►
From YouTube: Containerization 102: Security, Optimization and Speed
Description
Don't miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from 18 - 21 April, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A
Welcome
everybody
to
the
March,
webinar
or
Tech
talk
as
I
like
to
call
it.
My
name
is
Sean
Odell
I
am
the
head
of
developer
relations
at
Cloud,
Smith
and
I
am
really
excited
to
have
everybody
here
today,
listening
in
I've
got
some
fantastic
speakers,
some
some
folks
that
I
know
really
really
well
and
we're
going
to
be
talking
about
the
second
phase
or
kind
of
the
102
of
containerization.
A
Today
we're
going
to
focus
on
speed,
optimization
and
probably
far
more
security
than
than
any
of
the
other
two
and
before
we
kick
things
off,
you
know,
I
just
want
to
mention
a
few
things
for
everybody
in
the
audience
and
I
think
these
are
super
important
if
you
are
watching
on
Twitter
or
LinkedIn,
if
you
repost
this
live
stream,
you
get
a
chance
to
win
a
free
lunch
and
I
think
that's
always
exciting
if
you're,
hungry
or
plan
on
getting
hungry
at
any
point
in
time.
A
The
second
thing
is,
we
also
give
away
some
prizes
at
the
end
of
the
session,
and
so
let
us
know
you're
here
by
dropping
Emoji
in
the
chat
and
I
will
announce
the
winner
of
the
free
lunch
and
some
prizes
at
the
end
of
the
at
the
end
of
the
session
today.
Lastly,
before
we
kick
things
off
and
get
to
the
topic
at
hand,
I
am
excited
to
introduce
to
all
of
you
unpack
conference.
A
Unpacked
is
the
first
ever
user
conference
from
cloud
Smith,
and
this
is
going
to
happen
on
June,
20th
2023,
and
you
know
to
to
help
everybody
understand.
This
conference
is
really
for
devops
professionals
and
Engineering
leaders
who
are
interested
in
learning
more
hearing,
more
and
hearing
from
peers
and
Industry
experts
about
securing
and
scaling
software
delivery
and
kind
of
the
fun
tagline
I
actually
like
to
repeat
it.
The
conference
is
virtual,
that
is
global
and
it
is
free
and
feel
free
to
jump
in
the
chat.
A
If
you
are
on
the
the
webinar
platform
and
you
know,
choose
the
link
and
register
and
obviously
we'll
be
sharing
via
socials
and
others.
Now,
let's
get
to
today's
program,
I
am
excited
to
introduce
to
to
to
speakers
to
really
two
individuals
to
the
floor
today,
both
Mourinho
Ouija
and
Robert
sercia,
and
you
know
a
little
bit
about
Robert.
A
He
is
he
is
the
head
of
community
and
evangelism
at
suse
and
Mourinho,
which
I
have
known
for
a
long
time,
both
as
a
peer
and
as
a
friend
Mourinho
is
a
developer
and
platform
Advocate
at
solo
IO.
Gentlemen.
Welcome
to
the
show.
Thank
you.
Thank
you
very
much.
Robert
I'll
start
with
you.
Man
tell
us
a
little
bit
about
yourself.
B
I
spent
my
entire
career
as
a
developer,
written
code
in
the
past
couple
years,
I
flipped
over
to
the
evangelism
and
Community
role,
which
I
don't
feel
that
it's
almost
one
in
the
same
and
so
I'm
the
head
of
community
evangelism
for
Susa
part
of
the
Sousa
and
Rancher
community.
So
what
I'm
doing.
C
Yeah
thanks
thanks,
Sean
and
I
will
say
that
you
know
I
I
haven't
been
a
developer,
I
I
would
say:
I
spent
most
of
my
time
in
the
world
of
infrastructure
and
networking,
and
you
know
as
much
as
I
try
to
escape
this
world
of
networking.
I
feel
like
it
just
keeps
pulling
me
back
into
it.
So
I
I
did
spend
a
lot
of
time
doing
the
the
Consulting,
the
pre-sales
architecture,
all
that
fun
stuff.
C
But
then
you
know
to
Rob's
point
I,
just
really
like
just
getting
out
there
in
front
of
people
and
talking
about
all
this
cool
stuff-
and
you
know
I
found
myself
in
an
evangelist
slash,
advocacy
role,
so
I've
been
doing
it
for
about
a
year.
It's
been
interesting.
You
learn
at
a
different
pace.
You
see
so
many
different
perspectives
and
it's
just
like
all
in
your
face.
So
yeah.
A
Now
glad
to
have
you
both
my
background's
a
little
bit
different
I
I,
actually
call
myself
a
reformed
infrastructure
architect,
which
is
actually
where
I
got
started.
I
I,
managed,
Enterprise,
I,
guess
Enterprise
management.
If
you
want
to
call
it
that
and
security
patching
for
for
a
large
Fortune
200
organization.
Here
in
the
United
States
and
often
times
on
the
infrastructure
side,
I
had
angst
for
application
owners
and
developers
because
I
was
I
was
it
was
done.
A
The
wrong
way
like
I
I
was
I,
was
instructed
incorrectly
right
and
and
I've
I've
learned
from
my
mistakes
and
that's
why
I
believe
you
know
what
we
do
and
and
really
even
today's
conversation
right
having
a
background
in
security
with
infrastructure,
but
now
with
applications
or
containerizations
or
microservices
or
kubernetes,
and
whatever
moniker
and
acronym.
You
want
to
throw
out
there
today,
but
we
are
going
to
be
jumping
into
this
wide
topic,
but
really
focusing
in
on
the
security
aspects.
Looking
forward
to
this
guys.
A
So
so
to
begin
and
there's
so
many
questions.
I
could
ask
here
I'm
just
going
to
ask
a
kind
of
a
simple
one
and
I
think
this
conversation
will
jump
from
here.
Where
should
people
be
looking
when
they're
getting
started
with
container
security?
Now
I'm
going
to
preface
this
I
know
you're
both
going
to
go
in
different
directions
and
that's
okay,
just
with
your
backgrounds
and
your
understanding,
but
I'm
really
curious
to
see
where
we'll
start
and
I'm
actually
going
to
start
with
Robert.
B
Think
the
low
hanging
fruit
is
understanding
where
your
images
are
coming
from
and
knowing
that
one,
that's
I,
think
the
easiest
way
to
get
started
with
that
and
then
people
miss
it
and
they're
going
through,
like
oh
I,
need
ebf
today
and
I'm
like
hold
up
here.
Do
you
know
where
your
images
are
all
coming
from?
Well,
no
I
just
pulled
them
off
the
internet,
and
that's
that
I
think
that's
an
easy,
safe
way
to
start.
A
B
No
because
of
humans
right,
like
I,
would
say,
the
human
factor
would
be
the
hardest
part
right,
getting
people
not
to
pull
them
down
from
Docker
Hub
and
not
saying
Docker
hub's
not
secure
right,
but
you
know
just
just
anywhere
on
the
Internet.
It's
like
oh
I,
just
pulled
it
I
Googled
it
and
found
the
first.
The
first
search
and
I
think
that's
where
it's
just
developing
a
policy
and
getting
the
humans
in
your
organization
to
follow
that
particular
policy
is
I.
Think
the
hard
part.
A
And
Robert
I
appreciate
the
fact
that
we
didn't
even
have
the
conversation
of
where
to
start
with
that
answer,
but
you
just
gave
a
great
plug
for
cloud
Smith,
so
we'll
just
leave
it
at
that
fantastic
job,
Mourinho
I'll.
Let
you
answer
this
question
man
from
your
perspective.
Where
should
people
be
looking
when
they're
getting
started
with
container
security?
You.
C
Know
there's
this
notion
of
okay:
I'm
gonna
go
pull
whatever
I
can
off
the
shelf
or
maybe
I'll
just
build
it
and
I
think
when
it
comes
to
building
it
and
then
deciding
where
you're
going
to
store
it.
It
really
comes
down
to
the
maintenance
and
the
the
constant
custodial
efforts.
You
need
to
provide
to
making
sure
that
that
image
that
you
built
is
always
secure,
and
so
there's
there's
a
couple
of
things
that
I
would
think
about.
C
Initially
is
okay:
how
do
I
pick
a
good
base
image,
one
that
has
very
limited
vulnerabilities
and
then
once
I
picked
that
and
I
decide?
Okay,
let's
build
my
container
image
and
store
it
somewhere.
What
can
I
do
to
constantly
scan
for
vulnerabilities?
Let's
say
today:
I
use
a
good
golden
image
today
and
then
three
days
down
down
the
road
I
find
there's
a
vulnerability
right.
So
it's
an
element
of
picking.
You
know
both
your
trusted
image
as
well
as
the
the
place
you
store
it.
C
You
know
to
Rob's
point,
but
also
having
some
sort
of
artifact
scanning
going
on,
so
that
you
know
when
you
need
to
swap
out
the
base
image-
or
you
know,
implement
this
into
your
CI
pipeline,
so
that
now
you
have
something
much
more
cleaner
to
work
with.
But
then
there
are
so
many
other
areas
too,
like
I
come
from
a
networking
background,
and
you
know
once
you've
got
those
containers
up
and
running.
How
do
you
protect
the
the
network
and
how
do
you
protect?
You
know
one
container
from
doing
something
to
another
container.
A
Yeah,
you
know
you
actually
bring
up
a
couple
of
points.
Number
one
I,
don't
think
it's
three
days
before
the
vulnerability
shows
up
often
times
is
about
30
seconds
later,
at
least
that's
what
I
have
found,
maybe
I'm,
just
the
only
one
or
maybe
I've
got
some
terrible
ideas
out
there,
but
man
vulnerabilities
show
up
quickly,
right
and
and
we're
going
to
jump
into
like
I.
A
Think
the
other
thing
is
when
we
look
at
container
security,
there's
I
go
back
to
the
old
analogy
right
when
I
had
a
physical
server
right,
there
were
multiple
ways
to
secure
a
said:
physical
server
right.
We
do
the
same.
We
did
the
same
thing
with
virtualization.
We
need
to
do
the
same
thing
with
you
know,
containers
right
the
principles
still
apply,
and
so
the
attack
surfaces
is
massive.
It
comes
from
different
angles.
It
comes
from
a
variety
of
angles.
So,
to
your
point
Mourinho,
you
know
you
know
talking
about
attack
surfaces.
A
What
are
some
ways
where
container
security
and
networking
has
matured
over
there,
and
obviously
this
could
be
a
long
answer,
but
where
has
it
matured
over
the
past
couple
of
years
that
you
have
seen?
You
know
the
the
two
working
together,
maybe
where,
in
the
past
they
haven't.
C
I
think
it
really
comes
down
to
automation.
We
decided
a
long
time
ago
that
it
just
makes
no
sense
to
do
everything
by
hand.
So,
let's
say
10
years
ago,
you
started
with
one
container
and
you
decided:
hey
I
need
to
network
this
to
another
container
and
then
now,
all
of
a
sudden,
you
have
a
thousand
of
them
having
to
deal
with
some
level
of
bash
to
be
able
to
push
out
container
networking
configurations
or
networking.
C
Namespace
configs
makes
no
sense,
but
because
of
what
people
have
attempted
to
do
manually
and
then
also
because
they
try
to
drive
it
with
automation.
Now
we
have
orchestration
systems
that
have
this
like
this
container
networking
layer
much.
You
know
if
you've
ever
worked
with
kubernetes,
which
I'm
sure,
like
everyone
at
this
point,
knows
you're
working
with
a
container
networking
interface
and
that
has
all
the
necessary
pieces
for
you
to
just
get
containers
talking.
But
then
it
also
offers
up
that
layer
to
just
provide
zero
trust
or
eliminate
your
surface
attack
area.
C
Because
now
you
have
this
opportunity
to
profile
your
network,
see
who's
talking
to
who
and
then
say
now
we
can.
You
know
deploy
a
baseline
policy
and
now
we
have
our
zero
trust,
but
you
start
to
realize
that
things
change
so
quickly
that
you're
constantly
having
to
change
that.
So
you
now
need
to
also
think
about
observability
what
is
changing
and
then
how
do
we
adapt
to
that?
Yeah.
A
And
and
when
it
comes
to
container
security
rate,
we
we
could
hit
a
couple
of
facets
and
I
think
what,
in
in
some
of
the
subsequent
questions
we'll
actually
get
to
it
because
I
know
Robert's
got
some
opinions
on
this
too,
but
before
we
go
deeper
into
the,
what
I
would
say
is
the
layers
of
container
security.
A
I
want
to
I
want
to
focus
on
something
that
both
of
you
articulated
right
package,
management,
package,
delivery
or
software
delivery,
and
really
just
the
application
life
cycle
and
look
I'm,
not
a
big
fan
of
buzzwords,
but
unfortunately
our
industry
does
this,
and
so
the
buzzword
of
supply
chain
security
is
something
we
all
hear
in
supply
chain
attacks
right.
Even
the
example
you
gave
Mourinho
was
a
supply
chain
attack
right
where
I
go
grab
a
package.
That
package
still
happens
to
have
a
vulnerability
when
my
CI
pipeline
picks
it
up.
A
Guess
what
I'm
automating
the
deployment
of
vulnerabilities?
It's
a
it's
a
novel
concept
right!
So
so,
I'm
gonna
ask
this
question
of
you
Robert.
When
we
look
at
supply
chain,
when
we
look
at
some
Legend
attacks
supply
chain
security,
how
can
people
at
the
base
kind
of
at
the
at
the
at
the
base
level
mitigate
risks
with
using
containers
and
I?
It
sounds
weird
that
I'm
saying
how
do
you
mitigate
risk
with
using
containers,
because
containers
are
innately
a
good
thing,
but
humans
are
often
you
know,
malicious
and
and
all
that
sort.
A
B
Think
Mourinho
started
what
I
think
you
mentioned
that
base
container
image
right
and
then
you
know
I'll
go
back
to
you
know
the
hardest
part
about
is
getting
people
to
adopt
it
and
building
upon
what
what
your
business
needs
are
from
that
perspective
and
then
allowing
A
Change
Control
for
particular
packages
to
come
in
one
of
the
things
that
scares
me
to
death,
especially
just
npm.
Okay,
we're
like
it's
just
npm,
it's
what's
the
big
deal,
I'm
like
yeah,
but
you
don't
know
what
that's
doing
like
you're.
Just
it's
on
a
browser.
B
It's
running
and
I
know
it's
not
a
container,
but
for
a
front-end
developer.
Their
container
is
what
is
a
web
browser
right,
and
so
it's
the
same
thing,
but
they
arbitrarily
do.
That
is
to
have
a
way
where
you're
pulling
in
the
right
package
that
you
might
need
and
then
having
a
process
to
quickly
change
it
if
a
vulnerability
is
found
right,
Moreno
had
a
really
good
point.
Is
that
observability
I
said
that
correctly?
What
does
that
look
like
when
you
find
something?
B
And
how
do
you
fix
it
as
fast
as
possible,
but
that's
starting
with
that
base
image
and
being
like
that's
our
gold
image.
We
did
this.
We
do
the
same
thing
in
virtualization.
Remember
we
create
that
Windows
server.
That
was
our
our
that's
the
that's
the
gold
image,
if
you
guys
and
I
knew
because
I
used
to
hear
about
it,
you
know.
B
They're,
like
did
you,
update
the
gold
image
all
right,
it's
safe
to
update,
let's
update
it,
we'll
do
it
all
this
weekend
and
the
infrastructure
team
would
do
it
and
we
didn't
understand
from
the
developers.
We
didn't
understand
what
the
hell
they
were
talking
about,
so
it
was
just
one
of
those
whoa.
What
is
this,
but
that's
we
did
the
same
thing
it
worked.
Then
it
kind
of
worked
the
same
way
now.
A
Yeah,
you
did
scare
me
when
you
mentioned
the
word
Change
Control,
so
I
think
all
of
us,
whether
you're
a
developer
or
whether
you've
been
on
the
infrastructure
side
of
the
house
does
not
matter.
We've
all
had
horror
stories
of
Change
Control,
and
so
so,
let's,
let's
talk
a
little
bit
about
that
right.
How
does
change,
control,
work
and
and
what
are
some
ways
that
you've
seen
it
work
within
this
new
paradigm?
That
is
a
really
good
mixture
of
controls,
but
freedom
in
some
cases,
foreign.
B
C
So
you
know
back
about
10
years
ago,
15
years
ago,
when
I
used
to
do
Network,
cutovers
and
whatnot
change
controls
were
everywhere,
and
it's
because
you
want
to
do
something
to
the
to
to
an
environment
that
has
impacted
the
business
in
some
way,
shape
or
form,
but
that
impact
is
supposed
to
be
positive.
It's
supposed
to
optimize
something
make
something
better
make
us
move
forward
with
another
project,
something
along
those
lines.
C
We
see
viable
output,
you
know
things
that
that
basically
say:
okay,
this
is
going
to
work.
This
is
going
to
make
sense.
This
is
going
to
be
beneficial,
then
that's
our
approval
process
and
that
has
sped
up
our
deployments
in
so
many
ways
right
and
to
see
that
Paradigm
move
over
or
that
shift
altogether
means
that
we've
we've
definitely
left
behind
that
whole
Change
Control
process,
but
the
elements
that
are
still
here
they
still
exist
primarily
because
look.
C
We
still
need
to
have
some
mechanism
to
track
these
changes,
because
if
something
goes
wrong,
how
do
we
roll
back?
How
do
we
work
our
way
backwards?
I
think
tools
like
git
and
GitHub
and
gitlab
have
made
this
so
much
easier
for
us
to
be
able
to
revert
our
changes,
but
I'll
tell
you
what,
like
10
years
ago,
you
forgot
to
put
in
that
restart
in
you
know
20
seconds
you're
locked
out.
Oh.
B
I
I
guess,
from
a
developer
standpoint,
we've
we've
started
with
Automation
and
some
of
the
platforms
that
we
use
have
we've
been
able
to
have
smaller,
incremental
changes
right
and,
to
you
know,
piggyback
on
what
Bernie
was
saying
is
those
changes
are
just
so
common
now
that
it's
really
not
change
control?
It's
just
this
continuous
push
right
where
you're
like.
Oh
you
got
it
done,
get
into
the
next
thing.
The
CI
will
hit
it's
Friday.
Who
cares
for
pushing
and
a
lot
of
automation
has
been
done
to
help
roll
things
back.
B
A
Absolutely
and-
and
you
both
you
know-
you
both
mentioned
tooling
as
a
part
of
the
answer,
but
I'm
gonna,
I'm
gonna,
say
that
really
it's
probably
people
and
process
far
more
than
tooling,
when
you
want
to
secure
a
container
and
I
know.
That
sounds
a
little
funny,
because
it's
still
technology
at
the
root
of
of
a
container,
but
all
of
the
things
that
we've
been
doing
over
the
years
right,
whether
it's
it's
the
initial
itsm
or
change
board.
A
You
know
situation
moving
into
automation,
then
adding
that
collaboration
layer
to
improve
that
life
cycle
or
to
improve
the
cycle
is,
is
I,
think
actually,
where
you
start
to
mitigate
the
risks
right.
It's
it's
a
combined
effort,
but
obviously
tooling
is
important,
but
people
who
implement
the
tooling
are
I
think
are
far
more
important.
Anything
to
add
to
that.
B
I
want
to
be
a
controversial
and
say
developers
need
to
start
owning
part
of
that
process
of
containers.
We've
never
really
owned
that
to
us.
It
was
just
like
yeah,
it's
just
like
the
VM.
We
don't
care
and
that
abstraction
really
should
go
back
to
the
solution.
Architects.
Maybe
the
Enterprise
Architects
were
where
they
stand
in
an
organization
and
when
I
say
developers
I'm
not
saying
Engineers.
Those
are
two
fundamentally
different
things,
but
the
developers
really
need
to
start
having
some
ownership
with
that,
because
part
of
that
change
needs
to
start
with
them.
C
I'm
gonna
go
on
to
disagree
with
that,
a
little
bit
primarily
because
I
don't
think
we
should
put
the
onus
on
developers
to
manage
container
security.
I
think
we
should
work
towards
providing
them
a
platform
that
inherently
provides
this
container
security.
We
should
be
able
to
define
the
kind
of
parameters
we
need
for
policies
for
the
types
of
Base
images
we
want
to
allow
and
let
let
them
work
with
that,
because
now
we're
putting
this
this
additional
pressure
to
go,
learn
something
else
like
do.
They
even
want
to
learn
kubernetes.
C
No,
we
should
be
the
ones
that
care
about
it.
They
should
only
care
about.
Let's
just
get
this
container
up
and
or
get
this
to
a
point
that
it's
actually
a
container.
You
go
deal
with
it
after
the
fact
right,
but
to
make
this
even
better,
if
we
gave
them
an
internal
developer
platform
where
it
would
just
automate
the
whole,
you
know,
provisioning
of
you've
got
your
container
image.
It's
now
married
to
a
whole
bunch
of
others.
Now
this
is
a
full-on
application
that
gets
deployed
on
top
of
some
app
service.
C
It
could
be
kubernetes
under
the
hood
or
something
else,
but
that's
all
they
need
to
be
worried
about,
and
I
I
feel
like
if
you
start
to
load
on
extra
extra.
You
know
technology
domains
that
they
don't
really
need
to
care
about.
You
start
pulling
away
from
their
expertise
in
developing
good
applications.
B
I
guess
it
was
I
I
would
rephrase
it
more
if
it
we
used
to
hear
it,
and
you
guys,
on
the
infrastructure
side
works
on
my
machine
right.
Well,
if
it
has
to
work
in
the
container
right,
and
so
you
have
to
take
some
level
of
ownership
where
it
works
in
the
container.
We
I
wouldn't
expect
them
to
go
anything
outside
the
container,
but
a
new
image
comes
right:
they
should
they
should
own.
The
you
know
hey.
This
is
breaking
anything.
You
know
we're
switching
from
sleep
UCI
to
whatever
it
doesn't
matter.
A
That's
fair
and
and
I'll
be
controversial
and
I'll
actually
agree
with
you
both
in
parts
so
I
I
go
I,
know
it's
it's
such
a
crazy
thing.
So
I
go
back
to
the
days.
You
know,
as
an
Enterprise
architect
focused
on
on
infrastructure.
Our
application
developers
would
bring
us
business
requirements
for
an
application,
all
the
way
down
to
libraries
all
the
way
down
to
tools,
and
they
would
even
provide
us
with
the
requirements
from
an
operating
system
perspective
right.
They
weren't,
they
weren't
the
ones
creating
it.
A
They
weren't
the
ones
who
were
building
the
operating
system.
You
know
whatever
Windows
Server
2003
build
or
whatever
it
may
be,
but
they
would
tell
you
I'm
going
to
need
this
particular
service
and
innately.
The
security
team,
the
infrastructure
team
and
in
collaboration
with
the
application
team,
knew
exactly
what
was
going
on
right.
So
it's
a
it's
a
combined
effort
right.
It's
a
collaborative
effort.
A
The
developers
don't
care
about
kubernetes
as
much
as
we
want
to
have
as
much
as
the
industry
has
tried
to
say
this
developers
only
care
about
actually
the
software
and
the
artifacts
and
the
packages
that
are
required
to
deliver
their
application.
It's
not
this
hard.
We
can
do
everything
we
want
from
a
marketing
perspective,
but
that's
just
the
case.
So
then
the
question
becomes
right.
A
Mitigating
risks
is,
is
a
part
of
the
pro
or
is
a
part
of
the
solution,
but
having
the
collaborative
effort-
and
this
goes
back
to
the
people
process-
look
I
I,
don't
know
that
you
need
something
from
npm
and
I
can't
go
secure,
npm.
If
you
don't
tell
me
right
or
I,
don't
know
if
you
need
this
particular
version
of
node.js
or
what
like
I'm
just
whatever,
whatever
Library
it
may
be
right.
A
C
Know
I
I
actually
agree
with
that
with
the
fact
that
it
has
to
start
with
people
right.
People
are
the
ones
that
are
making
decisions
based
off
of
what
they're
finding
out
in
the
market
what
they're
finding
out
from
their
peers
seeing
success
stories
from
the
blog
posts
that
they
read
and
all
the
different.
You
know
news
releases,
and
so
it
does
come
back
to
people
but
I.
Think
to
your
point
right.
The
collaborative
effort
comes
in
from
when
you
actually
have
decision
makers
coming
together
and
saying:
look.
We
need
to
build
this.
A
Yeah,
it's
interesting
when,
when
we
as
Cloud
Smith,
when
we
talk
to
our
customers
and
community
members,
they
never
actually
ask
us
about
the
infrastructure
layer.
They
really
care
about
the
the
artifacts
and
the
software
that
goes
along
with
the
application
right,
but
then
to
even
mourinho's
point.
This
actually
leads
me
to
my
next
question
and
actually
somewhat
with
with
both
where
Robert
was
going.
They
have
had
to
learn
about
the
infrastructure
layer
right.
The
there
is
a
look
modern
infrastructure,
whether
it's
serverless,
whether
it's
kubernetes
or
containers
or
or
or
microservices.
A
Like
there's
a
blending
like
there's
a
very
close
line
that
the
boundary
is
a
whole
lot
closer
today
than
it
ever
was
so
when
organizations
win
developers
win,
you
know,
platform
teams
begin
looking
at
containerization
container
security.
Where
do
they
start
when
it
comes
to
the
kubernetes
layer
right?
Where
do
those
two
works
together?
And
maybe
where
do
you
see
some
division.
C
Rob
you
should
take
this
one
first
and
then
I'll
provide
my
my
perspective.
I.
B
A
No!
No!
So
so,
when
you
look
at
it
it
at
the
kind
of
blending
between
kubernetes
and
application
security,
where
do
you
think
companies
should
start
or
developers
or
platform
teams
should
start
and
kind
of
merging
those?
Two
together.
B
I'm
not
sure
the
the
best
idea
to
merge
them,
but
I
think
for
application
teams
is
continuous
scanning
of
their
packages,
continuous
scanning
of.
What's
what's
going
on
with
that
and
then
from
an
infrastructure.
A
platform
perspective
is
anything
to
lock
down.
Kubernetes
kubernetes
is
complex
for
some,
not
so
much
for
others,
but
it's
not
natively
secure
I'm,
not
saying
it's
not
secure,
but
there's
still
things
that
are
wide
open
that
allow
you
to
ease
of
use.
B
That
really
I
mean
we
Mario
can
talk
about
networking
and
what
probably
needs
to
be
locked
down
to
kubernetes.
That
I
would
just
no,
it
looks
good
leave
it
open
I,
don't
care
that
I
mean
like
he's
laughing,
but
here's
me
I'd
be
like
yeah,
it's
normally
finding
Supernatural.
If
it's
so
those
things
I
was
thinking
this
is
you
know?
How
do
you
throw
that
platform,
part
from
a
developer
perspectives?
B
That's
constant
scanning
right,
because,
when
log4j
hit,
most
companies
didn't
know
until
the
news
hit
it
because
they
weren't
scanning-
and
that
was
that
was
scary.
For
me,
oh,
my
god,
did
you
not
sketch
that
and
they're
like
we
weren't
scanning
I?
Think
that's
where
from
a
developer's
perspective
and
then
I
hate
using
the
buzz
phrase,
zero
trust,
but
on
the
zero
trust
for
that
platform
is
like.
How
else
can
we
lock
it
down
to
make
it
almost
unusable
usable
to
a
point
where
it's
secure
more
than
the
default
installation?
C
C
Many
facets
to
you
know
bringing
security
to
the
Realms
of
a
developer
that
should
care
about
it
as
well.
As
you
know,
infrastructure
and
platform
teams.
So
there's
been
a
lot
of
advancements
over
the
last
few
years,
especially
when
it
comes
to
containerization
and
orchestration
tools.
You
know
kubernetes
is
much
more
secure
than
it
was
five
years
ago.
There
are
a
lot
more
tools
that
you
can
deploy
and
layer
on
top
of
kubernetes
that
help
with
containers
that
help
with
understanding
the
processes
that
are
running
inside
of
containers.
C
This
opens
up
a
whole
other
door
and
another
conversation,
but
because
of
these
advancements,
now
you
start
to
see
that
you
don't
have
to
lean
on
the
developer
to
develop
secure
containers.
What
you
want
them
to
do
is
Implement
their
security
practices
in
the
way
they
build
their
code.
You
know,
obviously,
let's
make
sure
that
we
don't
have
any
buffer
overflows.
C
Let's
make
sure
that
we're
not
exposing
our
our
keys
inside
of
GitHub
or
any
or
any
of
those
locations
using
all
these
necessary
pieces
to
be
able
to
create
that
secure
application
and
then
push
it
over
to
the
app
or
so
the
Ops
teams
to
say.
Look.
Okay,
you've
got
one
layer
of
security,
let's
add
the
additional
layers
to
achieve
defense
in
depth.
C
So,
okay
on
the
physical
side,
you're,
locking
down
your
physical
host
because
you're
not
going
to
use
Ubuntu
and
then
Deploy
kubernetes
on
top
of
that,
you're,
probably
going
to
consider
using
something
like
Talos,
so
that
you're
using
the
secure
distribution
of
kubernetes,
then
you're
going
to
realize.
Okay,
the
containers
that
I
build
with
maybe
I'll
use
something
like
Wolfie.
That
chain
guard
just
recently
came
out
with,
because
that's
a
very
highly
secure
base
image,
which
they
constantly
check
for
vulnerabilities
and
publish
new
images
on
a
consistent
basis.
C
And
then
you
have
the
network
security
layer
where
you're
thinking
about
authorization,
identity,
authentication,
implementing
things
like
TLS
for
secure
encryption
and
then
policies
to
basically
say
you
can't
do
this
to
that
object
or
whatever
and
then
you're
thinking
about
rbrac.
Who
has
access
to
these
environments?
Who
should
have
access?
Should
your
CI
pipelines
be
the
only
thing
that
deploy
to
your
to
your
clusters,
or
should
you
have
your
entire
team
doing
it
right?
So
these
are
all
decisions
that
people
have
to
make.
C
It's
not
necessarily
you
know
a
system,
that's
going
to
be
able
to
solve
it
all
and
there
isn't
a
system
to
solve
it.
All
I
think
VMware
might
have
tried
this
with
their
tanzu
offering
but
I
don't
know
how
far
they've
they've
gotten,
because
there's
so
many
moving
pieces
when
it
comes
to
the
tanzu
platform.
B
And
it
doesn't
take
into
the
account
that
anytime,
you
add.
If
you
look
at
the
landscape
and
you
add
something
to
the
landscape,
you
increase
your
you've
increased
your
threats,
I,
don't
want
to
say
astronomically,
but
you've
you've,
anything!
You
add
to
a
cluster
from
that's
that
landscape.
Now
you've
increased.
What
can
be?
B
What
can
go
wrong
where,
where
your
vulnerabilities
are
I,
I
was
trying
not
to
use
astronomical,
but
it's
not
the
case,
but
I
mean
it
does
go
up
and
people
don't
realize
that,
like
oh
I
can
put
Prometheus
here,
not
saying
it's
not
secure,
but
now
you
are
worrying
about
vulnerabilities
there.
So
anything
you
add
to
that
particular
cluster
I
think
you
know,
even
though
it's
part
of
the
landscape,
we
need
to
know
that
there
might
be
a
vulnerability
and
expect
it.
And
then
what
do
you
do
when
it
does
happen?.
C
I
think
the
last
thing
a
lot
is
I,
think
everyone
gravitates
to
using
open
source
Technologies
and
forgets
all
the
additional
features
they
need
to
add
or
build
or
codify
into
whatever
they're
building.
This
is
why
Enterprises
exist.
I
mean
we've
addressed
these
particular
gaps,
especially
when
it
comes
to
security,
and
so
you
want
to
be
using
Enterprise
technology,
not
open
source,
because
it's
free
and
oh
I'll
just
use.
You
know
the
issue
feature
to
be
able
to
try
to
get
some
troubleshooting
or
something
along
those
lines.
Right.
A
A
You
know
from
a
security
perspective,
optimization
from
a
package,
You,
Know,
download
or
repository
perspective,
all
the
way
to
optimization
of
network
and
speed
and
in
in
in
delivery
right
when,
when
you
kind
of
thinking
about
the
just
the
past
few
years,
right,
whether
it's
containerization,
infrastructure
or
or
or
or
you
know,
artifact
and
package
manager,
what
are
some
other
ways
that
maybe
optimization
we
either
have
have
already
started
down
the
path
of,
or
maybe
we
should
look
at
a
little
bit
more
and
and
maybe
not
optimization
of
security,
but
maybe
optimization
in
terms
of
usability
rather
than
complexity.
B
Okay,
I,
don't
know
what
that
means.
What's
level
two
to
three
I
would
be
just
completely
lost,
but
I
would
be
like
because
because
you
don't
know
what
those
best
and
it's
not
necessarily
going
to
save
you
anything.
But
it's
a
starting
point
for
someone
to
take
that
next
step
with
security
right.
It's
like
hey,
I,
learned
that
in
best
practices
and
networking
I
should
do
this,
and
what's
that
and
it
becomes
more,
you
know
I'm,
not
picking.
B
Neighbor,
you
know
just
you're
there
on
screen,
so
it's
just
like
I'm
using
the
networking
example,
because
I'm
terrible
with
networking
and
I
will
tell
everybody
that.
But
it's
just
what
does
that
look
like,
because
it's
optimization
right,
like
I'm,
optimizing,
what
I
know
and
what
I
need
to
know
and
then
all
of
a
sudden,
it's
kind
of
built
upon
those
things
and
sometimes
I,
don't
need
to
know
and
I'd,
rather
just
leave
it
to
an
exporter.
But
there's
times
I
should
have
a
cursory
idea
of
what
it
should
be
like
yeah.
C
No
I
think
Rob
covered
it
pretty
well.
I
I
spoke
to
death
about
you
know
my
perspective
on.
You
know
how
you
can
increase
the
surface
attack
area
pretty
easily
and
just
the
fact
that
people
need
to
be
there
to
make
these
right
calls.
But
the
thing
is
you're
also
going
to
realize
that
these
same
people
have
made
these
mistakes
before
and
they're
coming
at
it
with
all
of
those
experience.
Let's
just
not
do
this
again,
because
there's
so
many
better
ways
to
do
it.
One
one
last
thing
I'll
add,
though,
is
I.
C
Think
what
has
happened
over
over
the
last
little
while,
especially
with
the
rise
of
containerization,
is
that
networking
has
been.
Com
has
become
a
very,
very
different
thing
altogether,
like
yeah
networking
is
still
there,
but
then
there
are
so
many
additional
layers,
and
so
you
know,
let's
say
you
decide
you're
going
to
deploy
a
kubernetes
environment
by
yourself
without
any
sort
of
managed
service,
and
you
decide:
okay,
let's
use
a
cni
like
sodium,
and
then
you
decide,
let's
also
layer
in
a
service
mesh
like
Linker,
D
or
istio.
C
But
then
you
realize
you
have
all
of
these
different
pieces.
You
have
to
manage
on
your
own
and
then
you
also
have
to
manage
the
vulnerabilities
that
pop
up,
which
then
drive
issues
around
okay.
We
just
found
a
vulnerable
vulnerability
in
this
DOD,
which
is
going
to
impact
the
data
path
and
the
control
plane
for
everything
that
exists
inside
of
my
environment.
When
can
I
do
this?
Oh
I
can't
do
this
I
can't
I
can't
take
an
outage.
How
do
we
get
around
that?
C
A
I
I
have
a
a
common
phrase:
I
use
kubernetes
is
not
complex.
It's
not
when
you
start
to
add
everything.
On
top
of
it
is
where
complexity
and
speed
and
optimization
and
security
really
becomes
a
challenge
like
go
back
to
Robert's
example
about
you,
know,
standardization
or
or
best
practices.
Excuse
me
right.
I
can
go
read
a
how-to
on
deploying
kubernetes.
It's
it's
actually
pretty
simple.
It's
really
easy
to
use,
but
that's
not
a
real
world
scenario.
For
me,
at
the
end
of
the
day,
right
and
so
I
I
need
to
add
some.
A
You
know
additional
pieces
on
top
of
it
I.
You
know,
I,
think
one
more
quick
question
I'm
going
to
give
you
guys,
one
minute
and
I
want
to
hear
what
you
believe
is
the
greatest
or
biggest
challenge
today
that
we
face
with
containers
or
containerization
and
container
or
container
management
platforms.
One
problem,
one
challenge
you've
got
one
minute
go
ahead.
Whoever
wants
to
go
first.
C
I'll,
take
it
go
for
it
I'm
just
gonna,
say
the
more
you
do
the
more
complex
it's
going
to
get,
but
here's
the
other
thing
too,
as
is
as
more
and
more
complex,
the
system
gets
whatever
you're
building
you
start
to
realize.
Tools
like
AI
could
possibly
help
with
this
chat.
Gpt
is
into
the
chat,
but
then
you
start
to
forget
the
fact
that
chat,
GPT
doesn't
have
updated
information.
It
could
be
using
incorrect
configuration.
You
might
be
relying
on
it
to
develop
your
security
stance
in
your
environment.
You
throw
that
in
there
deploy
it.
C
Trained
right,
so
the
question
now
actually
becomes:
do
you
want
to
use
chat,
gbt
or
similar
tools
as
a
superpower,
to
enhance
your
your
platform
engineering
and
how
is
that
going
to
translate
to
using
things
like
kubernetes
and
containers?
It's
really
just
going
to
change
the
Paradigm
altogether,
because
now
you're
going
to
have
a
mishmash
of
varying
opinions
as
well.
A
B
Not
everything
can
be
containerized
and
people
need
to
accept
that,
like
we
we
to
be
perfectly
like,
we
will
hear
just
throw
it
in
a
container
to
throw
in
a
container
it's
not
going
to
solve
all
your
problems.
There's
applications
that
are
not
designed
to
be
containerized.
There's
applications
that,
even
if
you
figured
out
how
to
containerize
a
cots
application,
it
can't
run
in
an
environment
with
many
instances
running
right
because
it
doesn't
know
how
to
operate.
It
wasn't
built
that
way.
I
think
that's
one
of
the
things
that
we
just
have
to.
B
If
it's
up
there
with
developers,
love
kubernetes,
that's
that's
the
one
minute.
The
second
with
is
you
know
not
everything
can
go
in
a
container
or
should
it's
okay
right,
I
mean
is
Oracle
DB?
Is
that
running
in
the
container
now
I
don't
know
but
or
I'm
pretty
confident?
If
it's
not
Oracle
doesn't
want
you
to
do
it,
so
don't
think
it's
going
through
it.
It's
just.
It
needs
to
be
on
a
VM,
let
it
be
in
the
VM.
It's
okay,
yeah,
okay,.
C
Other
interesting
thing,
because
when
you
see
how
developers
build
their
containers
they're,
not
breaking
it
down
into
tiny
tiny
pieces,
they're
building
this
massive
massive
thing
and
then
they're
the
ones
that
are
complete
well-
okay,
maybe
I
shouldn't
say
that.
But
you
start
to
realize
that
these
container
images
are
going
to
consume
unnecessary,
Network
bandwidth,
and
then
your
application
is
not
going
to
come
online
and
the
time
you
expect
it
to
so.
It's
funny
that
we
actually
didn't
even
talk
about
this.
How
do
you
build?
C
A
Yes,
okay,
so
so
you
you,
you
both
answered
your
your
biggest
challenge.
Robert,
you
mentioned
a
couple
of
like
funny.
Monikers
like
developers,
love,
Dev,
kubernetes
and
I
would
also
say
that
devops
is
not
dead,
but
hey,
we'll
have
a
little
bit
of
fun
with
that
I
had
to
throw
that
in
there.
It's
always.
It's
always
a
good
one.
Your
SRE.
B
A
It
exactly
okay,
so
so
Mourinho
brought
up
the
topic
and
I
actually
wanted
to
end.
Today's
talk
with
kind
of
a
forward-looking
conversation,
so
we've
got
about
two
or
three
minutes
to
close
this
out.
Where
do
we
see
newer,
Technologies
AI
share
GPT.
All
of
these
new
I
mean
look,
we're
technologists
right.
We've
been
at
this
a
while
and
and
we've
we've
been
following
technology
for
a
while.
This
one
might
be
a
fundamental
Game
Changer
that
we've
seen
in
a
long
time,
and
this
goes
beyond
just
an
infrastructure
layer.
A
B
I
think
you
need
to
look
at
the
problem
with
Mourinho
touched
on
it.
Is
the
data
is
old
within
any
of
these
AI
programs,
it's
old
right,
and
so
it
needs
to
be
refreshed
and
updated
and
we
need
to
you
know,
consume
it
and
we
don't
know
what
data
is
putting
put
in
there
right.
So
is
it
having
a
you
know,
specific
focus
on
X
and
we're
not
looking
at
the
wider
picture.
That's
the
problem!
It's
like
you!
It's
almost
like
a
the
consultant.
B
You
hire
who's
an
expert
in
AWS
but
you're
running
in
Azure
right
sure,
there's
gonna
be
a
lot
of
things
that
cross
over.
But
if
you
don't
know
the
nuances
of
azure
you're,
not
gonna,
you're
gonna
have
so
many
some
of
those
problems
and
I
think
that's
where
I
I
my
concern
with
AI
would
be
it's
like.
C
B
C
Agree
with
what
Rob
said,
I
also
will
add
the
fact
that
it's
it's
a
great
tool
to
help.
You
learn
and
understand
things,
but
where
it
can
start
to
really
go
wrong,
is
if
you're
heavily
reliant
on
it.
I
think
what
needs
to
happen
is,
as
as
these
machine
learning
models
get
better
and
better.
They
need
to
be
trained
to
also
verify
the
information
that
they're
using
right
I
mean
they're,
just
pulling
information
from
the
World
Wide
Web
the
dark
web,
even
who
knows,
and
to
make
sure
that
it's
legitimate,
is,
is
one
concern.
C
The
other
concern
is
who
owns
the
output?
Do
you
use
something
like
chat
GPT,
to
generate
ideas,
to
help
you
kind
of
build
your
Playbook,
or
do
you
actually
use
chat
GPD
to
build
that
Playbook
and
then
does
chat
GPT
own?
It
is
the
bigger
challenge,
so
it
comes
back
down
to
if
you
built
your
entire
organization.
Your
technical
organization
with,
let's
say,
infrastructure
as
code,
and
that
was
all
you
know,
originated
from
something
like
chat
gbt
who
really
owns
Network.
At
that
point,
foreign.
A
Yes-
and
that
scares
me
and
I
have
so
many
questions
and
and
no
answers
to
that
at
this
point,
guys
I
want
to
close
out
and
first
of
all,
just
say.
Thanks
for
your
opportunity,
you
know
for
your
participation
and
and
your
willingness
to
to
have
a
fun
chat.
Disagree
a
little
bit.
I'm
surprised.
We
didn't
even
talk
certain
activities
Rob,
because
you
and
I
have
some
similarities
when
it
comes
to
non-technological
things.
A
C
So
I'm
gonna
be
heading
out
to
Raleigh
soon
to
deliver
a
talk
at
devops
days
and
then
literally
I'll
be
flying
back
home
so
that
I
can
fly
the
next
day
to
Amsterdam
because
I'll
be
there
for
kubecon
doing
a
few
talks.
There
Solo's
hosting
something
called
application
networking
day
which
unfortunately,
is
already
sold
out,
but
you
can
still
register
to
get
on
the
wait
list.
C
If
you
want
to
you
know
get
in
on
the
action
in
case
some
will
show
up,
but
as
one
last
thing,
I'll
share
I'm
running
a
conference
in
Toronto
called
Coop
huddle
and
it's
happening
in
May
May
17th
18th
go
to
cubehuddle.com
and
go
check
it
out.
We
have
some
excellent
speakers
lined
up.
We
have
some
excellent
keynoters
excellent
sponsors
that
come
through.
So
it's
going
to
be
a
great
event.
I
hope
to
see
you
all.
There
awesome.
B
We
got
two
two
announcements:
I
could
talk
about,
one
one
would
be
the
Rancher
2.7.
We
have
a
lot
of
awesome
things.
We
bring
extensions
where
anybody
can
write
their
own
extension
that
runs
within
Rancher
and
gives
you
kind
of
a
a
window
into
other
services
that
you'd
need
a
CLI.
For
now
we
give
you
a
place
to
run
that
web
extension.
So
I'm
really
excited
about
that,
and
then
at
kubecon
we
have
a
huge
announcement.
B
I'm
going
to
tease
a
little
bit
here
with
a
lot
of
big
changes
happening
within
our
community,
so
I
haven't
talked
much
about
it
because
I've
been
busy
building
content
for
what
that
is,
but
that's
we'll
be
announcing
that
April
19th
through
a
couple
live
streams,
so
I've
been
working.
That's
why
I'm
not
in
studio
the
studio
is
actually
in
pieces
getting
ready
to
get
shipped
to
Amsterdam.
A
Very
cool,
yeah
and-
and
you
know
from
a
cloud
Smith
perspective,
couple
things
that
that
we
think
are
important
number
one.
We
actually
just
released
an
integration
or
an
enhanced
integration
with
datadog.
So
we're
excited
about
that.
We're
bringing
some
fun
things
around
policy
management.
We've
started,
adding
those
capabilities,
Docker
vulnerability
scanning,
yes,
containerization
talk
about
vulnerability
scanning
today,
that's
available
now
in
the
in
the
cloud
platform,
and
then
everybody's
favorite,
word
s-bombs
and
and
we're
looking
at
s-bombs
for
containers
and
specifically
via
cosine.
A
So
you
know
that's
just
some
of
the
product
things
we've
got
going
on
a
cloud
Smith.
More
importantly,
the
team
will
be
at
AWS
Summit
in
Paris
in
a
couple
of
days
or
a
couple
of
weeks
and
then,
lastly,
just
to
go
along
with
both
Mourinho
and
Rob,
the
team
will
be
at
kubecon
in
Amsterdam,
enjoying
not
only
the
the
the
the
the
city
but
also
enjoying
the
community
and
I
and-
and
you
were
talking
about
networking
day,
everything
is
sold
out
at
kubecon
everything
all
of
it.
The
show
the
pre
days.
A
Everything
like
there
was
no
like
there's
no
chance
at
this
point,
and
so
it's
going
to
be
a
fantastic
and
crazy
few
days,
yeah,
gentlemen,
thank
you.
Yeah.
B
If
you're
there,
you
need
someone
to
hang
out
with
just
hit
me
up
on
Twitter,
because
I'll
probably
be
in
a
hotel
lobby,
because
I
can't
get
into
anything.
It
is
sold
out.
10
000,
plus
people
are
going
to
be
there.
This
is
the
first
time
ever
so
it's
a
lot
of
exciting
stuff
because
coupon
sorry
to
interrupts
no.
A
You're
good
man
give
your
social
handles.
If
you
don't
mind.
B
C
There
you
go
Mourinho
and
I
am
virtualized.
Six
with
the
number
six
I've
actually
dropped
it
in
the
chat
in
case.
You
all
actually
really
need
to
figure
out
what
that
means.
C
Know
follow
us
on
Twitter
reach
out,
we'll
definitely
be
at
kubecon.
Come
hang
out
and
say
hi.
A
Awesome
and
I'm
at
the
Sean
Odell,
but
lastly,
the
the
most
important
thing,
who
are
the
winners
today,
Martin
chin,
you
are
the
winner
of
our
free
lunch,
Rodrigo
Schneider,
you
and
I
said
it
right:
you're,
a
winner
of
a
prize
pack
and
Edna
Sexton
you're
a
winner
of
a
prize
pack
as
well.
Thank
you,
yeah,
thanks
everybody
for
joining
today.
Guys
thanks
for
joining
and
we'll
see
you
next
time
have
a
good
one
cheers
thanks.
Everyone.