PurePerformance - Perform 2020 Containers, Kubernetes, and Openshift with Justin Pittman of RedHat
Episode Date: February 5, 2020...
Transcript
Discussion (0)
Coming to you from Dynatrace Perform in Las Vegas, it's Pure Performance!
Hey! Hey!
We are live at Dynatrace Perform with Justin Pittman from Red Hat.
Yeah.
En vivo.
Welcome to the Peer Performance slash PerfBytes podcast.
Thank you.
That was a mouthful.
It is.
Live from Las Vegas in Dynatrace, the same thing, the opening.
I'm standing here, Justin, with my friend Leandro Melendez from Perth by South Panyol.
Hola, Justin. Nice to meet you.
It was such a pleasure.
The usual host, the man at the desk who does not have a space pen, Brian Wilson, is with us.
Hi.
Yes, they're sharing a mic right now.
And James Pulley, the master of the live stream video that's happening.
Good morning.
Good morning. Excellent.
Justin.
Yes. Welcome to the podcast. How's perform for you Good morning. Good morning. Excellent. Justin. Yes.
Welcome to the podcast.
How's perform for you so far?
I have a headache.
Do you?
Yeah.
Thank you.
I started that treatment this morning.
Yes.
Was it an artificially induced headache or something more organic?
I didn't drink enough.
Didn't drink enough.
Water.
If you kept drinking water.
Yes.
Good.
That's excellent. A good twist. Water. Yes, good. That's excellent.
A good twist.
Yeah, I think so.
But this is your first time to Diner Trace perform?
First to perform.
I cannot remember how many times I've been to Vegas for conferences, though.
Oh, yeah.
Everything from Comdex to every other big company.
Reinvent.
So Las Vegas is not new.
No.
Here's a trivia question
because tonight is the Wednesday trivia night.
Are we technically standing right now in Las Vegas
or what town are we actually standing in?
Town are we standing in?
Can I risk to answer?
You can.
We actually have a Jeopardy theme music.
Oh, bring it on.
He's going to find it.
Because these are new toys we have.
Yeah, because it's also an interesting location.
Think about it.
You don't know exactly.
You have to voice to answer to get the correct answer.
Did I take it off?
Anyway, but yes, it's technically Paradise, Nevada.
Everything is paradise.
Brian's brought that up to us multiple times.
That's definitely wrong.
Paradise is not wrong.
That was right.
Cool.
So tell us a little bit about what you do with Red Hat
and sort of the connection with the current connections.
As we've had Red Hat folks, you mentioned Chris Morgan and a few others from Red Hat. One of the
CTOs, I think, last year stopped by and chatted with us.
And some really interesting Dynatrace integrations. Some tagging stuff was
very cool, I think. And in kind of the virtualization space.
But what's new for you in the Red Hat world and what brings them to
you to Dynatrace?
Sure.
So this year, Red Hat was awarded one of the Partner of the Year.
Partner of the Year.
Congratulations.
Thank you.
So that work was integration with Dynatrace's one agent and our Kubernetes container platform, OpenShift.
So that's why.
And that's it.
Chris and you, I think, talked about OpenShift mostly.
Yeah, yeah, yeah.
Yeah, because it was fair.
And it was still some new announcements a year ago or more.
It was.
From those key integrations.
What is the latest news on that?
What updates?
I mean, the.
Can you tell?
Is it some secret?
Don't violate any NDAs or anything.
Yeah, some stuff is still, you'll find out in April when we have our annual conference.
Oh, great.
But since last we all talked, the big news is we released a major release of our Kubernetes container platform OpenShift.
Right. So that was a major enhancement for our customer base for a couple different reasons, but we've
aimed at simplifying
the customer experience
and making it easier to consume OpenShift.
That's a big change, but there's
lots underneath the covers.
Yeah, ease of use, and also when you're connecting,
I mean, Dynatrace, no offense,
is managing really complex systems
in and of itself,
I'm okay with super complex software,
but not everyone's okay with it, to get started, right?
So you make it easier to get started
and connecting the dots between all the different pieces, right?
Sure.
A lot of people will come even here at Perform
and they'll ask a bunch of Kubernetes questions.
Hey, I'm running vanilla Kubernetes,
run 15, and I'm doing blah, blah, blah.
Well, we want the customer
to not have to get down into the kubelet.
Oh, sure.
If they're down at that level,
we aren't providing value to them, right?
And it's not to masquerade.
You can still use, like, kubectl.
Yeah, if you want to do that.
If you want to, sure.
The APIs are still there.
But we want to simplify it
because we know that there's a
heavy skill set required to get that deep into it. Yeah. And is there a lot from the Red Hat
perspective in terms of customer or broader install bases that are still early adop? They're
just getting started in the Kubernetes world. Yes and no. Like those that are already doing it are
like super advanced and then there's still some newbies.
Okay.
There are.
So Chris Morgan actually first trained me way back in the day on OpenShift.
Like this was 2014, 2013.
Sure.
There were early adopters for sure.
And there's been some adoption that's just within the past year.
So we have about 1,300 customers.
Great.
And some people are like the lines of code, quantity versus quality.
Yeah, yeah.
They hear that number and they're like, oh, yeah, but those are all sandboxes.
They're not, you know, real clusters.
No, no, these are production-grade enterprise customers
that have their mission-critical applications on OpenShift running currently.
Yeah.
So somewhere a little bit ahead of the curve.
Yeah. Yeah, So somewhere a little bit ahead of the curve. Yeah.
Yeah, that sounds really cool.
Oh, well, you mentioned while we were setting this up
something about container performance and all.
Yes.
On pure performance, we love to talk about performance things.
So I was curious where you were heading with that topic idea.
Yeah.
So what's going on with container performance?
And I'll put that back to you,
Brian, because... Put that back to me.
I'm just a sales engineer.
I sit in the front.
We know some information
about performance
and there's been conversations,
but I think that we could really use
Dynatrace or other experts
to find out
what could benefit customers,
joint customers.
Right.
So I did a little
kind of meta-analysis sampling of data.
Cool.
And if you go back a couple years, the big performance concerns were
how well do containers perform compared to virtual or compared to bare metal.
Right.
Yeah.
And then there was the whole stink about the overlay file system
and whether it was a blocker.
Right.
So there's been a whole bunch of compute-focused performance. How well do Docker containers or containers in general perform from compute memory resource utilization?
But when I started looking at the analysis, there was an elephant in the room.
Oh, really?
Yeah.
What color of elephant?
Were you taking any cyclotropic drugs at the time?
No.
That might have been more digestible.
I wasn't in Vegas at the time.
You were in paradise.
Yes.
With a space pen.
With a space pen.
It's a space pen, Brian.
Go ahead.
The elephant's name is networking.
So Kubernetes, by definition, people forget it's a clustering.
Oh, absolutely.
So almost all communication happens over a network.
And most of the performance analysis hints at, well, the IO wait time could have been caused by over the wire.
But they don't really delve into how much of that was really responsible because of a NIC driver or an overlay network, double encapsulation?
There's not a lot of detailed information about that.
Or somebody that trimmed the red, white, or the orange, white, orange, the cables just a little bit too short.
I mean, it's linked.
No, it's not linked.
No, I'm linked.
You're not linked.
I'm linked.
Yeah, see?
Mark's going back to some nightmares he's had.
So, yeah, networking is always a challenge, right?
Because even if you take a look at...
Well, snipping wires is...
Not that, but network monitoring.
The hardest part.
There's your Wireshark type of tool that gets really down to the weeds,
but that's not an area most APM tools go into
because it's very highly specialized to be capturing all that all the time.
Again, one of the ideas with APM is you're just capturing everything all the time.
Yeah.
And it seems that that's, I don't know, does that cause overhead
if you're running something like Wireshark on a network connection all the time?
Because, you know, the idea is, well well why aren't we looking at all that data
all the time it's usually when there's a problem detected in the network then we throw the analysis
tools on to get the deep dive into the network but otherwise it's hands off good point good point
yeah that probably most people would say wireshark tcp dump would have an overhead right just because
of you're asking the networking layer to process every packet coming through. There are some inference happening, like Dynatrace's agents seem to infer,
but I don't want to speak, but it looks like when I look at the dashboard,
if you make a client call and then you have timestamp data about the server response,
then you can infer the latency, right?
Right, right.
Or packets dropped in retransmissions.
We pick up some of those from the network statistics.
But it's not the same as, like a span port or a mirror port
is the most least overhead way to just take a copy of TCP.
Right, but then you're talking about adding hardware,
and if you're running in the cloud.
Yeah, and you can't touch a port to port wine maybe.
And then when you start going into service meshes,
it gets even more complicated.
And we do have monitoring on the service mesh.
So I know Istio, we can look at some of the performance
and we're tracing through and getting some stats from Istio
and some dive into there.
But it's still going to be, there's still the wire between
when anything that's going on there,
there's still that wire piece, right?
Yes.
And is that where you're saying that's the elephant?
I think a problem of what you're mentioning that I see
in other areas of performance is that you trust that you will get support from
separate each entity i mean network is integrated but you don't really dig that much and try as you
say possible double encapsulation but it happened like in another layer where usually you are just
trusting that it will do like the the public cloud engineer is supposed to look at that for you.
Exactly.
And you are like, I expect it to work, but that's my bottleneck.
That's what is pretty much causing the elephant.
Or you drink the magic Kubernetes Kool-Aid.
What network?
What are you talking about?
Which one?
They're containers.
Calico.
It's a container that just floats.
It's an ether.
Yeah, exactly.
A lot of Kubernetes folks don't even get to that level exactly.
And rightly so.
OpenShift doesn't want to have to expose that to our customers.
Yeah, that's the convenience of lovely design.
But it's a valid concern.
And we do tell customers, okay, virtualization could benefit you for your containers.
Like the host nodes could be virtualized.
But you could face double encapsulation in that type of environment. benefit you for your containers, like the host nodes could be virtualized.
But you could face double
encapsulation in that type of environment.
And maybe it doesn't matter. Maybe
it's not a high performance, real-time.
Most of the time you don't notice it. You don't notice.
But for other customer use cases, they are real-time,
low latency, and it does matter.
So do you have any ideas on how to
tackle this? No. That's why we're
bringing it up. Brainstorming. So anyone out there listening, you got an this? No. That's why we're bringing it up.
Brainstorming.
So anyone out there listening, you got an idea?
Yes.
Send us an answer at askatperfbytes.com.
Or don't send us an answer. Develop the answer.
Give Brian the answer at perfbytes.com.
And sell it.
That would be answers at perfbytes.
Answers, yeah.
Just created their next company for them right there.
There you go.
That's what we like to do here.
So you give Justin's.
Yeah, you give.
Inspire.
Justin.com. I think we we like to do. So you give Justin's, yeah, you give... Inspire, justins.com.
I think we're good at that.
Awesome.
What else is new in the Red Hat world?
You're multiple years now into the IBM acquisition,
have things settled down,
and things are back to growing and good.
I don't know if this is what you mean,
but the big announcement is Ginny is stepping down.
Yeah, yeah.
So Arvin at IBM is becoming the CEO.
But Jim Whitehurst is becoming the president of IBM.
Oh, cool.
Yeah, so he's...
So you're kind of meshing two people together.
Weaving our way into the big blue.
I think it's fantastic how you guys have taken over IBM.
You said that.
You're great. I mean, I'm still, at heart, I'm still a JBoss guy. I like JBoss. Nice. You know, taken over IBM. You said that. You're right.
I mean, I'm still, at heart, I'm still a JBoss guy.
I like JBoss.
Nice.
But, you know, that's fine.
But in the Red Hat world, something red took over something blue.
Oh, it's Halo.
Purple.
It's Halo all over again.
It's purple.
Red versus blue.
The purple takeover.
Purple hat.
I like it.
So that's good.
Yeah, so some changes happening to lead the company, and it's been good.
It seems like it was well-received even by the public, to your point, by analysts.
So we are still a separate entity.
I mean, I still have a Red Hat email address.
You have a Red Hat jacket on right now.
It's actually a really nice jacket.
I'll sell it on eBay for you.
Make a profit on everything.
But there are some changes.
We are doing joint solutions, including with some partners like Dynatrace, on a fuller stack solution.
Let's say OpenStack is the platform, but IBM Cloud Packs with their application server or whatever is running on top.
So there's more full stack with integrations with other partners.
So that's beginning to develop.
Yeah, and that was some of the promise, I think,
from the initial working together with IBM anyway
was opening those doors and building those.
So you would be able to leverage and interconnect.
Watson, is it, also play with it?
I haven't heard anything for integration with Watson.
I'm waiting for it to answer all Jeopardy questions.
No, no, no.
Here it is.
All performance questions.
Now we're going to be like matchmakers.
Watson Davis.
Oh, yeah.
Now, when they get married, which name do they keep?
Who takes the last name?
Does Watson have a last name?
Watson sounds more like a first name.
Watson Davis.
Like you got
Mac Davis, you got Watson Davis.
Have we checked their astrology charts?
Would they be a good match?
Both Leos.
Both Leos. Maybe that's a
clash. Differences attract kind of thing.
Which one has a space pen Differences attract kind of thing.
Which one has a space pen, though?
Also, in terms of all that stuff, you were mentioning some things about what's going on with CoreOS.
Oh, right.
Yeah.
Yeah.
Maybe OpenShift.
And I don't know.
I think you guys talked about you have things you're going to be revealing about OpenShift, but not quite.
Not yet.
Right now.
Yeah, not totally.
But the CoreOS is public info.
Yeah.
This was a substantial change, but it's been in the works for a long time.
Right.
Essentially, we moved the latest release for OpenShift to being an appliance, if you will.
Yeah.
So instead of going in and manipulating the operating system that are the container hosts inside the cluster,
it's a fully managed operating system from its upgrade,
from its reconfiguration,
all doing it in a Kubernetes native way.
So instead of doing a Linux distribution update,
like yum update,
you're supposed to have a new built image and bootstrap Core OS from that new image.
This is not new.
We tried this with Packer from HashiCorp back in the virtual days.
Someone would generate a new golden image.
Start golden image.
And that's what would rev from infrastructure as code.
Along with the application.
Yeah.
The only problem was the VM was the whole OS, so it was huge to do.
So CoreOS is a minimal footprint.
You still create a new whole image, but you deploy it the Kubernetes way.
So it's still controlled through operators, Kubernetes APIs to deploy the host.
Yep.
So that's the big change.
But there are some nuances to that, right?
Yeah, there's always nuances.
Yeah.
People have given us feedback, and they said,
well, we want to remote manage these operating systems.
And we have essentially opted to not do that for reasons that it becomes mutable at that point.
Yeah, yeah, yeah.
Yeah. So like SSH into CoreOS, you can do it for reasons that it becomes mutable at that point. So like
SSH into CoreOS,
you can do it for debug reasons,
but it's not there to do a YAML update.
Security-first mindset
is a really good idea, yeah.
It's a huge mindset change for sysadmins.
We all know that, because we've all got used
to SSH into a box, you
manipulate it on the fly, and this
is a pretty big change of mindset.
You dread those days when you accidentally hit W in the console,
and you're like, wait a minute, who are those people?
How did they get in here?
I don't recognize any of these IDs.
Who am I?
That's a fun day.
Yeah, yeah, yeah.
So those are some of the Core OS changes that came in the latest release of OpenShift.
So that's going to be...
So you're basically managing the OS
as if it was code being deployed remotely.
Yeah.
That's pretty cool.
Which also means you can...
Speaking of security again,
one of the beauty of the whole thing,
with a small footprint like that,
a given instance running and providing value to your company can disappear every hour.
If somebody actually were to explicitly get into the system or you have a breach of something,
they're not going to be there very long because it's like, oh, you're on an iceberg that's melting.
Oops, I need to redo.
By the time you actually figure it out, you can wipe all this stuff really quickly.
But I'm also thinking in terms of if you're running your code on a system that's going to require something updated in CoreOS,
your OS is now part of your build that you push.
Yeah.
Yeah.
That's exactly right.
Which is pretty darn cool.
It is.
You know? Even the classic way of updating the operating system,
like let's say back in the day you were going to add a kernel module.
Usually you would dynamically load it into the kernel standard way.
Now kernel drivers or any kernel modules are loaded through containers.
So you literally deploy a container to the host,
and it injects itself into the kernel.
And you can turn off all of the hooks
that would allow you to do a kernel mode,
to block a kernel mode invulnerability, right?
All the execution pieces,
because we don't update that way.
We don't need those hooks to be open anymore.
Again, maybe on a debug instance,
if you were testing or doing something,
but never in the core.
That's really good stuff.
Nice.
It is a big shift.
So it's trying to get the word out and get feedback.
It's kind of an open kind of shift.
And what sort of adoption are you seeing for?
The rim shot.
For that type.
Aren't the customers worried, scared, or, like, always that's something new.
Reasonably so.
Anytime you tell someone about change, there's a fear factor.
Yeah, yeah.
There's, you know, people who are anxious.
They're going to have to re-skill, re-train, whatever, right?
So we have gotten that feedback.
But we think that this is the right way to go.
This has been in the works for
many years to get to this because there just was too many snowflakes were being created with the
operating systems and you would lose control yeah i have to say as uh in my in my regular day job
not as a podcasting superhero with a space pen uh i work in the financial sector in the payment
sector so you know compliance p compliance, depending on your level,
can be brutal, almost the biggest expense to the company.
So this is, that's absolutely music to my auditor's ears,
that it's like, oh, well, here's, you can give them stats that are like,
there is no such thing as terrible Tuesday, where, oops, I forgot to crash.
How come I can't?
And every once a month at Tuesday comes out.
Thank you, Microsoft.
There is a security play to this,
because then the auditor knows there's a single method for updates,
and you control it.
Yeah, fully controlled.
Nice.
This is really good news.
Thank you.
This is very enlightening.
So in general
for you then, right? So you have
still close to the new year.
What are you looking forward to this year?
I mean, obviously without revealing anything that
you're doing, but in terms of what's going on in the
industry, everything else,
what do you see on the
horizon that's got you most excited?
On the technology front, that is.
Just a trailer for coming out next summer.
Just your own interest.
More in your own interest
of this. Maybe it's the
Coroas thing or it could be something outside
of it, but
what's got you like, I can't wait to see how this
develops?
There's stuff he can't talk about.
Maybe apps that,
that don't affect our,
our,
uh,
political process anymore,
right?
To 2020 technology will solve all of our election problems.
No.
Um,
I think I still am excited about Kubernetes.
Yeah.
I know that seems boring to say,
but if you look at the market,
there are so many players now who I think have come to realize.
If you look at the announcements coming out with Project Pacific from VMware, you look at Google Anthos, AWS Outposts, they're going to add EKS to it.
So there's a lot of announcements now.
Pivotal now has Kubernetes instead of a lot of announcements now. Kubernetes instead
of a Cloud Foundry offering.
So there's a lot of...
I think the hype is over.
It seems like a lot of...
The adoption is really
picking up from commercial vendors.
And then we can ask,
what happened to Docker?
Oh!
I heard they were acquired by mirantis yeah yeah yeah uh but
again a lot of these same questions where these other things are moving forward getting investment
and the question is docker could have had this docker swarm could have been amazing yeah but
it's funny like in in a lot of the accounts i work with so i work more with a lot of the smaller
companies and they're just starting to look to taking that step into the cloud or
getting off of their monoliths. And there's still that mindset of, oh, we're looking to explore
Docker. So the
kids at the top of the class, and I'm not saying this to
say these other customers at the bottom of the class, but the kids who are way
ahead are already on the new things.
And that message isn't trickling down
to the people who are just starting to be like,
oh, yeah, I think we're going to start making that move.
I think the news of Docker and some of these other ones
are sort of being left behind,
and you should just focus up here.
So we're seeing...
It's just slow.
It's a slow message getting out.
It's slow for the message to get through.
I don't know if that was a segue for me to comment on Docker from you.
Oh, I don't know.
I'm just saying it was like super.
You got something there.
So in their latest release of OpenShift, we actually did stop shipping Docker binaries.
Oh.
Okay.
So that wasn't a segue for me.
No, no, no.
It's not unusual. Okay. You hear that't a segue for me. No, no, no. It's not unusual.
Okay.
You hear that news a lot from other places too.
It goes back to the Mobi and what they were going to do with Upstream and all that.
So then we get asked by customers, okay, what do you mean?
I can't do a Docker build?
No, no.
You can still ingest a Docker file, do a build of a container.
That's all still doable.
But if you literally want the Docker tooling, you need to go to Docker Inc.
I mean, the functionality is all there.
And that's a big change.
We're still getting the message out there.
But I think that some people are seeing the kind of like they started something that was really, really great.
Yeah, for sure. And we owe them that credit., really great. Yeah, for sure.
And we owe them that credit.
Oh, definitely.
Oh, yeah.
Kicked open the container door.
Yeah.
Yeah, we wouldn't be open.
It's open.
I don't know why I have the word open.
You need to shift your thinking.
All right.
Is there anything else you'd like to add?
Or any fun plans for Vegas?
You're going to go see Wayne Newton tonight?
Food shows?
I wasn't invited to this.
Maybe Debbie Reynolds is performing down at the Tropicana.
Weren't the Osmonds in town?
Actually, last year they were.
Last year the Osmonds.
You said the Beatles show is still here, right?
Well, that's a permanent.
Yeah, that's an awesome.
Carrot Top is in town.
Carrot Top with his eyeliner.
Especially if you're a Beatle fan.
If you are a Beatle fan, I do highly suggest the Cirque show.
The best part about it is they have this really great sound system,
and you get to hear the Beatles music like you haven't heard before
because it's blasting through this great sound system,
and it just sounds so freaking amazing.
Yeah.
That to me was my favorite part.
It's a Cirque du Soleil show.
One of the Cirque du Soleil shows.
Yeah.
But just the sound alone.
Yeah.
The show's good,
but I was more just like
in heaven listening to
this music that I've listened
a million times
but in a whole new
just...
Experience.
Yeah.
Ear experience.
Yeah.
Cool.
Music to your ears.
My ears were open to the shift
in the music.
Alright, we're beating a dead horse with a...
We're beating a dead horse with a space pen.
Are you a social media person? Can people
follow you? Do you share things? Only on
LinkedIn. I'm not really on any of the
other platforms anymore.
So maybe people can look up stuff on LinkedIn.
And of course, Red Hat has all sorts of announcements,
so you can go to the Red Hat website and check that out.
Yeah, actually, we are doing joint workshops
with Dynatrace that's, I think, on Dynatrace's...
Like events page?
Events page, yep.
We're doing several in the next three months.
That's cool.
Good, and then there's also your big conference
in two months?
Yeah, that's going to be in San Francisco.
In San Francisco.
So if you're any diehard Red Hat fans, go to it.
That sounds great.
Justin, thank you very much for joining us.
Thank you very much.
It's such a pleasure.
Thanks for coming.
Yes, thank you very much.
Thank you.
Talk to you soon.
Thank you.
And that's it for the show for this moment while we roll up the output.