 from Boston, Massachusetts. It's theCUBE, covering Red Hat Summit 2019. Brought to you by Red Hat. And welcome back here on theCUBE as we continue our coverage here at Red Hat Summit, day one of three days of wall-to-wall coverage coming to you exclusively here on theCUBE. I'm John Walls with Stu Miniman. Thank you for joining us and we're now joined by a couple of gentlemen, I guess the dynamic duo of the container world at Red Hat, Scott McCarty, who's the principal product manager of containers at OpenShift in Pharrell. Scott, good to see you, sir. Yeah, good to see you. And Ben Brier, who's the principal product manager of containers in Coros, of course, also at Red Hat. Ben, thank you for joining us. Yeah, thank you for having us. First off, just your thought about the show. Obviously, there's a lot of educational programming going on up and down, big crowds, a lot of buzz, good activity day one, at least from our perspective. How are you guys seeing this so far? I'm loving it. I mean, it's been great so far. I just had a session, just got out of it. It was completely full. I mean, there was people trying to get in that were lined up against the wall, so it's been very exciting so far. Yeah, Ben? So it's one of my favorite times of the year, right? It's so much energy. Everybody comes with a change of ideas and just feedback and everything is one of my favorites. Oh, good, right, yeah. So, Rel 8 made available publicly today for the first time. We've talked about that a lot so far on the program. I'd like to hear from your side of the fence then. What does that mean to you in terms of the container world and the impact that you, from here going forward, you've got a whole new world of concern, I would think, Scott. Yeah, I mean, with Rel 8, it's exciting because we're releasing a lot of new tools around containers, a ton of new operational management capabilities. I mean, it's an exciting release. Ben? It's a big step forward, right? Every single release is a big deal and when we look at the container space, it's evolved a lot in the past four or five years, right, when we came out with 12.7. So the technology's matured. Rel 8, it's a smooth, easy experience to get to the release and a lot's gone into it in this space. Yeah, so, Scott, it's funny. I think back, turn back five years ago, we had a lot of jokes about dockers, you mean the pants because containerization and Linux containers and everything that was something most people hadn't heard about. Here, 2019, you said there's crowds trying to get in the door and it's not what, but they're really digging in and understanding the tools. It gives a little bit of, what's the excitement these days? Where are the customers and what are you digging into with them? Yeah, well, a funny example, similar, I asked this last session, raise your hand if you've used containers, if you just even fired up a container before and everyone raised their hand. Now, five years ago, that was like one person and then even last year, you worked for Google. Yeah, and even last year, it was still maybe 40% of the people and now it's 100% when they come to a session. So, I mean, it's definitely changed a tremendous amount and now it's about, so I joked, five years ago it was about using a chef knife, just like you cut everything with it, right? You cut vegetables, meat, whatever and there was like one thing and you were just figuring out Docker and Kubernetes wasn't even on the radar yet and now it's about refining all the tools and getting to a place where like, it's really getting exciting because now we have special pairing knives and chef knife and a Hibachi knife and all these different, more specialized tools so it's getting exciting. I think it's easier to adopt now too, right? Because a few years ago, everyone was hedging their bets on what orchestration am I going to use? What piece am I going to build my stack with? Now, it's much, much clearer, it's well-defined. Kubernetes is dominant factor, right? I mean, OpenShift is huge growth for us in that space. I mean, it's a lot easier for customers to get in that game now than it was just a couple years ago. Yeah, just a couple years ago. All right, so let's dig in on security a little bit because that was one of the big question marks in the early days and it's something we talk about at all the shows. It's definitely a focus of the relight launch so where are we the container world today and anything new or nuanced that the audience should understand? I think on the security side, you've got three or four big points there. One is the container tools that we're shipping today, they basically inherit the full Linux security model, right? So no longer do you have a privileged socket that is that kind of that weak vector, if you will, that's gone in relight. So that's a big win right there. Beyond that, we've got a new crypto policy, as you can set a central policy for the OS and that works in the container as well. So if you want to enforce a particular kind of floor, if you will, of crypto, you can do that with relight for the host and images as well. That's a big part of it. And then we also have new tools that you can build smaller containers because how do the security is what is in my container? So if you're putting less packages and content in that image, that's a much smaller vector as well. So. Yeah, absolutely. From a security perspective too, the fact that now we have kind of a, we've got a set of tools now that we can do experiments with, things like rootless, for example, where tech preview release of rootless can share it. So historically we've always ran them as root, that was just how it worked. I mean, we kind of figured it out one way and did it and it was cool. And then at a certain point we went, all right, we need these other use cases where we want developers to be able to do it, for example, I just talked to a customer that has 400 or 200, I'm sorry, developers that are all running instances on their laptops, VMs with Podman and Builder running and using these tools to actually build containers and they want to do rootless bad. They want to do it in essentially all their environments. So that people are really hungry for a lot of these security features that we're working on now in REL8. And some of them we're releasing even as of 8.0. How do the capabilities change in terms of REL8 now and what you have to provide to support them? So what's transformed and then what will be the need in order to build on that, to work on that and to make it more secure, stable, so on and so forth? Well, I think you kind of have to dig into the selection of what tools we decided. So in REL8 you'll see that it's Podman, Builder and Scopia are the three main lower level tools that we have and those tools are built sort of in a Unix mindset where it's like you can pipe things together and do things and use them collaboratively together to go remotely inspect images, pull them, build them from scratch, run them locally, not as routes or run them as a non-route container or things like that. We're not releasing Docker in REL8 and so the transition there is probably the biggest transition for users is kind of realizing, okay, we're going to kind of broken this apart into three littler tools that we can then use. Podman being the main one that you'd go to and then it's got a command line that's very similar and so it's very easy to kind of transition over but then you start to again kind of to my chef knife reference. You realize once you transition from say Docker to Podman, that's your chef knife. You kind of know how to start doing things that way but then you start to get more refined and start to dig deeper into, you know, like pot, you know, in the building scopio essentially. Yeah, Ben, you're good there? Yeah, I don't have a right to say it. All right, whatever he says. Scott, universal base image, something we've talked a little bit about. Tell us how that this is going to impact, you know. Talked about everybody building things on their laptop. Seems like that's an extension of where this fits. Help us understand. Yeah, I can't hide my enthusiasm on how excited I am by UBI and I will admit, I've already had a couple of people come up to me and say, this is the most exciting thing for me at Summit Period and I think that's interesting because it's not actually something new in that, you would say from a technology perspective, how exciting is it? I don't know, but like it allows a set of collaboration that we've never been able to like really, really do with a rel base image historically and I think the rel base image is the highest quality base image that's ever been out there but the problem is is even if you had something really simple, like say you had one university and they created some kind of science experiment in a container and then they wanted to push that out to a public registry, then pull it down at a different university and share it, they couldn't do that under the terms of the rel base image and so that was, that created a little bit of friction. With UBI now, that's completely gone. You can now run it anywhere you want, distribute it anywhere you want and just the distribution alone is exciting and the fact that when you run it on rel, you build on rel, run on rel, it's completely supported, it is rel but you can now push it out to a public registry and let it sit out there and other people can use it in an experiment, et cetera, et cetera. So is the coming together of containerization in that distribution, is that what, kind of is really new with this as opposed to the ways that I used to be able to share Linux images in the past? Well, I think the challenge was you'd have some people that would want to use something, they'd want to be able to distribute it anywhere. They want to have that freedom but they still wanted the quality of the rel base image and that created friction, right? So then they'd have to make an unnatural choice between like, well, I use Fedora or I use, you know, rel or maybe I use CentOS and you're like, eh, none of those have all the things that I want, right? It was like a card game, trying to get all the components that you want. You want the supportability of rel, you want the security, the performance, et cetera, et cetera but you couldn't distribute it anywhere and so that created friction where you make unnatural choices on a base image and now UBI just, the name implies it, universally, you can just use it for anything you want. It's the same for communities too, right? Because they don't want to make one that could freely distribute and then another like supported variant. It's more to maintain, it's more cycles and everything, so simplifying that is a big deal. Yeah, and a migration between base images is a Linux migration, so it's frustrating to do. You don't want to do it. You want to build on one thing and then build on distribute that thing anywhere, et cetera. Well, yeah, Ben, et cetera, you know, I go back a few years, there was this big movement to do like just enough OS. How do I slim down the OS? Core OS was, I don't need everything that, you know, rel necessarily does. So have we gotten over that? Have we now gotten with, you know, the things like UBI down to like a nice unit that's easily shareable and distributed? It's a good question. It's a topic that will never go away. I don't think we're still, it's just changing its form, right? It still exists on the host. It still exists in images. It still exists with now unit kernels and everything. I think where we are today though is a really good spot, right? We've got several footprints of UBI. There's several footprints of rel, including rel core OS, which is like an embedded version of rel into OpenShift, right? For a small form factor container host. So where we are today is very strong, but it's going to continue to evolve and get better. Yeah, and we, I mean, we look at the future and we're looking at ways to make it even smaller. You know, you're always looking at, but yeah, Ben mentioned there's three footprints of UBI today. There's a minimal image, there's a standard image, and then there's even a little bit bigger image that allows you to run multiple services. But you know, that's the selection today, but in the future, we're looking at making the minimal one more minimal. We're even looking at, you know, making the standard one more minimal. Yeah, we're not done. Yeah, we're not done. You're never done. Yeah, I guess the last thing I have on this, you know, multi-cloud is such, you know, it's where customers are today. You know, you're going to have the CEO Microsoft up on stage today. Two years ago when I was here, it was the partnership between Red Hat and AWS was all the discussion. I spoke to the Red Hat team at the Google Cloud Show recently, so how does the tooling that you have fit into all the cloud discussions that I have when I talk to users, you know, one of the biggest lock-ins they have is the skill set and the understanding of different tools and knowledge. And so, you know, where have we standardized and where do we still have work to do in this space? That's a big question. So yeah, I guess we address it on multiple levels, right? So at the core, the center is RHEL, right? So RHEL 8, right, announced today on all those cloud platforms that you just named, right? So same OS, same ABI level guarantee that 10-year life stability. Same hardware selection, yeah. Everything, it's everywhere. It's pervasive today. Level up, right? You've got the container images and stuff. Same story there, go a level up. You've got OpenShift that is pervasive everywhere and now we're doing really cool things in Kubernetes like the machine API and all these other things to actually control those individual cloud infrastructures which abstracts all of the customizations per footprint, which is powerful, so. I think for me one of the most exciting things is the OpenShift for paradigm shift. That shift from managing individual nodes to managing the cluster as a computer, which we've said for what, 20 years with Sun, I think. The cluster is the computer, but we're really there today. We have a single API, Ben mentioned the machine API, the machine config operator. There's essentially automation built into the OpenShift platform now that allows you to deploy it the same on any cloud, so AWS, Azure, OpenStack, even on VMware, even in Libvert on a local laptop, there's a way to deploy it in an identical configuration. To me that's exciting because now I have one set of things I can learn and then again, in the standard Red Hat way, if you feel locked in, you can go use OKD. You can use the upstream, so you're never locked into our product, which that's what might get a lot with the Cloud Drivers, right? Like if you're locked in there, you're locked in there. There's no open source version of that to get out of that. So you've talked about growth opportunities, you said, we're not done yet, making the joke about your own work. You've talked about a 20 year evolution, I just refer to that. And if you could look, whether it's three, four, five, whatever, years down the road, where's the big leap? Where does it have to come? Or where do you think it's going to come in terms of the capabilities that you want to work on and what you want to be able to deliver from where you are right now? Let me get my crystal ball. Yeah, well, I think you've got one. I have a lot of confidence in you and Scott. But if you had to say, okay, this is at least where we're going to have to spend a lot of our time because this is the area that we think, I think needs the most attention. A couple of things, right? People only scale so much. So automation is an area that's bulletproof going forward and it's going to evolve and take many forms. Right now our big push has been in the operator space and obviously technology is like Ansible. That's going to continue to evolve and make people scale better. That's probably one of the biggest ones. I think that's one of the biggest ones. I think for me probably where my mind wanders is around partners and building that ecosystem in the open chip space, similar to what you see in the RELL ecosystem today. I think three, four years from now you're going to see it really exploding. I already see it exploding, but by then you'll see it maturing and you'll really see it. I think if you look at the operator paradigm I'm very excited by that because it's kind of like the MSI installer that Microsoft invented that kind of made that ubiquitous, that install experience, except that operators make it ubiquitous to install and manage day two. So I think kind of to his point of making that the install really simple and then the operation of it over time I think you're going to see a lot of, I think you could fill a room and ask them like what's, in fact I did, I asked them what an operator was and they weren't super aware of it yet, but I think in the next five years that will become the ubiquitous way of just installing software. All right, well we're going to check it back with the N5, we'll see how it turns out. And Ben, by then bring that crystal ball back with you though. If you would, okay? I'll do it. Good deal, thanks gentlemen, thanks for the time. Yeah, thank you. I appreciate having both of you on theCUBE as we continue our coverage here. Red Hat Summit, we're in Boston, back with more right after this.