 From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon North America 2020 virtual brought to you by Red Hat, the CloudNative Computing Foundation and ecosystem partners. Hello everyone, I'm John Furrier with theCUBE. We are here covering KubeCon and CloudNativeCon North America 2020, November 17th to the 20th, a virtual event. Normally we're there in person, but again, 2020 has been a crazy year. We're not going to be able to be there in person, but we're here remotely. We've got two great guests, the co-chairs of KubeCon and CloudNativeCon, even it got the senior open source engineer at VMware, KubeCon Kubernetes Chair and Constance Garminolas, principal software engineer at Splunk. You guys, the co-chairs of KubeCon, big responsibility. Thank you for coming on. Thank you, thank you for having us. Thank you for having us. Okay, so the number one question every year is before it gets started is, how'd you make the selections for the talks? What's the hottest thing going on? What's the focus for this, this KubeCon? Well, so actually we use a Ouija board to choose the talks. No, I'm joking, that doesn't happen that way. Yeah, yeah, it's pretty much all out of a hat, but seriously, we spent a lot of time with talks that showed, I guess, diversity and integration in the community. So what projects are starting to pick up steam, what projects are starting to integrate more deeply with other ones? So you'll see lots of commentary around multi-cluster items within cloud-native technologies, as well as lots of content on security, which I'm excited about. Yeah, I also feel like there's a little bit, like kind of to your point about like things layered on, like we're starting to get to the point where people are talking about like, hey, I deployed Kubernetes and Envoy and something else. And like, these are starting to be a lot more of these kind of joint talks there that actually even make it harder for us to place, like, does it belong in networking? Does it belong in application development? Like there've been some really good challenges trying to figure out where things are slotted and what's right. One of the things I love about KubeCon besides being fun to go to when it was face-to-face is even with the virtual, it's still a great community. The talks are awesome, people are submitting talks, but you got the sixth year, I think it's a sixth year, fifth year, we've been there for all years, I think this is the sixth year for us. The maturation, the growth and of Kubernetes now is pretty clear, this glue layer is gluing things together, the API is extending to more services. Can you guys comment on what you guys are seeing in terms of some of the practical projects and how they're playing out for developers? Because you're starting to see more clusters, you got cloud, you got multicloud around the horizon. So you got more of these conversations where you have more capabilities, but the focus on the modern application building is the number one business focus. So the developers are trying to build out under the covers and say, how is scale this? So this seems to be the kind of a growth year and inflection point for that next level. It seems that next level. Stephen, what's your thoughts and reaction to that? Yeah, absolutely. So as a former, I've been at a few cloud native companies at this point, so Coral S. Redhack before heading over to VMware. And as a former field engineer and solutions architect at some of these places, we spent a lot of time thinking through what is the day zero, day one story, right? And it's very clear that as a community, we've gotten to the point where like, that is officially the boring stuff, right? Seeing a lot of the features within projects like QBDM and Cluster API come to maturation, we start to focus a lot more on that developer story, right? And ultimately that's what we care about, right? Businesses are not necessarily looking for a new tool to play around with, right? There are business goals that are tied to the new technologies, right? So the velocity in which you deploy your applications, the feedback loop in terms of understanding, what ties into your application, where things are going wrong. And you know, Constance can definitely speak to the observability layer for all of these cloud native applications. Constance, observability here is really hot right now. What would you take on it? I mean, there's observability everywhere. New startup comes out, you work a Splunk, they're the king of observability. They started out with a very small observation space. Now it's a full platform. You have to look at the observation space to get the data. That's the internet, that's every application. What's hot in that observability? Take us through your thoughts. I think what's also starting to like, so you're still like, there's some, I can think of like one talk right now. It's a little bit talking about like, you know, observability at scale, the sense of just like, now we have these massive applications and saying we globally and to observe, and monitor observe, right now I'm not gonna use a tool where it's interchangeable. I know that's a totally different debate. The available topic, but for now I'll just keep it at that. But it's also now, I think one thing as observability space and maturing we're not talking only about like, hey, I used to write my like application with metrics, logs, traces, or some other thing there. It's now being a little bit more critical about how, if I'm using all three of these or all different telemetries, like how do we be smart about it? Like, okay, I only need to use traces for some things. I only need to use logs or something else. And like kind of getting to a richer part of like, now that we have that data, let's actually think about better ways to use that data so we don't, you know, collect everything. Cause you can't collect everything as much as we want to. Well, I mean, this is something that I want to get your both thoughts on because one of the countries we're hearing from developers and we hear it from the, on the business size, everything's as a service. That's like the ivory tower, you know, the CXOs, everything's as a service. And then it gets down into the developers and the engineering communities and they're like, well, it's not that easy cause you got tools for every platform, right? And that's a problem. You've got these siloed tools or tools that are built for certain products. And then you've got the systems thinking. You guys talk about this integration is a key area. So making everything as a service just isn't that easy, right? So the goal is to make it easy, right? So this is the systems conversation. How do you guys look at that from a KubeCon cloud native con? Because cloud native does enable a lot of good things. It's horizontally scalable cloud from a resource standpoint. You've got programmability. You can look at it as a system but people are stuck with these tools for the platform. I mean, you have tools for this, tools for that, five different tools. How do you make observability work? How do you make security work? These are tough questions. What's your reaction on that? I think that a lot of it comes down to from a builder perspective and taking the builder perspective and then also taking the consumer perspective for builders. And I actually spent some time with but some developer heads in New York. We sat down for a dinner and kind of talked through some of the problems in the space. And I think what it really comes down to is when we build tools, we need to think about who we're building the tools for. There are multiple personas that you might look at in the cloud native space. And one that might be the persona of that systems integrator of the classic Opsi, DevOpsi, SRE role. Then you've got someone who may be building tools on top of one of those ops platforms. And then you've got the consumers that maybe in your company, maybe they're external. That's for their experience, they're really only interested in how do I ship my app? So whether we're talking about building out Kubernetes or whether we're talking about a serverless platform. So serverless and the cloud, you often hear it's running on someone else's machine. It's not really. So I think in that space, you have to consider developer experience. So I think one of the overarching themes that you'll see throughout this KubeCon is how do we talk about the developer experience? Who are we building these tools for? How can we actually get outcomes that end users are looking for, right? Because it's not, again, it's not about the tools. It's about the outcomes for the respective businesses. Constant, what's your reaction to this trend of tools and edge computing? Because you don't want to have to build security for everything single thing. If I got an edge device, I want to have that be software operated, right? It makes total sense, but making that happen is hard. Yeah, I think this is something that as a community, like we're really, I guess like kind of how I use example, like end user docs versus reference documentation. I think that we've been done a really good job at creating these really powerful tools, but like in terms of, we still need to simplify them for anyone who doesn't want to learn, like say Kubernetes or Envoy or a book in telemetry like the back of their hand. And I think that's where we're starting to, we're finally starting to close that gap. And that's why I think also why KUKAN is getting all more popular is like now things are a little bit more accessible to those who don't have, you know, either don't have the bandwidth or it just, it isn't in their interest to learn all these things in deep details. And so we're slowly going from those who want to be deep, deep experts into, yeah, I kind of want to play around with it and make it more manageable. And I do think we still have quite a bit of ways to go. Like I think, you know, what's been helpful, like at least like our end user stories that we get and like the application development track, especially that one, like the case studies that, it's no longer a track, but it is highlighted as like these talks in case studies. I think that shows it's kind of giving people more like, hey, these are stories of how I can take these tools and start making them more digestible in my own way. Cause going from like, oh, this feature does XYZ too. This is a whole story that you can do around it. It's been a little bit of a gap. We're closing. Yeah. And I think one of the things about you kind of being shy there, I'll say at KUKAN and cloud native con CNCF in general has been very successful because of the end user focus, I will say that. But also the ecosystem of the vendors out of there. So you have kind of the best of both worlds and they all want to, they all want to get better, right? But they all had to make money at the same time. So you have this balance, this open source is what it is. It's out in the open. Can you guys comment on how the community is thriving and surviving? We're in a tough time with the pandemic. It's been a big challenge. Obviously we're not in person, we're remote. How is everything going with the community? Because it's such a great end user vendor community working together out in the open shipping code, trying to make things better. What's the state of the community? Yeah. So I would say that honestly, what it comes down to is that word community. We are all friends, right? There are people who, as we moved towards this kind of like cloud native consolidation of companies, a lot of us have worked together before, right? A lot of us are active in multiple communities and what comes out of that is really open and honest collaboration as a result. Even today, there's a Twitter thread going. I started talking about the Kubernetes release cadence, and if and how it should change. Given 2020, we had an extended, we had an extended release cycle for 119, right? And questions became, what do we do? Like do we continue with three releases a year? Do we try for, do we switch back to four? Like what does that look like, right? And reaching out across the Kubernetes community, across the CNCF TOC, the contributor strategy sig in CNCF, and getting feedback from all of these people who depend on the products that we build day to day is huge. So I think what it comes down to really is open and honest collaboration. I think when you are strained, I know that everyone has a lot going on in life right now. What's great about it is being forthcoming with that, right? We have all of these teams that are built to support the people that are around them. So if anything, I'd love to see all of the collaboration and feedback coming from everyone who works on these projects today. Yeah. Constance, what's your reaction? I mean, one, I've talked to some developer friends and mine, they're like, hey, this is great. I can work virtually. I've been doing it for years anyway. So no big deal. It's not like the people who have to go to the office every day. So they're used to virtual format. The other comment was, I get more time to do some gaming too. I'm trying to make light out of the bad situation, but you know, it is serious. What's your reaction to the survival and the continuing thriving of the community? Yeah. I also want to eventually go back to you because you're making a comment about vendors. And now this is my first time as vendor. I have interesting, it's a really interesting perspective to come from, but let's talk about the community. I think, like, you know, it's like one of the things that I think actually has been one of the highlights of this year for me for 2020 is like to be co-chair, but it's also just to be able to work with Steven and Nancy and the rest of CNCF community and also like any attendees, has actually, even though this is a big year of change and it's, you know, it was a change that no one was planning, it has definitely been like really nice to just get, like, I guess I'll say as an example of the story, like for Cook County, you like, I was surprised by how many people were engaged in the Slack channel and asking questions and like Priyanka had set up these happy hours and people are just joining and we're starting to talk. And so it wasn't quite hallway track, but we still had that connection. And there was definitely, there are people who are attending from all parts of the world. And I thought that was really nice. Like we, I think CNCF has made it, like they have made the statement before that there will always be a virtual component to it to address the fact that, you know, our community we're so used to being in person, but that does, you know, does reduce accessibility to those who can't travel away or for whatever reason, they can't be there in person. So now it is becoming more open. And I don't know, I mean, kind of tying back a little bit, a little bit derail, I'm a little bit derailing, but to your comment about like also like the vendors. And so this is my first time being a part of a vendor. And I think what's really interesting is like, there's this natural like, you know, tension between like, oh, some were like, oh, I don't want anything from the vendors or like, I only want things from end users. But I think the thing we've kind of forget is that both of them are like active, you know, they're active in the community, both in either contributing or enabling others to be successful using the CNCF projects. And so we all have, you know, valid points and perspectives on it, right? Like you can maybe sometimes argue that sometimes being a vendor is almost a bonus because you get to talk to maybe more people who are trying to adopt technology and you get to see trends. And then after as an end user, you can say like, hey, I have this really unique problem here and this is how I try to solve it and share that story with other people. So. Yeah, I mean, I think you're right. I mean, as a checks and balance, I've observed over my years in open source, you've seen certain things thrive certain ways. And I think that balance and, but having the mission and kind of a rules of engagement always seemed well, worked well for CNCF. They embraced the vendors really well, but they're, I mean, I won't say paranoid because that's my word, but like they're paranoid of the vendors. I would be too. Like, you know, I want to get their fingers on the pie, but they're also contributing. So there's always been that checks and balance and that's what's been magical, I think about it, is that they fostered the community, they fostered the engagement and they fostered that balance. And I think that's where the give and get comes in. I think that's a healthy community. And I just love to see and love to be involved in so super, super good approach. Now, putting back the vendor hat on, if I'm a vendor, I want a competitive advantage. So, you know, this brings us to the next gen conversation. Open source goes and going next gen, you're seeing a big focus on AI, you're seeing a big focus on, you know, edge computing, which is going to be software operated, software defined, which cloud native will leave. I got to get your perspective on something Steven said at the top was security. Every conversation for the past five months with Debs has been shift left. So, okay, where are we going left? We're shifting left. This is about security. How do you build security in, this has been a big conversation, it's not easy problem. I know it's a top focus. I want to get your reaction, Steven, we'll start with you and then constantly like you the way you do. Yeah, sure. So security, security is tricky, right? And I think that people start to put the focus on security when it's a little too late, right? The move is always preventative as opposed to reactive, right? And security is an onion, right? So it's not enough to just think about security on one axis, right? It's, you know, how is this affecting, you know, how is this affecting my application, the systems that I build, the physical, you know, the physical restraints of the, you know, of the area, right? Infrastructure, the cloud providers that I'm running on, right? Are they a certain level of compliant, right? Especially when that comes up for federal customers, right? On the application side, right? You know, if you think of, you know, if you think of all the different ways that you can break an application that hurt security, now with the cloud native space container security, right? Am I building safe Docker files, right? Or build packs, or what have you, however you package your applications? And ultimately you have to, you know, and then there's also the supply chain, right? Am I getting, how am I moving that stuff from some physical infrastructure, some cloud infrastructure into the hands of the developers into the hands of the customers? How do I react to changes once those applications have actually been deployed, right? So like all of these things to consider, and when you look at that space, these are multiple teams, right? These are dozens and dozens of teams across, you know, multiple companies, right? You may not have full control of your security story, right? So I think that what, you know, what you need to do is start the conversation internally about how we can build security at multiple layers, right? So some of the things that are kind of interesting to see pop up during this KubeCon and some of the last ones, the continued work that's happening on OPA and Gatekeeper, Spiffy Inspire, right? And, you know, all of these frameworks for authentication and authorization that are kind of cropping up, right? I think, you know, Spiffy Inspire, really interesting story because, you know, the first thing you think is I have, I have these cloud native applications that I'm building and I also have these legacy applications, right? How can I build a bridge between the two, right? And then you've also got things like, you know, service mesh, right? And you start to talk about service mesh and, you know, the security within applications that live inside a cluster or across cluster, right? And how you negotiate that. So tons of things to think about. And, you know, it's honestly gonna, it's honestly gonna depend on where you are in your journey. But I think that, you know, good security is only built by having the conversation and having the conversation across all teams and doing it before, before you get into trouble. Do it before you get in trouble. Have it baked in from the beginning. Brush your teeth, make sure you're all healthy. Constance, your reaction. Your reaction. So I will say like, I am unfortunately one of those people that like security, well, security is just not something that I guess I'm gonna say I find super exciting. And mostly just because I really love observability and like service mesh. And so I usually defer to the experts on that. But I do want to like, I guess, plus when some of what Stephen said, obviously using GitHub, you know, terminology for plus, you know, enhancing things, like definitely start early and I, but I think, you know, just start early, start a conversation. But I think we also need just be cognizant of, like for any of the technologies, like if it's security, say networking, whatever, all of these things are behavior changes and just bucket more time than you think you're gonna need. There's gonna be so many roadblocks and especially when it comes, like especially when it comes to behavior changes, like if you're in behavior, but not necessarily like a personal, but like, you know, technology behavior, like you're used to sending things without MTLS, right? Or, you know, with our RBACs, things are gonna fail and, you know, it's, there's gonna be that initial friction and so definitely trying to make this move as possible. Yeah, I mean, I think that's the focus. I like to see more of, which is having it be built in, so if you're really not into it, but you don't wanna screw it up either. So you wanna be on top of it without doing it, right? That's the end game, right? That's what DevOps is about, right? So if you don't have programming infrastructure, write code. So all these things, this is the trend. This is the trend that we're seeing in Cloud Native. Can you guys share your thoughts this year on the most important stories that you think people should think about or lean into or at least look at for KubeCon? What are some of the things that attendees or people watching remotely or participating virtually are in Slack channels? What should they pay attention to? So starting with, I think even with the last KubeCon and some of the products that have recently come out from certain vendors, we're starting to look a lot more at the, what is that conversion story for someone who is a classic sysadmin, right? Who may be learning about Cloud Native technology for the first time or how do we welcome a new KubeCon attendee to the community? So I think one of the best things that we did was instantiate that 101 track, right? So with the 101 track, I think we got a bunch of great feedback. So we worked to make sure that there were, actually we eliminated, I believe we fully eliminated the lightning talks and worked to include more 101 content as well as tutorials within this program. Constant, your reaction to our thoughts on the most important story to pay attention to? I think it's more, right? Cause I know this is like a common line that we say at KubeCon and like, you know, it depends what journey you're on. But since so many more of our talks are now talking about intersections between like, you know, using X and Y try to build Z, Z. Oh my goodness, I'm turning, I'm losing my Zeds. I think trying to, like, you know, looking for those talks that at least somewhat resonate, like, hey, I've already adopted communities. Let me see how I add Envoy. Like trying to find those there cause there's a lot more of that content now, right? Cause maybe, you know, about like two, even last KubeCon or like last KubeCon North America, a lot of the things were more focused on like one project, maybe a hint there and you're just going to see more of these combinations. And so there are a lot more, there's a lot more of that content available for you to find I'm doing two to three, maybe four. There's a lot of projects at once, adoptions and seeing how that works too. Oh yeah, one-on-one track has definitely been, definitely like a great hit, I'm going to say, right? It was the first time it was launched and we got so many CFPs for one-on-one. It was just amazing to see all these ways that people wanted to make KubeCon word accessible to everyone else who hasn't been a part of, you know. It's every year, it's every year, the onboarding of new members of the community have been impressive. And having that track or laddering or different ways to work as a community to help people along has been another thing I noticed you guys do really well on. There's a real camaraderie amongst the community. So hat tip to you guys on that. Final question for you guys is more about the format. I'll say it's virtual this year. The game is still the same. There's talks, there's people, there's hallways, but they're virtual. I guess you're virtually walking through Slack and Discord or Twitter, whatever. What's the learnings from last event as we're going into virtual? How does an attendee maximize their time, their engagement? There's times to lean in and be present, attending a talk, you mentioned Slack, Constance. What's some of the learnings that you guys have learned from virtual and what can people think about and prepare for for KubeCon virtual this year? I think one way you started, so there's actually a resource that came from our debrief for me. It was like, there's a resource like, hey, let me help get the day off. And we even provide a template to provide to your manager, say, can I please get this day off so I can focus on it? And I think that's one thing that, and I think we've all probably seen on Twitter and blogs is that even though it is virtual, it is still a brain drain, right? It's still, you have to engage with the topic. So set aside time. I would probably even say attend fewer talks than you would normally do in person, right? There is Zoom fatigue. I guess it's been Trotto fatigue. So just give yourself a lot more space to consume the information and just debrief and also join the activities, right? Like ask questions in Slack. There's a lot of the virtual events, like there's Bingo. There's even Escape Room, which sounds like a lot of fun, all these different activities too that you can do with everyone. So like definitely enjoy that part, right? Because you still get a little bit off too. You just say, like, hey, you mentioned this project. Let's chat offline. And then a few weeks later, you may be on a four hour long Zoom meeting talking about the project and so, yeah. Yeah, I noticed the hang space kind of mindset of virtual is pretty cool. Be mindful to introduce yourself and either do a sidebar or jump on some back channel. I mean, there's plenty of tools to help us know what they are. So good point. I want to call that out. Good point, Constance. Steven, your thoughts on learnings from the virtual format and then things this year, people should pay attention to and jump in and use the site for. Yeah, so I would say if anything, the previous attendees gave lots of thoughtful feedback about how to improve the overall program. One of my favorite parts of any conference and it's the part that I prioritize more than anything else in the conference, even the talks, is the hallway track. It's one of the few times, especially with KubeCon and the various contributors across the cloud native space, that's the one time every quarter or so that I get an opportunity to see these people face to face. So we wanted to do our best to bring an experience that felt it's not the same as the physical hug or the going out for dinner after a long day. But we tried and we heard it through lots of crazy ideas at the event team to see what they would come up with. For me as a New York resident and having a conference that is NA virtual but would have been in Boston, I thought it was important thinking about screen fatigue as well as just the physicality of where people would have been at the time was the start time of the conference, right? So as Constance was mentioning screen fatigue, it's, I think with all the virtual conferences going on, it's very hard to have that time during the day, right? So this KubeCon for folks on the East coast, it starts basically at your lunchtime. So the idea is hopefully you get some of your meetings in for the day, grab a bite to eat, and then you sit down for lunch and you dig into some KubeCon, so. And you can have any lunch you want and then laid off the lunch from the conference. That's awesome. The other thing I love about what you guys said is the hallway tracks. And I think one of the things I've noticed going to a lot of virtual events and doing them is Constance, you're right. It's mentally draining to lean into a talk because you're present even though you're virtual. So taking time to get involved in the fun activities or just wandering slack or doing the sidebar with the hallways is kind of a, not some time off, but the time to regroup and not be so leaned into a session. I find that to help on the fatigue side for sure. The other one is viewing parties. We've popped into some zooms together and we watch each other watch the session, right? So viewing parties has been one trick. I've seen work well. Other ones I've seen people toast beer at a certain time. The Germans obviously do it first because they're on the time zone, but you start to see these playful things. People can share their kind of position where they are. So it's fun. We're looking forward to seeing that. Okay, final comment, Steven, Constance. What's the bumper sticker this year for KubeCon? Ooh, have we, have we decided yet, Constance? Velvet jackets are required for entry. How will make more sense after you see a special message from us? There's a lot of fashion on stage, on stage, right? All right, we stumped the co-chairs. Well, I want to say thank you very much for coming on and sharing little color commentary on KubeCon or on the program. Some of the things from the virtual event, too. Some of the talks, really appreciate it. And we really appreciate what you do. The community does. It's been a hard year. We're not going to be there in person. We'll continue to ride the wave in to back to the normal. So thanks for doing what you're doing. Thank you for coming on. Thank you so much for having us. Yeah, thank you. This is theCUBE's virtual coverage of KubeCon, CloudNativeCon, virtual November 17th to the 20th. I'm John Furrier, your host of theCUBE. Thanks for watching.