Managing Kubernetes, Docker, and the edge in 2024 with Portainer (Ep 256)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Music] [Music] [Music] [Music] [Music] oh [Music] w [Music] [Music] oh [Music] hello I've got my friend Neil here with me and we're live on the Internet thanks for being here everyone and welcome Neil Neil Creswell from painer CEO and awesome [Applause] dude thanks for being here thanks me I love love coming on your show and and talking Tech yeah this is uh I think at least our third time together um we've already even got a fourth one planned I don't want to spoil the ending but we're we're going to uh we're going to have you and your team on the show again I believe uh to talk about some new projects but we're not here for that today we're here for painer which has been a topic we've had on this show multiple times it's hard to go a month or even a week sometimes on this show especially in the Q&A portion where we're not bringing up painer at some point as an option for managing things for deploying things but before we get to that for you all watching live if you didn't know why this showed up in YouTube and you didn't know about this channel um I talk about Cloud native devops and that's what this is all about so if you're watching this live and or you can't watch the whole thing and you're like Neil sounds great but I got to go that's fine we've got the podcast so you can jump over on the podcast that is something that happens every other week and we were actually just on Twitter this week talking about a a six-month-old show about bryndan Burns coming on from Microsoft he's one of the co-founders of the kubernetes project and someone actually pulled out some great little nuggets from Brendan and I real Iz I need to make clips of those things those are great little knowledge uh pieces of thought of some from someone who's on the Forefront of thinking about all these tools and the technology that we're all dealing with right now um so you can check out that and if you didn't know that Neil was going to be on the show this week that's because you're not reading my newsletter so it's a free quick simple little newsletter just go to brett. newws all these links are below in the description you get on a free newsletter and for example this week's newsletter uh featuring all of the best of gen artwork um this is supposed to be a group of people juggling containers I don't know if they're juggling they look like they're celebrating they look like they're like like containers are coming from the sky and they're celebrating I don't I don't really know what's happen I couldn't get it to figure out juggling they didn't understand juggling um but this week on the the on the newsletter you got a breakdown of what's in the podcast this week who's going to be on the show what are we going to talk about and you know my my favorite tweet of the week which was us basically getting advice on Twitter uh for Neil and his team to take back for building even more features into painer which I mean we're going to talk about it we're going to talk about all that so get on the newsletter Brett D news get on the podcast if you're someone who likes to listen to us chat in your car I will be honest I don't know if this is I'm going to just say it anyway I listen to our I listen to this podcast on my on my drive sometimes because when I have wonderful people like neon I I get such tunnel vision I actually sometimes forget what we talk about I don't know if it's kind of like a little bit of like being on stage and I so sometimes I'm like I don't remember that Brendan conversation from eight months ago so I go back and listen to my own podcast it's a little weird I agree but I I find that I learn things that I I don't remember from the show cuz I was too busy operating this uh live stream to actually enjoy it so I too am a listener welcome to the show all right painer Neil uh give us the the quick origin story that we've of course we've heard on the show before but for those new people that are here that didn't that didn't get to watch us the last few times yeah it it changes often because it uh I I like to keep the the story even though story is the same I like to change it a little bit otherwise you get bored hearing it um my my background my my history has been quite Dynamic I've had so many cool roles you I started out as an engineer I moved to a consultant I went to a CTO I went to a CIO went to a CEO so I've I've had all these different roles and those roles have exposed me to significant differing Dimensions to it yeah and and and and conflicting priorities you know how how as an engineer and as a consultant you can build really cool amazing things and then as an executive how do you how do you gain control or better better TCO and Roi and all these other things it's it's conflicting priorities and one of the things that I I learned very early on is yeah complexity is often a hindrance to many things it's a hindrance to the adoption of new of new technology um complexity is a hindrance to a really really good total cost of ownership and H and complexity is a hindrance to how fast you can recover when things go wrong and so I've been I've spent most of my career now finding ways as a consultant as a CIO now as a CEO how I can how I can Empower amazing capabilities without introducing unnecessary complexity and that's kind of my overarching vision is how do I how do I make this thing this technology accessible buy the masses and minimizing as much as much complexity as possible and panana started life initially for me to use as a tool for a cloud provider I was running when I wanted to deliver a c offering um container as a service that was in 2016 that's how long you know POA has been around as a as a least a code base um that was very early that was when you know hardly anyone had any kind of native container offerings you know wanted to deliver us a c a c panel type experience but for containers C panel that's a good you're going back I'm going back thing but I know it's still a thing but I was using C panel like 25 20 years ago yeah yeah and so so that this whole thing is okay how how you know C panel was just so easy right it was an easy way to manage things it was like okay well how how can I have that kind of ease of use while still enabling the underlying technology now obviously things have evolved dramatically since then so you know in no way are we trying to be a c panel these days um but still we you know my my whole ethos is how can we remove complexity and and make the technology significantly easier to initially adopt uh to manage you day day zero day one and day two so that's that's kind of it nice and you have some fan You' lost your audio there oh yeah that's me muting because I have jets in the background my bad you got to keep me on point uh you have some I was going to say you have some fans in chat so we've got Elias we've got unq Martin in chat uh we actually have now a bonly not that we're going to go down the rabbit hole Of Swarm I'm going to try to avoid that today but we have a swarm Meetup a swarm fans Meetup which you are a big fan of swarm and you have supported it uh you you've even got a swarm website for FAQ or forum and we have now a bimonthly meetup on Swarm and it's hard to not mention painer in there as well because it's always been a faithful Docker and swarm companion over the years um by the way thank you Elias for becoming a member I really appreciate that you get you get the uh the reggae horn because every time we get a new member I have to play the reggae horn or something obnoxious um back to painer so one of the challenges I've had is how to how to talk about it without just saying it does it does it does all the things it does kubernetes it manages storage it manages applic deployments it manages nodes you can see statistics and and there's just so much to it and it's hard to figure out where sweet spots are and where uh like where I can tell people a specific thing that it does out of the thousand things it does that they would realize oh I need this I need to um I need to adopt this right away so I was curious like do you have some some common scenarios where people are going oh wow I definitely need to solve that problem I I will check out painer for that is it yeah application deployments is it monitoring is it like storage or add-ons or what really is the area that you see a lot of people liking for one welcome to my marketing problem um and and this is this is completely my own my own doing right so I I am not a fan of lots of uh discreet tooling to manage infrastructure you I I cut my teeth in in the VMware era um and you know VMware became really really strong once they once they moved all of their management into into the one Venter engine and they had all these Venter plugins and you could even though there was a range of discrete tooling it all plugged into Venter and Venter was your single gateway to to that to manage that world and I I liked that it was you you learned the one experience you learned the one tool and so right from day one I wanted I wanted forer to be the one tool you needed if you if you had to manage a container platform I wanted vola to be the one tool you needed I didn't want you to have to go and tab to or have multiple tabs open to different tools I wanted vola to be the one so in a way I've I've made my own problem because we do everything um that's that's kind of the strategy yeah um where where we focus is actually I would say day two operations um and the reason being is spinning up a cluster and for a long time POA was was not in the game of spitting up environments for you we we didn't want you to build clusters because that's quite easy you can swap your credit card go to digital ocean go to coo go to go to any cloud provider Swip a credit card and and you have a cluster there's cluster bootstrap tools that will spend you a cluster and this stuff is is quite simple and it was like well can we add value to that I don't know so we kind of shied away from that and said well setting up a cluster is great but what it actually does is gets you into trouble quicker you you've spun up this cluster but now you actually have no real idea how to manage it and even worse you've got no idea how to troubleshoot it if something goes wrong you haven't you haven't learned it so therefore you can't operate it correctly and so our whole thing is well once once you've spun up a cluster how do you now how do you now absorb that and and how do you how do you now manage multiple clusters how do how do you take care of user authentication and rback and access and all of the hard stuff that comes on day two after you've got a cluster um so our our current sweet spot and where we're seeing a lot of pickup is is in that data operations it's it's taking in environments and centrally managing them providing a a self-service portal for The enduser Operators or users Dev op and what you like who log in and and want to want to deploy and manage their applications yeah and so you on that topic of deployment because I mean you're right like so often the deployment tools and the management tools are different and the choices you make in one may have consequences for the the thing that you use after that so uh we were talking before the call that you had recently added micro katees deployments like cluster infrastructure deployments as an option could we talk about that a little bit like is that the first time that you've done that in terms of being able to deploy infrastructure from within the tool or yeah we um we actually purposely said how can we how can we if if if people are going to be spinning up spinning up clusters and environments with boot strip tools well let's let's just do that for them to because why not you know why if if they want to manage them with POA but they want to make it easier to spin up well let's just do that for them so we're like well let's start with adding cloud provider um environment so we said and we started off with you know the three Challenger Brands you coo LOD and digital ocean because because they they they kind of align to our ethos as as you know a bit of a disruptor or Challenger um and then of course it's like well actually the real problem comes when you're look into Amazon and Azure and Google because you know those setting up those clusters is actually quite challenging so then we added those three as well so now you can spend up you know six CL provider offerings um all natively from with with impano so you can you can add add some credentials and then from infan you say hey I want to spin up a GK cluster or an eks cluster and fill in some relatively rudimentary detail and then you know next next next finished and and you got yourself a cluster um and now you can manage it from forer pretty easily we then said well that's all that's that's all well and good but there are a lot of people out there who want PES selfhosted I'm not going to say on premises but that's almost always what that means but self-hosted how do we do that and so we spent a lot of time looking at the ku's distributions out there and saying well in all honesty the best way to run kubes is managed kubes you know Outsource Outsource the problem of managing the control plane to somebody else well how do you get close to that selfhosted and that's where we kind of settled on on micro K8 from konle because it's probably the closest I think that you can get to no Ops kubernetes I mean there there's no such thing as no opset is um but it's the closest you get and even better for a relatively low fee you can go get an auntu Pro subscription and you've now got a full 9x5 or 27 support agreement with conical so if something breaks you don't need to struggle you just get on the phone to canonical and that'll help you solve the problem with Marco K8 and I thought that's brilliant you know if for on Prim that's brilliant and so that's why we decided we'll add support for micro on Prim up up costers so six La providers and micro for on yeah yeah um we were also we were also talking before the show about my Affinity for micro Kates because I always felt like it had a wonderful like it it put it it checks all the right boxes for me in terms of a kubernetes self-managed deployment solution and uh I mean obviously we have k3s we have every cloud and we have all these heavyweight ones like Rancher and tons and all these other ones so it it always felt like it was the right mixture of making it easy for me to put some of the default plugins in but not being too opinionated having the Enterprise support option in the background but also very strong community support and I've had them on the show before the talk about it uh the team one of the team leads and um I just I think it's a great product I teach it in my courses as a great way for setting up small clusters but I have also deployed micro Kates in data centers for like a financial institution just a couple years ago where they decided they didn't really need wrench or one of the heavyweights one they just needed to go with something small light simple to upgrade and and maintain and micro Kate's solved all those problems for him so here we are actually while we're talking I might share my screen and I'll actually do something in parallel what we talking H why not let's do it let's um not get the Inception though but is my screen sharing now there we go all right so like here's a voler instance as an example and you can see I've got a bunch of environments in here and I don't need to go into detail on that one but um we but that is a good point though by the way that is a good point to mention that that's those are all different environment right like yeah like this isn't just nodes in a cluster this is actually different clusters or different single instances of Docker or whatever you have right yeah here I've got a micro Kates cluster that's self hosted I've got a SEO cities a vulture a digital ocean then I got some Edge environments and you we we'll talk about Edge later on I think briefly for sure that is that is that is his own Rabbit Hole um but yeah you can you can manage these things and you know Docker and Docker form of course you know we've been doing that for years now and that's not going anywhere um so we still support that too but um it's really easy for you to come into into bainer and add credentials for either the cloud providers or local and then once you once you've added your credentials um you can basically go into add environment here and you see here we've got provision a cluster and if I start the wizard you've got these Cloud providers and again it's just asking you you know relatively humanized questions and we're doing this with an API pull to the cloud provider so you choose your regions choose your node sizes choose your node count choose the version that they support and hit provision and off it goes um but same thing if I do create a cluster it's micro K8 and as you can see here I've already added credentials okay and if I have you three these are just three virtual machines and I can connect to them and you can see here I can reach them and I can say well actually I want to turn these three nodes into a 1.27 stable cluster and I want to add some micro add-on so I actually want to do metric server and and actually that's probably all do for now actually I'll do some storage where's H path storage and I can just go provision environment and hit close and now this thing is going to go out and actually provision the Fuster for me and that was that was it right add some IP addresses and in the background it's going to connect to those to those nodes it's going to and all those nodes have got on them as limits that's it nothing else it's going to connect to those nodes and it's going to build me Fuster install the add-ons and once it's built I can I can add nodes remove nodes add add remove add-ons I can completely manage it I can upgrade the cluster um all from within Pano I don't have to do anything wow I'm I'm looking at this already realizing I I have a new use for it because I have Micro Kates on a bunch of VMS in my closet and I don't I don't use anything to manage it because they just it just sort of sits there and I'm like okay this is this is going to be my new tool which brings me to a question uh slightly related to this so keep that there we we'll come back to that um for Docker desktop it is the most popular third party extension so for those that have Docker desktop you can have all these plugins they call them extensions and there's a lot like I don't know how many or 89 there's 89 extensions this thing's only exist this idea has only existed for two years and we have you know we're getting close to a 100 extensions you're number one I consider number one cuz you know the these are basically the things that should be just out of the box I don't know why they're extra extensions they they should just come with Docker desktop they're made by Docker um but what do you think people are doing with this are they like in my case I would use this maybe on my local machine to manage my raspberry pies running microc Cates in the in the closet instead of me running it maybe on that cluster permanently I could run it locally do you think people are using it to manage their own Docker desktop like like as in it as in it's a better tool for managing Ing kubernetes and Docker and swarm on my own machine than it is Docker itself is that what they're doing do you have any any use cases on this yeah Docker Docker desktop is pretty raw um in some regards are you still seeing my screen yeah oh IM back image back yeah yeah I'll I'll show you something then I'm going to use the Bano server as an example because I you know I just want to show a simple Docker environment so um so this is this happens to be a do swarm a single node do swarm machine irrelevance it could be a do desktop instance and one of the one of the big benefits I think why people would use it is you can go to Stacks now Stacks is just just our word for compose you can add a stack and you got get repo and you can turn on giops and giops is is actually for Docker is very it's a very hard thing to do and so you can also get your Docker desktop instance and you can now have a full get offs pipeline for your Docker desktop instance coming back to some Central cloudo now obviously if you're running do desktop and you're running cetes well number one you probably got a very very expensive laptop with lots of memory because it's you know ridiculously hungry for memory but if if not and you're running Docker well then if you if you want to start affecting your skills and G offs and you can just do it in volano right now with out of the box so there's that but also there's a lot of capability inside inside P that doer desktop just just doesn't have like you can see these things just refreshed here now the these are basically image up to-date indicators so you is am I running the latest image uh yes or no you can see here this one's orange here means that I'm not I'm simply not running the latest image that there's a newer version of the image available in the repo and I'm running an out ofd image so there's just a lot of really quick toand UI features there and one of one of the big benefits of Volo is we make it really easy to discover things to discover capability you one of the problems with command line is if you don't know the command to type then you can't type the command D- help to read up about it whereas pan you can you can be clicking around and you can see a bunch of really cool things and you're like man I didn't even know Docker did that um and so you start to start to experiment with features and capabilities that you might not otherwise have been exposed to if you didn't have a way to graphically see what was possible um and so I think a lot of people just using forer as a way to get get easy access to some relatively Advanced capabilities yeah we got a question in chat really quick Martin's asking uh the get Ops option sounds interesting how does it work and I'm assuming I think they're talking about like does it get clone um does it check like GitHub and gitlab apis or I think that's what they're asking yeah I will I'll do I'll do two things I will explain it but I'll also point you to fora Academy so the Baner Academy has a bunch of training material on how to use baina it also has our reference architectures which explain in great deal how elements of vola work including git so if you really really want to know how it works go have a read of the reference architectures or the academy pages and uh and you'll you'll deeply understand how the tech Works um but at in a nutshell ptena becomes the reconciliation Loop engine so the pla server not not the Clusters not the docker environments out there and if you think about yeah Argo all these other tools you know they each run an agent in all the Clusters and that agent is doing the reconciliation Loop painer does the reconciliation Loop um it clones the repo shallow clones the repo into the Pano servers persistent volume it grabs the relevant composed files or other files it needs and uses those to deploy the location uh it then has a Reconciliation Loop time that you that you set here uh either a Reconciliation Loop or web hook which will force will force a a reconcile uh it's then checking against the the commit ID and get and saying well I'm I'm running an application with this with this commit ID has the ID changed yes okay then I'm going to go poll again look for changes and deploy the and deploy the changes um so it's basically just just reconciling and Gins skit and saying if if I see changes uh then grab those changes and and propagate them to the running environment in real time and what does that okay so you mentioned compose uh so we're talking about gitops I know that people if you're not familiar with get UPS um welcome to the channel we talk about get UPS a lot it's one of my favorite things of the 2020s um but the supports a composed file does it support what else does it support I'm assuming kubernetes manifest Helm charts kuet KU is Manifest Helm CHS com hel Helm chart's coming soon but right now composed files and kuet is manifests okay so so right right now this is a get repo and it's it's composed if I switch to a c's environment it would be asking me for a manifest file right um uh Anu is asking about templating support for these Ducker composed files um I'm assuming that is in the background is it just using the composed libraries to if can you pass it like an override composed file do you know anything about any of those Advan compos features we actually have this um this feature called mustache variables um and basically inside your composed file you can do you know the mustache so bracket bracket bracket bracket and then at deploy time so when when you when you reference the file It'll ask you to actually input their variables and and we we will substitute those variables at at at runtime so you can you can do that as well if you wanted to so you can actually have these M variables and it's for a kind of Rapid replace mechanism so you can do that that's that's more under the um app templates custom templates where you can actually go and build these and and use use all the variables that you need to change okay again app templates and custom templates are bit a bit like like an app store for you know for Docker and we have something similar for kuties as well based ofm very cool I I want to just throw in a teaser while we're in the middle of the show um as we're talking about like Docker um templating and we're going to get into some Edge stuff but there's this new project that we're going to have a whole show dedicated to um for people watching what's the what's the elevator pitch on k2d you w exp this but K is is interesting it it's a thought experiment at this stage um and I'll I'll basically go only that far it's a thought experiment that may or may not survive depending on the feedback and the whole thought experiment behind it is kubes is amazing right it's the first time in my career where I've seen a standardized API across anything right if you can you can write to the kubes API in a very consistent language and that API will translate and run damn near anything anywhere right it's amazingly Universal but it's heavy it's heavy in the current implementation if you look at even micro k8s in all honesty the the machines that run micro k8s if you don't have two to four gig of RAM you're kind of kidding yourself you know the the the the idle consumption memory consumption of micro K8 is around 700 megabytes um because of the way that kubes works um with it with it with its clustering its cluster Quorum it's quite heavy on dis iio and so unless you have ssds you will be burning out you know um like flash cards in in a Raz pii and the thought experiment with this is well if kubernetes is dominating heads space in the data center and dominating heads space at the edge well what happens when you get to the far Edge and the far Edge devices get very small we're talking about the compute that's inside a washing machine or a camera or in a manufacturing standpoint a small PLC and these things are they probably even arm 32 but they their one CPU core quite a slow CPU core they've probably got it probably got a giga memory at Max most of them have 512 how can we still get the benefits of the ku's API consistency when we can't possibly run even the lightest of light KU is drro and that's ktd I'm like well maybe maybe what we'll do is actually just emulate the KUB API server and translate that in real time to Docker commands or podman but we translate it to Docker commands so you can use cctl you can use all of your favorite kubernetes tools and you can manage these environments as if they're kubernetes but they're not kuties at all interesting that's a teaser for y'all you're gonna have to get on the newsletter to find out when Neil and his team's gonna be back because we're going to do a whole show maybe some demos about k2d um I will ask wait for that time to talk about things like container D versus Docker engine and Docker D for memory and iot and Edge but that's for another day we're going to get into that but today we're uh we're focused on painer which is I I guess maybe at some point it is it's like the it's the common utility that you didn't know you needed if you're not using it yet and it's across all your environments do you have like customers that are choosing to have different environment types like kubernetes and then some Docker instances alone that are just single instances or or is everyone sort of like if there're swarm people they're swarm people and if there's kubernetes people they do everything in kubernetes is it is is there a lot of people that just doing it all at the same time do you know any of customers or yeah you know what's really interesting is almost all of our customers know that they want to get to KUB netes right they all know it they the the entire Market everyone's mindset is is KUB is the way eventually that we run our fleets most of our customers though are saying knowing that we want to make sure that we have the tooling that will accommodate that idealized end State eventually but today our technical capabilities our fiscal envelope whatever you want to call it doesn't allow that to happen and so we need to start simple with either Docker and believe it or not Docker swarm um and so they're like we so we want to we want to start our Journey we want to we want to crawl before we walk before we run we want to we want to really get a good understanding of how to manage containers in production on Docker and understand around persistence versus stateless we want to understand around how how how you how you horizontally scale applications and we want to learn all the stuff first in production by the way but on do or Dr swarm and then once we've mastered that and we believe we have the the operational competence and diligence to do it well then we'll adopt C but we want to we want to stay in the same tool we don't want to be switching tools after doing that and so they they know that they want to get to kubernetes they love the fact that we do it but they want to start their start their Journey with Docker and we are seeing customers move through that progression they start with Docker and six months later they they deploy their first kubernetes cluster and they move some workloads across they cut their teeth on that they get proficient and then they go um and I think I think where pous sweet spot is is it's for those organizations that want to cons consider their Journey as opposed to just jump right in you know they they understand that that it's going to be a journey and and it's going to take a bit of time and and but we can't we can't do nothing we we have to start and so we want to start simple and we want to move our way up through complexity in line with operational upskilling yeah that's uh similar to a lot of the clients that I've had over the last well ever since I started Consulting with Docker almost a decade ago because they there there are definitely those de those what type of kubernetes adopter are you there are definitely those we just did it we had no idea what we were doing and we made all the mistakes along the way and then there's the more conservative approach of like you're seeing and I I've seen several times where they they chose Docker single instance servers and they they start with one project at a time and then eventually they got to the point where they're like okay I need a cluster I might talk them into swarm for a few minutes depending on how much storage they might need uh and then and then eventually they graduate to something like micro Kates in fact that same example the the the financial client that that's exactly what they did they started with a single python app on a single Docker server and then they once they understood and then and they had to learn a lot of new Concepts I mean we didn't go full gitops but just the idea of infrastructure as code was actually a little new to them and it's almost like they were adopting devops and containers and like agal infrastructure all at the same time along with I infrastructures code and programmatically doing deployments rather than hand deployments it's it's funny how sometimes people try to do it all at once which is one of my big messages of like when I I used to get on stage when we were all first doing Docker I think one of my big Docker talks Docker con talks was was talking about the same project rules still apply don't try to boil the ocean let's just do one thing at a time maybe two things but not all the things um we we you and I talked before the show about where your focuses are today so um where we we talked about I mean on your website there is a lot of different scenarios and it sort of speaks to how painer can be used in so many different ways in so many different sizes or types of environments and uh there's you have a whole different industrial iot and Edge area of the website so I was I was curious about the the team's focus on you know exactly where the functionality and feature set of painer applies to iot and Edge can you talk a little bit about that yeah so so containers are are dominating software deployments these days right um if if you're if you're an isv if you're making software and selling it everyone knows now that shipping as containers is the most cost-effective way of doing so um it's the easiest way to support it removes this it works on my machine uh not yours excuse the police car going past me here um and uh it it really it really does help reduce the cost of support if if you ship software now that is universal so it doesn't matter if you're shipping software for business applications or your shipping software that is running Factory floor or iot Solutions right that's that's that's just now the behavior and so if software vendors are shipping software as containers how do people on the factory floor um out there in a manufacturing sector out industry oil and gas Healthcare you name it they don't necessarily the same level of it depth of experience that people inside the data center do and if we're honest even inside the data center there's a subset of that total Workforce that can understand and comprehend containers well when you get further out into industry how do you do that as well and because of porta's focus from day one on removing complexity there's this natural alignment with what we call OT Engineers or the industry calls OT Engineers operational technology engineers they find it or organically easier to learn painer to deploy container based applications and these are mqt Brokers or you know PLC Control software um you know data data collection software they find it easy to to deploy these these things on their lightweight devices out at the industrial Edge using painer just cost of it simplicity so it it's been organically successful in that regards and now we are specifically creating capability in the product when you need to manage thousands tens of thousands or hundreds of thousands of devices how can you actually say take this composed file or take this kubernetes manifest and deploy it to a thousand devices go and then how can you do that and say okay take this this common file deploy it to a thousand devices but each device is subtly different so have a slight differential per per per environment and so we we're supporting that now how do you how do you easily onboard a thousand remote Docker environments into bainer in Century to manage them so we're now adding capability specifically for for for Fleet Management you large scale management of devices out there um at the edge of the network I would say that a thousand Docker nodes definitely qualifies as a fleet that is definitely a fleet uh what so do you have anything you want to show off for that I do remember seeing some stuff in the UI around Edge and for someone who's not I don't do any Consulting in the edge I don't really I like to pretend I know a lot about it but other than the raspberry pies I have in my closet that's about the only Edge that I deal with so what um what does this end up looking like inside the interface oops over here are you sharing it by the way that that market case environment is built it's built now so we can actually we' come into B now we could actually go and manage that one so here it is here that we built before in fact I'll just do that quickly just to show you sure um so like here's this cluster now and you'll see here this is running 1.27 I can actually click this button if I want and I can upgrade the cluster the 1.28 and do it for me um I could add another add-on to the cluster if I wanted I could add another node to the cluster um if I needed to go and you know troubleshoot I can actually get a console to this cluster node and actually start troubleshooting it um you can get all sorts of really cool information about it so once it's managed by paina you can do it but um to answer your question on edge you see uh and this is one of the uh more challenging decisions I made it's a product within a product um and it's off by default if you go to settings Edge compute and turn on edge compute features there's a whole other world inside paina it's like in all honestly it should be it should be prod yeah it could have been a product it could have been a standalone product but you just made it a a checkbox yeah because why not um yeah again I come back to to blame myself for um a large number of our challenges and this is one of them so once you turn on Ed compute you get this whole new sidebar option and yeah here you have the ability to manage uh vola Edge environments now if you come back to an environment and we add one um any of these environments if I just say Dr Stone as an example we have this Edge agent standard and asynchronous and the difference between the edge agent and our regular agents is we need no connectivity between paina and the edge agent as long as the edge agent can connect back to me to ptena and that's your instance of Poa we're not a SAS company but as long as that edge agent can get to the ptena instance you can manage it from POA so it doesn't need direct routing or anything else as long as the agent can get back um so once once you have some Edge agents you can actually start to to group them and you can actually say I want to create a group of devices either statically again you wouldn't do that in reality or dynamically and you can you can associate tags to your remote environments and these are some tags I've created you can say these are my Docker hosts my amd64 it could also be my my production line number one um it could be my my cameras you can create tags and then we will automatically add environments remote environments to the group based on tag matching all they must have all the tags or they must have some of the tags and so once you've created a group you can now say I want to create an application deployment so add a stack Docker or kubernetes get or otherwise and I want to deploy it to that group so now we will go and say take this deployment and deploy it to all of the devices in that group either currently or staggered so I can say do do a staggered roll out number of devices or exponential so deploy them all um I can pre-pull images if they've got slow connections I can go and do an image pull on them first and then deploy um and I can actually then start to go and mass deploy and manage those applications on those remote devices um you can even even if I turn on things like like G Ops here you can have gitops enabled to these hundreds of thousands of devices uh you can do things like actually I want to do relative paths and I actually want to get clone some files onto these remote devices so if you wanted to have some some environment variables or some some files on the Remote device for a bind Mount you can actually get clone them and will propagate them out there you can push configuration files out to the Remote device so if you have a zip file or a tar file with some configurations you can actually go and propagate them and push them out to these devices um you can you can run a bash script on these devices so if you want to do a a Docker update or an operating system upgrade or just do something you can say run run this this bash file on this device or these group of devices at this time it it'll go and run them uh you can do things like Edge configurations where you can say hey I need you to copy some files and you know here here's a package a tar file go and take the contents of this tar file copy it to all devices in this group and put them into this folder whatever you whatever you want to call it put into this into this directory on the Remote device or you can say actually inside this T this T file there's a bunch of directories and I want to you know for for each device go and grab the device's identity match it to the folder in the T file and put the contents of that folder onto the onto the device and then iterate that um and so that's a really cool way of copying files to remote devices and then we have a waiting room which is allows you to onboard thousands of devices in a in a really safe and easy way into Pano so this they're The Edge features it's you there's a lot more but you know that's that's the edge features in a nutshell Edge alone is a completely separate one hour talk who knew that I could use painer for to replace my my cyberduck SFTP to 50 different nodes or whatever uh yeah very cool um I feel yeah I definitely feel like we're just touching the the scratch and the surface of that and um other than okay so iot and Edge definitely a focus that sounds like what has the team been working on for the last couple of years that maybe people don't know about um I kind of went through some of the readme of course you have great uh readmes about the releases and I see you know swarm fixes in there and a lot of little I mean it's just like a ton of little enhancements like little things like added added almost like quality of life enhancements but can you think of anything over the last two years I mean I guess micro Kates deployments is one um gets good Ops is another absolutely um you get good Ops you know a lot lot of times people thought of us as a kind of Click Ops UI you know we're a way of doing things with click Ops and and that's that's of course the case um it as you said before right if you're making the transition to to Containers you either take this massive leap and say okay we're going to go from from VMS to containers and at the exact same time we're going to undergo some massive organizational shift and go to devops at the same time so everything is code and that that makes that leap huge it's a huge leap well what happens if you're not what happens if you're not if you're not ready for that what happens if you actually just want to start to cut your teeth in tariz and not have to worry about how to how to write compos files or man s or whatever else and so that's why our click Ops UI is still there because there's actually a a large number of people who simply value that experience whilst they learn the technology and then eventually they will transition to code which is why we now add that that that you know G Ops feature in bana so you know adding adding gitops was was a really really you key undertaking for us um the cluster build was was really important uh the the centralized back was being it was there for do swarm we brought that in um one of the other really cool things is that most people don't realize is Bano is actually a full KUB API proxy um when you actually have POA running and you got multiple clusters you can download a coupe config file from ptena you can put that in onto your local machine and you can do you know your your coup CTL get um get get configs um and you can see all of the Clusters now you're not talking to those clusters directly you're talking to them through Pano so so all of your clusters are not exposing the curties API externally voler exposes it and and securely proxies through to the back end automatically for you which is a really cool way of managing multiple clusters or environments from one central place yeah um I mean I've seen lots of other single tools that like that's their whole purpose in life to do something like that um does that I mean like I'm literally doing a cube control git pods and I'm seeing a list of pods from three different clusters or two whatever however many clusters are in there or do I have to like select cluster I'm kind of curious about that I'll show you so here is you can see my screen again right yes yep so here there's a CP config and if I click this you can see choose the choose the Clusters that you want to generate a config file for but if I go to the command line I've already already done this before if I do Cub config get context here are the Clusters now you can see the active one is happens to be the micro self- hosted um but I can change to any one of these environments and you know qctl get nodes and this is the micro cluster and this is all happening transparently through Pano um even cooler this works on the edge environment so again if you have a ku's environment at the edge remember there's no connectivity from POA to that environment and that environment might be behind a locked down net firewall the the moment that you that you run the very very first Cube command for that environment the environment will be told to establish a reverse tunnel back to ptena and then we can then proxy through to that environment securely through our our secure encrypted tunnel between vola and that device no matter where it is um so this is actually a really really cool little capability and as you say there's a lot of you know discret tools that do this and this is kind of the Story of My Life in poo is I I'm not a fan of discrete tools and so there's a lot of these discrete tool capabilities built in natively in fora you just need vola to run your platform yeah um I I yeah I definitely did not know that existed uh there we go yeah that's thei so my goal today was to learn at least one thing that I'm definitely going to use a painer that is pretty slick especially for my my home lab I'm not currently running any Dynasty you know any companies with my uh with my content business here but uh every once in a while I do take on Consulting clients and that they're often looking for some UI like this and um it's sort of my go-to but I mean between the micro case Auto deployments the the CLI proxy which is like I mean especially for companies where we just had tail scale on the show a couple of months ago like they're a company that hasn't adopted I would say modern vpns that are a little more agile and we easier to get your developers to the places they need to be um that's does that our back fall I'm curious by the way does that that proxy obey the arbac rules I I'm guessing in painer itself the the arback rules of painer are not even in paina and we actually propagate those to the backend environment so you're actually configuring the ARB rules in Baner and we're actually propagating them to ketti so we're actually doing rolls and roll bindings in the back in So when you when you when you create a user in painer or you configure paina to authenticate users from Upstream you your your Azure ad or whatever else the moment user logs into painer and and is is granted access to a cluster we create a shadow user in that cluster and then when you assign them a role we we do a roll and roll binding for that shadow user so it's actually in the cluster say yes it absolutely obeys all of the configuration that you said yeah and it's funny because that also that one thing you just described there's also multiple tools out there for because you know very few people have just one kubernetes cluster but so one of the first things in a real job scenario is okay how do I give the people the necessary permissions to the different clusters and then manage that centrally especially if I'm not someone who's a fan of like pure I am AWS uh management or something like that and I want something a little more closer to the actual applications themselves U that's pretty slick I feel like that's a mini demo in it of itself is I can create a user here and it can be provisional and managed you know four different kubernetes environments that I suddenly now give this person access to um very cool that I mean there's yeah there's multiple entire products that that's their whole purpose is to create a user one have it show show up on kubernetes environments yeah um yeah honestly honestly you know I'm I'm a kiwi right and so Lord of the Rings fan and the the one one ring to Ru them all one one product to Ru them all that's kind of the thing right so yeah I I want you to be able to come in in the morning log in to qua and that's the only tool you need to use through the day to manage your platform and you log off and you go home that's kind of if if you have to open up another tool to do something inside your your your environment Docker nties I've kind of failed I I want bana to be the tool you need you need to use yeah and that's pretty slick too for a uh I mean we all know the admins that will prefer a goey and the admins that and I say admin like it can be anyone it can be a developer that adhore a gooey right like there's people that love K9s uh at the at the CLI for doing everything they can they're they're neovim users uh they're doing dive for inspecting their in their images they're doing everything in the CLI so it's it's pretty cool how they can still take advantage of painer even when they's someone who doesn't necessarily want all that gooey maybe that's gooey for other members of the team and they just use their CLI um I have one question left I have asked the audience I will I will say this to you in because I'm been chatting away in in the chat for th we're going to wrap it up in a few minutes so any questions I see Ash's uh I say i' say that name incorrectly AE sorry if I mispronounced that uh I see your question we're gonna talk about a I'll ask him the AI question here in a minute uh we had an earlier question that was very specific on passwords um Martin asked interested in how you could handle Secrets like database passwords and and do they need to live somewhere and I I guess this sort of goes to a larger discussion that I wanted to ask about was one of the challenges I often have with people adopting containers is they maybe don't have a modern Secrets manager they maybe don't have a vault yet right and so they're still maybe in uh I would call it sort of secret infancy where they they're still plugging secrets into specific systems and they might have a cloud one but it's probably not cohesive for everything uh they're probably someone who's adopted one password or last pass or something like that Dashlane whatever but they've maybe not adopted it for their systems for apis and whatnot so how does how do Secret what are the C secret capabilities I guess inside of painer I I would say that's still fledgling we we have integrated with the KU secrets and doer swarm secrets so we'll create those um at least me mean Docker swarm people people hate on it a lot but you know darker swarm secrets were were quite secure once you proud of them you couldn't see them unless they presented to a to a to a container um yeah City Secrets not so much you can you can you know retrieve them and see the secret in real time um so we we we help you create secrets we also have because we're a UI we've created an overlay option which says behave a bit like swarm you know once once you create a secret don't allow people to to retrieve it so we're actually blocking the API call to retrieve to to view the secret um so that that's a nice little enhancement um we probably need to do to do better and integrate with things like Vault or you know some other external secret manager in the future yeah I was just uh so you're saying that like the workflow now is like if I have let's say I have three kubernetes clusters I can input can I input Secrets manually into portainer and then it deploys it to three different clusters or we really just talking about me somehow getting it into the yaml that way uh it can it it's it's in the ammo as a secret uh you can use it from giops if you want um you can use on the edge feature then using Edge configurations you can push out a secret to the devices so you can you can you know pre pre- deoy secret out to the device um but for for the vast majority of times it it would be in Gamble from from from giops right yeah because there I mean secrets you know like everyone does it differently right like every customer I've looked at every customer I've worked with the way they handle secrets in time the human part of Secrets right where where do we store it who has access who controls the access that's always a completely different setup they're probably using different ways of different tools not everyone's using the same tools I know in kubernetes my my my new favorite which I'm not super versed in but I was convinced at cubon uh last year to adopt the external Secrets provider because the team the team did a lightning talk that tried to convince us of how theirs is like the superet of all secret providers so for those of you out there looking for secrets and kubernetes um external ds. I think is it and it allows you to basically bring in all the other secret providers into sort of a universal PL uh control plane of Secrets for kubernetes of course those of us in swarm we have easy mode because it just works and it's there um so I wanted to take that that talking about secrets and it reminds me of personas so one of the things that I have seen in certain uis and I'm just curious because I don't actually know this for painer is that you tend to have like cluster operators and then application deployers like people that are building the app typically only care about seeing their app and its health and maybe it's deployment status and then you have operators that care about node Health Resource Management andad capacity that sort of thing is there anything in painer around separating those roles or allowing maybe a a cluster operator to give only certain specific things to an application developer obviously we have our back in the tool but I was just curious if you had sort of like an application focused view versus an infrastru infrastructure focused view because I think a lot of our conversations naturally lean to the infrastructure side because I'm an infrastructure person you know we've been in this for game for a while so infrastructure is our game but is there anything in there like that for application developers yeah so out of the box when you create a user imper it's you're either an admin or a user if you're an admin but by that we mean infrastructure operator if you're a user by that we mean application user um so there the two personas so so when you when you create a user import tainer and they're a user versus an admin they don't see any of that cluster stuff so all that stuff is 100% abstracted um and you are now operating from within the guard rails that the administrator set so any quotas or policies or anything else all all of that is actually built you know one of things I didn't mention is you know we actually we actually have full support to you flick a switch turn on Opa gatekeeper and deploy a bunch of opa policies to the cluster when the when the user is is operating in user mode they they have to abide by the OPA gatekeeper policies any qus or limits that the admin has set so the admin is the Persona to configure the environment the user is now self-service able to operate within the guard rail set by the Admin out of the box nice so yeah so it's there it's by default um perfect we've got a couple questions real quick I know we're running up against time but um I want to make sure I help the people all right uh a is asking about AI so well AI take all the things you've explained until now so uh we have we all have we all have our own personal crystal balls when it comes to like what is Gen going to do for our tool and our industry um where do you see do you see any anything I mean because painer is running on on your environments like if it was to have anything AI in it it would have to run in the environments right so that's like problem number one is you're not a sass like you said you thought about that so so you can actually go into settings in POA turn on um experimental features and then we actually have a full AI engine built into Porta so you can already do that today all right so so you go that yep and and you go into settings and and you put in your your open AI API key um and then all of a sudden you get a little little bot and you can ask the bot questions um and that and and the answers to those questions like you can say hey I want to deploy WordPress uh in my environment now behind the scenes we will enrich that question with Will you're asking that question on a kubes environment and with this with this configuration so then we will we will say to the AI back end how to how to deploy WordPress on cetes with persistent storage and a low balancer enriched for you then the response that we get back if it's the am we'll give you give you to hit the button to say deploy this and we'll just immediately grab that code and we'll deploy that code and have the application running for you all right again it's it's an experimental experimental feature that people like it do they Lo it um who knows um it's there by SS it sounds akin to the stack Overflow uh copy and paste and deploys but yeah it's exactly that it's exactly that right exactly that except except it's it's actually enriched questioning and by the way these some of these things I mentioned marker Kates as well this is in bana Business Edition in the free you can get a free license of banaa Business Edition this is all in there so not the POA C version it's in POA Business Edition the freemium license or paid many many many people out there home users have switched to our premium license just because it's so feature Rich yeah so explain that real quick so we have we have painer CE which is the open source Community Edition right and then you have be I I see that in the website uh and there's even a blog post which I posted earlier for those of you in chat that was from you all on explaining the difference between CE and be but what you're what you're talking about correct me if I'm wrong is the for home users you you can they can apply for a business license for home use is that right yeah so you fill in a form online it takes seconds um and you'll get a license for free forever for three nodes um to run if you need more than three nodes and some of us do we even actually have a home and student license $49 a year for 15 nodes um then it's basically gives you all of the all of the commercial features uh for free um oh not for free but it's free for three but otherwise we give you all all those those commercial features for use at home and you can learn experiment and and become proficient with all of this gith Hops and containerized management and policy management and everything you want to do um to to help you with your career all right um I have one last question Dan's actually I think S I think Dan's been sitting here while we are chatting actually implementing portainer he says he just got his uh be and uh people we congratulating him in chat and he said can I use traffic for the Ingress so he's Dan is also a member of our other of our Discord community and we've been talking about traffic and he's definitely been interested in it trying to figure out some of the nuances of traffic um but I think he's just curious if traffic supports kubernetes inside of painer doesn't painer have like can't you install add-ons or doesn't have like a a menu of options you can install different common things like traffic with a couple of clicks well that's that's micro Kates yes um so if you're using micro Kates you can add the traffic add-on for Ingress and will deploy it and you can use it right um paina baina the UI helper talks to the it talks the the Ingress API and so as long as you have installed an Ingress controller in the cluster we can manage it be that engine X or traffic or anything else we can we can manage it absolutely um so we we've got we' got customers who use the traffic Ingress today in kuties and it's completely fine by far the vast majority of the world I think 90% of of in deployments are engine X um yeah I think that's that that's an amazing um amazing stat but yes we we support engine X and traffic and others as inas controllers yeah having had both of those teams on the show in the last year um I am also a traffic fan technically a traffic Ambassador but it is always amazing to me how many like to me the engine X is a perfect example of Good Enough by default like it is it is the only one that's officially supported by the kubernetes project in terms of just an example load balancer but so many people still use it uh and there's all these other ones that are more Cloud native that are custom we've got Envoy and contour and and traffic and solo and all that but people still keep using the ing the engine X which i' I've I'm always amazed by because it enginex doesn't actually know anything about kubernetes itself it's not natively cloud aware or kubernetes aware but yet it's used everywhere it's just such a success story for them yeah it's a success story for them really yeah yeah very cool all right um I think that's it for the questions I think everyone else has answered them uh I'm just going to ask you this question because I love to answer ask this at the end what before we're done is what's next like what what can we what do we have to look forward to what little teasers can you give us uh for 2024 what what BR news can I br about p on this show we we've actually just just finished surveying our our users of pora business because we are about to start or we have started the uh imagination phase is how I describe it for what will be Bano version 3 um and you know that's going to be something that's later in the year uh but we are going to be dramatically rethinking the experience you know we want it to be more conversational UI um you know that seems to have been how people are now starting to engage with technology a lot more as conversational um it's definitely going to be a code first experience um and we're going to to sort of redefine or or or refine what it means to to run painer and how it's going to deliver you an easy experience you know there's there's a lot of Focus right now on serverless containers and that serverless experience the cloud run um and so how how do we how do we provide that type of experience as well where you you simply don't care about the infrastructure you ask fora to deploy something and based on metadata we will make the right decisions for you and deploy the application so that's kind of what where we're thinking the future is going to be interesting all right well I'm hoping to have some some uh llm shows here this year so that sounds like maybe something that's in your future um speaking of the AI world and and all that that that that's doing for us um but I think for me you know one I I don't know why I'm not using it in my my home cluster in the in the closet that's a mistake on my part apologies to to everyone including my closet for not doing that um and two you know I'm excited about the deployment options now I because one of the things that I've I've used Rancher for in the past is that deployment workflow and and not necessarily been someone who's all in on Rancher but the UI experience at least of deploying is a little less tedious than trying to figure out a a cube admin uh you know configuration file and all that stuff so the ideas that I can now deploy micro Kates or some of the cloud products uh because if you've ever tried to deploy those you realize like you said they're not easy they're not simple in fact I think that's one of um Corey Quinn's biggest complaints about uh eks on on AWS is like who designed this there's a thousand choices and no one how how would you even know all the answers to these questions I don't know all the answers to these questions it's not even obvious so uh it's I'm always excited to see some other tool trying to simplify that for us CU if we've deployed kubernetes today we're going to have to deploy another one like there's always more kubernetes coming if you're a Cuba admin uh or a cluster admin you are are well aware that however many you thought you were going to have you're going to end up with more and it's going to grow kind of like VMS did I feel like 15 years ago when we were like in VM bloat we were just making more VMS that we could possibly handle in the data center and then we all had to come up with tools to actually manage all of that I feel like we're in that work world right now with kubernetes where instead of the one large deployment that we're all going to have like this giant production that's spanning regions and you know hybrid and blah blah blah it's I'm seeing a lot more of the smaller uh cluster deployments with centralized tooling to manage all of them uh wherever they're they're at so this is this definitely feels like it's part of the trend for the future and I'm excited to dig into it all right for those of you in chat uh Neil is going to be on the podcast so this if you missed this if you're just here in the last 10 minutes and you missed all the demo it's going to stay here on YouTube it's going to be a podcast you can get all those links below as well as oh over there nope over there I always point in the wrong direction it's right there that is my website you can go get the podcast there Neil will be on that in a couple of weeks we're GNA have him back on the show I believe you're coming back on the show right like you're coming with the team for k2d I'm coming I'm coming with my co-founder because uh you will you will lose my my tech deps real quick when we start going to k2d so I'm bring I'm bringing my co-founder Anthony with me and we we're gonna talk deep on k2d yeah that's great bring the team bring bring we're bringing in support uh we're going to go deep so we're going to have a whole conversation about what does it mean to have a kubernetes API on top of Docker without kubernetes like what does that even mean how does that work and then of course uh I should just say painer doio go download it's free it's on GitHub you can get a community license like you just talked about if you want to actually have more of the business features you can get a home license or whatever um I'm sure I'm saying that those words wrong but Neil how can people find you and ask more questions about painer um I didn't very I am very free and open with my email address it's just Neil at forer doio and I always respond to emails um I spend a lot of time traveling and I have a lot of lot of spare time to respond to emails so uh email me um we I'm on our our community slack channel so if you if you jump on our community slack Channel and often I I'm the person responding to I keep saying tweets but that's kind of showing how it how X is now so if you if you we're all still Tweeting respond oh my God we're all still Tweeting yeah unless you're unmas it on and then it's toting so I'm still TW and and yes I'm on LinkedIn and I accept all all LinkedIn invites so if you find me on LinkedIn I look very much like my Persona um so uh if you find me on LinkedIn um then I will accept your inv Che fantastic well thank you so much again for being here like every other time I learn more about painer that I should have known already uh when you're on the show and I'm looking forward to be coming back on talking about a new experimental project as well as we just might want to plan now maybe not this year but when the V3 releases like definitely getting uh a show on the the big reveal of a I mean that's such a huge lift I'm I'm both excited and nervous for you cuz I know how much re rethinking of everything you just did is is how much work that is and how much effort that's involved with getting people on board with that getting it working we've seen it we've seen it struggle at times with other apps and like I'm thinking of Jenkins and sort of their their weird attempt at refreshing their UI and I and I know you're going to do better than that like they're the floor I'm I'm I'm G to dog on Jenkins for pick on chenkin for a second and say that when they when they released their new UI experiment we were all very confused about it but at least I was um but I'm I'm we're also going to be at cucon in Paris next month so if anyone is in in Paris and uh enjoying the lovely French food we will be there as well so I'm happy to meet people in person as well yeah fantastic that's a great idea I'm definitely stopping by the booth give a high five and um and talk with some painer fans so I will I will be there too that's only three weeks away by the way or two weeks I think three weeks um so for you all there if you didn't know we're going to be uh live not only next week and every other Thursday but I'm going to be Live from Paris for two weeks in a row so definitely keep coming back on Thursdays uh if you miss the live show it's always going to be here on YouTube we're now making clips of the shows so um you know you can check out some clips maybe some shorts I'm trying to be cool and get into that short game and um as well as you're going to see us from ptain maybe not from Porta from cucon maybe Neil will stop by and say hello who knows we have guests on the show when we're at cucon that we didn't expect it was a fun one in Chicago um a bunch of random people stopped by that I hadn't seen in Forever uh so that was a good time and next week we have Daytona on the show we're going to talk about self-managed uh Emeral environments so developer environments like think of your own code spaces essentially on your own Hardware managed by you uh come back on the show next week we're going to talk all about that I'm excited to talk about Daytona so thanks Neil we'll see you soon on the internet appreciate it see you R see [Music] [Music] [Music] you [Music] [Music]

Info

Channel: Bret Fisher Docker and DevOps

Views: 1,258

Rating: undefined out of 5

Keywords: docker, kubernetes, bret fisher, cloud native, automation, containers, docker mastery, kubernetes mastery, devops, portainer, nomad, docker swarm

Id: -ySHvSQP3hE

Channel Id: undefined

Length: 76min 45sec (4605 seconds)

Published: Fri Mar 01 2024