Show cover of The Pipeline: All Things CD & DevOps Podcast by The CD Foundation

The Pipeline: All Things CD & DevOps Podcast by The CD Foundation

The Pipeline: All Things CD & DevOps is created and hosted by the CD Foundation's Director of Ecosystem & Community Development - Jacqueline Salinas. This is a series of interviews with industry experts, leaders, and innovators. The Pipeline will cover a range of topics that are centered around CD & DevOps. The CDF’s goal is to educate, entertain, provide tips and insights to make the community better software engineers. The intent is to supply up-to-date industry news and innovations, as well as, expand your knowledge of the vast CD & DevOps ecosystem. This podcast is all about learning from your peers as well as the thought leaders in the CDF community who have been there and done that.


Open Source Tools & The DevOps Evolution
Speaker: Brian DawsonLast episode of Season 2 wraps up with a bit of history behind the DevOps movement and it's connection to open source and finishes with predictions on where the DevOps movement is heading in 2022.Support the Show.
36:18 12/17/21
Four Keys Metrics to Measure Your DevOps Performance
Speakers: Dina Graves Portman and Henrik Rexed Through six years of research, the DevOps Research and Assessment (DORA) team has identified four key metrics that indicate the performance of a software development team: Deployment Frequency—How often an organization successfully releases to productionLead Time for Changes—The amount of time it takes a commit to get into productionChange Failure Rate—The percentage of deployments causing a failure in productionTime to Restore Service—How long it takes an organization to recover from a failure in productionSupport the Show.
34:31 12/10/21
Finding Your Way: A Survey of Supply Chains
Speaker: Aeva BlackWith the explosion of interest in SBOMs, it's likely that you've just heard of a few projects for the first time -- even if those projects aren't new, they may be new to you, and you might be asking yourself, "how is X different from Y?" You might also be wondering which projects you should select in order to satisfy the requirements of the Executive Order!As when starting out on any journey, before entering unfamiliar territory, it is important to understand the lay of the land, pack the right supplies, and get to know your traveling companions.In this talk, a few maps of the open source supply chain landscape will be shared. Attendees will gain a sense of both the breadth and depth of the challenges ahead, and learn to identify a few essential types of tools for their journey.Support the Show.
15:48 11/19/21
Designing for Reliability in Production
Speaker: Ayelet SachtoLearn the considerations and strategies that can make designing for reliability in production more intentional; going beyond infrastructure into operational practices and best practices for application design and operational readiness when designing an application for production.  In this episode learn more about why & what of reliability, antipatterns and principles that about building reliable systems. Support the Show.
14:46 11/12/21
Site Reliability Engineering Adoptions: Setting up the Fundamentals
Speaker: Spyridon ManiotisThe session aims to provide an overview of the fundamental elements that foster a successful SRE adoption. Core to an SRE adoption elements such as; operating model, tenets, process engineering, skillset, technological capabilities/tactics, reconciliation with DevOps and ITSM, as well mechanisms such as "error budget" & "engagement models" will be outlined. All in relation to an "adoption at relevance". Concluding a set of lessons learned will be presented, along with key considerations to be taken when adopting, sustaining, and scaling.Support the Show.
19:14 10/29/21
How SolarWinds is Using Open Source to Secure Their Supply Chain
Speaker: Trevor RosenAs you're no doubt aware, SolarWinds was hit in December 2020 with a sophisticated supply chain attack perpetrated by nation state actors. In the months since, they've been working to create an entirely new build system based on a number of CNCF and CDF projects. In this talk, you'll learn about what they're building, why it's necessary, and what it's like to be on the inside when the unthinkable happens.Support the Show.
23:20 10/22/21
Supply Chain Security Con
Speaker: Dan Lorenc SupplyChainSecurityCon is a new, vendor-neutral conference for security practitioners, open source developers and those interested in software supply chain security hosted by CNCF + CDF. Due to the uptick in supply chain attacks, this event is to bring the community together to discuss supply chain threats, best practices, mitigation tactics including up and coming frameworks and specifications. Who Should AttendAll developers and leaders interested in securing the software supply chain. the Show.
12:29 10/8/21
Dev Loves CI/CD: Efficient Sec and Ops Pipelines
Speaker: Michael FriedrichContinuous integration and delivery/deployment helps speed up development and review workflows. Developers can focus on code reliably tested in different environments. At some point, the operations team gets paged on broken pipelines and jobs being stuck. On top, the security audit unveiled plain text secret exposure and dependency exploits. The next horror story: The software cannot be deployed anymore because package dependencies are broken. In this talk we hear stories on making CI/CD pipelines more reliable and secure. Automated deployments and package/container repositories can help avoid redundant cycles and extra work hours. Monitoring/observability combined with automation ensures to sleep in busy on-call times. Learn how Dev meets Sec and Ops in the pipelines and hear best practices on efficiency, iteration and insights.Support the Show.
29:11 10/1/21
6 Best Practices for Continuous Delivery Pipelines
Speakers: Diego Lemos de Resende & Derik EvangelistaPipelines are meant to be the road that will guide your team from code straight to production, automating everything on its way. Pipelines should be a source of joy for developers, the team's safe harbour. But the reality can be different, and many teams are struggling to get their pipelines right, spending time and energy fighting against automation instead of having their pipelines delivering value. In this talk, Diego and Derik will live code a Continuous Delivery pipeline from scratch, from commit to production, using Concourse. During the talk, we will make use of some CD best practices, and explain why you should adopt them in order to make your way to production more reliable and joyful.Support the Show.
30:16 9/24/21
Behind the Scenes of Keptn: Event-Driven Delivery & Ops Orchestration
Guest Speaker: Andreas GrabnerAndreas Grabner, DevRel at Keptn, will give us a  deep dive on the latest version of Keptn. He will explain the event-driven architecture, the recent separation of control and execution plane introduced with Keptn 0.8, and guidance on how to best get started for integrating Keptn into your existing delivery tools and processes to automate tasks around quality gates, performance & chaos engineering, delivery or auto-remediation.Support the Show.
18:33 9/17/21
Managing Storage via GitOps
Guest Speaker: Christian Hernandez GitOps is a practice of DevOps teams that uses Git as a source of truth for their Kubernetes platform. Using GitOps, the entire system described declaratively, the canonical desired system state versioned in Git, and approved changes that can be automatically applied to the system. This gives you the advantage to quickly restore from a disaster. This is great for stateless applications. But what about your stateful applications? In this session Christian will take you though the challenges with managing storage in your GitOps workflows. In addition, Christian will go through some tips and tricks to help along your GitOps journey.Support the Show.
20:43 9/10/21
Tekton Triggers Beta
Speaker: Dibyo Mukherjee from GoogleTekton Triggers is a project that adds eventing support to Tekton i.e. it provides a mechanism to declaratively create PipelineRuns and TaskRuns based on external events. With the recent v0.15 release, Tekton Triggers now has a beta API.So, what exactly does “beta” mean for Triggers? Tekton follows the Kubernetes deprecation policies which means that we will avoid making backwards-incompatible changes to APIs and features that are in beta. If we do have to make a backwards-incompatible change, users will be given at least 9 months’ worth of releases to migrate.Support the Show.
14:30 9/3/21
GitOps: Yay or Nay?
Speaker: Ricardo CastroGitOps is a paradigm or a set of practices that empowers developers to perform tasks that typically (only) fall under the purview of operations. It’s a way to do Kubernetes cluster management and application delivery by using Git as a single source of truth for declarative infrastructure and applications. Being Git at the center of delivery pipelines, engineers use familiar tools to make pull requests to accelerate and simplify both application deployments and operations tasks to Kubernetes. GitOps software agents (e.g. ArgoCD, Flux, and Jenkins X) can alert on any divergence between Git with what's running in a cluster, and if there's a difference, Kubernetes reconcilers automatically update or rollback the cluster depending on the case.Support the Show.
16:59 8/27/21
Combining Progressive Delivery with GitOps and Continuous Delivery
Speaker: Viktor FarcicThree phrases keep popping up when talking about modern workflows and development and deployment techniques. We have continuous delivery to automate the complete lifecycle of applications from a commit to a Git repository, all the way until a release is deployable to production. Then we have GitOps to define the desired states of our environments and let the machines handle the convergence of the actual into the desired state. Finally, there is a lot of focus on different deployment strategies grouped under progressive delivery. They are all focused on the iterative release of features to make the process safe, prevent downtime, and reduce the blast radius of potential issues. Support the Show.
23:08 8/20/21
Best Practices for Secret Management with GitOps
Speaker: Kara de la MarckGitOps uses Git as the “single source of truth” for declarative infrastructure and enables developers to manage infrastructure with the same Git-based workflows they use to manage a codebase. Having all configuration files version-controlled by Git has many advantages, but best practices for securely managing secrets with GitOps remain contested. Join us in this presentation about GitOps and Secret Management. Attendees will learn about different approaches to secret management with GitOps, the issues involved, and the secret management solutions offered by various tools and platforms. We will discuss the pros and cons of Vault, SOPS, offerings by public cloud providers, and more.Support the Show.
15:00 8/13/21
Shipwright - Framework for Building Container Images on Kubernetes
Speakers: Sascha Schwarze & Adam KaplanJoin this episode to learn more about the CDF's newest incubating project. Support the Show.
20:11 8/6/21
GitOps Summit Preview - Level Unlocked: GitOps to the Edge and Infrastructure Provisioning
Guest Speaker: Katie GamanjiWithin its 7 years of existence, Kubernetes has been the centerpiece of the cloud native landscape, elevating a pluggable system that led to the diversification of the technology ecosystem. As a result, multiple areas have developed in the industry, galvanizing solutions for components that introduce standardization, guidelines, and interoperability of the tools. To innovate the developer experience and delivery of the application, the community focused on restructuring and modernizing the CI/CD operations.This talk will outline how cloud native GitOps tools, such as ArgoCD and Flux, unlock the zero-touch deployment of infrastructure and applications at the edge. Attendees will acquire an understanding of GitOps usage in association with ClusterAPI for infrastructure provisioning and KubeEdge for the service propagation to the edge.Support the Show.
16:35 6/11/21
State of DevOps Report 2021 & DORA
Guest Speakers: Nikhil Kaul & Dustin Smith Google joins us to discuss what the State of DevOps Report is and focus areas of research for this year's survey. Tune in to learn more. Support the Show.
16:29 6/4/21
Spinnaker Summit Preview: Improving Visibility and Traceability of Deployed Container Artifacts via Spinnaker’s BuildCi
Speakers: Nima Kaviani and Manabu McCloskeyAs containerization becomes an integral part of deploying software reliably, traceability and visibility over what gets deployed becomes ever more important. Ideally, as part of the deployment process, release engineers would be able to track deployed containers back to the right version of the written code, investigate changes, and gain insight over the build process. While baking code into container artifacts has been a core part of Spinnaker, the introduction of CiBuild as a mechanism to increase insights into what gets built, is a new feature enabled in a collaboration between Netflix and AWS. In this talk, we will discuss architecture, implementation, and enablement of the new CiBuild plugin, and how it empowers the Spinnaker community to integrate their build systems, code repositories, and container registries into their Spinnaker deployments.Support the Show.
14:31 5/28/21
Distributed Tracing For CD Pipelines with Jenkins X & Dailymotion
Guest Speaker: Vincent BeharWe have been using Jenkins X since September 2018, just a few months after the initial release. With great success, because Jenkins X is now a core part of our infrastructure - but more importantly it gave us good practices, and a continually improving set of practices and platform.And because we love open-source at Dailymotion, we started contributing back to the project, first with a few bug reports, bug fixes, and progressively more features and enhancement proposals. The main contributions being the web UI and all the observability part, including the Continuous Delivery Indicators.Support the Show.
19:58 5/21/21
Securing Infrastructure-as-code in CI/CD Pipelines
Guest Speaker: Yoni LeitersdorfYou want to catch security issues in your cloud infrastructure before deployment but you don’t have a lot of time to spend on it. What is infrastructure as code (IaC) security? How do you inject IaC security into the CI/CD pipeline to catch security risks before deployment? How do you do that without impacting the pipeline and frustrating developers? You will also learn how we catch common security issues in CI such as:Privilege escalation in AWS due to overly permissive IAM permissionsDrift issue caused by someone changing a security group leading to exposuresSharing IAM roles for resources in public and private subnets may not be a good ideaYoni has successfully implemented IaC security in their CI/CD pipeline at Indeni. He will share best practices and tips to get IaC security implemented quickly. Support the Show.
21:48 5/14/21
cdCon 2021 Preview: The 5-Step Checklist for your Migration to Tekton
Speakers: Priti Desai, IBM and Jerop Kipruto, GoogleWhat do you use to build, test, and deploy your cloud native applications? Is your choice of CI/CD solution powerful yet flexible for all of your use cases? Have you heard about Tekton? Tekton is an Open Source CI/CD pipelines execution engine. Tekton Pipelines can define Steps, Tasks (collection of steps), Custom Tasks (advanced Run objects), and Pipelines (collection of Tasks and Custom Tasks). Pipelines also support resources to connect multiple Tasks through input/output models or workspaces to share a file system across many different Tasks. Tekton is implemented based on four core design principles: Reusability Simplicity Flexibility Conformance Tekton is highly optimized for building and deploying cloud native applications compared to other CI/CD tools. In this session, we will demonstrate migrating common CI/CD pipelines to Tekton by building a checklist for the migration.Support the Show.
17:01 5/7/21
Increase Developer Productivity By Reducing Human Intervention in Software Delivery
Join Balaji Siva from OpsMx to dive deeper into  techniques & tools that help increase developer productivity and how to reduce human intervention in software delivery. Support the Show.
24:02 4/30/21
cdCon 2021 Preview: Accelerate your Culture of Innovation with Everyday Inclusion
Guest Speaker: Shaaron Alvares Join this episode for a preview of Shaaron's upcoming cdCon 2021 talk: Accelerate your Culture of Innovation with Everyday Inclusion!Based on 10 years of research on cognitive diversity and innovation, we know that safer and more inclusive DevOps teams perform and innovate better. Companies that have more diverse management drive 19% higher revenue due to greater innovation. Racially diverse teams outperform non-diverse ones by 35%. And 67% of job seekers look for evidence of inclusion and equality programs when considering a new company. Yet, leaders still struggle to create an inclusive environment for their teams. In this presentation, Shaaron will share effective and actionable practices to help DevOps teams and managers embody inclusion through everyday interaction and collaboration.Support the Show.
22:01 4/23/21
The State of DevOps Survey & The Need for Change Management
Guest Speaker: Nigel KerstenNow in its tenth year, Puppet has opened its annual State of DevOps Report and we would like to invite listeners to take part. Nigel Kersten has been the primary author over the years and he joins us today to unpack what a decade of research has uncovered. Take the Survey: Support the Show.
26:29 4/16/21
CDF End User Council
Implementing continuous delivery practices yield many benefits for organizations, including the ability to deliver features faster, pivot quickly in response to industry and world events and respond to fast feedback and build a deeper relationship with users. Cloud, open source, and continuous delivery have combined to form the basis of technology modernization, but spoiler alert: it’s not just about the technology. The platforms and tooling are maturing, but bringing about organizational change requires relationship-building and other under-utilized “soft skills”.The Continuous Delivery Foundation (CDF) end user council provides the opportunity for end-user organizations to have context-rich discussions on how various organizations pursue their modernization efforts in the most effective way. Topics covered include:Improving developer productivity with automationEnhancing security in delivery pipelinesTechnology modernization in highly regulated industriesMeasuring success of effortsSupport the Show.
23:20 4/1/21
Can you do CD without CI?
Guest Speaker: Jonathan Hall Conventional wisdom tells us that Continuous Integration is the necessary first step to a CI/CD pipeline. I like challenging this “conventional wisdom” when I work with teams, to deploy CD before CI is complete or trusted. And as a thought experiment, I believe we can imagine installing CD without any CI at all, and see if what we come up with makes sense.Support the Show.
12:02 3/26/21
DevOps in Banking & Finance
In episode 10 of Season 2 we are joined by Manoj Garg from Natwest! We dive into what DevOps is like in a highly regulated industry such as finance and banking. Tune in to listen to Manoj's DevOps journey and how he is leading the charge at Natwest. Support the Show.
21:31 3/19/21
CDF Special Interest Group: Events
Ravi Lachhman, HarnessAndrea Frittoli, IBMEmil Backmark, EricssonMauricio Salatino, CamundaToday’s CI/CD systems do not talk to each other in a standardized way. This leads to problems related to interoperability, notification of failure issues, and poor automation.This group is looking at how events can help to create CI/CD systems with a decoupled architecture that is easy to scale and makes it resilient to failures. Using events could also increase automation when connecting workflows from different systems to each other, and as a result empowering tracing/visualizing/auditing of the connected workflows through these events.Support the Show.
22:30 3/12/21
Case Study: Enabling 12,000 Developers with a Pipeline As Code Platform
Aoife Fitzmaurice and Jimmy McNamara take us through a journey on how Fidelity Investments plan to rollout a Pipeline As Code capability to 12,000 developers. Leveraging cloud based kubernetes platforms to ensure best operational outcomes the team is driven to enable this best practice capability across Fidelity. This capability is key to assisting the growth of both an innersourcing and opensourcing culture throughout the firm.Support the Show.
27:00 3/4/21

Similar podcasts