#44 March 13, 2019

Continuous Delivery Foundation, with Tracy Miranda

Hosts: Craig Box, Adam Glick

Today Google and CloudBees, along with 20 other companies, launch the Continuous Delivery Foundation (CDF). Tracy Miranda is the Director of Open Source Community at CloudBees, who coordinated donating Jenkins and Jenkins X to the CDF. She talks to Adam and Craig about why it the CDF been formed, and what to expect in this space in the future.

Do you have something cool to share? Some questions? Let us know:

Chatter of the week

News of the week

CRAIG BOX: Hi, and welcome to the "Kubernetes Podcast" from Google. I'm Craig Box.

ADAM GLICK: And I'm Adam Glick.


How's it going, Craig?

CRAIG BOX: Every few days, we have to pack everything up and put everything back into suitcases. And we have a rental car at the moment, so there is a little bit more opportunity to put things in bags and leave them in the trunk-- or the boot of the car, as we would call it here. I hear you've had some similar situations.

ADAM GLICK: Yes. I am learning why we let computers do our bin packing for us, and when we don't try and do our own personal tetris work, we are also doing some packing here. And let's just say that my ability to get the most space out of a moving truck is not nearly as good as Kubernetes is in packing things onto a virtual machine.

CRAIG BOX: We'll have to call John Wilkes up and have him come by and do a series of simulations on your workload and see how better it could have been done.

ADAM GLICK: [CHUCKLES] Gotcha. Speaking of things that are upcoming, I believe we've got a special upcoming show.

CRAIG BOX: We do. So four weeks from now is Google Cloud Next, our annual San Francisco extravaganza. And this year, we're delighted to announce that we will have "Kubernetes Podcast from Google Cloud Next". We'll have a live show at the event. It is a session on the calendar which is available for all attendees to attend. We do hope that a large number of our fans and podcast listeners will be able to attend the conference.

Tickets are available online. We'll have a link on the show notes. Ask your boss to send you, or else group discounts, government rates, and academic passes are also available. And if you are able to get to San Francisco on those dates but don't have a ticket, do keep your ear to the ground because we will have some more to say about that next week.

ADAM GLICK: Let's get to the news.


ADAM GLICK: Today sees the announcement of the Continuous Delivery Foundation, a sup-project of the Linux Foundation, like the CNCF. The CD Foundation is a vendor-neutral home for projects related to continuous delivery. It launches with over 20 founding members and four seed projects-- Jenkins, Jenkins X, Spinnaker, and Tekton, a new project from Google.

Though you may be familiar with the first three, Tekton is new and modernizes the continuous delivery control plane by moving the brains of software development to Kubernetes. Tekton's goal is to provide industry specifications and best practices for CI/CD pipelines, workflows, and other building blocks through a new home in the CDF.

The first project in Tekton is the Pipeline CRD, formerly known as the Knative Build Pipeline CRD. It will continue to support Knative as a first-class target environment, but can also support Kubernetes, VMs, bare metal, mobile, and custom use cases. Jenkins and Jenkins X are donated by [their communities, with help from] CloudBees, and you'll hear all about that in today's interview. To learn more about Spinnaker-- donated by Google and Netflix-- you can listen to episode 24. You can find the CD Foundation website at cd.foundation, which is not a charity drive for plastic discs.

CRAIG BOX: Red Hat has introduced Quarkus, a supersonic, subatomic, "give me gin-and-tonic" Java stack for Kubernetes. Acknowledging that Java comes from a world of monoliths and applications of the assumed sole ownership of their machine, Quarkus brings Java into the cloud native age. It builds on top of modern JVM implementations, GraalVM-- named by zombies-- and OpenJDK HotSpot, and can compile Java apps to native code or pre-serialized containers which start orders of magnitude quicker than a traditional JVM. Quarkus is also optimized for developer joy, with unified configuration in a single file and live application reload.

ADAM GLICK: The next post in Google Cloud service mesh era series is "Using Istio and Stackdriver to build an SRE service." Author Sandeep Parikh recaps the pillars of service health from the SRE model, the service-level objectives, agreement, and indicators, and how Istio can export data to Stackdriver to monitor those.

In the event that you need to dig into an individual service, you can use Stackdriver tracing and logging features, and instrument your code with OpenCensus for Stackdriver and many other platforms. As usual, a sample repository is included with a worked sample to help you learn these concepts.

CRAIG BOX: As Red Hat's OpenShift platform marches towards its upcoming 4.0 release, they've announced how they are moving their control plane components to use modern extension mechanisms. OpenShift's customizations predate Kubernetes extension points. So in the 3.x series, OpenShift and Kubernetes components are compiled into the same processes.

This convenience comes at the cost of divergence with upstream communities. The work on API server extensibility means that they can now move their OpenShift to specific components into their own binaries, improving reliability, and time to fix issues.

ADAM GLICK: The RSA conference was last week, along with the accompanying BSides security conference. In a quick-fire container security news, StackRox won an award for best emerging technology from "SC Media." Alcide won the breakout cloud security InfoSec award from "Cyber Defense" magazine.

Capsule8 made it into the RSA innovation sandbox. Aqua Security 4.0 now does function vulnerability scanning. And Twistlock 19.03 expands in the other direction with host forensics and runtime self-protection functionality for VMs. Finally, SSH.com extended their tech to manage SSH keys for containers.

CRAIG BOX: The CNCF is joining Google Summer of Code again this year. The CNCF has submitted almost 50 ideas across 13 projects. So if you're a student looking for something to do in the New Zealand winter, you can check out the list of projects posted online, and help build Kubernetes, Prometheus, Envoy, or more.

ADAM GLICK: Finally, a chance to make your voice heard. For the past six years, engineers around the world have told the researchers at DevOps Research and Assessment, commonly known as DORA, how they make software. These insights help the industry make software better, smarter, and safer.

Today, DORA has launched the survey for their 2019 report. The Accelerate State of DevOps Survey includes focus areas like deployment toolchains, using of the cloud, disaster recovery, how you work, and more.

You can find the link and a link to the 2018 report in our show notes. We're excited to help our friends at DORA with this report and represent the voice of the Kubernetes community, as we trust our listeners are much more likely to be on the cutting edge of DevOps.

CRAIG BOX: And that's the news.


Tracy Miranda is the Director of Open Source Community for CloudBees, and a member of the governing board of the new Continuous Delivery Foundation. Welcome to the show, Tracy.

TRACY MIRANDA: Hi, everybody. Yeah. Thanks for having me.

ADAM GLICK: For those that aren't aware, can you tell people what is CloudBees?

TRACY MIRANDA: CloudBees is a leading DevOps company. And we're building the world's first end-to-end continuous software delivery system. But many key members of the Jenkins and Jenkins X community actually work at CloudBees-- so folks like Kohsuke Kawaguchi and James Strachan.

ADAM GLICK: So that begs the question-- what is Jenkins?

TRACY MIRANDA: Jenkins, it's the leading open source automation server. And everybody uses Jenkins, like for CI and CD. I believe last year Jenkins users were estimated at 15 million. So I think that's more than the population of Greece.

CRAIG BOX: These days, at least.

TRACY MIRANDA: Yeah. And then there's also Jenkins X. So Jenkins X, that's Jenkins reimagined, so CI/CD for modern cloud applications. So, yeah. Jenkins, not as you know it, for cloud native.

CRAIG BOX: You sure it's not pronounced Jenkins 10?

TRACY MIRANDA: No. It's Jenkins X. And it comes complete with-- you have to do the hand gesture where you make an X. So that's called throwing an X, as opposed to throwing an axe, not to be confused.

ADAM GLICK: When you say CI/CD, you're referring to continuous integration and continuous delivery?

TRACY MIRANDA: Yeah. So continuous delivery-- so we see that as the software engineering approach in which teams are producing software in short cycles, and just making sure that that software can be reliably released at any time. And with things like microservices, cloud native architectures, this has really necessitated the really good continuous delivery practices.

And then the other side of that is this continuous integration, which I think a lot more people are familiar with. And we have the tools out there. And that we see it as the practice of merging all developer working copies to a shared mainline several times a day.

CRAIG BOX: Now, you're director of open source community for a very popular open source project. And you mentioned before, 15 million users. What does that role entail?

TRACY MIRANDA: When I joined CloudBees, the remit was just to ensure that Jenkins and Jenkins X communities continued their fast pace of growth. So early on, I met with Kohsuke Kawaguchi. And he said, just tell us if there's anything that doesn't seem right, and we'll fix it.

And in those conversations, I learned that there were some strange things. Like, he had his personal credit cards paying for Jenkins services. And I was like, actually, we need to fix that.

CRAIG BOX: He was probably getting a lot of air miles though.

TRACY MIRANDA: Yeah. No. I think that's fair to say. It was definitely a hack I think that was done once upon a time. And the Jenkins governors are great. They just do what it takes to keep the community going.

But it had got to a point where we said, for future growth, we want to avoid points of failure, depending on single people. So let's take a step back and fix these things, and just set ourself up for enormous growth in the future.

ADAM GLICK: How did you get involved in open source?

TRACY MIRANDA: Well, early on in my career, I was working on this project. I had a background in embedded software and hardware. But my project was canceled. And so my boss showed up and said, actually, you need to switch to this new project. And that means you have to learn Java and this open source technology called Eclipse.

So this was way back before Stack Overflow existed. So imagine that-- learning Java in those days. So actually, having a good open source code base was key to my learning Java on the job.

And then on top of that, I was lucky enough to be sent to a conference to figure it all out. And what I found there was that the open source community was really warm and friendly and extremely helpful. And they were doing lots of really interesting stuff at a pace so much faster than what I was used to.

So then and there, I realized I wanted to always work with warm, welcoming, and innovative open source communities.

ADAM GLICK: Brilliant.

CRAIG BOX: And we have a new community here in the recently announced Continuous Delivery Foundation.


CRAIG BOX: You are one of the founders of this, a member of the governing board. Tell us a little bit about what the Continuous Delivery Foundation will be.

TRACY MIRANDA: The Continuous Delivery Foundation will be a vendor-neutral open source foundation, which will be focused on all the fastest growing projects in the continuous delivery space, as well as setting up communities of practice where companies and developers can all gather in this sort of safe, vendor-neutral space to work out what practices are best for them, what tools are best for their specific context of delivering the software they need to get to their users.

ADAM GLICK: What projects will be a part of the new CDF?

TRACY MIRANDA: We've got some great founding projects. So naturally, Jenkins, as the CI/CD project everybody knows and loves. And then Jenkins X, with a look towards cloud native. Jenkins X will be the second project in there.

The third project is Tekton, which is the name for the build pipeline part of the Knative project from Google. And the really interesting thing about the Tekton project, and related to Jenkins X and Jenkins, is that what we're really looking to do with the Continuous Delivery Foundation is focus a lot on building around standard APIs, having some common definitions, especially around the building block of continuous delivery, which we really see as pipeline.

So Tekton has the custom resource definition for pipelines, so a standard way of defining pipelines. And Jenkins X is going to make use of that. Well, it does make use of that. And Jenkins is going to do its next generation pipeline based on that.

So we really want to drive for standardization and integration just from the word go with this foundation, and just really think of our users and making life easy for them when it comes to building solutions that are really cohesive.

The final project coming to the foundation is Spinnaker, which many people use for their continuous delivery. So I know I've had lots of people ask about that. So very excited to have Spinnaker come and join as well with this view of integrating and making everything work together in the long term.

ADAM GLICK: I love that we're setting this up. Can you tell me more about the philosophy behind setting up the CDF?

TRACY MIRANDA: Yes. Absolutely. And in the charter there's these four pillars as such that we outlined, which will be the basis for the CDF. So the first one is just that we believe in the power of continuous delivery to empower developers and teams, produce high-quality software quickly.

The second one is that we want to address the whole software delivery lifecycle. The third is to foster and sustain an ecosystem of open source vendor-neutral projects, with that specific focus on collaboration and interoperability. And the fourth one is to advocate the idea of collaborations to share and improve practices, so just as focus on best practices around culture as well as tools.

CRAIG BOX: Why did you decide to create a new foundation based on continuous delivery? Why not just join these projects up to the CNCF?

TRACY MIRANDA: Yeah, a really good question. We actually did consider that in the beginning. So when we were having the initial conversations around continuous delivery, we looked at CNCF. They were really the model for vendor-neutral open source. And they had had amazing success.

So it comes down to a few reasons. So one of the things is the remit for continuous delivery is not just limited to cloud native. So we're also looking at things like mobile platforms and IoT.

And then secondly, we also wanted the foundation to have a very specific mission and to able to go at a very quick velocity. So while CNCF are focused on containerization, microservices, service meshes, orchestration, we wanted the Continuous Delivery Foundation to really zoom in on things like the pipeline standardization, maybe things around security, and the whole area of continuous delivery.

But the plan is really for CNCF and CDF to be sibling foundations. And one of the ways to achieve this is by co-locating the events. So we're planning on hosting our first continuous delivery summit. And that will be a day zero event at KubeCon Barcelona. So I think everybody appreciates less travel all around.

CRAIG BOX: Aside from hosting these projects and providing that vendor neutrality, what are some of the activities that the foundation will provide in order to help meet those goals?

TRACY MIRANDA: One side of it will definitely be the events. So we mentioned the first CDF Summit, which will be in May. And then the other side, again, we'll be taking a leaf out of the CNCF book to focus on the, I think they call them SIGs, the Special Interest Groups.

So what we want is similar. So verticals-- focus on very similar interest groups, which will focus on specific verticals. So for instance, finance-- continuous delivery for finance might have a special meaning because they've got to meet special compliance.

Or there are just some things in that industry that other industries just aren't aware of or don't care about. So just having those industry verticals or having those safe spaces where different folks can get together and figure things out on their journey to CI/CD. I think that will be amazing.

CRAIG BOX: The projects you've mentioned that are seed projects for the foundation obviously are stewarded by CloudBees and by Google. Who are the other members of the foundation? Which companies are joining?

TRACY MIRANDA: It's been great to see. We've just had massive interest in the foundation. So everything from startups-- we have startups like DeployHub and Snyk and Anchore in the security space.

Then we've got a lot of the software vendors, folks like Puppet. And we also have cloud providers. And finally, the additional one I'm really excited about is we even have this startup, Alauda, who's a startup in China. So really excited about kind of making it a truly global foundation.

ADAM GLICK: You talked before about Jenkins being a CI tool that people are very familiar with. Is the foundation going to focus on CI and CD?

TRACY MIRANDA: Yes. The foundation will focus on the full delivery lifecycle. But I think one of the things we feel is everybody more or less has CI figured out. But we wanted to name the foundation on the continuous delivery side. Because that's the bit that folks aren't necessarily doing yet.

People aren't-- well, as we're seeing-- aren't necessarily clear on the definition. But we really see that as a practice as natural as using source control. Everybody should be doing continuous delivery and having a set of best practices around it, and having a bunch of tools that just work really well for their flow.

CRAIG BOX: What things do you think are missing for it to be as easy as doing CI today to do CD?

TRACY MIRANDA: Better tools. And the tools have to evolve. We've seen tremendous changes in the industry just in the last few years, especially with the rise of cloud native and microservices. And just this whole concept of scale up, scale down automatically.

And I don't think anybody's really managed to figure out what CI/CD properly means in this space. So we're seeing Jenkins X do some amazing things trying to take advantage of all these features in CI/CD. And we like to think about it as, how would CI/CD change if you had completely infinite compute resources? What would you do differently?

And I think one thing I'd do differently is just build and test every single PR. And so with Kubernetes, we can start doing that. And Jenkins X has this concept of preview environments, so that even before something is merged in, someone doing a review can have a look at the stage pull request and have a look what it would look like in reality. So you can really add some power to the pull requests.

So I think there's just a whole lot of potential out there for continuous delivery. And getting everyone to do the best for their company at the same time. And not leaving people behind as we sometimes do in the industry.

ADAM GLICK: If you were to look into your crystal ball and say, what does the world look like with projects that you'd like to see added to the foundation that aren't currently there? Are there any projects that you'd be excited to see join?

TRACY MIRANDA: Yeah. That's a great question. There's a project I'm hearing a lot more about recently called Fastlane, which is continuous delivery for mobile. And I think that would be a great addition to the foundation, especially showing part of our vision is not just about cloud native, but continuous delivery for everything.

But, in general, any project which helps users, buys into this vision of integration, and has a community behind it that are deeply passionate about it, yeah. We'd love to have that in the foundation.

CRAIG BOX: So aside from new projects then, what other things are you excited about with this foundation? What change do you hope it will drive in the industry?

TRACY MIRANDA: Yeah. There's lots I can imagine. And I want to happen for the Foundation. But if I go back to maybe that first open source conference I went to all those years ago, I didn't even realize that sort of set me on a path to today in helping bring people together to launch this foundation.

So I think I'm most excited for creating an environment where we can get these good people together around this common vision of continuous delivery. And almost the best thing is we'll be seeing how things evolve over time in ways that I can't even predict.

CRAIG BOX: That's wonderful.

ADAM GLICK: Tracy, it was great having you on today. And good luck with the CDF. We look forward to hearing more from it.

TRACY MIRANDA: Great. Thanks for having me. It's been really fun. And yes, just looking forward to how things unfold.

ADAM GLICK: You can find Tracy on Twitter @tracymiranda, or on her website TracyMiranda.com. You can also find out more about the CDF by going to cd.foundation.


CRAIG BOX: Thanks, as always, for listening. If you've enjoyed the show, please help spread the word. Tell a friend. Perhaps think about writing a review on iTunes.

If you have any feedback for us, you can find us on Twitter @KubernetesPod, or reach us by email at kubernetespodcast@google.com.

ADAM GLICK: You can also check out our website at kubernetespodcast.com to listen to any episode. Or check out the show notes for complete transcripts. Until next time, take care.

CRAIG BOX: See you next week.