an example, for Kubernetes, we started off the Kubernetes working group naming and the hope for the working group naming was that it was going to evolve into hopefully an effort like this, where we could bring a lot of people on and not just talk about Kubernetes. So since we formed that back in, I want to say, June-ish, we've done some work on about of providing a language evaluation framework, providing templates for recommendations, providing a workflow for moving from just a suggestion into kind of actuating those ideas right and removing that language where it gets tricky and code is thinking about, thinking about, say a Kubernetes API. And in fact that we have API deprecation policies. And that's something that we have to if offensive language is in one of our APIs, we have to work through our deprecation policy to get that done. So lots of moving parts, I'm very excited about the overall effort. >> Yeah, I mean, your mind can explode if you just think about all the complications involved, but I think this is super important. I think the world has voted on this, I think it's pretty obvious and Priyanka, you hit some of the key top-line points, inclusive software. This is kind of the high order bit, but when you get down to it, it's hard as hell to do, because if you want to get ne new namings and/or changing namings accepted by the community and code owners, you're dealing with two things, a polarizing environment around the world today, and two, the hassles involved, which includes duplicate efforts. So you've got kind of a juggling act going on between two forces. So it's a hard problem. So how are you tackling this? Because it's certainly the right thing to do. There's no debate there. How do you make it happen? How do you go in without kind of blowing things up, if you will? And do it in a way that's elegant and clean and accept it. 'Cause that's the... end of the day, it's acceptance and putting it code owners. >> Absolutely. I think so, as you said, we live in a polarizing environment right now. Most of us here though know that this is the right thing to do. Team CloudNative is for everyone. And that is the biggest takeaway I hope people get from our work in this initiative. Open source belongs to everybody and it was built for the problems of today. That's why I've been working on this. Now, when it goes into actual execution, as you said, there are many moving parts, Stephen and the Kubernetes working group, is our shining example and a really good blueprint for many folks to utilize. In addition to that, we have to bring in diverse organizations. It's not just open source projects. It's not just companies. It's also standards organizations. It's also folks who think about language in books, who have literally done PhDs in this subject. And then there are folks who are really struggling through making the changes today and tomorrow and giving them hope and excitement. So that at the end of this journey, not only do you know you've done the right thing, but you'd be recognized for it. And more people will be encouraged by your own experience. So we and the LF have been thinking at it from a holistic perspective, let's bring in the standards bodies, let's bring in the vendors, let's bring in the open source projects, give them guidelines and blueprints that we are lucky that our projects are able to generate, combine it with learnings from other people, because many people are doing great work so that there is one cohesive place where people can go and learn from each other. Eventually, what we hope to do is also have like a recognition program so that it's like, hey, this open source project did this. They are now certified X or there's like an awards program. They're still figuring that piece out, but more to come on that space. That's my part. But Stephen can tell you about all the heavy lifting that they've been doing. >> Before we get to Steve, I just want to say congratulations to you. That's great leadership. And I think you're taking a pragmatic approach and you putting the stake in the ground. And that's the number one thing, and I want to take my hat off to you guys and Priyanka, thank you for that leadership. All right, Stephen, let's talk about how this gets done because you guys open sources is what it's all about is about the people, it's about building on the successes of others, standing on the shoulders of others, you guys are used to sitting in rooms now virtually and squabbling over things like, code reviews and you got governing bodies. This is not a new thing in collaboration. So this is also a collaboration test. What are you seeing as the playbook to get this going? Can you share your insights into what the Kubernetes group's doing and how you see this. What are the few first few steps you see happening? So people can either understand it, understand the context and get involved? >> So I think it comes down to a lot of it is scope, right? So as a new contributor, as a current contributor, maybe you are one of those language experts, that is interested in getting involved as a co-chair myself for SIG Release. A lot of the things that we do, we have to consider scope. If we make this change, how is it affecting an end user? And maybe you work in contributor experience. Maybe you work in release, maybe you work in architecture. But you may not have the entire scope that you need to make a change. So I think that first it's amazing to see all of the thought that has gone through making certain changes, like discussing master and slave, discussing how we name control plane members, doing the... having the discussion around a whitelist and blacklist. What's hard about it is, is when people start making those changes. We've already seen several instances of an invigorated contributor, and maybe the new contributor coming in and starting to kind of like search and replace words. And it... I wish it was that simple, it's a discussion that has to be heard, you need buy-in from the code owners, if it's an API that you're touching, it's a conversation that you need to have with the SIG Architecture, as well as say SIG Docs. If it's something that's happening in Release, then it's a easier 'cause you can come and talk to me, but, overall I think it's getting people to the point where they can clearly understand how a change affects the community. So we kind of in this language evaluation framework, we have this idea of like first, second and third order concerns. And as you go through those concerns, there are like diminishing impacts of potential harm that a piece of language might be causing to people. So first order concerns are the ones that we want to eliminate immediately. And the ones that we commonly hear this discussion framed around. So master-slave and whitelist, blacklist. So those are ones that we know that are kind of like on the track to be removed. The next portion of that it's kind of like understanding what it means to provide a recommendation and who actually approves the recommendation. Because this group is, we have several language aficionados in this group, but we are by now means experts. And we also want to make sure that we do not make decisions entirely for the community. So, discussing that workflow from a turning a recommendation into actuating a solution for that is something that we would also do with the steering committee. So Kubernetes kind of like top governing body. Making sure that the decision is made from the top level and kind of filtered out to all of the places where people may own code or documentation around it is I think is really the biggest thing. And having a framework to make it easy to make, do those evaluations, is what we've been craving and now have. >> Well, congratulations. That's awesome. I think it's always... it's easier said than done. I mean, it's a system when you have systems and code, it's like, there's always consequences in systems architecture, you know that you do in large scales OSS. You guys know what that means. And I think the low hanging fruit, obviously master, slave, blacklist, whitelist, that's just got to get done. I mean, to me, if that just doesn't get done, that's just like a stake in the ground that must happen. But I think this idea of it takes a village, kind of is a play here. People just buy into it. That so it's a little bit of a PR thing going on too, for get buy-in, this is again a classic, getting people on board, Priyanka, isn't it? It's the obvious and then there's like, okay, let's just do this. And then what's the framework? What's the process? What's the scope? >> Yeah, absolutely agree. And many people are midway through the journey. That's one of the big challenges. Some people are on different phases of the journey, and that was one of the big reasons we started this working group, because we want to be able to provide a place of conversation for people at different stages. So we get align now rather than a year later, where everybody has their own terms as replacements and nothing works. And maybe the downstream projects that are affected, like who knows, right? It can go pretty bad. And it's very complex and it's large-scale opensource or coasters, anywhere, large software. And so because team CloudNative belongs to everyone because open source belongs to everyone. We got up, get people on the same page. For those who are eager to learn more, as I said in my keynote, please do join the two sessions that we have planned. One is going to happen, which is about inclusive naming in general, it's an hour and a half session happening on Thursday. I'm pretty sure. And there we will talk about all the various artists who are involved. Everybody will have a seat at the table and we'll have documentation and a presentation to share on how we recommend the all move, move together as an ecosystem, and then second is a presentation by Celeste in the Kubernetes working group about how Kubernetes specifically has done naming. And I feel like Stephen, you and your peers have done such amazing work that many can benefit from it. >> Well, I think engineers, you got two things going to work in for you, which is one, it's a mission. And that's... There's certainly societal benefits for this code, code is for the people. Love that, that's always been the marching orders, but also engineers are efficient. If you have duplicate efforts. I mean, it's like you think about people just doing it on their own, why not do it now, do it together, more efficient, fixing bugs over stuff, you could have solved now. I mean, this is a huge issue. So totally believe it. I know we got to go, but I want to get the news and Priyanka, you guys had some new stuff coming out from the CNCF, new things, survey, certifications, all kinds of new reports. Give us the quick highlights on the news. >> Yes, absolutely. So much news. So many talking points. Well, and that's a good thing, why? Because the CloudNative Ecosystem is thriving. There is so many people doing so much awesome stuff that I have a lot to share with you. And what does that tell us about our spirit? It tells you about the spirit of resilience. You heard about that briefly in the conversation we just had with Stephen about our working group to align various parties and initiatives together, to bring inclusive naming to code. It's about resilience because we did not get demoralized. We did not say, "oh, it's a pandemic. I can't meet anyone. So this isn't happening." No, we kept going. And that is happening in inclusive naming that is happening in the CloudNative series we're doing, that's happening in the new members that are joining, as you may have seen Volcano Engine just joined as platinum member and that's super exciting. They come from China. They're part of the larger organization that builds Tik Tok, which is pretty cool as a frequent bruiser I can say that, in addition, on a more serious note, security is really key and as I was talking to someone just minutes ago, security is not something that's a fad. Security is something that as we keep innovating, as cloud native keeps being the ground zero, for all future innovation, it keeps evolving. The problems keep getting more complex and we have to keep solving them. So in that spirit, we in CNCF see it as our job, our duty, to enable the ecosystem to be better conversant in the security needs of our code. So to that end, we are launching the CKS program, which is a certification for our Kubernetes security specialist. And it's been in the works for awhile as many of you may know, and today we are able to accept registrations. So that's a really exciting piece of news, I recommend you go ahead and do that as part of the KubeCon registration folks have a discount to get started, and I think they should do it now because as I said, the security problems keep getting worse, keep getting more complicated. And this is a great baseline for folks to start when they are thinking about this. it's also a great boon for any company out there, whether they're end users, vendors, it's all sometimes a blurry line between the two, which is all healthy. Everybody needs developers who are security conversant I would say, and this certification help you helps you achieve that. So send all of your people to go take it. So that's sort of the announcements. Then other things I would like to share are as you go, sorry, were you saying something? >> No. Go ahead. >> No, as you know, we talked about the whole thing of team CloudNative is for everyone. Open source is for everyone And I'm really proud that CNCF has offered over 1000 diversity scholarships since 2016 to traditionally under-representing our marginalized groups. And I think that is so nice, and, but just the very, very beginning. As we grow into 2021, you will see more and more of these initiatives. Every member I talked to was so excited that we put our money where our mouth is, and we support people with scholarships, mentorships, and this is only going to grow. And it just so like at almost 17%, the CNCF mentors in our program are women. So for folks who are looking for that inspiration, for folks who want to see someone who looks like them in these places, they have more diverse people to look up to. And so overall, I think our DEI focus is something I'm very proud of and something you may hear about in other news items. And then finally, I would like to say is that CloudNative continues to grow. The cloud native wave is strong. The 2.0 for team CloudNative is going very well. For the CloudNative annual survey, 2020, we found an astonishing number of places where CloudNative technologies are in production. You heard some stories that I told in my keynote of people using multiple CNCF projects together. And these are amazing and users who have this running in production. So our ecosystem has matured. And today I can tell you that Kubernetes is used in production, by at about 83% of the places out there. And this is up by 5% from 78% last year. And just so much strength in this ecosystem. I mean, now at 92% of people are using containers. So at this point we are ubiquitous. And as you've heard from us in various times, our 70 plus project portfolio shows that we are the ground zero of innovation in cloud native. So if you asked me to summarize the news, it's number one, team CloudNative and open source is for everyone. Number two, we take pride in our diversity and over 1000 scholarships have been given out since 2016 to recipients from underrepresented groups. Number three, this is the home base for innovation with 83% of folks using Kubernetes in production and 70 plus projects that deliver a wide variety of support to enterprises as they modernize their software and utilize containers. >> Awesome. That was a great summary. First of all, you're a great host. You should be hosting theCUBE with us. Great keynote, love the virtual events that you guys have been doing, love the innovation. I think I would just say just from my perspective and being from there from the beginning is it's always been inclusive and the experience of the events and the community have been top-notch. People squabble, people talk, people have conversations, but at the end of the day, it is a great community and it's fun, memorable, and people are accepting, it's a great job. Stephen, good job as co-chair this year. Well done. Congratulations. >> Thank you very much. >> Okay. Thanks for coming on, I appreciate it. >> Take it easy. >> Okay, this is theCUBE virtual, we wish we were there in person, but we're not, we're remote. This is the virtual Cube. I'm John Furrier, your host. Thanks for watching. (upbeat music)

>>Ly from San Diego, California. It's the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back to San Diego. I'm Stewman and my cohost is Justin Warren. And coming back to our program, one of our cube alumni and be coach hair of this coupon cloud native con prion Lyles who is also a senior staff engineer at VMware. Brian, thanks so much for joining us. Thanks for having me on. And do you want to have a shout out of course to a Vicky Chung who is your coach hair. She has been doing a lot of work. She came to our studio ahead of it to do a preview and unfortunately she's supposed to be sitting here but a little under the weather. And we know there was nothing worse than, you know, doing travel and you know, fighting an illness. But she's a little sick today, but um, uh, she knows that we'll, we'll, we'll still handle it. Alright, so Brian, 12,000 people here in attendance. >>Uh, more keynotes than most of us can keep a track of. So, first of all, um, congratulations. Uh, things seem to be going well other than maybe, uh, choosing the one day of the year that it rained in, uh, you know, San Diego, uh, which we we can't necessarily plan for. Um, I'd love you to bring us a little bit insight as to some of the, the, the goals and the themes that, uh, you know, you and Vicki and the, the, the, the, the community we're, we're looking at for, for this coupon. So you're right, let's help thousand people and so many sponsors and so many ideas and so many projects, it's really hard to have a singular theme. But a few months ago we came up with was, well, if, if Kubernetes in this cloud software make us better or basically advances, then we can do more advanced things. >>And then our end users can be more advanced. And it was like a three pong thing. And if you look, go back and look at our keynotes, he would say, Hey, we're looking at our software. Hey, we're looking at an amazing things that we did, especially cat by that five G keynote yesterday. And the notice that we had, it was me talking about how we could look forward and then, and then notice we had in talking about security and then we had Walmart and target talking about how they're using it and, and that was all on purpose. It's trying to tell a story that people can go back and look at. Yeah, I liked the, the message that you were, you were trying to put out there around how we need to make Kubernetes a little bit easier, but how we need to change the way that we talk about it as well. >>So maybe you could, uh, fill us in a little bit more. Let's say, unfortunately, Kubernetes is not going to get an easier, um, that's like saying we wish Linux was easier to use. Um, Linux has a huge ABI and API interface. It's not going to get easier. So what we need to do is start doing what we did with Linux and Linux is the Colonel. Um, this should be some Wars happened over the years and you notice some distributions are easier to use. Another. So if you use the current fedora or you the current Ubuntu or even like mint, it's getting really easy to use. And I'm not suggesting that we need Kubernetes distributions. That's actually the furthest thing, but we do need to work on building our ecosystem on top of Kubernetes because I mentioned like CIS CD, um, observability security audit management and who knows what else we need to start thinking about those things as pretty much first-class items. >>Just as important as Kubernetes. Kubernetes is the Colonel. Yeah. Um, in the keynotes, there's, as you said, there's such a broad landscape here. Uh, uh, I've heard some horror stories that people like, Oh, Hey, where do I start? And they're like, Oh, here's the CNCF landscape. And they're like, um, I can't start there. There's too much there. Uh, you, you picked out and highlighted, um, some of the lesser known pieces. Uh, th there's some areas that are a little bit mature. What, what are some of the more exciting things that you've seen going on right now, your system and this ecosystem? >> Um, I'm not even gonna. I highlighted open policy agent as a, as an interesting product. I don't know if it's the right answer, actually. I kind of wish there was a competitor just so I could determine if it was the right answer. >>But things like OPA and then like open telemetry, um, two projects coming together and having even bigger goals. Uh, let's make a severability easy. What I would also like to see is a little bit more, more maturity and the workflow space. So, you know, the CII and CD space. And I know with Argo and flux merging to Argo flux, uh, that's very interesting. And just a little bit of a tidbit is that I, I also co-chair the CNCF SIG application delivery, uh, special interest group, but, uh, we're thinking about that, that space right there. So I would love to see more in the workflow space, but then also I would like to see more security tools and not just old school check, check, check, but, um, think about what Aqua security is doing. And I'm, I don't know if they're now Snick or S, I don't know how to say it, but, um, there's, there's companies out there rethinking security. >>Let's do that. Yeah. I spoke to Snick a couple of days ago and it's, I'm pretty sure it's sneak. Apparently it stands for, so now you know, which that was news to me that, so now I know interesting. But they have a lot of good projects coming up. Yeah. You mentioned that the ecosystem and that you like that there's competitors for particular projects to kind of explore which way is the right way of doing things. We have a lot of exhibitors here and we have a lot of competitors out there trying to come into this ecosystem. It seems to actually be growing even bigger. Are we going to see a period of consolidation where some of these competing options, we decided that actually no, we don't want to use that. We want to go over here. I mean according to crossing the chasm, yes, but we need to figure out where we are on the maturity chart for, for the whole ecosystem. >>So I think in a healthy, healthy ecosystem, people don't succeed and products go away, but then what we see is in maybe six months or a year or two later, those same founders are out there creating new products. So not everyone's going to win on their first shot. So I think that's fine because, you know, we've all had failures in the past, but we're still better for those failures. Yeah, I've heard it described as a kind of Cambridge and explosion at the moment. So hopefully we don't get an asteroid that comes in and, uh, and hopefully it is out cause yeah. Um, one of the things really, really noticed is, uh, if you went back a year or even two years ago, we were talking about very much the infrastructure, the building blocks of what we had. Uh, I really noticed front and center, especially in the keynote here, talking a lot about the workload. >>You're talking about the application. We're talking about, uh, you know, much more up the stack and uh, from kind of that application, uh, uh, piece down, even, uh, some friends of mine that were new to this ecosystem was like, I don't understand what language they're talking. I'm like, well, they're talking to the app devs. That's why, you know, they're not speaking to you. Is that, was that intentional? >> Well, I mean for me it is because I like to speak to the app devs and I realized that infrastructure comes and goes. I've been doing this for decades now and I've seen the rise of Cisco as, as a networking platform and I've seen their ups and downs. I've worked in security. But what I know is fundamentals are, are just that. And I would like to speak to the developers now because we need to get back to the developers because they create the value. >>I mean the only people who win at selling via our selling Kubernetes are vendors of Kubernetes. So, you know, I work for one and then there's the clouds and then there's other companies as well. So the thing that stays constant are people are building applications and ultimately if Kubernetes and the cloud native landscape can't take care of those application developers remember happened, remember, um, OpenStack, and not in like a negative way, but remember OpenStack, it got to be so hard that people couldn't even focus on what gave value. >> Unlike obvious fact leaves on it. It's still being used a lot in, in service providers and so on. So technology never really goes away completely. It just may fade off and live in a corner and then we move on to whatever's the next newest and greatest thing and then end up reinventing ourselves and having to do all of the same problems again. >>It feels a little bit like that with sometimes the Kubernetes way where haven't we already sold this? Linux is still here, Linux is still, and Linux is still growing. I mean Linux is over Virgin five right now and Linux is adapting and bringing in new things in a Colonel and moving things out to the user land. Kubernetes needs to figure out how to do that as well. Yeah, no Brian, I think it's a great point. You know, I'm an infrastructure guy and we know the only reason infrastructure exists is to serve up that application. What Matt managed to the business, my application, my data. Um, you and your team have some open source projects that you're involved in. Maybe give us a little bit about right? So oxen is a, so let me tell you the quick story. Joe Beda and I talked about how do we approach developers where they are. >>And one thing came up really early in that conversation was, well, why don't we just tell developers where things are broken? So come to find out using Kubernetes object model and a little bit of computer science, like just a tiny little bit. You can actually build this graph where everything is connected and then all you need to do then is determine if for any type of object, is it working or is it not working? So now look at this. Now I can actually show you what's broken and what's not broken. And what makes octane a little bit different is that we also wrapped it with a dashboard that shows everything inside of a Kubernetes cluster. And then we made it extensible. And just, just a crazy thing. I made a plugin API one weekend because I'm like, Oh, that would be kind of cool. And just at this conference alone, nine to 10 people to walk up to me and said, Oh, um, we use oxygen and we use your plugin system. >>And now we've done things that I can't imagine, and I think I might've said this, I know I've said it somewhere recently, but the hallmark of a good platform is when people start creating things you could never imagine on it. And that's what Linux did. That's what Kubernetes is doing. And octane is doing it in the small right now. So kudos to me and me really and my team that's really exciting. So fry, Oakton, Coobernetti's and Tansu both are seven sided. Uh, was, was that, that, that uh, uh, moving to, uh, to, to eight, uh, so no marketing. Okay. And I don't profess to understand what marketing is. Someone just named it. And I said, you know what, I'm a developer. I don't really mind w as long as you can call it something, that's fine. I do like the idea that we should evolve the number of platonic solids. >>There's another answer too. So if you think about what seven is, it, um, people were thinking ahead and said, well, someone could actually take that and use it as another connotation. So I was like, all right, we'll just get out of that. That's why it's called octane, but still nautical theme. Okay, great. Brian. So much going on. You know, even outside of this facility, there's things going on. Uh, any hidden gems that just the, you know, our audience that's watching or people that we'll look back at this event and say, Hey, you know, here's some cool little things there. I mean, they hit the Twitters, I'm sure they'll see the therapy dogs and whatnot, but you know, for the people geeking out, some of those hidden gems that you'd want to share. Um, some of the hidden gems or I'll, I'll throw up to, um, watch what these end-user companies are doing and watch what, like the advanced companies like Walmart and target and capital one are doing. >>I just think there's a lot of lessons to be learned and think about this. They have a crazy amount of money. They're actually investing time in this. It might be a good idea. And other hidden gyms are, are companies that are embracing the, the extension model of Kubernetes through custom resource definitions and building things. So the other day I had the tests on, on the stage, and they're not the only example of this, but running my sequel and Coobernetti's and it pretty much works all well, let's see what we can run with this. So I think that there's going to be a lot more companies that are going to invest in this space and, and, and actually deliver on these types of products. And, and I think that's a very interesting space. Yeah. We, we spoke to Bloomberg just before and uh, we talked to the tests, we spoke to Subaru from the test yesterday. >>Uh, seeing how people are using Kubernetes to build these systems, which can then be built upon themselves. Right. I think that's, that's probably for me, one of the more interesting things is that we end up with a platform and then we build more platforms on top of it. But we, we're creating these higher levels of abstraction, which actually gets us closer to just being able to do the work that we want to do as developers. I don't need to think about how all of the internals work, which again to your keynote today is like, I don't want to write machine code and I just want to solve this sort of business problem. If we can embed that into the, into this ecosystem, then it just makes everyone's lives much, much easier. So you basically, that is my secret. I'm really, I know people hate it for attractions and they say they will, but no one hates an abstraction. >>You don't actually turn the crank in your motor to make the car run. You press the accelerator and it goes. Yeah. Um, so we need to figure out the correct attractions and we do that through iteration and failure, but I'm liking that people are pushing the boundaries and uh, like Joe beta and Kelsey Hightower said is that Kubernetes is a platform of platforms. It is basically an API for writing API APIs. Let's take advantage of that and write API APIs. All right. Well, Brian, thank you. Thank Vicky. Uh, please, uh, you know, share, congratulations to the team for everything done here. And while you might be stepping down as, or we do hope you'll come and join us back on the cube at a future event. No, I enjoyed talking to you all, so thank you. Alright, thanks so much Brian for Justin Warren we'll be back with more of our water wall coverage. CubeCon cloud native con here in San Diego. Thanks for watching the queue.

>> Announcer: Live from San Diego, California, it's theCUBE, covering KubeCon + CloudNativeCon. Brought to you by Red Hat, the Cloud Native Computing Foundation and its ecosystem partners. >> Welcome to the third day of wall-to-wall coverage here at Kubecon + CloudNativeCon 2019 in San Diego. I am your host for the three days of coverage, Stu Miniman. Joining me this morning is Justin Warren. And happy to welcome back to the program, Erin Boyd who's a senior principal software engineer at Red Hat. Erin, thanks so much for joining us. >> Thanks for having me. >> All right, so we had a chance to catch up in Barcelona on theCUBE there. Storage is definitely one of the faster moving areas of this ecosystem over the last two years. Why don't we start with, really, the event? So, you know, as I said, we're in day three but day zero there were a whole lot of things we had. Some of your peers at Red Hat have talked about OpenShift Commons, but storage, to my understanding had a couple of things going on. Why don't you share with our audience a little bit of that? >> Sure, so we had a SIG face-to-face for Kubernetes, it was probably one of the best attended. We had to cap the number of attendees, so about 60 different people came to talk about the future of Kubernetes in storage, and what we need to be doing to meet our customers' needs. In conjunction with that, there was a parallel session called CNS Days, which is Container Native Storage Days. That event is very customer focused, so I really enjoyed bouncing between the two of them. To go from the hypothetical, programming, architecture view, straight to what customers in the enterprise are looking at and doing, and what their real needs are. >> So from that SIG, can you actually share a little bit of where we are, where some of the requests are? We know storage is never one way to fix it, there's been some debates, there's a couple different ways to do... I mean, traditional storage, you've got block, file, and object. Cloud storage, there are more options in cloud storage today than there was, if I was to configure a server, or buy a storage array in my own data center. So where are we, what are those asks? What's on the roadmap there? >> Right, so I think for the past five years, we've been really focused on being mindful of what APIs are common across all the vendors. I think we want to ensure that we're not excluding any vendors from being part of this ecosystem. And so, with that, we've created the basis of things like persistent volumes, persistent volumes claims, storage classes to automate that, storage quotas to be able to have management and control over it. So I think now we're looking to the next evolution of... As the model's maturing, and people are actually running stateful applications on Kubernetes, we need to be addressing their needs. So things like snapshotting, eventually volume cloning, which has just gone in, and migrating. All these type of things that exist within the data plane are going to be the next evolution of things we look at in the SIG. >> Yeah, so one criticism that's been mentioned about Kubernetes a few times, that one, it's a bit complicated. But also, it didn't really deal that well with stateful sets. Stateful data management has always been, it's been a little bit lacking. That seems to have pretty much been sorted out now. As you mentioned, there's a lot more work being done on storage operators. But you're talking about some of these data management features that operators from other paradigms are kind of used to being there. When you're thinking about moving workloads to Kubernetes, or putting in new workloads on Kubernetes, if you're unsure about, "Well, will I be able to operate this in the same way that I did things before?" How do you think people should be thinking about those kind of data services in Kubernetes? >> So I think it's great that you mentioned operators. Because that was one of the key things when Rook came into the landscape, to be able to lower the complexity of taking something that requires physical storage and compute, geography, node selection. All those things, it helped people who were used to just the cloud model. I create a PVC, it's a request for storage, Amazon magically fulfills it. I don't know what's backing it. To be able to take these more complex storage systems and deploy them within the ecosystem, it also does a good job supporting our Brownfield customers, because not every customer that's coming to Kubernetes is green. So it's important that we understand that some customers want to keep their data on-prem, maybe burst to the cloud to leverage those services, but then keep their data close to home. So operators help facilitate that. >> Yeah, Erin, I hesitate a little bit to ask this, but I'm wondering if you can do a little compare, contrast for us, for what the industry had done back in OpenStack days? When I looked at storage, every traditional storage company certified their environment for OpenStack. On a storage standpoint, it feels like a different story to me when I hear about the ecosystem of operators in OpenStack. So I know you know this space, so maybe you can give us a little bit of what we learned in the past. What's similar, what's different? >> Right, well I think one of the benefits is we have a lot of the same key players. As you may know, OpenShift has pivoted from Gluster to Ceph, Ceph being the major backer of OpenStack. So we're able to take some of that technical debt, and learn our lessons from things we could improve, and apply those things within Kubernetes. I just think that it's a little slower migration, because in OpenStack, like you said, we had certification, there were different drivers. And we're trying to learn from, maybe, I wouldn't even call those mistakes, but, how can we better automate this? What can we do from an operational perspective to make it easier? >> Well I think because one of the... It felt like we were kind of taking some older models and... I'm testing it, I'm adding it. The ecosystem for operators here is different. Many of these, we're talking very much software-driven solutions. It's built for container architectures, so it's understandable that it might take a little bit longer because it's a different paradigm. >> Right, well, and I think the certification kind of... It wasn't an inhibitor but it certainly took a lot of time. And I think our take was on... We used to have all the storage providers be entry providers within Kubernetes. And with CSI, we have since started to redo the plugins and the sidecars, and move that out of core. So then the certification kind of falls outside of that instead of being more tightly wound into the platform. And I think it will allow us to have a lot more flexibility. Instead of waiting on each release, vendors can create operators, certify them themselves, have them in their own CSI driver, and move at the pace that they need to move. >> So how do you balance that need for Kubernetes to be a common operating platform that people can build on with each vendor's desire to provide their own unique capabilities that they think that they do particularly well? That's why they charge the money that they do, because they think that theirs is the best storage ever. How do you balance that tension between the need for a standard platform and to make it interoperable, but still allowing the flexibility for people to have their own kind of innovation in there? >> So when we created the storage class, for instance, to be able to create a service level over storage, to be able to provide the provisioner that we're going to use, we made the specification of that section completely opaque. And what that allowed us to do is that when vendors wrote their provisioners and now their CSI drivers, allowed them to feed in different attributes of the storage that they want to leverage, that don't necessarily have to be in core Kubernetes. So it provided a huge amount of flexibility on that. The other side of that, though, is, the feeback we get from real users is "I need backup and recovery, and I need DR, and I need that across the platform." So I really think as we look to scale this out, we have to be looking at the commonalities between all storage and bringing those APIs into Kubernetes. >> One of the things I've really liked to see in this ecosystem over the last year or so, and really highlighted at this show, we're talking a lot more about workloads and applications and how those... What works today and where we're growing. Can you speak a little bit from your world as to where we are, what's working great, what customers are deploying, and a little bit, the road map of where we still need to go? >> Sure, I think workloads are key. I mean, I think that we have to focus on the actual end-to-end delivery of that, and so we have to figure out a way that we can make the data more agile, and create interfaces to really enable that, because it's very unlikely that an enterprise company is going to rely on one cloud or stay with one cloud, or want their data in one cloud. They're going to want to have the flexibility to leverage that. So as we enable those workloads, some are very complex. We started with, "Hey, I just want to containerize my application and get it running. Now I want to have some sort of state, which is persistent storage, and now I want to be able to scale that out across n number of clusters." That's where the workloads become really important. And long term, where we need policy to automate that. My pod goes down, I restart it, it needs to know that because of, maybe, the data that that workload's producing, it can only stay in this geographical region. >> Yeah, we talk about multicloud. You mentioned data protection, data protection is something I need to do across the board. Security is something I need to do across the board. My automation needs to take all that into account. How's Red Hat helping customers get their arms around that challenge? >> Yeah, so I think Red Hat really does take a holistic view in making sure that we provide a very consistent, secure platform. I think that's one of the things that you see when you come on to OpenShift, for instance, or OKR, that you're seeing security tightened a little bit more, to ensure that you're running in the best possible way that you can, to protect your data. And then, the use of Rook Ceph, for instance, Ceph provides that universal backplane, where if you're going to have encryption or anything like that, you know it's going to be the same across that. >> It sounds like there's an opportunity here for people new to Kubernetes who have been doing things in a previous way. There's a little bit of reticence from this community to understand enterprise, they're like, "Well, actually, you're kind of doing it wrong. It's slow and inflexible." There's actually a lot of lessons that we've learned in enterprise, particularly around these workloads. Having security, having backup in DR. In the keynote this morning, there was a lot of discussion about the security that either is in Kubernetes, and some parts it's kind of lacking. I think there's a lot that both of these communities can learn from each other, so I'm seeing a lot of moves of late to be a little bit more welcoming to some people who are coming to Kubernetes from other ecosystems. To be able to bring the ideas that they have that... We've already learned these lessons before, we can take some of that knowledge and bring it into Kubernetes to help us to do that better. Do you see Red Hat bringing a lot of that expereience in its work... Red Hat's been around for quite some time now, so you've done a lot of this already. Are you bringing all of that knowledge into Kubernetes and sharing it with the ecosystem? >> Absolutley, and just like Stu pointed out, I mean, OpenStack was a big part of our evolution, and security within RHEL, and I think we absolutely should take those lessons learned and look to how we do protect our customers' data, and make sure that the platform, Kubernetes itself and as we evolve OpenShift, can provide that, and ways that we can certify that. >> Erin, you're meeting with a lot of customers. You were talking about the Day Zero thing. What's top of mind for your customers? We talk about, that Kubernetes has crossed the chasm but to get the vast majority, there's still lots of work to do. We need to, as an industry, make things simpler. What's working well, and what are some of the challenges from the customers that you've talked to? >> So I think, if you walk in, across the hall, and you see how many vendors are there, it's trying to get a handle on what I should even be doing. And as the co-lead of the CNCF Storage SIG, I think that's one of the initiatives that we take very seriously. So in addition to a storage whitepaper, we've been working on use cases that define, when should I use a data store? When should I use object? Why would I want to use file? And then really taking these real-world examples, creating use cases and actual implementations so someone can, "Oh, that's similar to my workload." Here are some tools to accelerate understanding how to get that set up. And also creating those guard rails from an architectural standpoint. You don't want to go down this path, that's not right for your workload. So we're hoping to at least provide an education around containerized storage that'll help customers. >> Yeah, I'm just curious. I think back ten years ago, I was working for a large storage company. We were having some of these same conversations. So is it very different now in the containerized, multicloud world? Or are some of the basic decision tree discussions around block, file, and object and application the same as we might have been having a decade ago? >> I think we're starting to just touch on those, and I'm glad that you brought up object. That was one of the things I talked about in Barcelona, and we actually talked about at the face-to-face. To me, it's kind of the missing piece of storage today in Kubernetes, and I think we're finally starting to see that more customers are asking for that and realizing that's an important workload to be able to support at its core. So I think, yes, we're having the same conversations again, but certainly in a different context. >> Yeah, I mean, back in the day, it was, the future is object but we don't know how we'd get there. If you look behind the scenes in most public clouds, object's running a lot of what's there. All right, Erin, I want to give you the final word. KubeCon 2019, from that storage perspective. What should people watching take away? >> That we're only beginning with storage, yeah. We still have a lot of work to do, but I think it's a wonderful community and vibrant, and I think there'll be a lot of changes in the coming years. >> All right. Well, definitely a vibrant ecosystem. Erin, thank you so much for all the updates. We'll be back with more coverage here, for Justin Warren. I'm Stu Miniman. Thank you for watching theCUBE. (techno music)

>>Live from Barcelona, Spain, execute covering CubeCon cloud native con Europe, 2019 onto you by red hat, the cloud native computing foundation and ecosystem partners. >>Welcome back. We're here in Barcelona, Spain where 7,700 attendees are here for Q con cloud native con. I'm Stu Miniman and this is the cubes live two day coverage having to have on the program to returning guests to talk about five years of Kubernetes. To my right is Tim Hawkin wearing the Barna contributors shirt. Uh, and uh, sitting to his right is gay Bon Roy. So, uh, I didn't introduce their titles and companies, but you know, so Tim's and Google gives it Microsoft, uh, but you know, heavily involvement in uh, you know, Coobernetti's since the very early days. I mean, you know, Tim, you're, you're on the Wikipedia page game, you know, I think we have to do some re editing to make sure we get the community expanded in some of the major contributors and get you on there. But gentlemen, thanks so much for joining us. Thanks for having us. >>Alright. Uh, so, you know, Tim just spoke to Joe Beda and we talked about, you know, the, the, the idea of, you know, Craig and Brendan and him sitting in the room and, you know, open source and, you know, really bringing this out there to community. But let's start with you. Cause he, you know, uh, I remember back many times in my career like, Oh, I read this phenomenal paper about Google. You know, we're going to spend the next decade, you know, figuring out the ripple effect of this technology. Um, you know, Coobernetti's has in five years had a major impact on, on what we're doing. Uh, it gives a little bit of your insight is to, you know, what you've seen from those early days, you know. >>Yeah. You know, um, in the early days we had the same conversations we produced. These papers are, you know, seminal in the industry. Um, and then we sort of don't follow up on them sometimes as Google. Um, we didn't want this to be that, right. We wanted this to be alive living thing with a real community. Uh, that took root in a different way than MapReduce, Hadoop sort of situation. Um, so that was very much front of mind as we work through what are we going to build, how are we going to build and how are we going to manage it? How are we going to build a community? How, how do you get people involved? How do you find folks like Gaiman and Deus and get them to say we're in, we want to be a part of this. >>All right, so Gabe, it was actually Joe corrected me when I said, well, Google started it and they pulled in some other like-minded vendors. Like he said, no, no stew. We didn't pull vendors in. We pulled in people and people that believed in the project and the vision, you were one of those people that got pulled in early. He were, you know, so help give us a little context in your, your viewpoint. I did. And, and, and you know, at the time I was working for a company, uh, called, uh, that I had started and we were out there trying to make developers more productive in industry using modern technology like containers. And you know, it was through the process of trying to solve problems for customers, sort of the lens that I was bringing, uh, to this where, um, I was introduced to some really novel technology approaches first through Docker. >>Uh, and you know, I was close with Solomon hikes, the, the founder over there. Uh, and then, you know, started to work closely with folks at Google, uh, namely Brendon burns, who I now work with at Microsoft. Um, you know, part of the, the founding Kubernetes team. Uh, and I, I agree with that statement that it is really about people. It's really about individual connections at the end of the day. Um, I think we do these things that at these coupons, uh, events called the contributor summits. And it's very interesting because when folks land at one of these summits, it's not about who you work for, what Jersey you're wearing, that sort of thing. It's people talking to people, trying to solve technical problems, trying to solve organizational challenges. Uh, and I think, you know, the, the phenomenon that's happened there and the scale with which that's happened is part of the reason why there's 8,000 people here in Barcelona today. >>Yeah. It's interesting to him cause you know, I used to be involved in some standards work and I've been, you know, working with the open source community for about 20 years. It used to be ah, you know, it was the side project that people did at nights and everything like that. Today a lot of the people that are contributing, well they do have a full time job and their job will either let them or asking them to do that. So I do talk to people here that when they're involved in the working groups, when they're doing these things, yes. You think about who their paycheck comes for, but that's secondary to what they're doing as part of the community. And it is, you know, some of the people what, what >>absolutely. It's part of the ethos of the project that the project comes first and if company comes second or maybe even third. Uh, and for the most part, this has been wildly successful. Uh, there's this huge base of trust among, uh, among the leadership and among the contributors. Um, and you know, it's, it's a big enough project now that I don't know every one of the contributors, but we have this web of trust. And, you know, I, I have this, this army of people that I know and I trust very well and they know people and they know people and it works out that the project has been wildly successful and we've never yet had a major conflict or strife that centered on company this or company that. >>Yeah. And I don't, I'd also add that it's an important development has happened in the wake of Kubernetes where, you know, for example, in my teams at Microsoft, I actually have dedicated PM and engineering staff where their only job is to focus on community engagements, right? Running the release team for communities one 15 or working on IPV six support or windows container support. Uh, and, and that work, that upstream work, uh, puts folks in contact with people from all different companies, Google, uh, uh, you know, Microsoft working closely together on countless initiatives. Uh, and the same is true really for the entire community. So I think it's really great to see that you can get not just sort of the interpersonal interactions. We can also get sort of corporate sponsorship of that model. Cause I do think at the end of the day people need to get their paychecks. Uh, and oftentimes that's going to come from a big company. Uh, and, and seeing that level of investment is, I think, uh, pretty encouraging. Okay. Well, you know, luckily five years in we've solved all the problems and everything works perfectly. Um, if that's not maybe the case, where do we need people involved? What things should we be looking at? Kind of the, the, the next year or two in this space, you know, a project >>of this size, a community of this size, a system of this scope has infinite work to do, right? The, the, the barrel is never going to be empty. Um, and in some cases it's filling faster than it's draining. Um, every special interest group, every SIG, it has a backlog of issues of things that they would like to see fixed of features that they have some user pounding the table saying, I need this thing to work. Uh, IPV six is a great example, right? And, and we have people now stepping up to take on these big issues because they have customers who need it or they see it as important foundational work for building future stuff. Um, so, you know, there's, there's no shortage of work to do. That's not just engineering work though, right? It's not just product definition or API. We have a, what we call a contributor experience. People who work with our community to entre online, uh, new contributors and um, and, and streamline how to get them in and involved in documentation and testing and release engineering. And there's so much sort of non-core work. Uh, I could go on on this for. >>Yeah, you're just reminding me of the session this morning is I don't manage clusters. I manage fleets. And you have the same challenge with the people. Yeah. And I also had another dimension to this about just the breadth of contribution. We were just talking before the show that, um, you know, outside at the logo there is this, uh, you know, characters, book characters, and such. And really that came from a children's book that was created to demonstrate core concepts, uh, to developers who were new to Kubernetes. And it ended up taking off and it was eventually donated to the CNCF. Um, but things like that, you can't underestimate the importance and impact that that can have on making sure that Kubernetes is accessible to a really broad audience. Okay. Uh, yeah, look, I want to give you both a, just the, the, the final word as to w what you shout out, you one for the community and uh, yeah. And any special things that have surprised you or exciting you? Uh, you know, here in 2019, >>uh, you know, exciting is being here. If you rewind five years and tell me I'm going to in Barcelona with with 7,500 of my best friends, uh, I would think you are crazy or are from Mars. Um, this is amazing. And uh, I thank everybody who's here, who's made this thing possible. We have a ton of work to do. Uh, and if you feel like you can't figure out what you need to work on, come talk to me and we'll, we'll figure it out. >>Yeah. And for me, I just want to give a big thank you to all the maintainers folks like Tim, but also, you know, some other folks who, you know, may, you may not know their name but they're the ones slogging it out and to get hub PRQ you know, trying to just make the project work and function day to day and were it not for their ongoing efforts, we wouldn't have any of this. So thank you to that. Well and look, thank you. Of course, to the community and thank you both for sharing with our community. We're always happy to be a small piece of a, you know, helping to spread the word and uh, give some voice to everything that's going on here. Thank you so much. All right, so we will be back with more coverage here from coupon cloud native con 2019 on Stu Miniman and thank you for watching the cube.

>> Live from Barcelona, Spain it's theCUBE. Covering KubeCon + CloudNativeCon Europe 2019. Brought to you by Red Hat, the Cloud Native Computing Foundation and ecosystem partners. >> Welcome back to theCUBE here in Barcelona, Spain at the Fira, it's KubeCon + CloudNativeCon 2019. I'm Stu Miniman and my co-hosts for two days of live wall-to-wall coverage is Corey Quinn. Joining us back, we have two CUBE alums, Liz Rice, right to my right here who is a Technology Evangelist with Aqua security. Liz, thank you so much welcome back. >> Pleasure to be here. >> And Jeff Brewer, Vice President and Chief Architect, Small Business & Self-Employed Group, of Intuit. A CUBE alum since a few hours ago this morning. >> Yes, yes, thank you. >> Jeff, welcome back. >> Thank you. >> So, we've got you back with a different hat. Everybody in our industry can definitely recognize we wear lots of different hats we have lots of jobs thrown at us. Both of you are in the Technical Oversight Committee and Liz is not only a member but also the Chairperson, President. (people laughing) >> President is definitely a promotion. But, yeah, I'm Chair of the committee. >> Maybe, as it's known, the TOC. Liz, before we get there, your shirt says +1 binding. You have to explain for us and did not get a preview before the interview, so we'll see where this goes. >> It's one of the perks of being on the TOC. When we have something that comes to a vote we want to get input from the community so we ask anyone in the community to vote. But unless you're a member of the TOC your vote is non-binding. As a member of the committee, we have binding votes. And the traditional thing you write on the voting email is +1 binding. So, it's a nice surprise to get a t-shirt when I joined the TOC. >> Very nice. Can you just give us, our audience, that might not be familiar with the TOC, give us some of the key things about it. >> It's the Technical Oversight Committee for the CNCF. We are, really, the technical curation of the projects that come in to the CNCF. Which projects will get support and at what level because we have the sandbox experimentation stage then incubation and then finally graduation for the really established and kind of, de-risked projects. So, we're really evaluating the projects and kind of making a decision collaboratively on which ones we want the CNCF to support. >> All right. So Jeff, we had a great conversation with you about Intuit's cloud journey. Tell us how you got involved in the TOC. We always love the end users, not just using but participating in and helping to give some governance over what the community is doing. >> Yeah, so, about a year and a half ago we made a decision to acquire a small company called Applatix. Who was, actually, already in the end user community. And also contributors as well. Through that acquisition, I was part of that acquisition, I led that acquisition from the Intuit side and really got excited about the Kubernetes and the KubeCon story overall. Through the Kubernetes experts, I met them at a KubeCon and they introduced me to a whole lot more of the community. Just through some overall partnerships with AWS and also spending a lot of time with end-users that's how I really got to know the community a little bit. And then, was voted onto the CNCF as an end user representative in January. >> Wonderful. As far as you're concerned, as you go through this, do you find it challenging at times to separate your roles professionally from working for a large company, to whom many things matter incredibly. Again, as mentioned earlier, I am one of your customers. I care very much about technical excellence, coming out of Intuit, versus your involvement with the larger project. >> Yeah, so like most people in technology companies I'm extremely busy and I would love to spend, I would love to clone myself and spend more (laughing) more time. >> Everybody wants to submit a client project to the TOC we will prioritize that one. >> Exactly, exactly. >> The way I really balance it is that I make an explicit time carve out for those two activities. And most importantly, I attend the meetings. The TOC meetings that we have, those are extremely important. We get a lot of project reviews in those meetings. Liz chairs those meetings. That's where I always make sure that my schedule is cleared for that. >> Taking it, I guess, one step further. Do you find it challenging at all to separate out, in fact, when you're making decisions and making votes, for example, that are presumably binding, +1 binding as we've learned now, is the terminology. Do you find that you are often pulled between trying to advocate for your company and advocating for the community or are they invariably aligned in your mind? >> I mean, my job's the easiest because I come from an end user. So what I use and what I consume is likely what the community at large. There might be some niches and stuff like that. But I usually don't have that conflict. I don't know, as more of a vendor, you might have more of a conflict. >> It's something that I have be conscious of. I just try to mentally separate. I have a role with a company that pays my salary but when I'm doing open-source things if I feel conflicted about. This hasn't really come up yet, but if I do feel that there's some kind of conflict of interest I will always recuse myself. Actually, in my previous role, as the Co-Chair for the Program Committee for the KubeCon and CloudNativeCon Conference, on a couple of occasions we had competitors submit, and I would always just step back from those. Because it's the right thing to do. >> All right. So Liz, there's quite a few projects now, under the umbrella of CNCF. If I've go it right, it was like, 38 different ones. When Brian went on the stage this morning, 16 in the sandbox, 16 incubating and six have graduated now. How do you manage that? You know, there's some in the community they're like, oh my gosh, reminds us of like, big tent, from some initiatives. Some other things here, how much is too much? How do you balance that and what's the input of the TOC? >> Yeah, so one of the things that we're doing with the TOC is we've just established a thing called the SIGs, the special interest groups. Very much following the same model of Kubernetes SIGs. But the idea here is that we can, kind of formalize getting experts in the community to help us with particular kind of areas. So, we've already got a storage and security SIG set up. We expect there will be probably four to six more coming on board during the year. And that helps us with things like the project reviews and the due diligence to just be able to say, we would really appreciate some help. Those groups are also really enthusiastic about kind of sharing knowledge in the form of things like white papers. I think it will be really important for end-users to be able to navigate their way around these projects. Quite often there is more than one solution for a particular thing. And being able to, in a non-vendor way, in a neutral way, express why project X is good in one circumstance and project Y would be better in a different environment. There's work to be done there and I'm hoping to see that come out. >> This is one of my passions as the end user representative, is that trail map or that road map. That's one of the reasons why we really have invested at Intuit, in the Kubernetes technology and the Cloud Native technology. We didn't just roll them out as is. We actually curate them and create, really, a paved road for our developers to navigate that space. >> Yeah, and as we heard from your story it's not always, well, if there's some overlap you use SDO and Hellman. >> Yeah. >> That there's a fit for both of those in your environment, right. >> Yeah. >> From a, I guess, an end user perspective is there a waiting difference between someone like Intuit and someone like Twitter for pets, where there's a slight revenue scale, a slight revenue difference, like scale difference, like everything difference. >> Yes. >> Certainly, there is. I think that, but that's one of the beautiful things about the Cloud Native technologies. You can consume what you need and what you want, right. It's not one size fits all. A lot of people talk about, oh, there's a paradox of choice, there's so many projects, right. Actually, that's a benefit. Really, all you need is that road map to navigate your way through that, rather than just adopting a paved road that might not work for everybody. >> It almost feels, to some extent, almost like the AWS Service Catalog. Whenever you wind up looking at all the things they offer. It feels like going out to eat at the Cheesecake Factory. Where there is 80 pages of menu to flip through with some advertisements, great. And reminding yourself, at time, that they are not Pokemon, you do not need to catch them all. It's, sometimes, a necessary step, as you start to contextualize this. >> That's one of the great things about having over 80 members in the end user is. You can find a buddy, you can find a company like you. Talk to them, get connected with them and figure out what they're doing and learn from them. The community is broad enough to be able to do that. >> All right, so Liz, let's talk about security. >> Okay. (people laughing) >> You said there's a SIG that started up. Where are we, how are things going and you can you share about where we're going in the near future? >> The SIG came together from a group of people who really wanted to make it easier for end-users to roll out their Cloud Native stacks in a secure fashion. We don't always, as a community, speak the same language about security, we don't always have the most secure settings by default. They really came together around this common interest of just making it easier for people to secure. I think a big part of that will be looking at how the different projects, are they applying best practices from a security perspective? Is there more they should do to document how to operate their particular project more securely? I think that whole initiative and that group of people who've come together for SIG security, I'm so impressed and so pleased that they have come together with that enthusiasm to help on that front. >> Any commentary on what you're seeing in this space? >> Yeah, so as an almost, a fintech company, with a lot of fintech and, you know, we're not quite a bank, but we have a lot of the same security and compliance things. That SIG is so, so important to us. And having a roadmap. I found a education is really, really a big part of it of the security experts, right. Because this is somewhat newer technology. Even though it's been in use at Google for a long time the regulator's, the compliance people, don't totally understand it, right. So you have to have a way to explain to them what's going on. So things like, open policy agent, something that we've adopted, helps us explain what's going on in our system. Once they get it, they're like, this is awesome and our end users can now, really, our end users, meaning the people that use QuickBooks and TurboTax can really trust that we have those guardrails in place. >> At Aqua, it's a huge concern from a lot of our customers. Many of whom, coming from that kind of finance industry. That they're coming to us and saying, well, how can I be PCI compliant or GDPR. How do I manage these requirements with my container based stack, with my Cloud Native stack. That's why there is this huge ecosystem quite a lot of effort around security, compliance, policy. >> It feels very much like it's two problems rolled into one. First, how do you make sure that data is secure in these things? Secondly, how do you effectively and responsibly communicate that to a regulator, who expects to be taken on a tour of a data center when they show up on site? (people laughing) I checked, they won't let you. >> There are definitely two sets of security people in my experience. There are a set of people who care about how will I get attacked. How will breaches happen. And there are other people who go, I have a checklist and I need to check the boxes in the checklist, tell me how. Sometimes those two things overlap, but not always. >> All right, Liz, lot of updates, as always. Jeff, I really appreciate your commentary there. Well, there's the paradox of choice but we have a lot of customers out there and therefore we do. (people chuckling) Any highlights you want to share with our audience? >> I think one thing that happens every year is we see more. Well, we saw Kubernetes graduate, I think, early last year, end of the previous year. Now we've got six projects into graduation. From my perspective, that says something about how mature this whole set of projects, this whole platform is becoming. Because graduation is a pretty high bar. Not least in terms of the number of end users that have to be using it in production. This is solid technology. >> Yeah, any highlights from you? >> I think, like we might have touched on a little bit this morning. But I think that usually the technologies that where you're facing the big problems is pretty obvious which one to use, right. Like serverless, you're going to go look at something like Knative or whatnot. Functions as a service. There's some open fast projects, whatnot, like that. SDO services mesh is another one where it's getting mature and it's getting to the point where you can have these ubiquitous service meshes throughout it. So, those are the areas that we're most looking at right now. >> Great, all right. Well, Liz and Jeff, thank you so much for joining us. Thanks for all the work you do on the Oversight Committee and appreciate you sharing the updates with our community. >> Thank you for having us. >> Thank you. >> For Cory Quinn, I'm Stu Miniman. We'll be back more, with theCUBE here at KubeCon + CloudNativeCon 2019. Thanks for watching. (upbeat music)

>> Live from Barcelona, Spain, it's theCUBE, covering KubeCon + CloudNativeCon Europe 2019. Brought to you by Red Hat, the Cloud Native Computing Foundation, and ecosystem partners. >> Welcome back to Barcelona, Spain, this is theCUBE's live coverage of KubeCon, CloudNativeCon, 2019. 7,700 people in attendance, including myself, Stu Miniman, and co-host Corey Quinn, and returning to the program, Abby Fuller, who is the principal container czarina (Abby laughs) at Amazon Web Services. Yeah, Abby, I could say it without laughing, but, uh-- >> I can't. >> I don't think you can. Yeah, so, you know, let's just, czarina? You know, how does one, you know, become a czarina in their career, Abby? Let's start there. >> You ask Deepak really nicely, and he'll change your title for you. Longer answer, I think I'm doing a similar version of what I've always done for Amazon. Which is, how can I get what customers are asking for, and their feedback, and what they're struggling with, they're working on, or enjoying? Taking that back to our internal product development process, and then doing the same thing back the other way. So if we're building something, how can I help educate customers on how to work with it, and how to use it, how to build with it? So, same thing, just funnier title. >> All right, well, Abby, you know, it's a big, cloud show, so of course we know Amazon will be here. Lot's of developers here at the show, lot's of activity. Yesterday AWS held a, kind of, pre-show workshop. Maybe start there, tell us a little bit about that. >> Yeah, so we had AWS Container Day, maybe five or six hundred people, we did it at the hotel that is allegedly across the street, but is really, like, twenty five minute walk away. We did some workshops, we did a Birds of a Feather session at night. We had a little, mini, product preview announcement, so that was pretty fun. Something called, Container Insights, from CloudWatch team. I think my favorite thing about KubeCon is my favorite thing about the Kubernetes community, right, which is that, everyone is so happy to be here. They're all so enthusiastic. I've never had that many questions at a Birds of a Feather session before. We sent a ton of Amazon people here, to, kind of, talk about EKS, and Kubernetes, and community work. And the energy at the KubeCon is always so impressive. >> Give us a little sampling, you know, there's passion, is there questions? Are they trying to understand the various pieces? Are they excited about some of the new features? What's some of the energy you're capturing? >> Yeah, you know, I think it's both. I think on the EKS side, there's always the balance, right, in the Kubernetes community between, how can I have more power and flexibility? And then, how can you carry pager for more of this? So I think it's always an interesting balance, between the folks that are like, hmm, do you think you could manage that for me as well? And the folks that are like, I want to be able to pass in control plain flags. So, there's always an interesting balance. A lot of questions about version upgrades. I think that one is always, always seems to be top of mind, 'cause the Kubernetes community moves so fast. So, compared to a lot of other products, and how quickly they can release new versions, Kubernetes moves so fast. So, if you don't have a good upgrade strategy, you're in trouble. So-- >> Well, to that point, yesterday during the talk, there was a slide that went up, that listed, over the trailing 12 months, that there were 1,900 and change major service and feature releases. And that's very much a two edged sword, sitting in the audience, 'cause on the one hand, yay, the pace of innovation continues to increase, and services are getting better all the time. On the other, it's one of those, hmm, at least four of those would have been critically important, but I may not know about them. And to that end, something that the container group seems to have done, that almost no one else has, has been to put up a public roadmap of what's coming down the pike. Which has been tremendously helpful for customers, as far as being able to plan things out. How did that come to be? >> A lot of talking. I think, ultimately, right, all teams at AWS work the same way. Which is, backwards from what the customer is asking for. So, we have a lot of customer meetings. We have a lot of customer conversations, we talk to a lot of people. I do a lot with that on social media, or at conferences, or with blogs, or with live streaming. But ultimately, at the root of it, we all follow the same process. And I think the roadmap is really an extension of that. It's, how could we get, both what we're working on, to customers a little bit faster, but also, how can you have a voice that we hear so much more loudly? So, right? That you can be the smallest start up, or the largest enterprise, and you can open a GitHub issue just the same. And say, hey, you know, I'd really like to see you do that. And, I think the other piece of it, is that everyone has an AWS story. Where they build something custom, to work around something, or to add a feature, and then six weeks later we're like, we shipped it! And that's awesome, it's a good problem to have, and being able to delete code is one of everyone's favorite problems, I think. It's my favorite problem. >> It's one of life's true joys. >> It is one of life's true joys. (Corey laughs) But, what I think is even better than that, is a little bit of a heads up. And I think that that really builds trust between us and the community, is, how can we let you know we're working on, so you can plan around it? Or, if you don't see something, let us know that we're not thinking about the things that you value. >> Well, So Abby, you know, we've been at the Amazon shows for a number of years-- >> Yeah. >> And that customer feedback loop is something that we hear a lot. >> Yeah. >> Are there any dynamics about, just being in a big, open source community here, is, you know, just listening, and feedback loops as part of that? So, how does that impact, you know, how you work on things? >> Yeah, so, when we do events like this, I try to talk to as many people as possible. I try to listen in to the conversations, when I can. People come by the booth, they come by the meeting rooms. And I think it's about taking that back from all the different sources that were at the conference, the reviews online, the blog posts that people write after this, coverage like theCUBE, taking that all back, and then let's go through it. And then, how many of these things do we know about? Have a lot of people asked us for this? Is this something new? If it is new, how can we go find other people to talk to, to see who else is having that problem, that maybe we just didn't know to ask about before? So it's all part of that same working backwards process, but feedback comes from so many different places, and I think that, that ultimately is what makes it cool, right? It's because you get different feedback at a KubeCon than you will at a re:Invent, than you will on a Twitter, or that you will at a customer meeting. So, you need all of those sources to kind of figure out, what's more important? And, who is it important to? >> Yeah, one of the things that I find fascinating about the entire AWS Container story is, you almost get to decide your own level of involvement. You can run it all yourself, on top of EC2, you can wind up doing one of the manage serves with ECS, or EKS. And then there's Fargate, which I'm very bullish on for the future, if for no other reason that, if that takes over, suddenly we will never have to hear someone from Amazon mispronounce AMI, ever again. Which, I'll take my victories where I can find them. (Abby laughs) But, what are you seeing customers doing with Fargate? What's the paradigm look like, that's different than you might have expected at launch? >> Yeah, so, the way that I ultimately think about Fargate, right, is as a, it's a capacity provider for EC2. So, when you think about, kind of, the levels of control, right? You start at maybe the orchestrator level, so an ECS or an EKS. And if you're using ECS through Fargate, you're not interacting directly with EC2. So it's about, how can I control and define everything at just the container level, just at the task definition level, without having to think about the underlying EC2 instances? And they're still there, before someone tells me that serverless still has servers. But, you're not the one that's actively managing them. We're managing them on your behalf. All you care about is your workload itself. And then you can go a step deeper than that, and say, you know what, I want control over those EC2 instances. I want to manage them myself, maybe I want to do something in user data, or I want to be able to run DaemonSets myself, on the underlying infrastructure, and that's fine. So, I think it's ultimately about the level of control that you want. Fargate, to me, is interesting because it's like Lambda, in the sense that people have seemed very joyful about not having to manage EC2. Because ultimately, that's not what's providing them business value. That's not what let's them differentiate, and I think the way that Werner puts it is, you want everything that you write to be business logic. And I think with things like Lambda and Fargate, it gets you one step closer to that. That instead of having to manage infrastructure, to then manage your code, it's, just manage my code, please figure out the rest of it for me. >> This is borderline heresy in some circles, so don't, at me. (Abby laughs) But, what I'm wondering is, are things like containers, and functions as a service, aligned longer term, on the same axis? At some point, where it just becomes an implementation detail, and not a battle that needs to be fought. >> Yeah, the way that we think about it, right, is that, and I think the way that customers see it, is that serverless is ultimately a spectrum. There are many different flavors of it, depends on how you kind of want to work with it. But ultimately, I think, even longer term, maybe this is even more heretical, right? But, I want to not care. I don't want to have to care about the primitive that you're using. I don't want you to have to choose. And right now, I think you have to choose, regardless of the tool that you're using, you must choose very early. And to take advantage of a new tool, to go from containers, to Lambda, or whatever else you want to use, you have to re-write. Or you have to rebuild, or you have to re-wrap what you're doing. And I want to get to a point where you don't care. That I can use whatever combination of the below that I want to use, and that AWS will provide tools around that, that just says, you run this however you want. You mix and match whatever flavors you like, and we'll take care of it. >> Yeah, it's interesting, almost every time we've done one of these Kubernetes shows, we've had somebody from Amazon on, and even if we haven't had an AWS employee, almost every customer we have on is doing some, if not a lot of Amazon. There's some out there that look, and they're like, well, Amazon doesn't have the biggest booth, and Amazon has all of these different choices out there, so they must not be fully committed to, you know, capitol K, Kubernetes, and things like that. How can you help us understand what's going on? >> Yeah, so, I think Bob Wise, and his team spent a ton of time working on the community, and the whole team does, right? We're one of the biggest contributors to etcd, we're hosting Birds of a Feather. We've contributed back to a fair amount of community projects, and I think a lot of them are, in fact, around how to just make Kubernetes work better on AWS. And that might be something that we built because, EKS. Or, it might be something like Cluster Autoscaler, right? Which, ultimately, people would like to work better with Auto Scaling groups. So, I think we have the community involvement, but, I think it's about having a quiet community involvement, right? That, it's about chopping wood, and carrying water, and being present, and committing, and showing up, and having experts, and answering questions, and being present in things like SIG groups, than it is, necessarily, having the biggest booth. >> Yeah, I mean, from my perspective, at conferences, across the board, community involvement can never be measured by who spends enough money on the conference to have a booth large enough to play ice hockey in. That doesn't really seem to be as good of a barometer. Things like the roadmap, tend to be a spectacular, I guess, expression of how that engagement is starting to look. And I really am enthusiastic to see what's been done so far, and I'm looking forward to seeing more of it. >> Well thank you, I'm really proud of the roadmap. It's been so interesting to see customers take a, kind of, a new level of transparency, for us, product roadmap wise. And then, I love seeing people go through, and start adding more. So, I feel like the roadmap started to feel successful to me when customers started opening a ton of issues, and saying, hey, have you thought about this? Our new thing is, we've been posting requests for comments, or design docs on there, and saying, you know, we're thinking about building this, and here's what we were thinking about building. Did the way that we built this solve the problem that you're trying to solve? 'Cause ultimately, you can build the coolest thing in the world, and if it doesn't solve problems for your customers, what's the point? >> Yeah, and Abby, I'll reiterate that the roadmap was something that, you know, the ecosystem, the community, was very excited about. What other things did you want to share before we wrap? You know, things at the show, or related to the container space that, you know, you're hearing your customers talking, and asking a lot about. >> Yeah, so I've heard great things about all the sessions. I think that I'm a little biased, 'cause I was on the program committee. So, obviously the selection was universally excellent. Yeah, I think, what I like the most, I think, about events like this, is that everyone seems to have a different way of solving things. They're all asking for something new. They're all talking about a different project. They're all in different SIG groups. They're all making different feature requests. They're all using different tools. I think that that's really powerful, and I think was what's made Kubernetes so amazing, is that, the whole community feels like this. This is a huge turn out for a conference, and everyone feels very, like, actively engaged. And I like seeing us, kind of, push the boundaries, right? Between, how much can I pass off to something like EKS? And then, how much can I keep customizing, but on only the things that matter to me? >> I guess, as you're talking about roadmap, and plans for the future, if I were to build an environment on AWS, going back, let's say a decade-ish, I would have built something in a single AWS account, using EC2 classic, and maybe simple DB, as a data store. Which, generally, is in no way aligned with best practices today, and migrating off of those types of architectures, for some customers, has been painful. Is there any way to, I guess, loosen the abstraction, for lack of a better term? Of, what, the things we can do, and build in a forward looking way today, that will make migrating to whatever best practices emerge from the customer learnings, or the rest, in the future, not be the equivalent of an entire migration? >> Yeah, so, I think what you're asking, right, is, how can I make, kind of, adopting new technologies, or migrating, a little bit easier? >> Yeah. Or even, adopting new patterns. >> That's a really interesting one. Yeah. I think where I see this space kind of going, and where I think it gets interesting to me, is thinks like App Mesh. So, I can have many different kinds of compute inside of a mesh, through App Mesh, right? So I can have an application running on EC2, I can have a container running with EKS, or ECS, I can have Kubernetes on EC2. In the fullness of time, I'd love to see things like Lambda functions inside an App Mesh. What I like about that, is that, how that can make the migration process easier. Because if I can have many types of primitives in the same mesh, I can mix and match, or I can drain traffic off from one to the other, and I can experiment a little bit more without having to re-write, 'cause I can try it out. It can be part of the same mesh, and if I want to move, I can just move more stuff over. So, I think that's interesting, and I think, as for, kind of, the best practices, and stuff like that, we evolve hand in hand with our customers. As our customers are figuring out new technologies that they want to use, or new ways of building things, we want to be right there with them. And I think the AWS way is about, how can we help customers build whatever way they want to do, but help them be secure, reliable and scalable. >> Yeah. What I'm hearing from that, as a take away, is, if I'm not playing around with service mesh's, or app mesh's now, it's probably time to fix that, and learn how they work. >> I think it's a new technology. I think it's an interesting one, I'm excited to see where it goes, but, watching it, kind of, grow along with Kubernetes, has been really interesting. >> All right, well Abby Fuller, thanks so much for joining again on theCUBE. >> Thanks for having me. >> For Corey Quinn, I'm Stu Miniman, you're watching KubeCon, CloudNativeCon 2019, in Barcelona, Spain, thanks for watching theCUBE. (futuristic music)

>> Announcer: Live from San Francisco, it's theCUBE, covering Google Cloud Next '19. Brought to you by Google Cloud, and its ecosystem partners. >> We're back at Google Cloud Next, at the new, improved Moscone Center. This is day two of theCUBE's coverage of Google's big Cloud show. theCUBE is a leader in live tech coverage, my name is Dave Vellante, I'm here with my co-host Stu Miniman. John Furrier is walking the floor, checking out the booth space. Ranga Rangachari is here, he's the Vice President and General Manager of Cloud Storage and hyper-converged infrastructure at Red Hat. Ranga, good to see you again. >> Hi Dave, hi Stu, good to see you again too. >> Thanks for coming on, this show it's, it's growing nicely, good thing Moscone is new and improved. How's the show going for you? >> Show's going really good. I just had a chance to walk around the booths and a lot of interesting conversations and, the Red Hat booth too, there've been a lot of interesting conversations with customers. >> A lot of tailwinds these days for Red Hat. We talk about that a lot on theCUBE, this whole notion of hybrid cloud, you guys have been on that since the early days. >> Yeah. >> Multi-cloud, omni-cloud, hyper-converged infrastructure, it's in your title. It's like that all the moons are lining up for you guys, you know is it just luck, skill, great predictions powers, what's your take? >> Well, I mean, I think it's a combination of those, but more importantly, it's about listening to our customers. I think that's what gives us, today, the permission to talk to our customers about some of these things they're doing, because when we talk to them, it's not just about solving today's problems, but also where they're headed, and anticipating where they're going, and the ability to meet their needs. So is, I think. >> So the Google partnership, we were talking earlier, it started 10 years ago with the hypervisor. >> Yup. >> And it's really evolved. Where is it today, from your perspective? >> Well, I think it continues to, it continues to cooperate in the technical community very well, and a couple of data points, one is on Kubernetes, that started four, five years ago, and that's going really strong. But more importantly, as the industry matures, there are, what I would call, special interest groups that are starting to emerge in the Kubernetes community. One thing that we are paying very close attention to is the storage SIG, which is the ability to federate storage across multiple clouds, and how do you do it seamlessly within the framework of Kubernetes, as opposed to trying to create a hack, or a one-off that some vendors attempted to do. So we try to take a very wholistic view of it, and make sure, I mean the industry we are in is trying to drive volumes, and volumes drives standards, so I think we pay very, very close attention-- >> And the objective there is leave the data in place if possible, provide secure access and fast access, provide high-speed data movement if necessary, protect the data in motion. That is a complex problem. >> It is, and that's why I think it's very important that the community together solves the problem, not just one vendor. But it's about how do you facilitate, the holy grail is how do you facilitate data portability and application portability across these hybrid clouds. And a lot of the things that you talked about are part and parcel of that, but what users don't wanna do is stitch them together. They want a simple, easy way. And most common example that we often get asked is can I migrate my data from one cloud to the other, from on-prem to a public cloud beta based on certain policies. That's a prototypical example of how federated storage and other things can help with that. >> Ranga, bring us inside some of those customer conversations, 'cause we talk on theCUBE, we go back to, customers always say I want multi-vendor, yes, I don't want lock-in, portability is a good thing, but at the end of the day, some of these things, if it's some science experiment or if it's difficult, well, sometimes it's easier just to kind of stick on a similar environment. We know the core of Red Hat, it's if I build on top of rail, then I know it can work lots of places, so where are customers at, how does that fit in to this whole discussion of multi-cloud. >> So, what I can kind of give you a perspective of the hybrid cloud, the product strategy that we've been on for better part of a decade now, is around facilitating the hybrid cloud. So if you look at the open, or the storage nature of the data nature of the conversations, it's almost two sides of the same coin. Which is, the developers want storage to be invisible. They don't wanna be in the business of stitching their lungs and their zone masking all that stuff. But yet at the same time they want storage to be ubiquitous. So, they want it to be invisible, they want it to be ubiquitous. So that's one of the key themes that we are in from our customer. >> Come on, Ranga, you guys are announcing storage list this year, right? >> Yeah, (laughs) exactly. (laughs) So that's a great point. The other part that we are also seeing from our customer conversations is, I think, let me give you, kind of the Red Hat inside out perspective. Is any products, any thing that we release to the market, the first filter that we run through is will it help our customers with our open hybrid cloud journey? So that kind of becomes the filter for any new features we add, any go-to-market motion, so that there is a tremendous amount of impedance match if you will. Between where we're going and how customers can succeed with their open hybrid cloud journey. >> So, in thinking about some of the discussions you're having with customers on their hybrid cloud strategy, specifically, what are those conversations like, what are the challenges that they're having? It's a maturity spectrum, obviously, but what are you seeing at each level of the spectrum, and where are some of those execution, formulation and execution challenges? >> So, as the industry evolves and the technology matures, the conversation change, and 12, 24 months ago it was a dramatically different conversation. It was an all around help me get there. Now the conversation is people really understand, and most of our conversations that we see, and even the other industry players are seeing this, is the conversation starts with on-prem looking out, as opposed to a cloud looking in. So, customers say look I've invested a tremendous amount of assets, intellectual horsepower into building my on-prem infrastructure and make it solid, now give me the degree of freedom for me to move certain workloads to one or many of these public clouds. So that's kind of a huge shift in the conversations we have with the customers. If you click one or a couple of levels below, the conversation talks about things like security as you pointed out. How do you ensure that if I move my workload my overall corporate compliance stuff aren't anywhere compromised. So that's one aspect. The other aspect is manageability. Can it really manage this infrastructure from a proverbial single pane of glass. So now the conversations are less about more theoretical, it's more about I've started the journey help me make this journey successful. >> So when you talk about the perspective of, I've built up this on-prem infrastructure, I've invested a ton it in, and now help me connect, I can see a mindset that would say think cloud first. Of course, the practical reality says I've got all this tactical debt. So how much of that is gonna be a potential pitfall down the road for some of these companies, in your view? >> Well, I think it's not so much of a technical debt. In one way you could call it a technical debt, but the other aspect is how do you really leverage the investment that you've made without having to just say well I'm gonna do things differently. So, that's why I think the conversations we have with our customers are mutually beneficial, because we can help them, but the same token they can help us understand where some of the road blocks are. And through our products, through our services, we can help them circumvent or mitigate some of those-- >> And those assets aren't depreciated on the books, they've gotta get a return on them, right? >> So, Ranga, we know that one of the areas that Red Hat and Google end up working a lot together is in the Cloud Native Computing Foundation. >> Yep. >> Bring us up to speed as to where we are with that storage discussion, 'cause I think back to when Docker launched it was oh, it's gonna be wonderful and everything, but we all live through virtualization, and we had to fix networking and storage challenges here, and networking seemed to go a little further along and there's been a few different viewpoints as to how storage should be looked at in the containerized and the Kubernetes SDO world that we're moving towards today. >> So one example that illustrates storage being the center of this is there is a project called Rook.io. If you're familiar with this, think of it as kind of sitting between the storage infrastructure and Kubernetes. And that is taking on a tremendous amount of traction, not just in the community, but even within the CNCF. I could be wrong here, but my understanding it's a project that's in incubation phase right now. So we are seeing a lot of industry commitment to that Rook project, and you're gonna see real, live use cases where customers are now able to fulfill the vision of data portability and storage portability across these multiple hybrid clouds. >> So Kubernetes is obviously taking off, although again, it's a maturity level. Some customers are diving in, and others maybe not so much. What are you seeing is some of the potential blockers, how are people getting started? Can you just download the code and go? What are you seeing there? >> That's a very interesting question, because we look at it as projects versus products. And, Kubernetes is a project. Phenomenal amount of velocity, phenomenal amount of innovation. But once you deploy it in your production environment, things like security, things like life cycle management, all those things have to be in place before somebody deploys it. That's why, in OpenShift you've seen the tremendous amount of market acceptance we've have with OpenShift is a proof point that it is kind of the best Kubernetes out there, because it's enterprise ready, people can deploy it, people can use it, people can scale with it, and not be worried about things like life cycle management, things like security, all the things that come into play when you deal with an upstream project. So, what we've seen from a customer basis, people start to dabble, and they'll look at Kubernetes, what's going on, and understand where the areas of innovation are. But once they start to say look I've got it deployed for some serious workloads, they look at a vendor who can provide all the necessary ingredients for them to be successful. >> We're having a good discussion earlier about customer's perspectives, I wanna get as much out of that asset as I possibly can. You said something that interested me. I wanna go back to it. Is customers want options to be able to migrate to various clouds. My question is do you sense that that's because they wanna manage their risk, they want an exit strategy? Or, are they actively moving more than once. Maybe they wanna go once and then run in the cloud. Or are you seeing a lot of active movement of that data? >> I think the first order of bit in those discussions that are about the workloads, What workload do they wanna run? And once they decide this is the, for instance, with the Google Cloud, with the MLAI type of workloads, lend themselves very well to the Google Cloud infrastructure. So when a customer says look this is the workload I wanna run on-prem, but I want the elastic capability for me to run on one of these public clouds, often the decision criteria seems to be what workload it is and where's the best place to run it in. And then, you know, the rest of the stuff comes into play. >> So, Ranga, let's step back for a second. I come out of this show, Google Cloud this year, and I'm hearing open, multi-cloud, reminds me of words I've heard going to Red Hat, some every year. Help us to kind of squint through a little bit as to where Red Hat sits in the customer. If I'm the c-suite of an enterprise customer day, where Red Hat fits in the partnership with customers, and where the partners fit into that overall story. >> So, our view is let's look at it customer end. And practically every customer that we talk to wants to embark on an open hybrid cloud storage. And I wanna kind of stress on the open part of it, because it's the easier way to say okay let me go build a hybrid cloud. The more difficult part is how do you facilitate it through open hybrid cloud story. And that's the march, if you will, that we've been on for the last five plus years. And, that business strategy and the technology strategy has not, we've been unwavering in that. And, the partners are and they say we truly believe that for us to be successful, for our customers to be successful, we need an ecosystem of partners. And the cloud providers are absolutely a critical ingredient and a critical component of the overall strategy, and I think together, with our partners, and our core technology, and our go-to-market routes, we think we can really solve our customers, we are solving them today, and we think we can continue to solve them over time. >> You talk about open, open has a lot of different definitions. And again it's suspected UNIX used to be open. (laughs) I see that potentially as one, real solid differentiator of Red Hat. I mean, your philosophy on open. What do you see as your differentiators in the marketplace? >> Well, I think the first is obviously open like you said, the second part is, I think I hinted upon it earlier, which is, projects are good. I think they are almost a fountain and of ideas and things, but I think where we spend a tremendous amount of hours of energy is to transform it from the upstream project into a product. And if you go back, Red Hat Linux, I think we've shown that Linux was in the same kind of state of vibe in other ways, 10, 20 years ago. And I think what we've shown to the industry is by being solely committed and focused on make these projects enterprise ready, I think we've shown the market leading the way, and making it successful. So I think for us, the next wave, whether it's Kubernetes, whether it's other things, it's a very similar recipe book, nothing dramatically different, but fundamentally what we want to do is help our customers take advantage of those innovations, but yet not compromise on what they need in their enterprise data centers. >> The recipe book is similar, but you've gotta make bets. You've made some pretty good bets over the years. >> Yep. >> We could debate about OpenStack, but I mean, even there. But that's not an easy thing for an open source company to do. 'Cause you've gotta pick your poison, you have to provide committers, what's the secret sauce there? >> Well, I think, first off, I think the number one secret sauce from our perspective is add more technical and intellectual horsepower to these communities. And, not so much for the sake of community, it's about does it solve a real business problem for our customers? That's the way we go about it because in the open source community, I don't even know, hundreds of thousands of open source projects are out there. And we pay, and our office of the CTO pays very close attention to all the projects out there, identify the ones that have promise, not just from our perspective but from customers' perspective, and invest in those areas. And a lot of them have succeeded, so we think we'll do well in that. >> Alright, so, Ranga, one of the biggest announcements this week is Anthos from Google. Wanna get your viewpoint as to where that fits. >> I think it's a good announcement, I haven't read through all the details, but part of it is I think it validates, to a certain extent, what Red Hat has been talking about for the last five, seven years. Which is you need a unified way to deploy, manage, provision your infrastructure, not just on public clouds, but a seamless way to connect to the on-prem. And I think Anthos is a validation of how we've been thinking about the work. So we think it's great. We think it's really good. >> Ranga Rangachari thanks so much for coming back on theCUBE >> Thank you, David! >> It's always a pleasure. >> Thank you again, Stu. >> Have a great Red Hat summit coming up in early May, theCUBE will be there, Stu will be co-hosting. You're watching theCUBE, day two of Google Cloud Next 2019 from Moscone. We'll be right back. (upbeat music)

>> Live from Seattle, Washington, it's theCUBE, covering KubeCon, and CloudNativeCon North America 2018. Brought to you by Red Hat, the CloudNative Computing Foundation, and the Antigo System Partners. >> Hey, welcome back everyone live here in Seattle for the theCUBE's coverage of KubeCon and CloundNativeCon 2018. I'm John Furrier, theCUBE with Stu Miniman, breaking down all the action. Three days of coverage, we're in day two. A lot of action at Open-source. 8,000 attendees, up from 4,000 North America, they were in China, they were all over Europe. The community's growing in a massive way. We had two great guests from Red Hat, all making it happen, part of the community. We've got Diane Mueller, whose theCUBE alumni director of community development, many times on theCUBE, good to see you, and Rob Szumski, principal product manager, both at Red Hat. Guys, thanks for coming on. Great to see you again. >> Yeah, glad to be here. - Great to be here. >> So the world's changing a lot, and there was some news recently around Red Hat. I can't remember what it was. Recently, something big news, but you guys have been big players in Open-source for years. We always cover it, we always wax on about the origination of it and how the evolution, but the CloudNative piece has gotten so real, and your role in it particularly, we've had many conversations, going maybe back to the OpenStack days of how OpenShift was developing, then the bet on Kubernetes that you made, Core OS acquisition, those two things I think, to me, at least from my perspective, really catalyzed a lot of things at the right time, right? So, from there, just a lot of things has just been happening really in a good way. Big tail wind for you guys, CloudNative app developers are using Open-source, CI/CD pipeline, and then also policy based up under the hood, completely big shift in moving the game down the field. So big congratulations first of all. But what's new? What's the update? >> The update is Operators. I think the next big thing that we are really focusing on, and that's a game changer for all the second day operations type things, and we'll make Rob talk about it in detail, is the rise of Kubernetes' Operators. It's not a scary thing, it's not like terminator day, or anything like that, but it is really the thing that helps us make the service catalogs, the Kubernetes marketplaces really accessible to all of the data bases as a service, and all of the other things, and takes out some of the complexity of delivering applications and database  as a Service to anybody running Kubernetes anywhere. >> Take a minute to explain Operator, real quick, and then we can jump into it, because I think this is a fundamental trend, that we're seeing. Developer trend is pretty obvious, it's been that word for awhile, CloudScale, ML, machine learning, and all the goodness around application development, but the Operator side of it has been an IT thing. But now you guys have a different, a new approach that's winning. What is it? What is Operator? >> Well, it's Kubernetes that has the approach, and I'll let you-- >> Yeah, so it's basically like the rise of containers was great, because you could take a single container and package an application and give to somebody, and know that they can run it successfully. And Operator does that for a distributed system in the exact same way. So you're using all the Kubernetes primitives, so you're not reinventing service discovery, and seeker management, and all that. And you can give somebody an entire Kafka stack, or a machine learning stack, or whatever it is, these very complex distributed systems, and have them run it without having to be an expert. They need to know Kafka at a high level, but not exactly all the underpinnings of it, because that's all baked in the software. >> And the benefit and the impact of the organization is what? >> And just to clarify, so this was added in, I believe Kubernetes is like 1.7, it's something that's in there, it's not something Red Hat specific- >> Yeah, it's like-- >> So you're extending Kubernetes so that you have a custom resource definition, which is an extensible mechanism for saying, hey, I've got a deployment or a staple set, but what if I want to have a new object called a MongoDB? That knows how to deploy, and manage, and upgrade MongoDB. So that's the extension mechanism that we're using. >> Yeah, so you got to think, there's certain applications that this is going to make, just a lot easier how I manage them, deploy them, things like that. Any specific examples you want to share as to-- >> All the clustered data bases. >> There's a lot of the application side in this model have been very excited about this. >> So its all the vendors and partners that want a hybrid Cloud story, just targeting Kubernetes, and we're using Kubernetes under the hood, and then everybody wants to run like a staple data base tier, whether that's Mongo and Couchbase, and Cassandra, whatever. And these are all distributed systems. >> Alright, so I want you to just perch, you said a hybrid Cloud. Explain that model, because there's just something in general discussion that is hybrid or multi means I'm running multiple places, I'm not necessarily stretching an application, but I have instances there, just want to make sure we're on the same page. >> So this would be more the compatibility that you're programming against when you're building an operator, is Kubernetes. It's not a Cloud offering, it's not OpenShift, so you're just targeting Kubernetes, and so you can run MongoDB on prem, in the Cloud, and have it function the exact same, by standing up one of these Operators. And then if that Operator has higher level constructs for how to do multi-cluster aware data rebalancing, you can take advantage of that too. >> And the Open-source status of this product is what? >> It's all Open-source, it's all in the github repos, there's a Google group for Operator framework, that anyone can come and participate in. We hold SIG meetings on the third Friday of every month, 9 a.m. Pacific Time, and it's a completely Open-source project. There's a whole framework around it, so there's the Operator SDK, the Operator Lifecycle Management, and Operator metering, all the tooling there to help people build and manage these Operators, and it's all being built out there in the open with the community's support and feedback loops. >> What's the feedback? What's the top feedback you guys are getting right now? Seeing right now? >> I have to say, this is really, like I've been hanging out with you guys like for the past three, four months on this topic, trying to get my head around it and everything, and we came here and we had two sessions, an intro session and a deep dive session, intro yesterday, deep dive today. Today's deep dive, the room was about 250 people, and they're were people outside of it-- >> Security guards blocking people from coming in. >> Nobody could come in and it's like, it's insane. It's like, everybody needs these things, and everybody wants to figure out that, and when you ask people in the room whose building one, half the room raises their hands. It's just crazy. This thing crept up on us really, maybe not on Core OS, okay, it crept up on me very quickly, and it's very rapid adoption. We have a Kubernetes Operators workshop on Friday, so not only do we have pre-conference days of like OpenShift Cons that are huge now, but now we're starting to book end, CNCF events and put on other things, just because, and that, we had 100 seats that we were hoping we would fill, and it sold out in like minutes once it got in there, and there's a waiting list of like 300 people. It is like one of, aside from Knative, and all the other wonderful hot things too, it is one of the most interesting developments I think right now. >> Thirst for the content. Would it impact? >> Yeah, and you can get all of the documentation is out there now, and people are already building them. We have a list of 50 community Operators. It's just, it's phenomenal how quickly it's growing. >> You know, Diane and Rob, it's funny because you know, we do so many of these theCUBE interviews, and this is our 10th year doing theCUBE coming up, and I remember the conversations going back in the OpenStack days, we would ask questions like, if you had a magic wand, what would you like, hope to have happened, right? And you know, those are parts of the evolution, where it's like, it's aspirational, things are being built. It seems now with Kubernetes, it's almost like, wait a minute, it's actually, this is like the goodness is so compelling, above and below Kubernetes that it's almost like uncomprehendible. You think about, oh this is actually happening. Finally the kinds of steady state kind of operational things that have been a pain in the butt for years-- >> Yeah, the toil, it's gone, for the most part. >> Yeah. >> So Rob, I've been having a lot of just thinking back to, you're employee number two at Core OS, when I first talked to Core OS, it was, we're going to build all of these individual tools, and we're going to Open-source them, and it's going to be good. We watched this just rising ecosystem and the CNCF, and it feels like what's nice and what's different that I see, compared to some previous things, is it's not one product or even a small group of companies. It's, I have this tool kit, and some of them work together, but many of them are independently used. We've talked to your peers earlier about it, etCD. etCD is totally stand alone, doesn't need to be Kubernetes. What have you seen, if you go back to that original vision, would Core OS just been, part of this whole ecosystem, and done it, if this was available, and has this delivering on a promise that your team had hoped to work on? >> Yeah, so we've always filled in where we see gaps, and so something like etCD, the concept is not new, and it comes from Google, and they have a system internally, and as Brandon got up on stage and said, we needed that coordinate, reboot, to grow out, to cluster of machines. It didn't exist so we had to build it. Same thing with how we wanted to manage Linux. There was no distro that even resembled what we were doing. Wanted to do automatic upgrades, people thought that was crazy, so we had to go build it. And so, but we always adopted the best of breed technology, when it existed. In our early bet Kubernetes, we just saw, this is the thing, and went for it. I don't even remember what version, but it was months and months before it was zero point oh, or one point oh, so it was, we've been doing it forever. And you just see the right thing, and it's the little nugget that you need, and if you don't see it, then you build it. >> What are you surprised about Rob, in terms of the ecosystem now, you mentioned some goodness is happening, still a lot more to do, visibility around value creation, you're starting to see spots where value can be created in the ecosystem, which is great. Still more work areas, but what's surprising you? What do you see as opportunities, challenges? Your thoughts, because this vision of ease of use and programmability, is happening, right? So there's still more work to do. What's your vision there? What's your thoughts? >> I mean, I think self service is key, so this is like the rise of the Cloud comes from self service for developers, and Kubernetes gives you the right abstraction, where self service for VM's, like OpenStack, which is not quite at the level of what you want. You don't want a VM, you actually wanted a place to deploy an application, you wanted load balancing, you wanted service discovery, you didn't want like a bare Ubuntu VM, and so Kubernetes raises you up to where you're productive, and then it's about building stuff on top. But what's interesting, in the space is, we're still kind of competing on Kubernetes installers, and stuff like that, so we're not even really into like the phase where people are being super productive on the platform, other than these leading companies. So I think we'll democratize that, and we'll have a whole new landscape. >> And so 2019 you see as what being a key theme for Kubernetes? >> I think it'll be Core stuff built on top, like all the serverless frameworks, a bunch of container natives storage solutions, solving some of these problems that folks are reaching out to external machine learning, but bringing that onto the cluster, GPU support, that type of stuff. It's all about the workloads. >> And tradition end users, you have a huge install base, with Red Hat, well documented, as the end users start coming in and looking at CloudNative, and doing a reimagine of their environment, whether it's IT span, IT investments, to have a run their coding and the deployments. It's going to change. 2019's going to have an impact on what I call mainstream enterprise, for lack of a better description. What's the impact of those guys, 'cause now, they now have head room, they can do more, what's the main stream enterprise look like right now with the impact of Kubernetes? >> I think they're going to start deploying applications and get like lower the time to business value, much, much lower. And I was just talking to a customer, and they ordered bare metal machines like a year ago, and they're still not racked and in the data center. And so people are still getting over that type of stuff, but once you have like a shared Kubernetes layer, you can onboard teams like crazy. I mean, name spaces are free, quote, unquote, and you can get 35 engineering teams on a Kubernetes cluster super easy. >> So they can ramp up in development teams basically, as they bring value in-house, versus outsourcing everything. They start getting development teams, this is where the action is. >> I think you're also going to see the rise of those end users contributing back things, to the Kubernetes community and as Lyft, and Uber, and everybody are great examples of that. Uber with Jaeger, and Lyft is, we were just in the Operators thing, and they raised their hand that they are about to Open-source it, a few Operators that they're building and stuff, and you're just going to see people that you didn't normally see. Often these large foundation driven things are vendor driven, but I think what you see here, is the end user community is now embracing the Open-source, is getting the legal teams there, allowing them to share their things, because one, they get more people to maintain them, and more people working on them, but it's really I think the rise of the end user we'll see, as they start participating more and more in here. And that's the promise of Open-source. >> And that's where CNCF really made it's bones. It wasn't really vendor led per se, it was really end users, the guys building out their stuff for the first time. You see Lyft for instance, great example, you guys did a Core OS, this is like the new generational model. Final question before we break. I want to get this out there. Get a plug in for Red Hat. What are you guys, what's the focus for the show? What's the news? What's the big story for Red Hat here at KubeCon this year? >> I think it's Operators, that's what we're here talking about. It's a really big push to once again get smarter workloads onto the cluster. We've got a really great hybrid story, we've got a really great over the air upgrade story that we're bringing from some of the Core OS technology, and then the next thing is, once it's easy to run 35 clusters, we need a bunch of workloads to put on there. And so we want to save folks from the toil of running all those workloads as well, just like we did at the cluster level. >> Awesome. >> Well put. I couldn't add more. One of the things that Core OS did, you hit the nail on the head earlier, is when there was something missing, they helped us build it, and with the Operator SDK, and the Lifecycle Management, and the metering, and whatever else the tooling is, they have really been inspirational inside of Red Hat. And so they filled a number of gaps, and it's just been all Operators all the time right now. >> It's great when a plan comes together. You guys got a great tail wind. Congratulations on all the success, and it's just the beginning of the wave. It's theCUBE, covering the wave of innovation here at KubeCon CloudNativeCon 2018, we'll be back with more live coverage. Day two of Three days of Kube Coverage. We'll be right back. (upbeat music)