 Live from Copenhagen, Denmark. It's theCUBE, covering KubeCon and CloudNativeCon Europe 2018. Brought to you by the CloudNative Computing Foundation and its ecosystem partners. Hey, welcome back everyone. Live here at KubeCon, Copenhagen, Denmark, Kube's coverage of KubeCon 2018 in Europe. This is all about the Kubernetes, the future of CloudNative, CloudNativeCon, part of the CNCF, CloudNative Foundation. I'm John Furrier with my co-host Lauren Cooney, founder of Spark Labs, industry expert at Open Source. We have two end user customers of Kubernetes and CloudNative, Zach Arnold, software engineer, Yjeri. Ygeri Energy Fund and Austin Adams, software development manager, same company. You guys are doing really interesting business model around energy and equity in buildings and homes but you're writing code, so you have to make all this stuff work. So I'm sure you're CloudNative, why have a data center when you can have the cloud? Exactly. We were born in the cloud. You're born in the cloud. So take a step forward. Explain the business real quick and then what's your backend, technical, scaling situation look like in terms of infrastructure, software and what's the makeup of the systems? You know the business best, yeah. Yeah, so Ygreen operates under something called PACE, Property Assessed Clean Energy and we operate in a couple of different states. We work with local governments to create a PACE program that is accepted in different counties or jurisdictions within the state and then we allow homeowners and contracting companies to provide financing for home improvements that are specifically within the domain of renewable energy or energy efficiency. So you basically finance like a solar panel I put on my house or building, there's benefits there and then you guys get the financing and you tie in with the government so the property taxes, the leverage, the security is the building, right? Or the asset. Yeah and the way that we're chartered is basically we can put a tax on the property which gives us some guarantees on repayment and things like that and it's a great model so far. So new financial engineering around energy efficiency. So you got to build systems. So you work with governments so now we don't know how government systems work so you got to be agile and nimble. Take us through how the back end works. What's it look like? What's the system look like? You're hosting in the cloud, is Amazon, Google? So everything that we have is in a cloud provider that starts with an A and ends with an S. It's AWS and I don't know if I can say that. I think I can say that. AWS all the way. Thank you. And we have tons of services. We have Kubernetes running most of our main services in our migration. We actually started with our main service. A lot of people start with their smallest microservice. We just went whole hog and just went in for it. So the system is mainly a loan management system and underwriting data aggregation and underwriting processing. So every application that comes in we have to underwrite it and make sure every little thing checks out and our underwriting system is one awards for how accurate it is and how high quality it is as well. So I'm doing a mental whiteboard in my mind just kind of cropping this. So just help me out here and take us through this. So you guys are a cutting-edge company, new and progressive business model, real innovative, great stuff. Cloud Naves, you're born in the cloud, no data center, cool, check. That's what everyone does. And now you're like, okay, I got to deal with these legacy systems. So you're putting containers around things so you have to interface, you build your own system. So that's cool. While you're dealing with other systems and then how are you handling that? You're containerizing it. So take us through some of that, those linkages. So we're creating, a lot of times when we have to integrate with another system, we'll create a small service that is code that we own and we'll reach out to those vendors and we'll do aggregation within our system and provide an interface back to our systems. Like everyone, we're breaking up the monolith or whatever. Maybe in 10 years we'll go back to a monolith who knows. But we're slicing out things, making microservices. It looks like a mess on the back end, just tons of microservices going everywhere. And that's why we're using all these cloud native tools to be able to manage that. So in order to move quickly, we're wanting to containerize everything. Everything runs in a container at this point. Great. A lot of our services follow this kind of, we're kind of calling the container adapter pattern. It follows a software adapter pattern where just like Austin was saying, let's say for example, we're interfacing with a credit vendor. We create a service where we talk to our own service that has a well-defined interface that we know will always get a credit report back with the following fields. But then where that information actually comes from, whether it's one of the big three credit vendors or someone else who has a well-defined API, that's largely not the concern of the main loan management system. It's the concern of the microservice that's responsible for reaching out to that other entity. So that's how we've kind of gotten to beat around the legacy interfacing of all of these other different financial services and tools that help to aggregate data. It's super clever. You can optimize on a service basis, but now you have to orchestrate and kind of conduct everything through, and that's where you look at Kubernetes. And keep everything secure. That's really interesting. I mean, I think what I'm looking at here is a huge ecosystem of partners and companies and end users coming together. And one of the questions I have is, beyond why you are here, what are you looking at here? What is interesting to you? What do you want to learn about that you might bring into your architecture, essentially? Also, I know we're talking about this. We kind of tend to look at the CNCF list of projects as a dinner menu. We're refreshing that page frequently because we're adding projects at an alarming rate. But one project, we're using Fluent D, notary kubernetes, of course, Prometheus, things like that. We want to start using those things more extensively. Ones that we're really excited about are Spire and Spiffy. The identity, kind of a new take, not necessarily new, but new for cloud native take on identity of services and authentication, as well as the open policy agent to provide a single DSL to do all of your policy and authorization. That's a lot of workload, management and identity, correct? So that's what they do. Authentication and authorization are two of the most important things that happen in our system. And we have so many different ways that it happens right now. And it can tend to look a little cloggy just from the sense of the fact that we need a little bit more coordination or standardization around it. I mean, we have well written policies that are documented, but the way that those actually get enforced are it's individualized based on the service. You know, if it's a cloud based policy, then it's AWS I am. If it's a kubernetes based policy, it's RBAC using kubernetes RBAC. So it kind of looks like if we can abstract a lot of that functionality out of the services, the containers, the orchestration tool of the cloud to making those decisions, that would really, really simplify things really well. And you guys are end users. So are you part of like an end user group that gives feedback directly into the community or how does that work? Yeah, so we're on the fringes of the contributor community as well. Great. And we're definitely on GitHub in all of these projects posting issues. And in some cases providing our own PRs or whatever. None of us are within the kubernetes org, but definitely that's something we all are aspiring to be, is jumping into some of these projects, especially some of the smaller projects that we're using on a daily basis in our build servers like Portieris or Notary. Some of those things we're actively contributing to those. So you're contributing where it matters for your product, but being active on the project is key. The balance there. Yeah, I mean, typically what you find in the finance industry is when they go for a solution, they lead with their wallet as for what we can purchase or what we can sponsor. But why Green has been, our managers and management have been incredibly empowering in this way. They say, well, what can we give? We leave with our hands. Yeah. And this is interesting. If you have a good business model innovation, which you guys have, you can be completely clean sheet of paper to build it. Right. So, you know, that's the best thing about the cloud. You can really move fast and go from point A to point B, move the needle. Yeah, and at the same time that there's kind of a clean slate, there's even a clean slate in terms of best practices within our industry. Now, if we were in mortgage, there's a lot of rules. There's a lot of clear guidelines on how to do security and auditing and things that you need. Whereas in our industry, that's all emerging. So we have a chance to also set the pace, set the tone for what security might look like or what cloud usage might look like within the pace industry. But at the same time, we're getting increasing government regulations. So we're having to make these decisions around what are the tools that are going to help us achieve, you know, maximum customer protection and auditability while maintaining our, you know, our business model and without, you know, totally. Yeah, and you're going to need flexibility because you don't know what's going to come next. Exactly. You got to be ready for anything. Yep. And so that's at least my next question. Two points. What's, how do you guys prepare for what's next? What's the main ethos around technical architecture around being prepared for that ready state that's coming to you? And then two, what have you learned over the, what's the scar tissue look like? What's the moments of, you know, joy and despair going on? Because you're iterating, you're learning, you're always constantly getting knocked down, getting standing back up. So this is, this is what innovation is. It can be fun and also grueling at the same time. Go ahead. Yeah, so what's, how we deal with what's new beyond our like software process. We have a well-defined process that everything gets churned into. Government's really good about giving us notice when stuff's going into effect. So we always have target dates that we're going toward. But in terms of what's next in terms of our software, we have this interesting culture within our organization. Everyone wants to improve everything. I think it's called a Kaizen culture, Kaizen culture. Just people are looking at stuff, they want to improve it. And so our process allows for anyone to throw something on the backlog. It'll get prioritized and put around, but we're allowing all of our engineers to say, hey, we want to do this. And, you know, putting it into an open forum where, you know, we might not do it, but we have the discussion. And we have all the channels to have those discussions and, like most technology companies or technology focused companies, we spend a lot of time talking about technology. And making those decisions. So it's important you guys really have the cultural ethos of the people to debate and then commit. And that's one of my recommendations for any company trying to move to cloud native or Kubernetes is always you have to have your evangelists on your team. And because you can't expect people who have been doing it one way forever to instantly be on board. You need some sort of technical evangelists whether that's outside company. It works best, I think, if it's someone you've hired or someone in your organization who's preaching the gospel of Kubernetes or cloud native. Yeah, that's Spark Labs, Lawrence companies doing a lot of that work. But that's really nails it. I mean, you got to just, it's not a technical issue per se, it's really cultural. Yeah, exactly. We've heard that all through the show here. It's all about people. All right, so what's on your wish list? What's the holidays want to bring for you guys? If you could throw a wish list out there and you can magic wand, crystal ball. EKS. Or EKS. EKS. Yeah, if Amazon could respond to our request. Okay, we just had EG on yesterday. He said it's coming. I said, he said months, so not. Did you say months? I thought it was a few months, so maybe. We'll check the transcripts in a few months. It wasn't tomorrow. That's all right. And that's one of our, that's our scar tissue, right? Is we're doing this ourselves. You know, where there's this huge control board and we got people, you know, doing the knobs and things and we're relatively small. You know, we're a small organization, Oregon engineering organization. So we're doing a lot of this stuff ourselves where we can abstract a lot of that work out to a cloud provider that we're already on. Well, it's going to be good reps for you guys. As you, as this thing gets extracted away, you're going to have a great core competency in Kubernetes. I think that's a notable thing there. For sure. One of the things on my wish list, I was speaking with Jace and Josh Berkes and a lot of the core contributors to Kubernetes at the contributors summit. And I was talking on what I kind of realized is I would love to see a coordinated cross-cutting effort either on part of the CNCF or on part of the Kubernetes project proper to have a like a proactive security. I wouldn't call it a working group. I guess it's sick, a special interest group. It would be, you know, because I know that we can deal with zero-day issues really, really quickly. For example, the Azure host path mapping issue that I was a few months ago. But right now it's kind of on the responsibility of each SIG to implement whatever security looks like to them individually, which is great. It means that there's people thinking about security. That makes me sleep better at night, but seeing some coordination around that and kind of driving towards, okay, we have this tool that seems to be changing the game. How are we going to change the game with security? Like, is there a way to look at that and even, you know, because authentication and authorization have been around since more than one user used a terminal in the 1960s and 70s. But, I mean, even with just this new step of admission controllers where we have more fine-grained control around how stuff gets into the cluster, I think it would be great to look at what a coordinated cloud-native security effort would look like. I think that's great. I mean, we've been talking to a lot of vendors here and a lot of folks that have projects and bring up security every single time and they kind of have an answer, but they really don't. They body swerve you. Yeah, well, we got this, we got that. Or, you know, you're the developer, you have to build it in yourself, so I totally agree with that recommendation. I think it's fabulous. Yeah. Kubernetes is making so many things simpler at certain levels. Now, if we can focus those efforts on making security simple for people, because they're security experts, they can put their two cents in. Well, let's build it in and not block it on. Build it in and not expect every developer to know. I like that, yeah. Don't bolt it on, build it in. Yeah. Build it from the beginning. And there's all kinds of new ways. I mean, the fact that there's no perimeter with the cloud, it brings up, really kind of throws everyone for a loop because you have to go to the chip set down. I mean, what Google got, as I think, is a very interesting approach. They're trying to push forward this multi-layer approach from chip to kernel, OS, to app. Interesting, and they got, you know, managing through all their security practices. They got Android. I mean, sphere phishing is a huge problem right now. We're seeing in a lot of enterprise, we talk just like, hey, you know. Right, it's like the firewalls and VPNs, like that's old school. Right. They need to modernize it. So this is what we're thinking about that. So, great, well, hey guys, thanks for coming on and sharing your feedback and your data and your place and how you're architected on AWS and your work in Kubernetes. Congratulations. Thank you. Thank you. Cube coverage here in Copenhagen, it's theCUBE's coverage at KubeCon 2018. We'll be back with more after this short break.