Jim Bugwadia joins Bret to discuss Kubernetes policy management and "intelligent guardrails for K8s." Jim is the CEO and co-founder of Nirmata.

Kubernetes Policy Management with Kyverno and Nirmata

Interviews from Bret Fisher's live show with co-host Nirmal Mehta. Topics cover container and cloud topics like Docker, Kubernetes, Swarm, Cloud Native development, DevOps, SRE, GitOps, DevSecOps, platform engineering, and the full software lifecycle. Full show notes and more info available at https://podcast.bretfisher.com

Tech News

Technology

Education

Training

Language Courses

Higher Education

K-12

Educational Technology

News

How To

Bret and Nirmal are joined by Neil Cresswell and Steven Kang from Portainer to look at K2D, a new project that enables us to leverage Kubernetes tooling to manage Docker containers on tiny devices at the far edge. 
K2D stands for Kubernetes to Docker, which is a bit of a crazy idea -- it's a partial Kubernetes API running on top of Docker Engine without needing a full Kubernetes control plane. If you work with very small devices, including older Raspberry PIs, 32-bit machines, maybe industry sensors and the infrastructure we now call 'edge', the container hardware is often hard for you to make simple, reliable, and automated all at the same time.  So this project uses less resources than a single node K3S and still allows you to use Kubernetes tools to deploy and manage your containers, which are in fact just running on a Docker Engine with no full-fledged Kubernetes distribution going on there. We get into far more detail on the architecture, the Portainer team's motivations for this new open source project and what its limitations are, because it's not real Kubernetes, so it can't do everything. Be sure to check out the live recording of the complete show from March 28, 2024 on YouTube (Ep. 260). Includes demos. ★Topics★
K2D website
K2D Docs Creators & Guests
  Cristi Cotovan - Editor
  Beth Fisher - Producer
  Bret Fisher - Host
  Neil Cresswell - Guest
  Nirmal Mehta - Host
  Steven Kang - Guest

(00:00) - Intro
(02:40) - Introducing the guests
(03:56) - Why K2D? Architecture and Motivations
(05:55) - How Efficient is K2D?
(10:25) - K2D Architecture Explained: Components and Operations
(20:42) - What Happens When Resources are Exhausted?
(23:18) - K2D for Edge Deployment with Portainer or Argo CD
(28:22) - K2D Future Roadmap
(30:36) - Getting Started with K2D


You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news! Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com

K2D by Portainer

Bret and Nirmal are joined by Dan Lorenc from Chainguard to walk them through Chainguard's approach to building secure, minimal container images for popular open source software. 
They discuss why it is important to have secure and minimal container images. Dan explains how Chainguard helps remove the pain of CVEs, laggy software updates and patches and much more. Chainguard is now available also on Docker Hub. They spend the first part of the show talking about the week's big news: the XZ supply chain attack, and Dan was the best man to explain it. They also touch on CVEs, things you can do to reduce the attack surface, SLSA, and more during this jam-packed show. Be sure to check out the live recording of the complete show from April 4, 2024 on YouTube (Ep. 261). ★Topics★
Chainguard Website 
Vulnerability Management Certification course 
True Cost of Vulnerability Management 
Chainguard Images 
Chainguard on Docker Hub Announcement Creators & Guests
  Cristi Cotovan - Editor
  Beth Fisher - Producer
  Bret Fisher - Host
  Nirmal Mehta - Host
  Dan Lorenc - Guest

(00:00) - Intro
(05:14) - Dan's Take on the XZ Hack
(14:59) - Chainguard Distro Creation
(21:21) - Chainguard in Docker Hub Announcement
(24:26) - Free Images vs Private Images
(26:27) - Zero CVE Approach
(28:33) - Ways to Reduce Attack Surfaces
(39:56) - Chainguard Academy
(41:08) - Real Time Antivirus Malware Scanner
(43:52) - Google Distro Lists Worth Using
(45:56) - Chainguard for Buildpacks
(46:20) - SLSA
(56:08) - What's Next for Chainguard?
(56:52) - Getting Started with Chainguard


You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news! Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com

Chainguard: Building Secure Container Images

Bret and Nirmal are joined by Phil Estes of AWS to show us the Finch project, which bundles the best open source tools for building and running containers locally. Now it runs on macOS and Windows WSL2. 
We've been talking with Phil about this show for months, and now that Finch has come to Windows, we thought it was the best time to clue you in as to why AWS created the Finch project and what it does.  You've probably heard of containerd, the most popular container runtime on the planet and BuildKit, the best way, in my opinion, to build container images. Those two work hand in hand in Docker and many other container tools. But you might not have heard of nerdctl or Lima, which are also open source tools that work with containerd and BuildKit to help you run containers locally in a virtual machine. Well, AWS had the idea of making an easy installer for these four tools. That's how Finch was born.  Finch is not meant to be a replacement of your existing way to run containers. The tools it installs are a bit of a minimum feature set, if you will, and more focused on providing people the exact tools AWS uses in its container platforms, mainly containerd and BuildKit, which are everywhere in AWS. Rather than building something that's feature equivalent to other local container solutions like Docker Desktop and Rancher Desktop, Finch keeps it simple and does the bare minimum.   If you just want an easily installable and minimal way to build and run local containers at the command line with no goofy, high-end fancy features, pure open source and just on Mac and Windows, at least at this point, you should give Finch a try. Be sure to check out the live recording of the complete show from February 22, 2024 on YouTube (Ep. 255). ★Topics★
Finch Website
Bret's local container runtime spreadsheet Creators & Guests
  Phil Estes - Guest
  Cristi Cotovan - Editor
  Beth Fisher - Producer
  Bret Fisher - Host
  Nirmal Mehta - Host

(00:00) - Intro
(00:35) - What is Finch?
(03:53) - Phil's History with Docker and Finch
(07:59) - Deep Dive into AWS Finch Project
(11:41) - How do the Components Tie Together
(25:31) - Finch's Position in the Container Ecosystem
(26:47) - Finch's Capabilities and Comparisons
(27:45) - VM Management and Lima Integration
(37:51) - Finch's Roadmap and Community Engagement
(41:49) - How Does Finch Connect to Lima?
(42:45) - Potential Lima Conflicts with Finch
(46:38) - Getting Started wtih Finch


You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news! Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com

AWS Finch: The Minimal Local Container Solution

Bret is joined by Neil Cresswell, CEO and co-founder of Portainer, to show us new features in Portainer and how it can manage, deploy, and orchestrate all your container workloads from a single Docker Engine, all the way to multi-cluster and IoT Kubernetes deployments. 
Portainer is much more comprehensive than you might think. Docker on the Edge, Podman, Kubernetes, in the cloud, in hybrid, you name it; it seems that Portainer supports it. In the show, we also get some updates on new things that have happened in the last couple of years, including adding GitOps support to Portainer, the ability to deploy Kubernetes nodes, and infrastructure. Be sure to check out the live recording of the complete show with demos from February 29, 2024 on YouTube (Ep. 256). ★Topics★
Portainer Website 
Portainer on YouTube
Portainer on X
Portainer on LinkedIn
Portainer Demo: Kubernetes the "easy" way Creators & Guests
  Cristi Cotovan - Editor
  Beth Fisher - Producer
  Bret Fisher - Host
  Neil Cresswell - Guest

(00:00) - Intro
(02:50) - How Portainer Started
(05:38) - Portainer's Strongest Use Cases
(08:56) - Portainer's Cluster Provisioning
(12:42) - Docker Desktop and Portainer
(15:22) - GitOps with Portainer
(18:43) - K2D Teaser
(21:34) - Portainer Across Different Environment Types
(25:21) - Portainer's Focus on IoT and Edge
(29:01) - Portainer's Evolution and Future Developments
(35:03) - Passwords and Secrets Capabilities in Portainer
(40:15) - AI Capabilities in Portainer
(42:06) - Portainer Editions, Licenses and Pricing
(43:09) - Using Traefik for Ingress
(44:53) - What's Next for Portainer?


You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news! Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com

Portainer for Kubernetes, Docker, Swarm, Edge, and IoT

Bret and Nirmal are joined by Ivan Burazin and Chad Metcalf to debut Daytona, an open source "codespaces equivalent." 
Daytona is a development environment manager designed to automate all the tedious steps a developer needs to perform to set up their development environment. "Essentially, it transforms any machine into a codespaces equivalent." Where Daytona is actually starting in the enterprise is focusing on large dev environment solutions and management of those, and then trickling down to individual developers. So there are two very similar solutions to a problem of many developers and their varying ways that they set up their environments for development, but they're coming at it from two ends of the spectrum.  Be sure to check out the live recording of the complete show with demos from March 7, 2024 on YouTube (Ep. 257). ★Topics★
Daytona website
Daytona on GitHub
Why Daytona OSS'd
DIY Guide Creators & Guests
  Ivan Burazin - Guest
  Chad Metcalf - Guest
  Bret Fisher - Host
  Nirmal Mehta - Host
  Beth Fisher - Producer
  Cristi Cotovan - Editor

(00:00) - Intro
(06:33) - CodeAnywhere
(07:50) - Introducing Daytona: Revolutionizing Dev Environments
(13:54) - Demo
(21:07) - Daytona's Automation Magic
(22:49) - Comparing Daytona with DevPod
(25:15) - Daytona's Roadmap and Beyond
(27:01) - Dev Environments and IDEs
(39:52) - AI with Daytona
(44:05) - Getting Started with Daytona
(44:35) - Getting Involved in Daytona
(47:00) - Features About to Ship in Daytona


You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news! Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com

Kubernetes Policy Management with Kyverno and Nirmata

Download our free app to listen on your phone