Cloud Native Compass

In this episode, we dive deep into Flatcar Linux, an immutable Linux distribution designed for always-on infrastructures. The discussion covers the architecture and features of Flatcar, including its self-updating capabilities and minimal attack surface. We explore the use of Ignition for provisioning, the role of Systemd and its extensions, and the detailed update process via an update server. The Flatcar maintainers also highlight the benefits of full-disk encryption, node-level metrics, and operational insights available through tools like Nebraska and Node exporter. Guest speakers include Flatcar maintainers and engineers from Microsoft, who share their experiences and insights on managing and maintaining Flatcar at scale.

Today we had some long conversations about Arc Bash and the future of scripting as well as platforms and the rise and fall of Kubernetes.\nThe fall of Kubernetes. Hmm. I'll have Claude write a new one

Ever wondered how AI is changing the way we code? Laura and David break it down in this episode of Smart Coding. From real-world examples to the surprising environmental impact of AI tools, they cover it all—with a few personal stories thrown in. Tune in for a relaxed and eye-opening chat. 00:00 Introduction to AI Augmented Programming 01:32 David's Coding Journey with AI 02:43 Debating the Merits of AI in Coding 04:29 Practical Applications of AI in Development 07:14 The Future of Coding with AI 11:11 Personal Experiences and Reflections 14:40 Learning and Adapting in the AI Era 19:09 Analogies and Deeper Insights 23:24 Discussing Web Design Skills 23:44 Challenges with Rawkode Academy Website 23:54 AI's Role in Web Development 25:09 The Future of AI in Coding 27:47 AI in Meetings and Daily Life 30:45 Environmental Impact of AI 36:27 AI-Generated Documentation 26:35 Final Thoughts and Farewell

In this episode, we discuss the intricacies of observability in microservices with Adriana Villela, a principal developer advocate at Dynatrace and an OpenTelemetry maintainer. Adriana shares insights about the importance of properly instrumenting code, managing technical debt, and balancing the environmental impact of observability data. She also delves into practical advice for getting started with OpenTelemetry and the importance of community contributions. Join us to pick up practical tips on improving your observability practices — and learn how to make smarter decisions that help you sleep better at night, even while running complex distributed systems. 00:00 Introduction to Observability 01:22 Meet Adriana Villela 03:40 The Role of Developer Advocacy 06:27 Challenges in Observability 08:05 Understanding OpenTelemetry 15:07 Manual vs. Auto Instrumentation 20:25 Best Practices for Instrumentation 22:58 Understanding Instrumentation Importance 23:29 Defining Observability 24:14 Cost and Environmental Impact of Tracing 25:57 Effective Observability Practices 28:23 Choosing the Right Technology Stack 32:37 Balancing Cost and Data Storage 39:36 Learning and Contributing to OpenTelemetry 47:20 Final Thoughts

Can open source ever truly be sustainable? In this mind-bending episode, Hazel Weakly guides us through the social, economic, and emotional layers of open source communities. We dig into governance, funding models, trust, burnout, and what it means to scale collective ownership—without losing your mind. Hazel Weakly: The Nivenly Foundation Fellow, Member of CNCF's Deaf and Hard of Hearing WG, Software Developer | Leader Hosts: David Flanagan and Laura Santamaria 00:00 Introduction to Open Source Sustainability 01:28 Meet Hazel Weakly 02:56 The Challenges of Open Source Sustainability 09:17 Maintainer Burnout and Governance 17:01 Funding Models and Economic Realities 27:26 Community Health and Conflict Resolution 40:46 The Future of Web Browsers as Public Utilities 47:07 Conclusion and Farewell

In this episode David and Laura explore the world of Atlantis, the Terraform automation tool, with special guest Jose (PePe) Amengual, a core contributor and maintainer of the Atlantis project. We discuss the origins, features, and future of Atlantis, along with its role in production engineering and its integration with various VCS systems.\n\n00:00 Introduction\n00:14 Terraform Automation and Project Atlantis\n00:35 Pepe's Journey with Project Atlantis\n03:40 What is Atlantis?\n22:05 Security Aspects of Atlantis\n11:09 Future of Atlantis

In this episode of Cloud Native Compass, hosts Laura and David explore the world of Java for serverless functions with special guest Otávio Santana. Otávio, a seasoned Java developer and Kubernetes expert, shares his insights into the modernization of Java, its ecosystem, and its place in the cloud native landscape. We discuss Java's evolution, the misconceptions surrounding it, and why it remains a powerful tool for developers today.\n\n00:00 Introduction to Java for Serverless Functions\n00:07 Meet Otavio Santana: Java Champion and Kubernetes Expert\n04:28 Java's Evolution and Modernization\n06:12 Java in the Cloud Native Landscape\n16:56 Java Ecosystem and Frameworks\n18:37 Java's Flexibility and Community Support\n28:14 Java in Kubernetes and Future Prospects\n29:44 Conclusion and Final Thoughts

In this episode of Cloud Native Compass, host David Flanagan is joined by Mark Fussell, co-founder and CEO of Diagrid, to discuss the intricacies of Dapr and its role in microservices and distributed systems. They delve into the actor model, the new Dapr Agents, and much more. (00:00) - Introduction (00:09) - Guest Introduction (00:14) - Overview of Dapr and Microservices (00:42) - Exploring Microservices (01:12) - Challenges in Microservices (00:42) - Dapr's Solutions for Microservices (03:25) - The Role of Dapr in Simplifying Microservices (04:17) - Communication and Coordination in Microservices (06:00) - Service Invocation and Pub/Sub in Dapr (33:22) - Component Model in Dapr (22:38) - The Outbox Pattern and Actor Model (39:49) - Dapr Agents and LLM Integration (49:08) - Diagrid's Role with Dapr (52:00) - Conclusion and Sign-Off

Video content coming soon.

Video content coming soon.

Video content coming soon.

Exploring Cloud Migrations & Infrastructure Strategies with Jason Hall of Chainguard In this episode of the Cloud Native Compass podcast, hosts David Flanagan and Laura Santamaria chat with Jason Hall, Principal Engineer at Chainguard. They dive into Chainguard's migration from Kubernetes and Knative to Cloud Run, discussing the reasons behind the move, cost considerations, managing technical debt, and best practices for infrastructure management. The conversation also covers the benefits of using Cloud Run, their strategic use of BigQuery for event logging, and insights into least access security models. Tune in to learn more about navigating cloud-native environments and optimizing infrastructure. 00:00 Introduction 00:52 Jason Does Stuff 01:32 Chainguard's Migration Journey 02:18 Challenges with Kubernetes and Knative 04:33 Adopting Cloud Run 12:15 Multi-Region Deployment with Cloud Run 19:26 Security and Authorization Practices 27:29 Operational Decisions and Cost Considerations 33:07 Debunking Kubernetes Myths 33:24 The Illusion of Free Services 33:42 Scaling Challenges and Solutions 37:00 Convincing Leadership to Address Technical Debt 39:41 Developer Environments in the Cloud 43:18 Cloud Run vs. BigQuery Debate 47:20 Security and Logging Best Practices 52:56 Future Plans and Focus Areas 54:45 Final Thoughts and Farewells

InfluxDB 3.0 Rewrite InfluxDB, a time series database, underwent a major rewrite to create InfluxDB 3.0, also known as IOx. The decision to rewrite the database was driven by the need for strict control over memory management and high performance. The project started as a research endeavor and gradually gained traction within the company. The team decided to build around projects under the Apache Foundation, such as Apache Arrow and Apache Data Fusion. In April 2022, InfluxDB 3.0 was officially announced, aiming to improve performance, scalability, and cost-effectiveness for users. IOx Database Engine The new database engine, IOx, is designed to handle various types of observability and monitoring data, including metrics, traces, and logs. It aims to provide a single store for all these signals, eliminating the need for separate databases. However, querying the data efficiently is still a challenge that the team is working on. The goal is to make IOx the go-to solution for storing and querying observational data, not only for server infrastructure monitoring but also for sensor data use cases. Challenges and Considerations Working with logs, tracing, and structured events in time series databases poses challenges. The dynamic and inconsistent nature of schemas in logs and tracing use cases can make extracting structured fields difficult. Time series databases also have limitations in handling tracing front ends and require an index to map trace IDs to individual traces. While metrics, logs, and traces are the gold standard for observability, there is room for improvement in terms of usability and performance. Flux and Data Fusion Flux, a scripting language developed for InfluxDB 2.0, addresses user requests for more complex query logic and integration with third-party systems. InfluxDB 3.0 incorporates a parser in Rust to translate SQL queries into a Data Fusion query plan, benefiting from the performance optimizations of Data Fusion. However, bringing Flux to InfluxDB 3.0 proved challenging due to the large surface area of Flux and limited time and resources. Updating the Flux engine to use the 3.0 native API could potentially resolve these issues. InfluxDB Development and Open Source Licensing InfluxData is focused on improving the core query engine of InfluxDB and enhancing its capabilities and performance. They have created a separate community fork of Flux to allow collaboration on its development. Paul Dix, the co-founder, believes that true open source should be about freedom and expresses his intention to keep InfluxDB 3 as a permissively licensed project. He discusses the recent license change by HashiCorp and the growing distrust in the developer community towards VC-backed open source projects. Putting InfluxDB into a foundation may not be feasible due to the lack of multiple contributors. 00:00 Introduction 02:00 Rewriting InfluxDB in Rust 20:45 The Observability Database 33:45 What the Flux? 44:45 OpenSource & Licensing 55:00 Shameless Plugs

Here are 5 key takeaways from this episode that you don't want to miss: 1️⃣ The People Problem: Laura Santamaria raises an important concern about verifying AI-generated outputs and tackling the challenge of the "people problem" in AI development. 2️⃣ Verifying Data Authenticity: JJ discusses the challenge of proving that a data blob originated from a specific model and how this issue is being addressed by companies like IBM through pile cleaning and legal penalties. 3️⃣ AI Misconceptions: We debunk some common misconceptions about AI, including the belief that it is an all-knowing fact machine. 4️⃣ Trusted AI: IBM's approach to building trusted models, with dedicated engineers responsible for cleaning and verifying data, is explained. Plus, we discover IBM's partnerships with Hugging Face to leverage the open-source ecosystem. 5️⃣ The Impact of AI: We delve into the potential positive and negative implications of AI, and how the rapid advancement of this technology presents challenges with trust and validation. 💡 Fun Fact: Did you know that 95% of open-source language models are trained on a data set called "the pile," which contains pirated and copyrighted material? Discover why this has implications for copyright and patent laws! As always, the conversation in this episode is engaging and eye-opening. JJ Asghar provides insightful perspectives and sheds light on the future of AI development. Don't miss out on the valuable information shared! Questions We Covered 1. How can the problem of untrusted data in AI models be effectively addressed? 2. Should companies like OpenAI and Microsoft be required to provide their data sets for verification purposes? Why or why not? 3. What are the potential risks and challenges associated with using AI technology without proper regulation? 4. Should AI creations be eligible for copyright protection? Why or why not? 5. How can we ensure the accuracy and trustworthiness of AI-generated data, especially when it comes to extracting information from sources like PDFs? 6. What are some potential positive impacts of AI technology, and how can we maximize its benefits while minimizing its negative implications? 7. How can the rapid advancement of AI technology be balanced with the need for trust and validation? 8. In what ways do copyright and patent laws need to evolve to accommodate AI technology? 9. What are the implications of China having its own set of laws and approaches to technology that may differ from other countries? 10. How can individuals navigate and better understand the AI space in order to make informed decisions and contributions? Timestamps 00:00 Introductions 02:14 What is watsonx? 05:30 AI for the Enterprise 07:00 AI as a Yes Man 11:20 The Wikipedia AI Challenge 19:05 AI Needs Trust 27:20 People Problem in AI 29:20 Ethical Dilemmas 40:20 Final Thoughts

We're back with an exciting new episode of Cloud Native Compass, and this time we're diving deep into the captivating world of eBPF. Join Laura Santamaria, David Flanagan, and special guest Liz Rice as they unravel the mysteries and explore the incredible potential of this powerful technology! In this episode, you will learn: 1. The two parts of eBPF: Discover the kernel program and the user space interaction that make up the magic of eBPF. 2. Programming with eBPF: Explore the different options for writing eBPF programs, from bytecode form to higher-level languages like Rust. 3. Compilers and SDKs: Learn which compilers, like clang GCC and the Rust compiler, support eBPF bytecode and how SDKs can make your interaction with eBPF programs easier. 4. The Evolution of Packet Filtering: Trace the history of packet filtering, from its humble beginnings to the powerful and versatile capabilities of eBPF. 5. The Widespread Adoption: Uncover the sudden rise in eBPF's popularity, its impact on observability and performance, and the role it plays in modern networking. Now, for a fascinating fun fact from the episode: Did you know that eBPF is now considered Turing complete? That's right! With its combination of features, eBPF has surpassed its humble start as a packet filtering tool and has become a full-fledged technology powerhouse. 00:00 Introductions 01:46 What is eBPF? 06:45 The Rise of eBPF 09:40 Why is eBPF Interesting? 16:00 Who's using eBPF? 19:20 eBPF for Developers 24:00 Troubleshooting eBPF 27:11 Future of eBPF

Curious about Istio's new deployment mechanism, Ambient Mesh? It allows you to use Istio service mesh without relying on sidecar proxies, which brings a bunch of improvements that Marino and Matt share throughout this episode; as well as a ton of deep dive technical implementation details. 00:00 - Introductions 01:50 - What Ambient Mesh? 04:15 - Why Ambient Mesh? 18:20 - Waypoint Proxy 25:00 - Trade Offs 34:20 - Why Not eBPF? 39:50 - Istio Graduation!

In this episode, hosts David and Laura, sit down with Laslo Fogas; a self proclaimed WebAssembly sceptic. They discuss the future of Cloud Native and improving the broken developer experience.

In this episode of the Cloud Native Compass, host David Flanagan interviews Natan from Wix Engineering about event-driven architectures. Natan shares his experience as a software engineer for almost 20 years and how working at Wix has improved his engineering skills. Wix has a powerful website building platform that has enabled people with different skill levels to build websites. They have expanded their reach from self-creators to agencies and web professionals and created a whole ecosystem platform. Wix has around 2,500 microservices in production, even more added every week, and they have a lot of visitors, around 1 billion unique visitors every month, which gives more than 500 billion HTTP requests per day and 70 billion Kafka events produced every day. Let's learn how Natan and Wix build for success at some pretty stagger numbers. 00:00 Introduction 02:25 The Scale of Wix 08:50 When & Why Event Driven Architectures 14:45 Service Mesh 19:30 Dev & Ops 27:15 Schema Evolution & Versioning 34:00 Introducing New Tools 37:15 Cost Optimisation 44:44 Plugs Links https://www.natansil.com/ https://www.wix.engineering/

I interview Mark Boorshtein, the CTO of Tremolo Security, an open-source identity management company that focuses on authentication, authorization, identity, and automation. Mark explains that their most popular tool is Open Unison, which allows users to log in to their Kubernetes clusters with whatever authentication system they have, such as LDAP, AD, Okta, or Azure AD. Open Unison also provides secure access to the dashboard and integrates with other cluster management applications. Next up we shift over to the issue of certificate revocation in Kubernetes. Mark explains that Kubernetes doesn't know how to handle certificate revocation, which can be a security risk if a certificate is leaked or an employee leaves the company. He recommends using OpenID Connect or impersonation to access the cluster instead of relying on certificates. Mark also discusses the default time to live on service account tokens issued by the Kubernetes cluster and the importance of not using service account tokens when talking to clusters This episode provides insights into the challenges of identity management with Kubernetes and strives to help you improve the security of your Kubernetes clusters. (00:00) - Introductions (01:50) - The Problem with Identity and Kubernetes (12:45) - OIDC (21:15) - Enterprise Kubernetes (31:00) - Security & Supply Chain (37:40) - Shameless Plugs Host: David Flanagan, Rawkode Academy Guest: Marc Boorshtein, Tremolo Security

In this episode, Rachel shares her journey into tech and how she ended up in the Kubernetes space. She did not have a traditional IT background, but she was always interested in computers and programming. As soon as she discovered the DevOps philosophy and movement, she knew that it was the right fit for her. She went down the rabbit hole of learning how to use Docker, Ansible, Chef, and Kubernetes, and eventually landed a job at Fairwinds, a Kubernetes-centric company. Rachel discusses the challenges that come with adopting Kubernetes, such as the steep learning curve and the knowledge gap. There are many unknowns if you are not in the Kubernetes space and it can be overwhelming to configure to produce a valuable platform for your teams. Rachel's journey into the tech space and her experience with Kubernetes provide valuable insights into the challenges and benefits of adopting and migrating to Kubernetes. Rachel Sweeney is the tech lead at Built Technologies for their migration to Kubernetes. Prior to that she was a tech lead at Fairwinds, a Kubernetes SaaS and consulting company, and before that she worked at the Pew Research Center creating their Kubernetes cluster and migrating workloads to it. She has been a speaker and panelist at various conferences and events ranging from DevOpsDays Philly to Container Journal, and also wrote a chapter for the O’Reilly title “97 Things Every Cloud Engineer Should Know: Collective Wisdom from the Experts”. Rachel loves traveling, culture, meeting new people, networking, and helping others grow. Feel free to reach out on LinkedIn with a message and connect!