 Well, hello everyone. Welcome to another episode of Kubernetes by example the insider show Where we like to talk to people who are contributing to the actual Project about what they see as the important things to kind of watch for and what's coming up To try to get a different perspective then might be released in like, you know press releases or you know Corporate communications that kind of thing with an open source project We believe it's important to be connected to the actual people doing the work as it were. So I'm Langdon white I'm a clinical assistant professor at Boston University formerly from Red Hat, but here I Teach people about data science introduction for students who've kind of never dealt with anything besides, you know The office suite is where we start and by the end of it. Hopefully they learn a little bit of Python And a little bit of data science and then I also tend to teach at the very other end of the spectrum Students who are doing actual projects for the real world You know for for customers that are You know and we actually build like websites and mobile apps and data science projects and all kinds of other stuff So it's a lot of fun. So I have with me here today. Daniel. Oh, who is my co-host for today So Daniel, we want to introduce yourself Sure. Yeah, thanks for writing. So hello. My name is Daniel. I'm working for Red Hat as a developer advocate I'm also responsible CNC investor Try to evangelize a lot of developer platform engineers and SRE cross admin how to build their cloud application Onto the cluster like a Kubernetes and then hybrid multi-cloud Something like that. I'm so happy to be here to host and then our guest speaker around the K-native because I really spent a lot of time bringing like a multiple language platform like a cloud and runtime into Kubernetes in the sub-less and surface mesh, etc Thanks, and we would like to welcome our guest today Vilae Akis Who is kind of a little bit of an expert and kind of K native stuff? And would you like to introduce yourself? I always I get worried about ever trying to guess anyone's current title at the moment Sure. Yeah. Yeah, I'm not really sure what my current title is, but Currently one of the co-founders and I think I just do quite a lot of things, but we haven't quite put a title on it yet So hopefully useful things Right, right So the first thing we like to kind of ask our guests right is like what got you started in kind of the open-source world at all You know, what what was your first exposure that you know kind of sucked you in? Hit the very first opens of PR that I think I actually did was for Napster client back in the day Nice it had a No pointer exception and it was driving me baddies. So I sent a PR to fix that So scratch your own itch right right the open source break-in, you know classic That's awesome. And did you did the PR get accepted? Did it manage to actually fix the null pointer exception? It did it actually got in and it made me happy and Yeah, that was pretty cool. Yeah, that's pretty awesome Yeah, it's always it's like such a pat on the back when it gets accepted versus, you know Most of mine which are just you know, this should work this way and the developers say no it shouldn't and I say But yeah, I totally hear you. So what brought you to kind of Kubernetes itself? So Joe and Brendan So I started on the Kubernetes before it was Kubernetes. So I was at the time over at Google and a lot of sort of kind of you have been chatting for a long time about sort of kind of the cloud stuff how it's difficult and everything else and How it's kind of wonky that you have to kind of it can choose your You have to make a lot of choices like do I use this cloud or do I use that cloud? And there's so many things there that at the time just when making making developers lives easier you quite the contrary harder because It was it was it was a bit of a mess and I guess you could argue it's still might be but So there was a lot of hallway chat about sort of kind of being able to do better and So Brendan put together. It's the kind of the Kubernetes origin stories some prototypes and Joe and I jumped in and started helping out and That's how I got secured in Right, right. So does that mean you were a member of the Borg at one point? No, no, no heavens. No, those are the kinds of things they should never put me in The code, okay. Yeah, I hear you Yeah, I was trying to remember what the name of the internal Kubernetes was when it was still in Google land Seven seven Gotcha. Okay. All right, so we're here to talk a bit about like kind of Knative and that kind of stuff But before we get into that, okay, so I think people think of Knative as being serverless But what is serverless mean to you because I think you know I think it's one of those words that's still really kind of wobbly for a lot of people That means different things depending on who you ask. So so how do you explain it to people? That you don't have to worry and manage servers. So that that really is it that you don't think about them. I Gotcha, and what just a little bit on that which is sort of kind of like the part of the things which is like It's the I don't have to think about the servers But it also means that I don't have to go ahead and manage my workloads for me Kind of like the the original App Engine idea. I think which was fairly fairly quite good, which was the I always thought of it as like You have one job and you basically put your code in there and it's just like, okay Now just run it scale it do all the things for me. You have one job. Don't screw it up. That's it, right? So I think that's the OG of sort of kind of the serverless at least And no disrespect to things that I might have missed but that that is sort of kind of the model that That originally kind of I I really thought I resonated with with myself and other folks And you didn't have to think about servers the other one was like, okay provision VMs do them Oh, I need more. Oh, I need less. You know, I left too many on and now it's burning me money Right, right. Yeah, I completely agree Yeah, so kind of a kind of stepping back from that a little bit You know in for me the terminology really kind of even that predates that right is event-driven architectures Yes, and so so can you kind of talk a little bit about why? You know kind of the so the serverless part you don't have to worry about the servers But really what that really empowers you to do is kind of this event-driven modeling What why is that advantageous or what do you think is interesting there? Because it turns out that World just happens There's things that are happening you can respond to those kinds of things. So it's gonna be quick quick Example if you don't mind the one of the things for example, so I was working on this project called GCS Google Cloud Storage and I'll talk to the customers. They were asking for a Faster listing and and I was like well like why do you might need to list things faster and They're like well so that I know if there's some new things in my bucket that I need the process And I was like well How about I tell you like what let me let me tell you when new things come up so we added this thing into the GCS called object notifications Where the idea was that you could respond to the things instead of for example polling So that was in and the way you would do that is you would basically get the Webhook that's the way that most things happen nowadays. So there's basically a webhook and it basically says hey things have happened and and Serverless is is a beautiful way to marry this into that land because that You know whether you push the GitHub, but then you get a new notification whether you get a new Employee at it or anything else. Those are just so naturally done Where you do not need to have some software that is there all all the time waiting for for me to do something like hey I'm ready. It's like no, you just go for the bet go hang out. I'll page you when it's time Well, that's I mean and what I like in particular about that too It's like you kind of we're starting to list examples is that the kicker all as well Is that you don't have to know in advance what you will ultimately maybe be triggering that thing with right is that you know You could you know have some new you know infrastructure component or whatever that also now cares about new objects in you know GCS so now it just starts getting notified to which I think is You know really nice because this you know you get the scaling flexibility on the kind of on the worker side, right? Then you also get the how it all work connects together Flexibility as well So yeah, I'm a big fan. I think the problem or maybe I'll ask you is what are the downsides to these kinds of models What what don't you like about them, you know from a developer perspective or you know how you're rolling it out kind of thing Yeah, that's that's a good question. So sometimes it's very Difficult to be able to understand how the events flow in the system. I do think there's some like debunking them be a little bit tricky, especially in a very complex settings one of the things that you know for right or wrong that we tried to work very hard on the on the K native and in particular event things out of the house is to go and make sure that You have a declarative way of describing what the system behavior should be. So now you can go ahead and say this is how the event should flow like instead of the, you know, the This is the This is the emergent behavior. This is the system I have versus the system that I would like to have and for being able to go ahead and look at it and understand this. This is how my eventing infrastructure looked like. Here's the event should flow like and then you can always Test things when you have a very common interface. So we've done a lot of the work that we kind of came out of that land as well that bigger K native thing was the cloud events work so that there's this interop so that you don't have to go ahead and come in and be able to go ahead and again Go back to the original Kubernetes point is start making choice right up front like I'm choosing, you know, Kafka I'm choosing rabbit I'm choosing this, you can go ahead and decouple some of that thing which has the obvious benefits of being able to go ahead and bring up the entire stack up, but now you can use something cheap and cheerful Like in memory, right? If it's if you're doing testing, it doesn't cost you anything. Well, it doesn't cost you as much as spinning up, say a Kafka thing or pubs up or anything else like that. Gotcha. Yeah. I got one, actually, some questions. So if I may, so, you know, so the event and then some go back in some terms to render already mentioned about the sub alas issue of people, maybe some people don't understand what that means exactly and then more important thing is people use interchangeably like a sub alas process function, even if like the image render or edge of function even the K native and Kubernetes people saying sub alas maybe sometimes equal function but sometimes some people said it's not equal. So can you leave it like a explain for like a beginner for developer even platform engineers. So what is the difference between sub alas and function specifically like how to enable K name project for the function and sub alas platform. I don't, I don't think I have a very good answer to it. I think it's kind of the point about England's point we just talked about which is you're responding to events and where it's you just get involved. I think it's just a different name for a workload that basically just needs to respond to an event, whether that event is an HTTP post from a user, or whether it's a something else. I don't really see I'm sure there's nuances there but at the high level I don't I just think you have a piece of code that gets executed and then if you go down to the mathematical levels where I'm sure where folks are like they're going to tell me how wrong I am and I'm like yeah yeah yeah that's my strong suit but I don't really see much of a difference between there at all really. But I do think you're raising the point though is that in order to have serverless right is that people think of functions as a service but they're not actually very useful unless you also have an event model right of some kind or another right and so when you talk about like K native right you kind of they both have to come together even though you know and I have I have students who who think this way exactly like you know who who see the concept of of a serverless function and don't kind of realize the. The stuff that has to happen around it in order to make it useful, which I think is interesting. Yeah, yeah yeah yeah no I think fairly early on in the project and we're doing these things it became very apparent that the eventing side really needs to get a lot of care and feeding and make sure that we think about the models they're right. And again we can argue whether it's whether it's right or wrong but the idea there was that we really wanted to go ahead and make it easy for folks to go and consume events and be able to go ahead and properly decouple the production and the consumption of the of the events themselves and. To your point earlier you said about like oh yeah so you don't you can add new pieces into it and that's where it's very important that you don't have to go in and tell the center of the events that hey there's something else down there. Then it gets very very complex in a hurry. So by being able to decouple those two things you can just like in the case of Daniel to sing like you know the difference the function so I'm just going to use the term function here so let's say I want to go and add like a debug function for example or new functionality. I can just go ahead and create a new function and wire it from the consumption side saying hey I'm interested in those events and. And those kinds of things become super easy if you can go ahead and standardize on some way of what that eventing infrastructure gives you so the cloud events which becomes very easy for us to ship around from cloud to cloud right. Just an envelope so it's very straightforward. Right yeah yeah I think I think. The I think straightforward is a little bit in the eye of the beholder but you know it's I think it's one of those things where from the outside it's complex. But I think as you kind of start working with the tool chains right if you start thinking in an event driven way. It does actually get pretty straightforward but but you have to kind of you know if you're specially if you're a developer who's been kind of doing traditional models for a long time. You kind of have to turn your brain kind of on its side and start thinking this other model. I think I have an advantage because I actually did Microsoft com million years ago and com is actually an event driven architecture which a lot of people don't realize even though it's inside windows right. But even when it was distributed com it was still event driven. And so I think I have a little bit of an advantage there because I'm old primarily. But you can share by and on. Yeah yeah yeah yeah yeah we did we did some really. I would say crazy things because we did most of the so the company I work for we did a lot of consulting but a lot of it was in visual basic. And however we needed to do unusual things so periodically we would like rewrite the tables and Ram and you know we did things like you know basically writing assembly that we injected into various points and then would you know drive an event off of it. Because visual basic couldn't do it but we didn't you know because we are a consulting company we had to we had to use what they had right and so yeah it was it was kind of. But it was a lot of fun. Yeah, I told you that I mean even driven the architecture and the server last is super nice combination and the recently out of some experience to talk about several last topic and people really wondering. Eventually how do you know about eventually the stuff into several last architectural platform and then one common question actually come up with like a cater like a Cuban is eventually on a scaling and people really wondering specifically developer they don't care about the infrastructure layer. They're really looking for the nice way how to some kind of platform handle my application as a server less like overscaling like a supper last and they're really wondering is there some kind of like something good how to use K native and then cater at the same time for developer standpoint. So I just wondering some kind of inside based on your experience. Yeah, I think I think there is. There's a Cata auto scaler that I think I even have contributed to. I think if it doesn't work, I think it should just work right. Just a quick overview folks. So K native basically scales up and down based on if you think about push. So it's a tipy pushes so. Whereas Cata and and some of the above step back a little bit more so with the event driven yet to. There's more, let's say there's two things there's push and pull model so one of them is IPP events. And you do you do something with them and in the other case you basically pull events out of there and for the poll based ones Cata is is kind of the complimentary to K natives push based. So I think it should just sort of kind of work. Depending on how you set things up right. Yeah, that's like that's like I don't know that's the key in a lot of like kind of this infrastructure software right it's like, yeah, the headache of writing all that YAML to figure out how to design it or how to express it. But it's it's kind of a, you know, sort of kind of a one time thing right in the sense that, you know, kind of once you figure out how you want to express the thing, then it because you're, you're, you're, you're, authoring your like desired state right it just kind of gets there and you don't have to like worry about like how it does it. And, and then, and what I particularly like is the the idea with, you know, kind of like, you know, Kate, I think is a good example in that, hey, hey, some some smart people had a cool idea about how to make this part of the application that you're expressing work better. So you kind of just continue to express it, maybe not quite the same way but close. And, you know, new new abilities kind of start falling in, which I think is also, again, kind of goes back to a venture of an architecture models right in Kubernetes is sort of kind of venture of in in of itself. But the idea of this, you know, kind of, you know, the the advance of config management and venture of an architectures and all that stuff has really made it so we can kind of say this is what we want for desired state. And then it can continue to improve right, which is super, super slick. Yeah, that's it. Yeah, that's exactly the beauty of open source project sometime to the multiple projects have some competition each other but sometimes they actually happy to combine for example like it's not so less but you know, for like open telemetry is actually combined open sensors and open tracing. So previously there was a big competition now they are combined one big super project and then that's why people are really wondering. There was so many like a summer last opposite of project like a Kennedy or a Kedar or other stuff and then looking for the better way combine a combination stuff. That's exactly I really agree with that. Go ahead. Yeah. Sorry, do you have a comment. No, obviously it's going to say yeah I mean I know for example we've been working with the Kedar folks and they've been contributing to us and making sure that we have both push and pull based auto scaling. Yeah, so so to kind of get to the you know the crux of the show right is like, what are you thinking, let's say the next six months and next year like what is it that's happening in kind of K native land that you're kind of most excited about or you think most people should be like paying attention to, you know, either from a developer perspective or operator or, you know, kind of whatever, just like what are the, what are the cool things you think are coming down the pipe. So I'm going to first give a controversial answer and then the, then the sort of kind of, I think, I think the core K native is going to be hopefully going to be getting the point where there's going to be incremental changes and then there's going to be something really big, right, and the some of the, the, the, the big things that always are it's how do you make it faster better stronger right so these are some of the things that folks have been working on for a while now because there's a lot of a lot of trickery that has to be done. And then there's some trickery that just can't be done, just like, okay well, you can't do that but I think there's going to be a lot of advances in that area. And then the other answer is, I'm hoping that it's just going to be, it just works and all of a sudden you get the new version, it gets better. It's kind of like you upgrade your phone and for the most time, you get some new things in there that are better. And let's hope sometimes it doesn't break it, but, but overall I think it, the core stuff I'm hoping it's just going to be boring and boring and boring kind of like where I'm hoping in Kubernetes is going to be very just like all the stuff that is on top of it it just like, that's where the innovation comes from. And the second point about that is the developer experience. So the, my whole career pretty much I've been working for the developer, basically building tools and things like that. There's been fused in some building products and everything else but for the longest part it's been tools and with the developer as the customer. And that's where I'm really excited about the functions working group. So there's been, this is a lens of all who's been driving that work among others. I don't remember all of them. So my apologies. But on sort of kind of how do we go ahead and bring new functionality on it that is not quote unquote core K native but thriving on top of that. So just like Kubernetes, there's the core Kubernetes but there's a lot of stuff that is happening on top of it that I think is going to be very, it's going to be exciting. So K native, you know, as itself is not the end all it's just the how does it enable other folks to actually not even worry about K native. I personally, I very much like that answer. I don't I don't find that controversial at all right as in, you know, I appreciate it when my infrastructure gets boring, right. You know, and remains boring. But I think at least I would be very much looking forward to kind of improved kind of developer tools right. I think, I think we where we can still pretty heavily innovate, you know, in K native, for lack of a better term. Is where is kind of trying to ease that complexity that that we were talking about before right it's like, how can I make it simpler to understand how to express the event architecture I want or how do I make it simpler to understand. Okay, we had a failure here how do I know what you know or how do I replicate it how do I see it how do I how do I sometimes even know that there was a failure, right. And so I think all that tool chain, you know, that, like, it's okay, you know, but I think it could be so much better. You know, and this is where we need, you know, kind of all those UX folks of the world right is like where, you know, how, how do you articulate this in a way that is more easy to understand. And it's funny, I joke about this because one of the consulting firms I worked for their like claim to fame was that they brought really good UX to what used to be called the rational process and rational was a company and they had this waterfall approach and all that just But so now I'm good enough at UX to be able to tell when something is wrong, but don't know how to fix it. Like I can't I have no idea what to do. But I can tell that, you know, this is not good. And so it's just extra frustrating, right. Yeah. Yeah, so so that's what I really, I completely agree with you. I would like very much, you know, what I want to see is more event, you know, not pool like things that do events, right. And then, you know, and but the kind of the rest of the infrastructure to continue to get boring but then have the tool chain on the side which is telling you how it works and how to make it work that's really gets gets the innovation or investment or whatever you want to call it. Yep. Absolutely. Absolutely. Daniel, what do you think? Are you are you on the same page? Do you do disagree? I think you probably told me how to do that. Yeah. Right, right. Alright, so kind of, you know, we try to prepare a list of questions in advance so that we, you know, have somewhere to go about things that we want to talk about. So, yeah, so, you know, you started this company chain guard. What do you do? What does chain guard do? Sure. That may be a leading question. I may know the answer, but you know, Yeah, I said separate words. Yeah, question for me. Yeah. Yeah, chain card is is all about securing the software supply chain. So we want to go ahead and make the software supply chain security software secure by default. So, and the reason why the by default is so, so, so important and crucial there is that just like, you know, and now just going to jump just a little bit back for Katie for the first time, but then I come back there. But the principles there were again that like things should just work in Kubernetes by itself was very hard. And if you did all the things right. You've got the things up and running, but the cognitive load to get there. And the chance of making a mistake was very high. So if the K native, the idea was that everything is reasonable and best practices by default. So you kind of have to go out of your way. Go ahead and find the job to turn it and go like dash dash break me. I know what I'm doing. And you're like, well, okay, well, I don't know that's sort of kind of what happened. So the same thing sort of kind of applies with the chain card and and our philosophy on how we think about the software security where it again is I used before is there's just no dash dash, you know, make it secure flag or just it just doesn't work like that. It's a holistic problem. Sorry, it's a big problem and even a glance over holistically rather than coming in and peddling our snake all wears. So we are taking a holistic approach to it. So you said a really big thing there which I think for a lot of people needs explanation is what do you mean by a secure supply chain like like what is like where is, you know, supply chains is how I get you know, equipment to military in the field right. So we talked about it in Kubernetes land a little bit. We've talked about it actually on the show before. But can you explain first kind of what you mean by supply chain and then what does it mean or why do I care if it's secure in a sense. Sure, that's a quick question. Yeah. So, so a lot of thought is going into basically finding the buffer overflows and everything else and the folks have been going in like well my software is secure. Because you run the various things on it right and and that is your piece of software that you use and you know let's say you produce Hello World. There's a lot of things that happened before that there's a lot of libraries that are being dependent on. There's a lot of tools that are actually producing that Hello World right so that's the simplest example so there's your tool chain. Right there right so you have the dependencies that you take and you don't even think about you don't know what's in them I nobody goes in and looks at them. And then the other one is the compiler right so well how do you know that the compiler is not being tampered with. So that is a that is probably the smallest example of sort of kind of being able to go and say well what is my supply chain. So you basically go ahead and the other way that folks sometimes think about supply chain is is comparing it to food supply chain analogies right so you know the ingredients and then you know the recipe. Right so you can go ahead and look into the back of the oatmeal oatmeal is pretty bad because they're pretty easy but even then you can trace back to where it came from and everything else. But if you if you were to go and look at food products you can go and understand what is in it and you can go ahead and in case there is any kind of problems with that. They can go ahead and trace back where it was built how it was built or doesn't build but made and so forth so that's one example of the supply chain. And and then it gets even more complicated because now you go ahead and start producing and now now we are switching back to the happy software land which is not happy at all turns out. So now you're basically building these hopefully again not on your laptop right so when you start building more and more systems you have built systems right. And now these built systems do all kinds of various things on base and they are running on on places that you don't necessarily even have control over so you need to have some kinds of guarantees and understandings of what is being happening there. And this has been a problem that's been, you know, fairly up in the news over in the last couple of years with things like solar winds or sort of kind of log for Jay are good. There's many she choose your favorites those are the ones that that that I think made probably the most news. But again, where somebody was able to go ahead and come in and be able to tamper with the software that was actually producing the software. But it becomes easier to go ahead and do that and then so so the problem that we as you know developers are facing that most people don't just like code for writing code and checking it in but they actually expect that code to run somewhere and do something useful except just blow hot air. Unless it blows hot air as it gets the blow hot air event and it's all right. So yeah, so for those things we really want to go ahead and be able to go ahead and understand like what is the software that I am supposedly running is that the same thing that I should be running how do I know. Right. And so the the provenance and being able to track it back, not going back to the cookie thing like the FDA comes in and goes like, you know, approved, right, good to go so. And so one of the projects that we folks at chain cart where part of founding was it's called six store and again open source. So this is something that we have very, very actively working on on on tackling one part of the supply chain which is the province and being able to understand. Okay, what is running in your software can I trust it who produced it how was it produced. And so six storm is the project. There's also other things that we have been working on when I say this is not not just us but the community as well is is salsa, which is the ability to go ahead and say how good is your software supply chain. And it basically is a rating from one before and for each level the higher you go higher means better sometimes always scaling it's like is it better or worse right with the CV is higher is worse salsa case, it's better. And it basically just goes gives you ways to assess the maturity of the software supply chain, and it starts with things includes things like do you have automated builds. Does anybody look at the code that gets committed you have any kind of processes in place to go ahead and get eyeballs looking on the code and saying, yeah, it's been reviewed, and so forth. So, those are some of the things that we are working on. And again, and that I'm saying a lot of things because we have a lot of time here for to go all the things, but to give you a taste of sort of kind of all the things that are going in so when I say like hey it's a big problem. Or it's a very big problem. And here's some solutions to it. It's, you can't just go ahead and think about it as again, dash dash make it secure flag. There is no right thing. And the supply chain is very, very long right so if you start thinking about the dependencies and we start thinking about the, we talked a little bit about that because I can understand go ahead and say where did the software come from, and they can go ahead and and transitively then go and put some, put some guarantees about it that's good and you can maybe sort of kind of see how some of those things can flow through. But the one thing that I am super excited and since I have the floor I'm going to go and take a moment to say at some point this code is actually going to go and be baked into and since we are in the Kubernetes land right it's going to be a container right. Containers always need a base image and they need to be go ahead and running on something. So, so the one thing that I'm super excited about is this thing called Wolfie that we just announced last Thursday. And I think, oh, it's so cool. It basically is super minimal, undistroyed, there's different little words there and I shouldn't be putting in front of everything because I don't always remember everything but it's super small. It doesn't include things like, I don't know, kernel. So basically, by being able to go ahead and turn it down super tiny and one, you know, there's always these articles like with this one weird little trick, right. And in this case, it typically this case, it really is just like that where you just go change your where you what are you basing on me john and you can basically do two things so going back to my gold cold start example earlier when I said like I expect fun things out of that. Well, guess what, when you go and make the software that needs to be pulled in and ran smaller. It's going to start up faster. And the second of all, is that it's also going to be more secure. So, because the attack surface goes down even if you don't do anything else. Right. Yeah. Go ahead. Daniels have a comment. Yeah, yeah, sure. So I'm kind of remorse is how we improve the supply chain with security, not even developer but also like a platform engineering. So I just really quick question around that. So, you know, I saw a lot of people in platform engineering and then like a developer really looking forward to how to integrate using like a CNC project like a Cuban in an ecosystem with supply chain. So wondering, is there any chance to chain guard to have integrated like a get off some practice like I go city or six store as some of stuff to augment the security capability as part of the Cuban ecosystems. That's a great question. So, sort of kind of going back to the, how do you know what's running. So one of the, one of the things that we have been very actively involved in is making sure that we can answer the question, am I running the Kubernetes that I was supposed to be running, which is, you want to be able to go ahead and have a high degree of confidence that when I put my workload in the Kubernetes. It actually is Kubernetes and not Kubernetes prime that's been slightly modified. So one of the things that we, and, you know, other other folks in the community as well have been working on is making sure that the software is signed, so that you can understand like the Kubernetes itself, it has the S bombs. And that that again, I didn't explain that, but S bomb is basically a software bill of materials so S bomb is a machine readable format for being able to understand what is in this software package. So just like, again, you look at the pack of twinkies, you see what's in it. And then you can make choices on whether you should eat or not, but with the S bomb, you have the same thing you can see what is in there and make choices. Well, should I run this if you know that it contains a vulnerable piece of component in there. So right. Yeah, so I was going to kind of elaborate on that a little bit in that I think this is one of the key, you know, kind of not to really recognize advantages of open source right is that you don't, you don't have to have any trust in the system for any individual organization, right in the sense that, you know, yeah, maybe I trust chain guard to, you know, because they're providing me software that's doing this auditing or whatever but if I really want to right I can actually go back and audit all the way back, right. You know your your food example, I think is really interesting because I haven't actually heard anybody talk about that before. But as a as a family with food allergies at home, we care a lot about the provenance of food right especially like cross contamination and things like that is even in so far as we've called the factories before and said, Hey, when you said made in a place, you know, how do you actually manage your lines, you know, do you actually, you know, is there real separation. And, you know, with the advantage of open source off right software right is that we can kind of go do all the way back right all the way back to the smallest little bit and figure out exactly what's going, you know, happening, where, you know, sure I can make the phone call to the factory and find out what they're they do on their lines but all I have is their word and you know I don't you know I don't have any way of proving it to myself. You know, it might be a little excessive but you know like, it's not like there's cameras in the factory that I can access and see what they're doing right, whereas I think with the with kind of that whole supply chain of software and you can have your your S bombs right being very very detailed and very very accurate. And so but you can kind of see that whole chain of software. So I think, you know, the idea with Wolfie right is that you can kind of describe that. What do you what do you recommend or how do you recommend people add their software to the base image though what's what is the what is the technique I see there's no package manager so how do I get my code in there. Yeah, that that's a great question and we actually have and I'm going to go ahead and answer your question a little bit but I also say one additional thing that I think that that I'm just this excited about it just like you know one of your children, you can have favorites right so so we also introduced this Academy because we think that again like this is a complex problem. So we introduced an Academy to go ahead and make it to help folks educate themselves. So this again is just, you know, a free service because we think being being at least aware of these issues, and then how to start tackling them is is super important. Again, it's sort of kind of unfair to go and say well you know yeah of course you will understand how six door works it's like go read the source code it's open source, you know, of course, of course it does documentation but you know that that's been far too long sort of kind of the in some some places like well, you know, the cop out answer. Right. Right. Yeah, yeah. So, so one of the. So one of the things that we have been trying to go ahead and have put a lot of effort and I'm really proud of the work that we've done there is the Academy so that folks can go in there. We educate themselves and not only that but get hands on experience with some of the tooling in a in in their browser so they can go and start understanding how to do some of these things so. So that is probably where I will put folks first to go ahead and take a peek at it because it does contain many of those ways that how do I get my stuff but in many of the cases to your point. Many of the cases it should just be a matter of changing, you know, when you're building typically most people build their stuff. You know, from Docker and they have the from line this is my base image and in many of the cases, it just a matter of being a changing that baseline whatever you if it's you boom to or if it's whatever it is and not taking boom to anybody, but. Yeah, so you just replace that line with the Wolfie base image and now you get a smaller faster stronger container out of that. Yeah, yeah, I got you. Cool. Were there any other things we wanted to cover I know we wanted to talk a little bit about cube con before we wrapped up the show for today. But as they're, you know, I think the the Wolfie container I think that sounds really interesting I'll definitely be checking it out more after the show. As people on the show and people in, you know, a BU know I'm a big fan of containers I've been, you know, I've been using them pretty much exclusively for development since like 2012. You know, and so I'm kind of biased towards them. So, you know, I like them a lot. I think that, you know, and but I think that at the end of the day I think what you're one of the things that really point out is that supply chain problem is that a lot of people don't realize. How, you know, how many possibilities there are for injection of error, right? It doesn't even have to be malicious, right? You know, the examples we've brought up mostly have been malicious, but, you know, it can just be accidental. And, you know, and part of having a, you know, a supply chain you understand, you know, whether it be, you know, whether you call it secure or just, you know, awareness and all that stuff. I think it's really, really important because you need to make sure that the software that you're building, you know, is what you think it is, you know, and that's a huge point. So did you have anything else you wanted to kind of close up with or? I don't think, I mean, please go check those things out. I think that they're pretty awesome if you're interested in finding out about more of this space, educating yourself, learning about things, go check those out. Thank you for having me on the show. And yeah, I mean, I'm around if people have other questions. You know, I'm pretty approachable person. Yeah. Will you or chain guard be at a cube come speaking of. Yeah, you're going to have quite a few folks there. Yep. Cool. Come, come find us there. Yeah, exactly. Awesome. Well, thanks so much for your time. We really appreciate it. We really like to hear, you know, like I said, from the perspectives of people, you know, who are kind of actively engaged inside Kubernetes land to find out, you know, what they think is going on. You know, because it's always difficult from the outside looking in or as a consumer, it can be really difficult to keep track of what's up. So we, we would like to invite Tam Nian to the show, who is hopefully still around. It didn't go get coffee or something. Thank you for having me. Thank you. Thanks. Thanks for joining me. See you later. Tam. So you want to tell us what's going on at cube con because our show like the site and the show are going to be doing a bunch of stuff. Yes, we have a bunch of exciting stuff. Awesome show by the way. Thank you. That's probably my top three for sure. If you're wondering what the other two are, I think Liz rice one was really good. Yeah, I did like that. We got to bring up a prior episode when we talked about six door a little bit. So that's always as well. Yeah, if you guys check out kve or cube by example.com because we have a bunch of our prior episodes up there. Cool. So cube con is next month. I'm super excited. I haven't been to cube con since San Diego. Where I remember I met Daniel. Oh, on a boat. We were in common. Yeah. Sometimes. So now we're going to be in Detroit. And let's see if any of you are like me, you probably procrastinate and you haven't registered for cube con yet. So if you haven't registered, I got a 20% off discount code for you. I don't I can't throw it in chat but LinkedIn if you can throw it in there for me. There's a promo code. Use it register. We'll see you in Detroit. And then once you register, check out our Ford talk that we're doing LinkedIn. You want to talk about it because we're exciting stuff. Yeah, so we're going to do a panel interview of some of the leadership at Ford with their kind of developer tooling and and Kubernetes, you know, kind of related stuff. So they actually like to use cube by example, as part of the way they teach their developers more about Kubernetes and such, right? And and so we're going to do a panel interview. I think it's late in the day on Wednesday. And, you know, and it'll basically three of us on stage. I'm going to talk about from the perspective of my interactions with students and the idea behind containerization and the challenges of, you know, most of them are still working through what a virtual machine is, right? But getting to containers is a whole another level. And then orchestration of containers is even further beyond that. So I'm going to talk about it from kind of my perspective of trying to work with students. They're going to talk about it from their perspective of working with their internal developers who kind of like have similar challenges, right? Because even though they've been doing development for a long, long time, they know how to do their development. And so changing that is often challenging. So and some advantages that cube by example, the website has worked to help solve those problems. Yeah, definitely. And I know the Ford, the folks out forward mentioned they watch the show as well. So shout out to them if they're watching right now. Also, Ford is heavily recruiting at KubeCon. So they are also a sponsor. So just insider tidbit there if you're looking for a job. Cool. So Kube Insider is going to be at Detroit as well. We're taking the show live. Partnering with Ford. They are lending us a Mustang Mach E GT, I believe. So we'll be doing some car interviews. Langdon will be driving and we have a bunch of passengers lined up. Whole set of all stars, I'd say. So I'm really excited about that. If you see the car, give us a shout out. It's getting wrapped, you know, so it'll be cool. You'll see the KVE branded Mach E driving around Detroit. And then for any of you call for papers is open. So for KubeCon EU and Amsterdam, you have until November 18th to submit your call for papers. So it's definitely is creeping up. And I'm super excited after Detroit, Amsterdam is our next stop. So car interviews, I think turn into canal boat interviews in Amsterdam. Yeah. So if anybody on the show has any recommendations for what we should call this extravaganza, you know, because we could use the help because our, you know, if you know anything about my history, I have a past history of doing a very job of bad job of naming things. So yeah, so any any contributions would be appreciated. Definitely drop us a line. And if we pick your your naming convention, then we'll get some KVE swag. What else are we doing? So I'm working with Daniel. Oh, we got an awesome conveyor workshop at OpenShift Commons Gathering. That's co-located to KubeCon amongst all the other co-located events at KubeCon. I think there's like almost 25 various co-located events. So check it out. But we have the conveyor workshop, which is I'm really excited about it. Are you excited, Daniel? We're a sandbox project now. So yeah, absolutely, absolutely. And then the conveyor workshop, we're going to give us some chance for all attendees. How to try and explain it. And then we're really more than happy to get some feedback from all of you. And it will end up with improving ourselves and the community as well. Yeah, really looking forward to that. Yeah, it's nothing like live use to give you real feedback on on your software. Yeah, leading the workshop along with shout out to Savitha and Fabian as well. Do you want, can you drop that link? For the conveyor? For conveyor, yeah. Oh, I see it now. Yeah. Yeah, I said there's also the OpenShift Commons Gathering and KBE is going to be doing something there right too. We're going to sponsor the reception. So come hang out with us and we're going to meet and greet with all of our co-hosts bench. So Daniel O will be there, Savitha, Josh Berkes. You will be there, Langdon. And did I forget somebody? I feel like I forgot somebody. Probably. So there'll be surprise guests. Surprise guests or something. Yeah, it'll be fun. It'll be a meet and greet and, you know, cocktails and food. To munch on. So what else is new at KubeCon for KBE? We're going to release two new learning paths. So Argo will be one of them. Shout out to Christian Hernandez who's working on that. And then Tecton Langdon, you're working on that one. Yeah. Yeah. I need to, I need to work faster to make sure I hit the deadlines, but yes. Yeah. Yeah, plenty of time. Yeah. The beginning of the semester, this semester really hit like a train wreck. So it's been, it's been a tough or a complicated September as evidenced by my tweet that went out at 345 this morning, talking about the show being on in an hour. So yeah, like clearly, clearly not at my normal quality levels of social media. But yeah, so that should be really cool. I really like explaining CI and CD to people because people really don't understand what it really means and why it's so important, especially in how difficult it is to retrofit onto a project that if you don't start off with those kinds of models, it can be really, really difficult. I'm also really excited to see Hernandez's Argo stuff, you know, getups, I think is the right answer for lots and lots of, you know, software. And if you're, if you're kind of not at least aware of that concept and what is going on there, you're doing a lot of work you don't need to be doing. For sure. And then, just along with the learning paths, since we're on the topic of K native today, we have a K native learning path on K ve Langdon if you want to throw that link in there. I'm sure. Now, it's here. We throw it in our private chat. Oh, here it is. I got it. Yep. So K native learning path there shout out to the team that worked on that Joel's team at Red Hat. Yeah, super excited about chain guard having their own Academy that's pretty cool to all about, you know, sharing more learnings with the community. But that's it for me on cube con I'm just really excited to go to Detroit and see people again. There's conference back since this pandemic. Yeah, we had dev conf us was in person. And so I definitely saw some people there. That was a lot of fun. But of course, I that's a conference I run. So sitting around and chatting with anyone was not an option. Yeah, just yeah, I actually I did we do the trivia. I think I meant I might have mentioned this on the show we do the trivia at the end of dev conf us it's one of my favorite conference things. And basically the winners of trivia get to pick out swag, right. And but one of my questions was how many steps did Langdon do over the course of the three days, you know, by, you know, monitored by my watch. And the answer was 71,000. So yeah, walking around. Well, I think at cube con, we're definitely going to hit over 10k dude. Yeah, probably probably although there's a lot of driving so we should be probably tracking mileage to. That's right. All right, well, I know Daniel, you've been globetrotting. Where's your next next stop. Yeah, yeah, so I'm actually in the Chicago, the j com for the next week, I'm going to go to New Orleans. And then we're going to end up with the mini cube called this place. Yeah. Do you at least stop at home anywhere in there? You know, I saw most likely I got to stop at home over the weekend. Yeah, daddy, daddy stuff. Yeah, right, right. Yeah. Yeah, it is nice to see the kids, you know, on occasion. Yeah, maybe next year, I'm going to bring my son and daughter to that comp with Austin University. I'm really going to have to choose my friend, the professor Langdon to my son and daughter. So yeah, last time I tried to do that, but my daughter got a call I told you. So I couldn't do that, but hopefully next time. Right, right. Yeah, totally. Yeah, I think one of the things we got to look at DevConf US, which they do at CZ is like some sort of kids track, you know, because those are a lot of fun. And you read had some that used to have really strong ones, actually, years ago. And, you know, so I wouldn't mind seeing those come back to I don't think cube con does one though, as I recall, but maybe that's something they could do in the future. And I think they're they're a lot of fun when you can like bring the family to a conference. Sure. Yeah. All right. Well, thanks everybody. You know, again, thank you to Ville for our for being on the show and, you know, I think, and pertain giving us one of our best interviews. And, you know, we're excited to see all, you know, as many as we can at cube con, you know, or you can watch the videos of the, you know, the shows afterwards. So both our interviews, but then obviously also the talks themselves. And so we strongly encourage it conferences can be a really good way to get an inside track on what's coming up because people like to come and talk about, you know, people like to present new what's new what's coming, more than, you know, what exists. So so there couldn't be a really good way to get an inside track. And that's the show. Thank you. See everyone.