Kelsey Hightower Q&A on the Cloud, DevOps, Service Mesh, and HashiCorp Products

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

kelsey you're drawing a great crowd so thank you once again for uh being here with us awesome awesome so for those of you who don't know and i don't think kelsey really needs a formal introduction but i'll just kind of go through really briefly you know kelsey is our he's a principal developer advocate at google uh he's an open source enthusiast he's a widely recognized expert on kubernetes as you guys all know he's been doing numerous podcasts and interviews for many different tech organizations in the industry so we're lucky enough to have them here with us today i'm really you know looking forward to sitting down with you today so i think it's going to be a great conversation so it's interesting because my introduction my first introduction to you kelsey was back in april of 2018 and that's actually when i started with hashicorp i started you know pretty much the first week of april and i remember that uh mitchell hashimoto was tweeting uh about bringing our vault ui from enterprise into oss into version 0.10 uh this is a huge thing back then i was just like i'm just still trying to actually you know understand our old product lines i knew kelsey and then he kind of like mentioned this on and then it was interesting because i remember kelsey responding to that tweet something in regards to if we did do the same thing for vault and seal that he would wear a vault t-shirt for a month right and i thought that was just so funny and uh fast forward six months uh at my first hashicomp uh we announced open sourcing vault unseal and uh kelsey shows up right he shows up on stage with a hoodie he unzips it it actually has a hashicorp you know vault t-shirt on so that was awesome because see that was super super unforgettable so the backstory for people that don't know uh i didn't know you were all going to release it and uh i think i saw actually the announcement maybe the day prior and i'm on the phone with the team like yo uh i'm gonna just get a flight today so i'm gonna fly out to the conference so we can actually like you know if it works that was the preview because it has to work and i'll just do a little live demo if it works i'll actually unveil the hashicorp vault uh shirt and wear it for a month i probably got it in for 28 days maybe my wife was looking at me weird at dinner with the hatchet corp shirt on but yes we made it happen it was super spontaneous and it's one of the dopest uh i guess keynote cameos ever oh absolutely 100 agree with it i'll never forget it right but uh that was that was just phenomenal so anyways we're really glad to have you here i know you actually have a long history with mitchell armond and have spoken numerous times at different hashcorp events as well so i'm really excited to sit down with you like i said and we'll take once again the next 30 35 minutes to go through some of these questions uh once again what ally had set up is we've actually kind of consolidated a list of questions from everybody um which is actually you know joining currently up to 178 which is great and i've taken the time to read through all of them there's a lot of similar questions and themes so i've actually picked uh a bunch of questions i consolidated into more comprehensive questions uh and you know i think you know these are some of the questions that would open up some great conversations with you we'll leave some time at the end once again uh to open up to some open-ended questions through chat so keep them coming uh but if you're ready to start kelsey let's let's get this rolling i think we should do around the intros for all 181 attendees so far it's only right well i i think uh the zoom chat is start i'm gonna start pulling in like a bunch of different random commentary there so um we'll record this but uh people can read through that at the end so but once again thanks again so kelsey uh i know i've talked to you a little bit but tell us a little bit about yourself uh your role at google how you wound up that goo because you've had a very varied past and also what is your history with hashicorp yeah my journey is self-taught engineer no college picked up the books did the work grinded through the industry so many verticals from web hosting tech support on the phone trying to figure out how to get someone's my sequel back off the ground because of whatever they did to it i've been a system administrator i've been a vp of engineering director of engineering i wrote a lot of code broke a lot of code or the pager for a lot of stuff wrote some open source libraries and through that trajectory i landed at a place called coreos before google and that's where i just got really deep into this whole feedback loop of producing products producing open source getting really close to the community getting really close to the customer a lot of that work also started at puppet labs and i came into google kind of with this brand if you will like the kelsey hightower way is trying to make complex things simple learning in public and google just has the technology that i align to kubernetes golang google cloud you know that was the service i was paying for before joining google and that is just kind of the best stage for me right now in my career where i can actually work on the things that i love in a very organic way and continue to engage with the community and in terms of hashicorp i've known mitchell for a very long time right when they were getting that company off the ground and i remember the very first hashicomp i think it was in portland at armory this small little venue and i remember it kind of changed my way of thinking about when i'm at a third-party keynote you know like at hashi conference or others i remember they announced i think nomad right i was like how do you announce like this new product with no demo you have no you got to have a demo and i was scheduled the next day to talk about kubernetes and i was like you know what last minute we're going to change it up we're going to do kubernetes versus nomad so i went home changed everything up learned a little bit about nomad and i remember mitchell and armond are part of the hashi team they were just standing there just taking the critical feedback letting me do the comparison it was very authentic and that's how i knew that they really were more concerned about what they were building for the community than them just like competing with the other products right they were really trying to fill the niche that their community needed and the fact that they let me do that were very supportive and giving those binaries to make sure i was going to be successful that kind of set the tone for the relationship going forward that's great i'm curious like i mean you did that comparison is that still somewhere i would love to see it oh yeah it's definitely online uh it's one of those things where i think the ux that hashicorp is known from you know they talk about this and their product philosophy they really try to make sure that things are easy to use they have a purpose and they connect with the rest of the stack right and this is where i think we started talking about hashi netties and the hashistat comes from that philosophy and they just execute so well they build just enough but then they also respect the fact that you may be using other tools so even though we're talking about nomad in this situation i think we would go on over the years to see things like vault console make sure that they're also compatible with things with kubernetes and that's a big testament to the philosophy over there for sure for sure so obviously in your role at google you talk to a lot of enterprise customers we you know from the hashcorp perspective talk to a lot of enterprise customers there's a lot of enterprise customers and prospects on the phone and uh as you know all of our customers and prospects have some sort of cloud strategy going to this year right some of them have strategies for a long time already but um you know i'd be curious to see what are some of the biggest challenges that you see your customers facing in moving legacy applications into the cloud and also what is the most important thing to establish when beginning anybody's cloud journey i think the biggest challenge is calling it legacy honestly look if you wrote software 30 years ago this ain't legacy software like i'm over 30 years old i'm that legacy i'm still going strong i've only gotten better over time and a lot of software that people have been building has been beneficial to their company so if you can actually build something that can be around that long like long enough for people to hate it that's really a badge of honor it's a sign of success so i think the biggest thing is that most companies have stopped investing they've abandoned their software like you wrote this stuff it's been deriving value and since it's not causing any problems per se it just doesn't get any attention no software updates even when the team learns about new patterns that you see in the cloud native world you don't go back and touch up those applications and preserve them and make sure that they can actually leverage some of the new things that are coming out now so the biggest challenge is if you're doing a digital transformation or whatever you've been you know been sold you're like now i gotta go and undo the mindset of that software is abandoned re-examine it again and then by that time there's probably no one that wants to work on it or there's no one that can work on it and now you're asking them to all of a sudden care about a thing that has been forgotten for so long because you want to go to a new environment so i think the biggest challenge is this is not a digital transformation this is a reminder that software is never done you can never go on this transformation aka journey and then abandon it again you got to make a decision that we're not going to do that anymore if we're going to have software that's going to be deprecated then call it deprecated and be intentional about the fact that you're not going to upgrade and all those things so that's the number one challenge and then the second challenge is going to be talent you see it all the time right oh i like vault i like nomad but here's the thing do i have the bandwidth to really learn how that stuff's supposed to work integrate it with the rest of my stack and then make some creed decisions about what should leverage that platform and what should not and that's what the biggest challenge is even when the team is on board they have the right mindset they may lack the talent or the time to execute no i think that's some great guidance there we'll see um so for everybody on the phone you know for those hash core fans i think everybody probably has heard about our cloud operating model you know that's kind of like our viewpoint as far as journey into the cloud you know the basis of our thesis really lies in the implication that the transition towards cloud is a shift from static infrastructure to dynamic infrastructure it's a shift from configuring and managing a static fleet of i.t resources to as you guys know provisioning securing connecting and running dynamic resources on demand the hashcorp approach is to focus on workflows like everybody knows as well rather than just the underlying technologies like you mentioned kelsey there's the assumption that we will live in a multi-cloud world moving forward so working at google you've obviously got some bias towards gcp but what is your take on the reality of multi-cloud going forward the reality of multi-cloud the only reason why people even say multi-cloud think about it it's usually because they've never operated in two disconnected environments before right even on-prem most people have never dealt with multiple data centers that are so far apart that you have to think about network latencies you have to start thinking about security protocols beyond l2 firewalls where you're just blocking ports and ips once you ever get into a world where you start dealing with multiple you know you know far apart data centers a lot of the multi-cloud stuff you hear come up around how do i federate authentication how do i deal with network latencies how do i deal with overhead of storage and replication all these things are just true of multiple environments so the reality is even though people say multi-cloud is that cloud is a forcing function for you to move beyond the four walls you have that you call your data center or co-location if you think about it inside of a single data center no one says multi-vendor right you got your switch from juniper you may have your router from cisco you got your racks from hp you don't say oh i'm doing multi-vendor because it doesn't make any sense right because everything is close enough that cat5 cables fit there's enough standards to glue everything together and you have a working system the cloud is a bit different because every cloud provider has their own form of identity and this is where tools like vault become interesting like when i really understood the power of vault right in the context of multi-cloud if you think about just unix right mysql versus postgres versus ssh they all three have different ways of logging in username and password so what vault does it says look i'm going to give you an abstraction over all these identity services so instead of you learning iam for amazon i am for google and then dealing with username and passwords how about this let's uplift that conversation and say i'm going to give you one set of credentials for volt and then behind the scenes i'll do all the things necessary to deal with amazon's iam credentials create them on the fly and then give them to your app just enough to do its work and then destroy them so this is really the biggest challenge in terms of multi-cloud is that they're incompatible with each other and tools like volt provide that kind of facade that bit of glue so that way you can actually just kind of stick to the high level principles of authentication and authorization and then just kind of bury some of the differences between the cloud providers so that's the reality they're all different and we're gonna have to rely on tooling to kind of close those gaps until we get more open standards across the board yeah i think that's a good point and i think from the multi-cloud perspective i think a lot of enterprise customers have like this on their roadmap moving forward from the reality perspective you know and from your talks with your customers at google right i mean do you see this as reality soon for a lot of customers uh or do you think this is more long term like what do you see define cloud right so uh you got an internet service provider they're providing you your network traffic going back and forth that isp is considered a cloud provider actually the very core of your cloud provider and then your email service whether you're using microsoft office 360 or g suite from google that's also a cloud provider storing your email it's more service oriented so people will start to put assassin to that if you're using github or salesforce a lot of you know fortune 1000s are using salesforce for all their critical you know financial data so companies have already engaged in this concept what we're really talking about is at the infrastructure for the custom software that you're building does it make sense to leverage multiple providers for what we would consider a commodity so when you start to talk about the commodity layer like oh i want 10 vms from here and 10 vms for there like that that doesn't make a lot of sense if you just want commodity commodity you might as well just have a fallback strategy when you start to really start to get leverage you might say something like this like oh i love google's machine learning apis so we're going to run the workloads that use those apis over there for my mobile apps i'm going to run those apps on the mobile device whether it's ios or android so really what we're talking about is what is the cloud provider providing you that you can't get otherwise in the form of a commodity offering that's where multi-cloud becomes a real reality yep no it makes a lot of sense makes a lot of sense so you know obviously you're known for being an open source enthusiast and i know we've talked about this as well but what are your thoughts on enterprise software companies such as hashicorp and uh what the value that closed source or enterprise features provides to its customers yeah i was managing uh i started this project called kofti and it's an open source project that allows people to configure things and the goal was coming from a place like puppet i would build a tool that just did enough configuration management for the new world of containers so i just needed a way to describe my config use a key value store like console or ncd and then generate a config because that's all you need in this new world and i remember that project got popular and there was a large company sending emails like kelsey we love the work that you're doing you're so amazing we need a little support though we need you to implement this new set of features i'm like uh no that's not my priority i got something else to do and that's not part of the package well who can we call to get support i don't know 1-800 not my problem like seriously i i'm i'm literally trying to provide some software but it doesn't come with support if you want new features i ain't doing that i don't have time to do that and it's nothing wrong with that so when we start thinking about a commercial company that's relying on dependencies i'm glad people use the software i put together but here's the thing if you want a business relationship then you need to engage with a business and if you're a business that makes money expect the businesses you depend on to make money and if they don't make money then they won't be around like i don't know why this is such a challenging concept for a lot of folks because when we hear free software even though we all know the memes around that you have to make sure that the company i want to support me that i'm willing to support them so the way i think about this is we have a big community i love the open source community and when i look at that open source community let's call it a million people 10 million people there's a subset of that community that really loves me back so much so they're willing to pay me money for the work that i do and we we tend to call them customers okay and customers that vote with their dollars i want to make sure that i stick around to be able to provide some priority for them so if they want a certain set of features to be successful in running their business and they're willing to put a little bit of money on the table so i can afford to pay my engineers to have that focus i think that is just necessary it's not a bad thing in enterprise and i think when i look at like we talked about that story earlier about vault you know some features start as enterprise and then they show up in the open source arena and i think that's the right pacing because there are some features don't that don't make sense to be open source like if a feature requires a 200 000 security device to use like hsm support and volt that doesn't make a lot of sense to be maintained in the open source community it's okay to say look if you got one of those then you can afford an enterprise license to make sure we can do the q a to make sure this thing works properly with the proprietary piece of hardware no i think that's that's great uh seems like you should actually go into uh enterprise software oh wait you are so now that's uh i i think that's some great feedback and things which i hear all the time as well but i don't think everybody really kind of pays attention to kind of like the background and kind of like the effort that goes into developing enterprise features for complex integrations out there like you mentioned as well so i think that's a great point as well so you know here comes another kind of question which is correlated with this and i think a lot of people uh on the phone are probably going to be interested in this but you know what do you think is the biggest hurdle for hashicorps enterprise products as an expert in technology what do you see us kind of going through what kind of struggles do you see us potentially kind of encountering because of the enterprise feature set that we do actually have on top of terraform vault nomad and console do you want the truth yes absolutely so i think all your customers are also keeping a lens on this so when we look at the cloud the cloud provider's job is to continuously listen to their customers and establish a feedback loop in terms of features if i look at vault and i love its api then what you're doing uses effectively raise the bar for what it means to have a security product of that nature so now my customer base is going to come to me and say hey kels i need something like vault now there's two ways to get in there one is great partnerships i mean i can go to the hashicorp team and you have a price of you know efficient product that fills that need so i can stick with the hashicorp brand i can stick with the api and i can get service from you and i see that trajectory going but here's the thing if you don't meet the bar in terms of that level of integration meaning i need billing integration i need workflow integration if i choose to use google's gcloud command i really want that to work even when i'm dealing with you because i don't think anyone wants to go off it's like you know streaming video like everyone complained about cables like oh i'm paying 40 a month for cable and now i'm paying 7 trillion dollars for 10 000 apps to watch five shows so no one really wants to have a different service and different vendor and different invoice for everything that they want to do so you have to kind of pay attention to the full life cycle of adoption of software going forward and the next thing you have to do is just make sure that you're always competitive in the marketplace so you know if i were to look at console the big risk there would be infrastructure products tend to get pushed down lower in the stack as new solutions rise above and the way you have to counter that is saying hey console needs to play nice with kubernetes because you have to make sure it's clear and one thing for example you know console is replaced by ftd inside of kubernetes but one thing i think the console team did good was pay attention hey service mesh is the thing we already have all this network telemetry data in console how about we surface that data and then provide a controlled plane that's easy to use following that hashicorp philosophy because it's going to always be opportunity and workflows in ux no matter what's on the market you always have an opportunity there so when i saw console connect come out and say look we get it the landscape has changed people want service mesh now we're gonna give you a control plane and then what we're going to also do is give you libraries and we're going to integrate to things like envoying versus creating a new one from scratch i think that's the key to staying competitive and you got to win that business every month and every year yeah i mean it's the mind share behind things and it's funny that you mentioned this thing about cutting cable because i i personally cut my cable uh cut the cord about three months ago consolidated everything and i've been loving it so uh no that's that's great actually here's another great question from one of uh the people that actually are probably online currently but um so we've talked a lot about about our hash corp tooling about vault a little bit about nomad a little bit about console but uh if you actually have to say what is your favorite hashicorp tool what is it and why i'm gonna take two i'm gonna take two number one would be vault is my number one favorite product and what i mean by product is that it's a thing people are willing to pay for and it solves a problem that straight up there aren't really many great end-to-end solutions for right there's lots of secret management tools but a lot of them don't really think about the full workflow which is i need to make sure that the credentials i create have a life cycle to them they need to be cleaned up so whenever i see a tool that thinks about all of the best practices being baked in by default that tends to win that particular race for me mentally and then from a product perspective i've met lots of customers who pay for vault and they smile and we bought that vault and we're using it in production that's some people buy stuff that they don't use like people have bought like virus scanners and no one knows if it runs anymore people have bought little agents that run on their server don't even know what value they're getting out of it whereas vault is really hands down one of the best products that people can pay for the second favorite is terraform and terraform is a great project right i'm surprised that you get people to pay for terraform but i understand why because we talked about that support part if my business is going to rely on terraform to configure all of this stuff then number one i need great support i need to be able to support things even if a cloud provider doesn't so i understand what they're paying for but it's one of the few projects that we've seen in a long time where everyone agrees that you know what hdl is a great foundation even native cloud providers are generating the back ends and owning that themselves that's hard for any company to do even for a startup to say hey microsoft hey amazon hey google can you keep your back ends up to date while we go focus on filling the gaps and doing things like policy and you know providing hostess solutions so those are my two terraform because it's ubiquitous it's a great consensus builder across teams and allows people to serialize their culture when you make decisions about the tools you're using you can go and serialize those things into terraform and then vault because man hands down not a lot of competition in that space now i mean that's great insight and you know obviously terraformer involved are our two most popular products as far as our enterprise offerings hopefully uh next year when i sit down with you your answer is going to change the console nomad so we'll see how that goes all right so uh i know we've focused a lot about just hashicorp stuff but you know as far as yourself you know kelsey you're one of the most recognized voices in the kubernetes space you're one of the original contributors what has that journey been like for you because most people on the phone and most customers that we talked to has some kind of kubernetes strategy as well as a cloud strategy right how did you get started you know how do you think kubernetes has matured in the last six years and i can't believe it's only been six years but it seems like it's been longer for much longer and what changes do you see moving forward you got to understand the angle that i came into the kubernetes with as a linux system administrator i remember like logging into a server for the very first time you get on there you're not quite sure what to do and you know you start to learn about in its systems and you know a packaging format and i remember building my first rpm and creating my first spec file and then making a reproducer build with a tool called mock where you would just get a nice clean chair root recompile the app and then i will create it in a script and i remember i got to the point where i could do yum install the app will come up service start the app will start running and then service stop boom and then i learned how to do upgrades and once i had that kind of power i was able to think about leveraging linux and operating system very effectively even for custom applications and then when we started to go from like just a handful of servers to hundreds of servers because of virtualization i remember like you had to think about auto scaling horizontal scaling integrating to load balancers and all of us wrote two trillion bash scripts right like this batch script does this and you gotta run this in this order and then configuration management comes along and says look we're gonna effectively give you a dsl for writing these scripts in a more systematic way but we never really got new abstractions we wrote a lot of code but we never changed the underlying platform that we were working against and then i remember seeing kubernetes for the first time i was working at core os we were building a competitor we were building this so-called fleet right the model at core west was google's infrastructure for everyone else so we built things like ncd we built this kind of operating system based on linux that was just shrinking things down optimized for containers and we were making this attempt at saying can we build a cluster operating system to allow us to not think about machines and think about apps we had the pieces we had containers we had the kernel we had all this other stuff but we didn't have the abstractions so when kubernetes came along i remember i was the project was being launched and i was trying to hurry up with the blog post so that you know coreos would have some some news to share in this space and i learned how to get it all installed and i remember just running my first container via kubernetes and i was like this is a game changer all the stuff that i learned over 20 years is built in by default how to give ieps and rotate them how to think about services how to think about when one application dies or a machine dies and the application runs on the other side because now we have this concept of state and something fundamentally different than config management the state is active it's actively being reconciled we're not talking puppet run puppet run puppet run and hoping crossing our fingers that it eventually gets us to where we want to be and the kubernetes space things are so tight the contracts are so intentional that i was watching all the things that i thought the best system administrator should know how to do be ready out of the box and when you talk about evolution over time kubernetes starts with that it starts with 20 years of best practices baked in and then what you see afterwards was just addressing more workloads that we could run that way you want cron jobs we can do that you want machine learning jobs via kubeflow we can do that you want a ci cd system we can do that and then what emerges from that is this concept of crds and this idea that we would actually have a first-class way of extending the platform that way anyone else can build these first class things almost like a terraform module right in terraform you learn how to build hcl you can make modules that feel just as first class as the cloud provider ones but kubernetes did this for the infrastructure platform layer and that was a game changer we have our back we now have rich security policies thanks to open policy agent so now we've moved to an era of infrastructure as data right we always talk about infrastructure as code that's automation that's scripting it's fabulous but once you change the abstractions where we don't have to think about if then do this we move into a world where now the abstractions are described as just data we give the data to the control loops and they'd still handle the if and then they'll but we don't and then they produce more data that we can then leverage these policy engines to say you can't deploy that in that region at this time on this kernel for this app and now we have a whole new generation of tools that will follow so this whole kubernetes mindset this whole idea is about getting us to this infrastructure as data component so you mentioned something which is interesting it provides kind of like a framework for the next generation of tools what is next what do you see in your mind as the next thing on top of kubernetes or after kubernetes what do you see out there so one thing the industry you struggle with is decoupling the application from the infrastructure you hear most of companies our apps are stuck on the mainframe oh our apps are stuck on this version of linux oh we got to patch this thing when you're stuck on the infrastructure you can't do much right everything has to cater to the infrastructure layer below you to make any progress but once we can actually lift the applications away from the os our compilers are starting to do it like golan can cross compile for my mac laptop i can generate binaries from linux and for windows because it does a great job of effectively decoupling me from the low-level bits of the operating system so when you do that for infrastructure think about when you're shipping a package at fedex right you're saying hey here's a box you don't care if it goes by boat train truck or airplane we can do anything we want with that particular package if fedex invents teleportation they'll take your package and teleport it to the other side and they'll be able to do that without asking you because they don't have to cater to the decisions you made before oh my box only fits on trucks well that's not the contract so it's now it's open season so next generation infrastructure looks like cloudflare workers where now they're saying we have thousands of data centers on the edge and since we've decoupled you from the machine i can run you under wasm which is this runtime engine that comes from like the web browser world and i can treat your snippet of logic like a web browser plugin and then when you upload it i can deploy to a thousand data centers immediately in a fraction of a second and that's fundamentally different than we think of provision the server make sure that it's in the right amazon account set up the ssh keys like what are we doing so the next generation tools will build upon not tying up all their resources dealing with the layers below and they're going to be free to be creative and imaginative in a way that we just don't have today because of existing investments yeah no i think that's some great insight as well um so a lot of you know respondents you know for the questionnaire or even providing questions have mentioned that you know there's a big kind of like movement towards kubernetes for sure right and a lot of companies are actually moving to kubernetes just because their cio went to a conference heard about kubernetes and basically this is the way that things are going to go right i think first of all do you think it's overhyped i don't think you do based off of some of the things that you've been saying about it then secondly you know what are some of the cautions that you have to like think through before making the leap to kubernetes everything starts with hype that's any good internet came out ah internet these people are wasting time publishing text online this is such a silly thing books forever okay and what a lot of people don't understand is you don't have to replace everything that came before to succeed kubernetes doesn't have to be the only thing in the world but we're at a point now where if you don't have internet access you're just not in the game right like oh i'm not doing internet it's like yeah you're out of business you're on the internet so now we're at a stage now where what are you going to do instead of kubernetes you're going to cobble together 10 000 tools to luckily get to where kubernetes is so the truth is could you build a better operating system is linux over hyped is get over hyped should we not be using git as version control is github just hype you get to a point where we cross the hype thing into usefulness so when you start to have a lot of people running something in production and actually leveraging that and actually doing things that they couldn't do before now we start to cross into maybe it's just the best practice now here's the thing that we're the hype thing is still valid some people aren't understanding the contract requirements to leverage kubernetes if you take your app that has no health checks that has to be started in a you know particular order does some weird things to you know the kernel before it can even run then your app isn't optimized for being detached from the infrastructure right it's calling on i want that kernel i need red hat 5.7.4 because i'm some reason i'm looking for that specific version before i boot if you're in that scenario then you're not willing to pay the price of a mission for kubernetes so i think a lot of times is maybe some cios are not evaluating effectively are their apps and are their teams ready to make that transition to see if they can even get some leverage out of it because just buying a bunch of migration tools and saying we need to be a bit on kubernetes by the end of the year really missing the point in terms of where do you want to be in five years so if kubernetes is a checkpoint on that trajectory and i think a lot of people are treating this like they did with their old software it's a checkpoint and they can forget about it for the next 20 years until the next thing rolls around can't treat it that way gotcha okay so you know we're up to 216 participants which i think is great but you know we have kind of a varied audience you know very audience who actually has been doing devops for a long time we've got people you know on board who actually are just starting off as well a couple questions kind of came in as far as you know varied experiences with cloud cloud engineering and devops what's the best advice that you would have for somebody who actually has a long history with it is transitioning into like this new cloud role what kind of recommendations uh do you have for people to get started and how do you actually make the jump to this type of role you are not your role you are not a linux system administrator you are not a vmware architect you are not a juniper certified you're not any of those things you just happen to be hopefully a professional that chose a certain career that rewards learning over time if you're willing to take a sense of ownership meaning hey i see what the mission is here's my current skill set and here's how i can apply it if you're willing to give me a little bit of time i'm willing to learn a new skill set and apply it that's the fundamentals here you can call it devops you can call it agile you can call whatever you want in every profession in the world before we had those buzzwords the world was able to function in a way where there's certain set of humans who understand that now if you understand the fundamentals of computing you understand that hey the cloud has some servers that i can rent out with an api right that's all it is right like when i call a lyft do we call that cloud car service no it's like i need a ride and someone's gonna come pick you up in a car probably like the one you have and you already know what to do you're gonna get in the seat and they're gonna drive and if they make the wrong turn you'll say hey that's not the right term because you understand the fundamentals of how to go from point a to point b and when people start thinking about cloud they think of this foreign computing land it's still x86 you're still using the same compilers these are the same fundamentals for almost 40 years it's the same thing the thing you have to look at though is why is the service so good how did they come up with this idea that without talking to anyone if i want a thousand servers here's the price here's how you get a thousand servers and the thing that i get back is a server ready to log into that's that's where we're saying that you have to raise the bar so if you've been doing it i meet people kelsey i have 700 years of it experience and i really talked to them and it turns out they have 700 years of one year experience they have never pushed the boundaries everything is oh i got trained on this product it told me to twist the knobs in this direction if that doesn't work i call the vendor well if that's all you're doing then you kind of resigned yourself to a limited skill set that can't really impact any new ideas and you're not demonstrating the willingness to learn things that you don't know with time to contribute so if you show up and say i'm a vmware certified engineer if vmware doesn't do it the company can't do it you're not going to be very helpful so what we're going to do is going to put you over here to the side you're going to be the senior lead architect vmware engineer of the century but when we go to cloud we're not going to talk to you because you haven't demonstrated that you actually care about the fundamentals and leveraging those things so i think if you want to be in the skill set you literally have to look at the mirror and say what am i willing to bring on the table if i'm willing to bring certain things to the table it involves learning the team says they want to use vault don't go around criticizing fault don't go around saying it's just hype what you do is you download vault you run it and you say what problem is vault trying to solve oh today i'm copying around files by hand i have no rotation policy for my username and password you sir have a problem you look at volt and you say wow i like to take on this i don't understand why it looks a little bit over complicated but it does solve this problem let's see if i could just make this small transition for myself first so now that i've made my own personal transition i can now contribute to the broader aspects of what the team is trying to do but most people don't take the time to do that it's all about convince me vault is good why am i convinced you're the professional you're supposed to keep track of the various tools that are available to you so when we go off to build things i want you to bring the right tool right your caveman coming with this stick and a hammer tied to it and it's like what are you doing we got hammers now it's like yeah no no i roll with sticks and stones that's what we're doing it's like bro you like the flintstones or what i mean you're a flood stoned and it's cool but you're not a flintstone you know what i mean like so you got to make sure that you're staying up to date if you want to be a professional who is paid to actually execute there we go gotcha now that's great and uh the next question i think you've kind of touched a little bit on as far as infrastructure is data decoupling you know applications from infrastructure but you know what are some of the top what are some of the other top cloud technologies and devops workflow patterns that you yourself are keeping an eye on you know how do you think devops essentially will evolve in the next five years so i'm going to tie this with a question that i saw pop up in chat which is you know you look you're highly motivated knowledgeable efficient individual how do you manage your schedule and sustain your momentum so one thing i've kind of learned is i got to respect the fundamentals so that means i will go read mailing lists from 15 20 years ago and kind of see what the base they went through on some of these fundamentals so let's use service mesh for example we can kind of see that a lot of cloud native patterns around health checks observability to take advantage of all this stuff even the stuff that hashicorp is producing what point of it all if i don't know if my apps are running i don't have them locked down and they're secure so now what i got to do as a professional right so internally i'm an executive i sponsor some you know our biggest corporate accounts i also sponsor some technology projects but here's the thing i can't show up and not know how this stuff is supposed to work i can't show up and understand how this stuff is supposed to be leveraged and when they're making the wrong trade-off so what i tend to do with my calendar is if you look at my calendar you'll see blocks on there like two hours kelsey you gotta write some code and try to integrate open policy agents i gotta feel what's good about it i gotta feel when it falls over i gotta see how much traffic it can handle how much latency it handles and i'll give myself a year to really get good at this stuff i'll roll envoy by hand so when you see me do something like kubernetes the hard way and i build it up from the ground up is because i personally made the investment in myself and i figured why not share that with other people so i always have this kind of learning and public element because it's my force and function to stay on top of my game so i typically make room to learn not the things the company asked me for but the thing is i think i need to be successful in the space so right now i see a lot of traction in this service mesh architecture we're taking identity serious now we're saying that we need to understand how our apps talk to each other no more getting behind the firewall and just making any call you want and hoping that you don't leak customer data so now that we've been attentional and the tools are showing up what you're starting to see now is that now the bar has been risen so if you're a security auditor and you get a taste of what's possible your recommendations will change and say hey even though i certified that two years ago that's no longer the state of art we need to start looking at zero trust you need to start looking at some of these tools that can allow you to implement that kind of thing so i think the engine the industry is now saying we've we have some good ideas around compute with serverless containers and vms are still a thing and they're still a good choice for a lot of workloads now we got to shift focus to once you pick one of those compute layers what is the application layer doing do we have the right abstractions at that layer and that's where i think service mesh is pulling on the right threads and remember when i say service mesh this is not about just containers and envoy running in sidecars if you think about cloud run internally at google and i'm pretty sure the other cloud providers as well we all have a sidecar that's doing things like traffic routing security stuff because we don't want you to have to do it in every app that you build we want you to get rid of the serverless server mindset so what we do is we take the concepts from surface mesh and we layer it in by default and you don't even know you're using a service mesh but you're definitely benefiting from one gotcha oh that's great i know we're you know got 12 minutes left i've got two last questions for you and then i see a flood of questions coming in and some great questions i want to try to get to as many as possible but you know second and last question for you what is the most unexpected lesson that you've learned in your career the most unexpected lesson i've learned a lot of them but i think the one that really changed my thinking was it don't matter jenkins versus spinning don't matter pick one go super deep and when you get low enough you can make a decision do i contribute to this project write a little code to make it do the things i want or do i abandon ship and try something else and most of these things will have a shelf life based on the number of people who are willing to do what i just said if you have a healthy community of people doing that you'll benefit from that work you can go and influence people to do that work so when people are paralyzing decisions like for 25 years people have been talking about ci cd oh we're going to get a cicd pipeline i'm like literally that is not innovation ci cd pipelines is not a form of innovation it's like going to the grocery store buying a bunch of ingredients off the shelf putting together following a recipe you found online and say ha ha i innovated this cake it's like what are you talking about that's that's just you just went to walmart and bought some cake mix like i'm surprised it took you this long just buy the cake or you could just bought a cake like the cake is nasty like you didn't even mix it correctly like this is your first try like yeah you're not don't open a bakery no you're not a baker stop you don't even have enough flour like how are you gonna do that like you're advertising things you don't have so the thing is if you start to do the math and all the ingredients cost as much as the final product stop just stop like unless you just want to kind of kick the tires go ahead but trust me when i had to buy cupcakes like when my daughter was young i just went and bought like a hundred cupcakes that were already finished i i i could have definitely flexed my muscles i baked all of these but it was cheaper to buy the cupcakes so i think a lot of people just need to kind of you know return to reality on that front yeah it's interesting because my wife is uh she's super creative and she kind of is one that likes baking and creating these crazy cakes so i got the different perspective where she's like this is what i'm going to build and this is what i'm going to be focused on and i'm going to do it no matter how long it takes me but she's committed to it though right when you're committed to excellence before you let somebody taste it you're going to taste it first right you're going to be like this ain't i'm not trash like you just do a whole kicker what are you doing it's like it ain't right because i have a definition of right and that's the way you're attacking problems then i know you're going to be successful but if that's not the way you're approaching things then not going to work out the same i hear you so last question for you kelsey before i actually kind of go through some of the questions this is gonna be a really interesting one for me but uh so what do we have to do to get you to wear another heshcorp t-shirt for a month i'm putting a challenge out there for you uh i'll sing your team an invoice you're dealing with kelsey 3.0 now so you know the price goes up you know what i'm saying you hear that that's the sound of the price going up so you know your team get with my team and we'll figure it out that's that's great that's great well let me actually just kind of like go through the chat i'm not going to get through all these questions but i'm just going to pick and choose a couple i think really kind of stand out um let me start with the one from ryan russell from city so what are some upcoming coming challenges across industries that you see that you think work that you think there isn't a good oss project working on yet hmm so so some of the biggest challenges i think around federated identity so you have a lot of solutions that are around like jot tokens right like you can go ping identity there's a lot of these services where you sign up for the service you put all your users in there your users authenticate you get back a job token and if you're fancy you can exchange it for a less powerful token before you pass around your infrastructure that's pretty good and there's some stuff in the open source space that's starting to address that but when you start talking about federated identity meaning that they're going to be using you know active directory for some stuff your internal users are going to be using some identity server and then maybe you're going to be doing a third party this whole oaf landscape is challenging it's really really really challenging for most people so what you end up with is forcing your users to have multiple accounts right you ever go log into something and you're like oh you need to have a google account for this app so a lot of people right now don't really have something that's super great or easy to integrate across everything so you might find something that's good for the edge of your network but then it doesn't really work on the inside of your network right so you have some proprietary solutions that are trying to do this but i see a lot of companies struggle with this and i'm talking about the full life cycle right some people will get a very powerful cadential and pass it to every app you better hope that one of your apps never leaks that credential or attempts to go back to the front door and impersonate the user so there's a lot of things that the industry hasn't caught up with in terms of where we are but federated identity is super super complex i see people mentioning tools like decks and that's something that you know korres kind of worked on early days and heptio and all these other folks and that's great for a small set of your infrastructure and apps but that isn't the full thing when we start talking about identity think about it what kind of identity do you need for a batch job that runs for five hours and tokens expire in 10 minutes most solutions don't really accommodate for that kind of thing so we have a lot of work to do in this space when we start to think about the end to end enterprise example cool um here's a good question that we're kind of dealing internally with that hash corp as well this is from jason cox at disney so he was like the top three things we can do and to bring more diversity into tech belonging building next talent that looks more like our diverse global human family like i said i think every company is dealing with that right now but love to kind of hear your perspective there humans struggle with this when you have a bunch of people that have a lot of money trying to solve world hunger that have not been hungry before they'll say things like we should just get everyone on an ipad and they can order doordash and they won't be hungry anymore and just like you're so disconnected from the problem that even though i don't think you were being malicious you're just too far from the problem to really be able to have empathy to do it so when we talk about diversity and inclusion uh i really got it i was on a flight from some trip and the person next to me asked me what i did because i saw my google backpack and i explained to him what i did he told me what they did and they said they work in diversity and inclusion but they help ceos understand how their company is impacting the whole world because it's not just a us problem and we're on this flight and we're looking around he's like look at this flight we're in first class we're being served food and drinks 30 000 feet in the air everything is nice and smooth i'm even on high-speed internet in the air it's like this is a work of this is a miracle if you think about it but this one industry that's worse than tech is the aerospace industry they have way less diversity and representation than tech does he's like this plane was only built by a subset of human intelligence so aviation has only been around for a certain amount of time and this is not the best that we could do in humanity this is what a subset of the population could do imagine if we leveled the playing field where we can get all the creative ideas from every inch of the globe what will we be flying in in 2020 and since we haven't done that as a society we're shortchanging ourselves and until every engineer that works on code and tech into every product manager into every hiring manager to every ceo understands that and believes it personally that it's a benefit and not a charity case then it's going to be a passive thing it's going to be like all right whatever our current numbers maybe they should go up that's not how you approach it who wants to be a statistic who wants to be three percent of the black population no one wants to be a percentage on your diversity report people want to know that you want them for their talents and you got to make sure that you understand what the various talents are so great leaders and understand where they're short hey we need someone that's really good at x so what we're going to do is instead of hiring people who look like everyone else on the team or think like everyone else is on the team we're going to go out and make sure that we find people with the missing skill set that we don't have and again if you're a person that does interviews you actually might be terrible at interviewing just because you're good at writing code doesn't mean you're good at interviewing so you may be incapable of finding talent or finding someone better than yourself with a different skill set so i think what we have to do in tech is be very honest with ourselves are we actually looking to leverage the talents of the entire globe and if that is true you need to understand how it will personally affect your outcomes and you're not doing charity work yeah i i think that's that's great i would agree with you i think it's an uphill struggle for all companies and for everybody to kind of go through but i i do think that is absolutely the right path moving forward so thank you for that we got two minutes left there's a lot more questions i'm going to consolidate i guess one more there's a couple questions regarding your personal work life balance so let me actually just go through that so there's two questions i'll read them both because they're kind of you know intertwined but uh man i just lost the first one i'll just go to the second one how do you balance all that with family and a job the job does give me some time for learning but how do you actually provide that balance for yourself my wife is an executive director for the school district that we live and i help her with her work all the things that i learn in this work i help her in her work and vice versa so when you see me give a keynote i'm projecting my life on the stage as i'm learning new things these are the puzzles that i like putting together i could do a jigsaw puzzle once i see the big picture you buy that box and you go and solve the puzzle and some gizmo puzzles for me a lot of stuff that we find in the tech industry but the way i balance all of this is i know the power of having this way of thinking i know the power of having this network that we have so it becomes my life so when i meet someone and they need help in their personal life sometimes it can be through code it could be financial education because i work with a lot of financial institutions and i learned the power of money all of these things that we do in in my life is reflected back in my work i love to clean the house keep everything super tight and when i write code i keep the same mentality i'm super patient i don't need to rush for everything i just want to put out good quality things so i try to make my life revolve around that so what i try to do is make sure that the things i learn in my real life i can transfer to my work and things that i learn in my work i can transfer to my real life and if i can do that then the balance is maintained i just got to make sure that i log off in time and not staring at a screen the whole time but that's the way i keep that balance that's great well i know we're actually at the top of the hour i want to thank first of all everybody for joining and there are two i don't even know 230 plus i think at its peak out of 300 who registered that's that's pretty good success rate if i ask alien marketing i'm sure that's pretty good um but kelsey thank you so much for joining uh i really enjoyed our conversation i learned a lot from you as well hopefully like i said next time we sit down uh we'll think about ways in which you can actually get that t-shirt on for uh the next thing that we actually achieved for you but for everybody on the phone thank you for joining once again the recording will be available i think tomorrow correct ally and it will be posted on our website as well but once again kelsey a great big thanks to you really do appreciate the time and you know time that you spent with me awesome thanks for hanging thanks for having me absolutely we also want to thank to um foghorn as our partner of this event so thank you to them for driving attendance and partnering with us all right everyone have a wonderful rest of your day kelsey thank you so much again this is a wonderful event alvin thank you um and we'll i'll see you soon at the next hashicorp event that's good thanks everybody thanks bye bye

Info

Channel: HashiCorp

Views: 4,349

Rating: 4.9633026 out of 5

Keywords: HashiCorp, Cloud, DevOps, Kubernetes, Vault, HashiCorp Vault, Service Mesh

Id: nnk22d_q6hA

Channel Id: undefined

Length: 56min 39sec (3399 seconds)

Published: Mon Sep 28 2020