Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Continuous Delivery Foundation / Interviews / 1 Dec 2020
Continuous Delivery Foundation / Interviews / 1 Dec 2020
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Interview with Tracy Miranda, Continuous Delivery Foundation

Description

Swapnil Bhartiya of TFiR interviews Tracy Miranda, Executive Director of the Continuous Delivery Foundation

A

Hi, this is your your host supermartian. Today we have with us tracy miranda executive director of the cd foundation tracy. First of all, welcome to the show.

B

Thanks rapnell great to be here.

A

Let's start with the continuous delivery, how would you define continuous delivery? Also, what about the ci part of it? Because when we talk about it, we always say ci, cd,.

B

Yes for sure so continuous delivery, we define that as it's a software engineering approach in which teams work in short cycles and they ensure that the code is always released at any point in time now, traditionally, people tend to speak a lot about continuous integration and continuous delivery, so cicd now continuous integration is uh when developers regularly commit uh at least once a day to a main line and keep that main line up to date. But I see continuous delivery as really this umbrella of all the practices.

B

You need to keep that software ready to be released at any time. So that includes continuous integration. It includes a security features. It includes testing and uh yeah as a general set of practices. Awesome.

A

And if you look at the container delivery, it's not a problem to be solved, it's already a solved problem, but it was a lot of patchwork. It was a lot of do it yourself. You have to bring jenkins and all those things, but then a spinnaker came which eased a lot of things, and now we have a foundation. So can you talk about what role is the foundation playing in this space?.

B

So while we know a lot about continuous delivery today- and we appreciate that it is really important because it makes such a difference to every business today- you know not just software companies, but banks or health healthcare industry.

B

But what we find in practice is that the adoption of continuous delivery practices is super super low, like many people, think they're doing it, but maybe they're doing some continuous integration and they haven't quite figured out how to get through automation and then to top it off.

B

What makes things even more complicated is very recently, we've seen the rise of like micro services and cloud native technology, and now, while these give us huge benefits in terms of scalability um and making it easier to to work, um you know on separate parts of the application that has also resulted in you know just increased challenges like a proliferation of environments and teams having to contend with all these different parts that make up an application.

B

So the continuous delivery foundation is really there to help support teams and organizations in their adoption of these practices, both from the sense of you know, taking advantage of open source projects in this space, but also we look we're working towards democratizing the best practices and we actually have a very recent working group. That's spun up to to help anyone in this space get better at delivering software. You.

A

Mentioned earlier, uh security and security is really becoming um a serious concern. It's no longer an afterthought, uh mostly when we look at any hacks or systems compromised in most of the cases it's about unpatched software, the patches are there in most cases open source, the patch is there, but it was never applied uh because most companies still have that engine model. For you know, when you have already deployed something on, billions of machines is really hard. So if we make security as part of developers, you know workflow, it becomes easier.

A

So talk about the roles cd can play in further improving security.

B

Yes, for sure um security is a super top concern and I think there are lots of different elements to this so on. On the one hand, uh what we want to make sure is like we talk a lot about shift left of security and really we need to be making sure the security professionals and the folks focus on security are really tightly involved with the the rest of the team. So there's no silos, people don't regard security as someone else's problem security starts with the developers and then, as an industry.

B

I I think you know separate from how companies organize themselves around devsecops and building better teams as an industry. I think it's really important that we work together to solve um kind of the industry level problems like. I think you raise a good point there. When you say you know, in many cases these patches haven't been applied, but the fixes are out there, which kind of makes you think, like is security and actually an outreach problem. Do we need to be better at telling people update to this release? It's super important.

B

This is why you do it and making sure we cut through the noise of all the different messaging they're hearing, and I think um that's another example where um something like the continuous delivery foundation can make a difference in addressing these broad industry problems that we all have to kind of come together to to tackle and.

A

Since you're talking about the problem, one more thing is that you know microservices, you know they are, you know everywhere, but companies are kind of facing uh a challenge. You know for the for the consistent release, strategies on scale and at times they're not prepared for it. So can you talk about within the ecosystem or as part of the foundation itself?

A

What is being done uh around solving the problem of continuous delivery for microservices? That's.

B

A great question- and we definitely have kind of the this big split of folks who are, you know, used to delivering a monolith and they have their existing setup all geared towards supporting that and then a number- and this is increasing every day, a number of folks who are trying to take advantage of microservices and then all the implication.

B

That means so one of the hot topics that's emerged for us is configuration management um and how we think about this is before um your application that the scope of it was very well defined. But now with microservices, um you know the definition of an application changes. It's a set of microservices.

B

How do we talk about which version of each microservice goes into a specific app and then how do we manage? um You know we are continuously pushing code and integrating that? How are those different versions changing relative to each other? And how are we testing that all together, so we've definitely seen configuration management as a really hot topic? And people are looking at tooling in the space? I think we have a couple of interesting projects that might be coming in the pipeline to cdf as well.

B

That will specifically help to to drive visibility into this space and give people just better tooling, to manage all the dependencies around microservices. One.

A

More thing, as you're saying, are talking earlier, that there are so many uh projects or open source tools uh for cd, which may also lead uh to a problem of interoperability. So what first of all? How big is it the concern for the foundation, and what are you doing to kind of you know, increase interoperability within these tools.

B

Yeah, so interoperability is one of those interesting kind of problems where, if you're just working in your own organization, sometimes you know it's not really a problem until perhaps it's time to adopt a new tool or add something into your workflow. But if we step back and look at the industry as a whole and and take a look across the whole landscape at the moment, it's hugely fragmented.

B

There's a lot of tools doing similar things. It's very difficult for people to move from. You know different ci tools or different pipeline orchestration tools without having to go through a lot of pain, to figure out um how how to do that. So it's a it's a big problem because then also two providers are having to kind of implement plug-ins for different systems and it's you know kind of a waste of time and it slows down innovation when we could be kind of moving up the stack.

B

So I think um where we're at today there's uh a greater appreciation um from well increasingly end users as well about saying, okay, we want to simplify this. We want to find better ways for tools to in interoperate and actually at cdf. One of the very first special interest groups we had was an interoperability working group, and this is just a set of like-minded folks who got together and said hey as an industry.

B

We should be better and we can be better and we're all going to get talking and we're going to figure that out and it's a really good group, because we've got the folks who who build the projects like the jenkins x and tacton and spinnaker, and we've also got a lot of end user members represented and that perspective comes in. So we've got folks from companies like ericsson and ebay and they make sure that, as the problems are being solved, they really apply to real world use cases.

B

So it's it's an open group and uh people are welcome to join those conversations. There's a lot at the moment about maybe standardizing uh interfaces or metadata like. Why can't we have a standardized way to express um the all the metadata around the release or all the metadata around a set of testing results.

B

So yeah I'm really excited about what this group is doing and look forward to if they can really achieve this very, very difficult goal and just bring some consolidation around the tooling.

A

One last question: before we wrap this up as kobe 19., how has kobit 19 affected the continuous delivery.

B

Yeah, no, I think great question, um so it has definitely um increased. Like we've seen some surveys, which say uh you know it talked about what people were expecting to do in terms of cloud adoption and continuous delivery. Adoption and all those numbers um have increased in terms of the expectation of um how they're going to accelerate that adoption, and I think it's become pretty clear to companies.

B

Things like the pandemic have emphasized the need to be more resilient. They've emphasized the need to adapt quickly and they've emphasized that most organizations are going to evolve to be very distributed, and so for all these things, continuous delivery practices work really well, they enable all those things and they make all the difference, and actually the companies who were already doing these practices have a significant advantage in times like these.

B

So um it will be really interesting and I think one of the benefits we have as a foundation is that open source has always been about that collaboration at scale and in distributed way. So we're hoping we can take kind of all those lessons and marry. You know open source practices to continuous delivery practices and really just make it easier for everybody to adopt them. It shouldn't just be kind of an elite few companies who could do it. It should be something that's possible and achievable for every company and every organization out there.

A

Tracy, thank you so much for taking time out and talk to us today about the foundation, continuous delivery, and I would love to talk to you again. Thank you. Thank.

B

You so much for having me it's been my pleasure to share what we are up to.