Giant Conversations

Meet Miles Bryant from Monzo bank Giant Conversations Episode #05 Topic Meet Monzo Hosted by: Oliver Thylmann Starring: Joe Salisbury Miles Bryant Main topic Monzo aims to improve the financial lives of millions of people, and key to this is building a bank using modern technologies that don’t suck. They made a bold decision to adopt Kubernetes quite early on (version 1.3). Why did they choose Kubernetes, and what have they learnt?

This episode scours the halls of KubeCon Paris to get answers to what everyone is talking about. Giant Conversations Episode #04 This episode scours the halls of KubeCon Paris to get answers to what everyone is talking about. From what best talks are, to which booth had the best SWAG and even opened up the Pandora's box of Should Open Source Projects be monetized. Hosted by: Oliver Thylmann Tommy Hobin Main topic Cloud Native Ecosystem Q & A at KubeCon in Paris 2024 Selected Questions Srsly? In your opinion what are the best subjects covered this year? Can successful open source projects only originate from organizations that don’t prioritize monetizing the project? Should cncf be harder on their requirements for projects that graduate? LOLZ What's the coolest piece of swag or freebie you've picked up at the conference? If KubeCon had a theme song, what would it be and why? (one answer "it's raining men") What's the most memorable or funniest moment you've experienced at KubeCon so far? Which booth was the best visit and why? Interviewees Pini Reznik: CEO and Co-Founder of re:cinq Courtney Nickerson: Developer Advocate at Kubeshop Dr. Udo Seidel: Senior Customer Experience Architect at Kong Engin Diri: Customer Experience Architect at Pulumi Frederic Branczyk: CEO and Founder at Polar Signals Marlo Ploemen Liam Woodleigh Shirley (from Grafana) Ivana Zivkovic: Infrastructure Team Lead at Dohop Five main topics stood out to our audience: AI eBPF Web Assembly Sustainability Open Source Monetization AI Pini Reznik surprised AI is such a topic (they are saying "we just need to do it" and that is all) Udo Seidel would like to know more about the gaps between AI and Kubernetes eBPF Frederic from Polar Signal noticed a lot more tools associated with eBPF and the adoption has grown in 2023 - 2024 Sandy from Grafanna Labs is facinated by eBPF Web Assembly Financial industry liked Challenging the status quo at Kubecon Basic functionality of Web Assembly Sustainability Pini Reznik was surprised that sustainability was not a big topic as it had been in the past. Monetizing Open Source Cortney believes we need to get with the times and hold this discussion. "It's not the 90's anymore" Pini believes that for Open Source to be successful, you need a community Cortney talks about how the incubator she represents, Kubeshop helps open sources maintainers find a secondary project on top of what they are already building. Hidden Track 1 Clip The word super-interesting comes up with chip sizes. Where the Apple M2 chip is 12 nanometers wide and claims that we are "pretty close" to the physical limits of our hardware. Frederic talks about this alongside how his company Polar Signals as well as Groq are tackling this difference, specifically when it comes to Inference. (14. KubeCon EU 2024_Inference.wav) News from Swarmalicious Euro-cloud consortium CISPE calls for investigation of Broadcom Lobby group CISPE – a collective representing Cloud Infrastructure Providers in Europe – has called for regulators to investigate VMware by Broadcom’s software licensing arrangements, claiming will bankrupt some of its members and hurt end-users. CISPE secretary general contended that Broadcom “is holding the sector to ransom by leveraging VMware’s dominance of the virtualization sector to enforce unfair license terms”. He called for Broadcom to be designated as a gatekeeper under Europe’s Digital Markets Act. Spot Instance Availability Map This map displays real-time Spot instance interruptions, insufficient capacity events, and pricing across AWS, Azure, and GCP. Looks like Buoyant are doubling down on their decision -- following the announcement from a few weeks ago that Bouyant would no longer be shipping stable release artifacts in open source and would instead focus its efforts on Buoyant Enterprise for Linkerd, Buoyant CEO, William Morgan posted an update on LinkedIn, and it’s looking like they are still happy with the decision they’ve made. Redis is no longer open source All future versions of Redis will be released with source-available licenses. According to this blog post, in practice, nothing changes for the Redis developer community who will continue to have access to permissive licensing under the dual license; Redis will also continue to support its vast partner ecosystem – including managed service providers and system integrators. It really means that you can't provide a managed service or Redis, like cloud providers do, without agreeing to a license. How do lava lamps help with Internet encryption? Cloudflare translates photos of 100 lava lamps into random data for use in SSL encryption.

Talking to our own Zach about our Zachurity approach Giant Conversations Episode #03 and date Topic Giant Swarm, Security and Open Source. Hosted by: Oliver Thylmann Starring: Zach Stone Main topic We delve down deep into our security approach. The falacy of CVEs, the importance of PSS, the difference of developers and security practicioners and a lot more. News from #swarmalicious Cloud Native Computing Foundation’s FluxCD Project Gains New Corporate Support Puja is quoted: "Giant Swarm chose Flux as the core of our GitOps experience for all our enterprise customers as we believe that it's the most cloud native GitOps approach in the market. We will continue providing support for Flux among our customers and are happy to contribute upstream based on our end user community's production usage of the project." TEAMS WITH EASY ACCOUNT SWITCHING IS COMING! Are We Watching The Internet Die? Ed Zitron warns that the proliferation of generative AI, coupled with the incentives of major tech platforms, could lead to a homogenized, centralized internet dominated by inbred AI models trained on increasingly generic, algorithm-pleasing content — a concerning future that demands skepticism and resistance from users. Google has a blog up discussing their threat modeling when deploying “post-quantum” (PQC) cryptographic algorithms. “If we do not encrypt our data with a quantum-secure algorithm right now, an attacker who is able to store current communication will be able to decrypt it in as soon as a decade.” Parca - Open Source infrastructure-wide continuous profiling Polar Signals just raised a round and they have an open source tool for profiling that e.g. Vercel is really happy about decreasing their infrastructure costs. Acorn is pivoting fully into AI Acorn Labs CEO. ex-Rancher, announces that the company is suddenly dropping its flagship product to focus on GPTScript, an AI scripting language. Software Company HashiCorp Is Weighing a Potential Sale HashiCorp been working with a financial adviser in recent months to gauge interest from potential buyers. They are making an operating and net loss per in the double digit millions but have 1.2 billion USDs on the bank. So not sure why. News from Giant Swarm Swarmies are currently in Paris, next week's episode will be interviews from the conference. Our Marco Ebert will be speaking at KubeCon alongside James Strong from Isovalent about Ingress-Nginx and 2024 Plans (Talk happening on Thursday at 14h30) Giant Swarm Platform 3.0 Blog post from Timo explaining it all to follow this week. Here's a preview. Bug of Week (from our Retrospectives) With karpenter for cost savings, we are reaching cilium API limits due to lots of pods being evicted and need to raise those limits. Pawel then managed to figure it out. NetworkPolicy Objects with CIRDs are the culprit. Without NetworkPolicy objects everything went fine. When also 500 NetworkPolicy Objects were created each with 10 random CIDRs in them, node_local identities went up to 70k, causing cilium timeouts, causing pods being stuck in ContainerCreating. Especially for single IP networks, cilium creates 31 secondary labels. Packing single IP CIDRS into slightly bigger subnets should help. We have an upstream issue for it.

Let's go to Kubecon in Paris Giant Conversations Episode #02 and date KubeCon is approaching quickly and we can't wait to represent 22+ deep. Hosted by: Oliver Thylmann Tommy Hobin News from #swarmalicious VMWare is still a talking point with posts on license increase from $8m to $100m and Glassdoor reviews stating: “CEO admits he has no hobbies outside of work. Stock price only thing that matters.” But there are also more balanced views New CNCF contribution view (seems to only count code contributions and is limited to Kubernetes project) Marcus is in the lead at Giant Swarm (with over 121 contributions to 12 repositories) and with Jose behind him with 102 contributions to 11 repositories. Cloudflare open sources Pingora which is written in Rust, fully async and multithreaded, and their framework for building HTTP proxy services. Lots of info for the tech minded through the link, but the framework includes client and server, and lots of utility library and they area actively working with the Internet Security Research Group Project Prossimo to make the most critical infrastructure secure. Alex Richardson update on Weaveworks and Flux As discussed last week, Weaveworks hit bad times, but the good news is that most of their team has already found new jobs, which is a testament to how talented they are. Now, Alexis is talking about transitioning Weaveworks from a company to more of a community focused around their open source projects, especially Flux. and Gitlab has emphasized their continued support of FluxCD. These tools just need to get into the hands of big companies that can use it to make money in another way. Akin to SBOM, Trivy Adds KBOM Vulnerability Scanning to K8s KBOM stands for Kubernetes Bill of Materials, so a Software Bill of Materials, just specifically for Kubernetes. I'll talk about it next week with Zach. Main topic Rejekts Rejekts is 17th to 18th of March. Schedule is packed and Tickets start at Free and and at Free. Marcus and Lukasz are talking. KubeCon Kubecon — taking place between March 19th and March 22nd, in Paris at the Paris Expo Porte de Versailles Metro Station Line 12 from the Trainstation to Porte de Versailles gets you there. Closest Train Station: Paris Montparnasse Train Station (Gare Montparnasse) | Distance from venue: 3.9 km; | Drive Time: 15 minutes by car; | Public Transportation: 24 minutes by Metro + walking. Kubecon Opens around 8 every day. Check the schedule. There is a great FAQ on the site. Travel by bike: you can use the Paris public bike-sharing system: Velib. Paris has a public bike-sharing system, Vélib’ that allows residents and visitors to rent bicycles for short trips around the city. You can find more information on the official website: Vélib 21 Swarmies attending the conference We’ll be at Booth K11 — the easier way to find us is to simply look for the booth with the cool, colorful graphics saying “Smarter Platform Engineering — creating environments for growth” Swag at the booth? We’ll have cool t-shirts in different colors; cool stickers and raffle prizes that Tommy can talk about How are our colleagues getting there? About half of the people are travelling by plane, another half travelling by train; Timo is coming by car Accommodation: most of the Swarmies are staying in a hotel close to the venue: Oceania Paris Porte De Versailles; the Swarmies attending Cloud Native Rejekts prior to KubeCon, are staying in an AirBnB in in Malakoff (a suburbe in the south-west of Paris) KubeCon parties has it's own website: Our Swarmies are also planning to check out some of the parties — here are the parties with the coolest names, happening during the event: KubeTrain Party, organised by the Cloud Native community; taking place at the Fitzroy restaurant; Kuberoke Spring Party, — a karaoke night taking place at KaraFun Bar; House of Kube — the tagline for this party says: “Where platform engineering meets Berlin techno. Your golden ticket to the darkroom of DevOps.” - taking place at a secret location that will be announced soon. What to do in Paris For our American Guests, service compris in restaurants means that tip is included but you can still tip of course. But it is then really a tip not a payment. :) There is a Five Guys somewhere ;) Colleague Xavier has mentioned some cool Speakeasy's and Bars in Paris. Moonshiner - behind Da Vito's. It says to get in, you have to go through the walk in refrigerator in the back of the resteraunt Food TIPS from Xavier. Avoid resteraunts with large menus or pictures of food! La Felicita: Big food court with lots of different restaurant types, very cool industrial vibe Chez Pietro: Recommended by parisian friends as amazing pizza place Peruvian restaurant Amazonas – 5 mins walk from the exhibition center Italian restaurant: Via del Gusto – 10 mins walk from the venue Korean restaurant: Les Petites Dalles 15 mins walk from the venue If you want to have a cup of coffee on the Champs Elysee, do so, but it is 50-100% more expensive than elsewhere, obviously. Sightseeing: You can take a Hop on Hop Off Bus at several locations call Big Bus Tours You can take a boat ride on the Seine starting at the Eiffel Tower, for example River Seine Cruises which takes an hour. Getting up the Eiffel Tower. You can walk, elevators are normally booked fully weeks in advance. But you can have a drink half way up. You might want to pre-book You can go to Centre de Pompidou which people tell us is actually worth it :) Xavier says Catacombes are cool but Oliver adds last time he went it was booked for over 2 weeks. So book in advance. There is no line for skipping in. Bug of Week (from our Retrospectives) Another recent one was with a customer that got a new management cluster because they needed it fully private from the public one before. We migrated the Workload Clusters with clusterctl, an upstream projects, a CLI to start clusters through CAPI but you can also move clusters. It worked well. But days later, when a new node joined the workload cluster, the encryption key (that K8s uses to encrypt secrets) that it used to get to (old) secrets didn't work. The reason is that clusterctl expect you to move the old encryption key to the new management cluster so that when the new workload cluster starts, the master gets that key and can still distribute further to new nodes but all the encryption aligns. As we did not move the encryption key to the management cluster, all old nodes were fine as they could get to the secrets that are still in etcd (encrypted with the old one) but the new node got a totally diferent secret information. Added notes Kubernetes LAN Party. A CTF designed to challenge your Kubernetes hacking skills through a series of critical network vulnerabilities and misconfigurations.

This episode introduces the Giant Swarm Conversations Podcast and will be an introduction to what follows over the next 3 months. We also cover NEWS 1, 2, 3. Giant Conversations Episode #01 This episode introduces the Giant Swarm Conversations Podcast and will be an introduction to what follows over the next 3 months. We also cover NEWS 1, 2, 3. This weeks jingle from Nikolai Rodionov Hosted by: Oliver Thylmann Tommy Hobin Main topics Introduction to why Giant Swarm does a Podcast This will be a time limited experiment. We want to have conversations with interesting people. We want to cover the news of the week from our ecosystem. We want to make Giant Swarm more human and introduce everyone to Swarmies. We will try to pick new jingles every week and here is the first one you just listened to. General Community News General Giant Swarm News News from #swarmalicious Linkerd offers a new model for stable releases - 2.15 WeaveWorks is winding down but ControlPlane is back the flux projects by employing maintainers Recent post from Alexis Richardson states We now move the Weaveworks "company" into a wider "community". Crossplan Graduation to CNCF Running K8s in Production Hackernews Post A collegue found a new way for RegEx :) All-In Podcast on Open Source AI Models shrinking the value of models to 0 Maxim Dounin is starting FreeNGINX as lots of people are still running it and it will be interesting how that develops with gateway-api in play. IBM Engineers Forked Vault calling it OpenBAO Angel from adidas is writing how they built their platform News from Giant Swarm Oliver did predictions again Swarmies Traveling with Talks: Marcus Noble at Rejekts in Paris: From Fragile to Resilient: Validating Admission Policies Strengthen Kubernetes Łukasz Piątkowski at Rejekts in Paris: No GitOps Pain, No Platform gain: Day 2 Challenges of Managing Kubernetes Fleets with GitOps Marco Ebert: Ingress-Nginx and 2024 Plans Puja Abbassi: Building Resilient Developer Platforms: Strategies for Overcoming Challenges and Crafting Future-Proof Solutions Bug of Week (from our Retrospectives) tl;dr: We enabled Loki on leopard yesterday. It should send logs to an object store. That object store is internal, but Loki was (mis)configured to use their proxy. Their proxy refuses the connection as it's an internal target it can not resolve. Their proxy logs the access and as Loki retried it a lot, their proxy's log volume filled up to 100% which resulted in their whole proxy service breaking down. Therefore several other services, including our login to leopard didn't work anymore.