Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Hello World, Kubernetes Bytes
870 Plays3 years ago
In this pilot episode of Kubernetes Bytes, meet co-hosts Bhavin Shah and Ryan Wallner as they introduce the Kubernetes Bytes podcast. Learn about Bhavin and Ryan and their backgrounds as well as get sneak peak into some of the topics they plan on covering in future episodes. They cover some recent cloud native data management news such as Kubernetes 1.22 CSI for Windows becoming GA, Portworx 2.8.0, PX-Backup 2.0.0 and how the recent NSA Kubernetes Hardening guide can apply to the security of your stateful applications.
Links from show
- https://kubernetes.io/blog/2021/08/04/kubernetes-1-22-release-announcement
- https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/
- https://docs.portworx.com/reference/release-notes/portworx/
- https://scribe-replication.readthedocs.io/en/latest/index.html
Recommended
Transcript
Introduction to Kubernetes Bites
00:00:03
Speaker
You are listening to Kubernetes Bites, a podcast bringing you the latest from the world of cloud native data management. My name is Ryan Walner and I'm joined by Bob and Shaw coming to you from Boston, Massachusetts. We'll be sharing our thoughts on recent cloud native news and talking to industry experts about their experiences and challenges managing the wealth of data in today's cloud native ecosystem.
00:00:26
Speaker
Good morning, good afternoon and good evening wherever you are. We're coming to you from Boston, Massachusetts. Today is August 5th, 2021. Hope everyone is doing well and staying safe. So let's dive into this episode.
Hosts' Backgrounds
00:00:42
Speaker
My name is Ryan Wallner and I'm joined here by Bob and Shaw. Say hello. Hello, everyone.
00:00:47
Speaker
And this is a new podcast called Kubernetes Bites, all about cloud native storage and the data and wealth of information as it belongs in the Kubernetes ecosystem. So we're just going to introduce ourselves as part of the first bit. So Bhavan, why don't you go ahead and introduce yourself?
00:01:05
Speaker
Sure. Hello, everyone. Again, welcome to the podcast. We are excited to do this. Just going on introductions, I'm Bhavin Shah. I'm a technical marketing manager on our cloud-native business unit inside Pure Storage, which is basically the Portworx team.
00:01:21
Speaker
If you talk about some of my background, I started as a tech marketing engineer working on Flexboard, which is a converged infrastructure stack. Then over the years, I've moved on from working on Flexboard, which is a CI, but also hyperconverged infrastructure with VMware, Nutanix, Microsoft, Azure Stack, and CI.
00:01:40
Speaker
I worked on hybrid and private cloud solutions with Azure Stack Hub and just some native solutions that different vendors had when I was working for them. And then eventually, over the past couple of years, I've been focusing on more and more Kubernetes solutions. So working on GKE Anthos or working on Tanzu, even before it was called Tanzu, so like working on Pivotal Kubernetes service or PKS,
00:02:04
Speaker
when that was a thing, and then continuing that work with Tanzu. And then over the past few years, I've gone through different certifications, AWS certifications, Kubernetes certifications, and then I've been part of many communities. So I've been part of the Vexpert community for the past six years, not months. And at some point, I've been also participating in other communities like Cisco Champions and NetApp United members.
00:02:32
Speaker
and so on. But if you're talking about me, I focus more on the infrastructure slash operator hat perspective. So I'll be in all of our discussions. That's where I'm coming from. That's where I'll be asking my questions from. I'll try to extract as much information from any guests that we might have on the show on how whatever topic we're discussing impacts operators or our virtualization admins. And we'll go on from there. Ryan, how about you?
Cloud Native Storage Exploration
00:03:01
Speaker
Thanks, Bhavan. My career started off at IBM, believe it or not. I was interning for a group that worked closely with the Open vSwitch protocol and software-defined networking, which actually led me to EMC back in the day, which brought me to Massachusetts in the first place.
00:03:23
Speaker
to kind of marry those container and software-defined networking technologies. In fact, B4900 was ever bought by VMware. We were looking at big switch and all sorts of fun technologies. And that really introduced me to
00:03:39
Speaker
containers and Docker and it's very, very early days when Simon first introduced it on stage. That was really what opened me up into this whole ecosystem. I spent a bunch of time at a company called ClusterHQ, which we worked on a project called Flocker, which was one of the first plugins for storage
00:04:06
Speaker
Definitely a connector, we'll talk about connectors and what traditional storage is all about. And that was sort of where I found my passion with containers and storage and data management in this ecosystem.
00:04:22
Speaker
And for a while, I worked there and decided to jump ship to go try to build something. We often on the vendor side talk about technologies a lot and how to implement them and work with customers, but we're often not a customer ourselves. So that was fun. I worked at Athena Health for a while to build a container stack.
00:04:44
Speaker
and eventually wound up back here at Portworx, where I've been here almost a little over three years, actually, and really excited to be here at Pure to do some really fun things in the community around Portworx. I'm more of an infrastructure person, so from my perspective, I'll definitely work with the different guests and topics we're going to cover here.
00:05:09
Speaker
on sort of that perspective. And yeah, enough about us, I think. Yeah, let's talk about what we are going to do with this podcast, right? Yeah, absolutely. So the idea behind this podcast is really to dig into the cloud native storage ecosystem. Now we'll cover topics broadly in the Kubernetes ecosystem, but because that's where our bread and butter is, we're definitely going to target a lot of those topics. I mean, we'll give you a couple of examples of some of the topics we have upcoming.
00:05:39
Speaker
We're going to do a next episode on a 101, right? So if you're not familiar with
00:05:44
Speaker
storage in containers or storage in Kubernetes or what data management means or what this cloud native storage term actually is. This is a perfect episode for you. It's always good to start from the beginning. Exactly. Exactly. This is going to be an opportunity for someone new to this whole ecosystem to really learn. It's a good chance for us to go back to the roots. As we are in this ecosystem each and every day, it's good to go back to the roots and really understand
00:06:14
Speaker
came from. And we're going to cover everything from what traditional storage vendors and technologies are out there versus what cloud native storage and how they differ and what data management really means on different orchestration platforms for Kubernetes like Rancher and OpenShift and EKS, as well as some other topics around what does database as a service really mean? What things have we been working on?
00:06:41
Speaker
you know, how data protection works into this whole ecosystem and some of the newer topics like how Kubernetes is playing in sort of the edge computing model. So, you know, it'll be fun, right? Yeah. Like we started from like the one-on-one level, but as you will see that when we progress through the podcast, you will go in depth into different topics and then try to find out not just what it is, but how it can be useful to you.
00:07:08
Speaker
and we'll bring in experts from time to time to talk about those things. So Ryan and I, given our background, can focus on certain areas, but whenever we feel we need help, we'll just be the dummies on the podcast and we'll get experts to talk about things and we'll be just the people who ask questions and share that information with you.
00:07:27
Speaker
Yeah, so hopefully it's a good opportunity for you to learn and listen and really enjoy what we have to offer here.
Kubernetes 1.22 Major Release
00:07:33
Speaker
One thing that we're going to do as part of the podcast is really cover not everything that's happened in the last couple of weeks in the Kubernetes ecosystem, but we're going to try to dig in on things that we feel if you're
00:07:44
Speaker
someone working with data or databases or data services in the Kubernetes ecosystem, some of the news that comes out that we want to cover and we find interesting from some of the sources that we use. So I think we can dive into that right now.
00:07:59
Speaker
Yeah, let's do it. So one of the biggest things that came out this week was Kubernetes 1.22 or 1.22. Given the new release cycle that the community has, this is by far one of the biggest releases that we have had. I looked at some stats on Twitter and it had more than 50 enhancements.
00:08:19
Speaker
13 to 15 things I think graduated to a stable release, many moved into beta and alpha, and then we also had some deprecations this time. So anything specific that like caught your eye, Ryan.
00:08:33
Speaker
Yeah, you know, I think in terms of this release, there's obviously a lot to talk about here. But, you know, one thing that caught my eye was really the sort of generic data populators for persistent volumes are now in alpha. You know, we don't use these that often, to be honest, but I think they're really cool tool in terms of being able to
00:08:53
Speaker
sort of bring data into persistent volumes. What we see in Kubernetes is sort of the evolution and sort of ever-changing aspects, APIs, with CSI changing so often that data is becoming a first-class citizen, if not already, in Kubernetes.
00:09:13
Speaker
And there are so many tools out there to do some really cool and interesting things. And so just seeing that this is taken to the next milestone, that it really shows just how many people are starting to work with the data services within Kubernetes. And that's why we're here, right? Because we know that
00:09:36
Speaker
from our customers and our daily jobs that it is a real problem that needs to be solved for. It's not the most straightforward one in all cases. It's great to see all these tools being used.
00:09:51
Speaker
So I don't want to sound like a broken record and like say that Stateful applications are gaining momentum, but they are like, if you are just getting started, maybe you are playing around with just a few containers, but then as you progress through the Kubernetes adoption journey or the adoption curve, you will be dealing with Stateful applications. So any of the announcements that focus around storage and the topics that we discussed will definitely help you in making sure that you have the best infrastructure and the best solution for the different applications that you want to run.
00:10:21
Speaker
Like one of the things that got my eye was just a CSI support for Windows nodes which moved to GA in the 1.22 release. This basically allows CSI storage on Windows nodes using something called as a CSI proxy. And how CSI proxy enables CSI node plugins to be deployed as unprivileged pods using the proxy to perform privileged storage operations on the nodes. Again, for people who are using Windows containers for
00:10:51
Speaker
people who have been using Windows applications, things that have been deployed on Windows Server, all of those apps that are now moving to Windows containers can leverage this new functionality. So something to definitely dive into a bit more details later on. But yeah, that's interesting.
00:11:09
Speaker
Yeah, and if you're not familiar with some of these terms that Bhavan's using, like CSI and everything, we're definitely going to be covering a lot of these in the next episode, as well as I think the following one where we'll talk about cloud native storage versus traditional storage. But for those of you who are familiar, things will make a little more sense. But definitely keep an eye on some of the next episodes if you're asking yourself,
Security Best Practices
00:11:31
Speaker
what?
00:11:31
Speaker
in the world the csi um so what else has been going on in this ecosystem we have we have a lot going on with security you know in the world and uh and with ransomware in general you know i saw you uh sent over an article around sort of where kubernetes is starting to see some of these risks can you tell me more about that
00:11:48
Speaker
Oh yeah, so like if you will share this in our show notes, but NSA just came out with Kubernetes hardening guide, which focuses on all aspects around how you can secure Kubernetes. And right now we're just talking about Kubernetes as a whole, not storage. So if you're thinking about Kubernetes, it starts from the moment your developers start writing code or start using those Docker containers.
00:12:11
Speaker
The shift left philosophy and the principle of least privilege obviously are like the latest keywords and buzzwords that you have been hearing in the security or community ecosystem. But then it also matters. Like if you are a developer, you should make sure that the base images that you're using for building your containers is secure. It is from a trusted source. You don't want to fall prey to any supply chain attacks that we have been hearing a lot about or
00:12:38
Speaker
show up in the news and make it a resume training event for you. So you definitely want to make sure that you follow all the best practices, not just while you're writing code, but then even making sure that your Jenkins pipeline or your CICD pipeline is secure enough so nobody can penetrate that and inject any faults. You have to make sure that if you're running containers,
00:13:01
Speaker
You don't run them as root. So some of those smaller things, definitely this is a guide. I think when I clicked on it, it was like around 50 pages. It has a lot of details around what you should be doing around Kubernetes to make sure that you have a good experience and you are secure.
00:13:19
Speaker
Yeah, absolutely. And just for those of you who might be wondering what this guide covers, some of the big things that come out of it are really to be able to scan your containers and your pods for vulnerabilities. Don't put anything that's super old in there. Try not to, at least. It should be a good practice. Run containers and pods with the least amount of privilege. If you're new to containers, all containers have some sort of privilege and access to the underlying host that it's running on. And so this is really about
00:13:49
Speaker
making sure those containers only get the privileges that they need to run their application. Things like network separation and isolation, using firewalls, using strong authentication and authorization.
00:14:01
Speaker
log auditing and a lot of things when it comes to scanning the whole community system. I think this goes for those of you tuning in that work with data services and data management. A lot of these things apply directly to that data management platform. We're going to be talking about many different ones in this podcast, but I think every single one, it's vital for them to have the right authentication and authorization. Do they have their own role-based access control and ownership?
00:14:31
Speaker
Can they provide encryption for your data to keep data safe and sort of accounted for?
00:14:41
Speaker
Yeah, exactly. So all these things apply to Kubernetes as a whole, but I think what we'll explore is really that all these things apply at a more granular level to your subsystem or your data management platform as well. I think it goes for a lot of things that plug into Kubernetes these days, but it's a really great report. We'll put a link to it in the show notes for sure.
00:15:05
Speaker
I think let's move on to the next
Portworx 2.8 Features
00:15:07
Speaker
topic. I think we wanted to talk a little bit about we're a little biased when it comes to Portworx. We work here at Pure Storage, so we're admittedly know that this is true. But Portworx 280 just came out a couple of days ago. This has all sorts of goodies in it, and we want to do a little plug for Portworx 2.8. If you're new to Portworx in general, it is one of the Cloud-native storage providers
00:15:32
Speaker
that you can use with Portworx today. There's free trials. There's all sorts of great goodies when it comes to Portworx itself. And this release was a big one. We have a lot of integrations with our parent company now, Pure Storage, as well as some benefits when it comes to using snapshots. We're more efficient using extended and skinny snapshots. We're going to put the release notes.
00:15:55
Speaker
in the show notes as well. And if you're new to data management and what it means, there's the general, how does MyPod and application use storage and those data services? How is it highly available? But then there's data protection. So we have something called PX Backup, which 2.0 just came out as part of this release for 2.8.0 as well. And there's a lot of great goodies in there.
00:16:22
Speaker
You've been working with Tanzu a lot, Bhavan, so maybe you can talk about that a little bit. Yeah, both 2.8.0 and PX Backup 2.0 make sure that if you're using Tanzu or even thinking about using Tanzu, how can we provide the best data services, best solution for data services for Kubernetes? So going back to points that Ryan highlighted already, like replication and high availability, but also making sure that when you're running your stateful apps on Tanzu,
00:16:48
Speaker
you have a solution that can help you build robust DR solutions. These can be synchronous or a Metro DR topology or asynchronous. If you want to use PX backup, how can you perform local backup and restore by using an on-prem
00:17:03
Speaker
S3 object store. So if you have accidental deletion or data corruption, you can restore quickly. Or if you want to use PX Backup 2.0, you can basically use your Tanzu cluster and point PX Backup to it and then restore your applications, not just on-prem, but also in any of the managed public cloud solutions. So going from Tanzu to GKE or going from Tanzu to EKS, all of that is supported. So again, if you're looking at Tanzu, you should definitely look at Portworx with all the new integrations that we have built in.
00:17:33
Speaker
Yeah, absolutely. Tanzu is a really fun and interesting new platform. I mean, there's so many to choose from these days and wherever you're running your databases, these are the type of things you need to think about. So definitely take a look. One of the things I've been playing around with is I have a Raspberry Pi here in my office. And one of the features we have is something called shared V4 service volumes, which is really just putting a Kubernetes load balancer and some access controls around a shared volume, which if you use other
00:18:03
Speaker
storage platforms like an nfs volume and you can access these things at various locations in your data center and even at the edge so we've been experimenting with connecting only shared volumes over to a raspberry pie and capturing some of the humidity and temperature.
00:18:20
Speaker
from my office actually where we're doing this podcast and surprisingly I went I went to PTO last week and my office got to like 82 degrees which you know without capturing this data I knew my my nest thermostat was doing some things but
00:18:38
Speaker
I'm like, wow, I don't know if that's great for my house to be that warm, but it's on the high floor of my house. Quite interesting and fun technologies in this space to really play around with too. The world is your oyster when it comes to Kubernetes these days. Nice. This is a shameless plug within a plug. If you want to look at what the humidity inside Ryan's office is, I think he already uploaded the demo on YouTube. You can find that on YouTube. Yeah. Feel free to do that.
Podcast Conclusion
00:19:08
Speaker
Yeah, you can take a look at what my office is doing. Anyway, we're trying to keep the show short and sweet. We're towards the end here. We really want to just take the time to make sure we summarize what we're doing. In every one of these podcasts, we're going to try to summarize things for you. Do you want to listen to the last five minutes and then go for it? I think what we got out of this is
00:19:33
Speaker
Kubernetes 1.22 is out. There's a lot of great things like CSI support Windows. What else did we say? It was just enhancements around etcd like moving to a more stable version newer version 3.5 or two, but numerous amounts of bug fixes and just making it stable.
00:19:52
Speaker
Yeah, exactly. And some of the PVC enhancements around getting data into your PVCs as well. And then we talked about security and some of the new reports that are coming out from the NSA and how to harden your Kubernetes environment. And what we stressed is really just that
00:20:09
Speaker
Keep in mind when you're going through these security articles and hardening guides to keep in mind that Kubernetes is just part of it. Your data management system also has to be hardened and really adhere to these protocols and suggestions as well to keep all your data safe. Then lastly, Portworx 2.8 and PXBackup2.0 are out. Please go ahead and enjoy them if you want to take a spin at running some data management on your Kubernetes.
00:20:38
Speaker
Oh, but you missed the biggest announcement, like Kubernetes Bites is out. That is right. So Kubernetes Bites, this is episode number one. I hope if you're listening that you will stick around for some of the other topics.
00:20:53
Speaker
The next topic will be Kubernetes 101 when it comes to storage. Actually, we'll probably cover even what is storage when it comes to Docker. So stay tuned. And if you want to give us feedback, there's a sort of send us a message button on our anchor URL, and you can go ahead and find that in the show notes as well. And anywhere you can provide feedback to your podcasts. Wherever you listen to them, definitely go ahead and do that.
00:21:16
Speaker
Yeah. So thank you for listening. And if you, if you are listening to this, share it with your friends. We will be on a bi-monthly or a one in two weeks cadence. So keep an eye out, subscribe to us and make sure you give us a thumbs up. Thank you. Thanks. Until next time. Take care. Thank you for listening to the Kubernetes Bites podcast.