WEBVTT 1 00:00:14.519 --> 00:00:19.280 Welcome everyone to another episode of Adventures in dev Ops. 2 00:00:19.519 --> 00:00:22.399 I'm your host for today, Will Button, and we have 3 00:00:22.480 --> 00:00:25.719 our new panelists with us. We have Jonathan Halm Hello, hello, 4 00:00:25.920 --> 00:00:29.480 and Jillian Rowe Hello everybody. And then we've got our 5 00:00:29.519 --> 00:00:32.240 guest today, we have er Zoberman. 6 00:00:32.399 --> 00:00:32.840 How are you doing? 7 00:00:33.039 --> 00:00:35.719 R Hi. Nice to meet you all and excited to 8 00:00:35.759 --> 00:00:36.119 be here. 9 00:00:36.280 --> 00:00:38.399 Well, we're excited to have you. You want to give 10 00:00:38.479 --> 00:00:40.679 us a little introduction about yourself? 11 00:00:40.920 --> 00:00:44.000 Yeah, sure, So my name is Yal and I am 12 00:00:44.079 --> 00:00:46.600 leading the product at the company named the three. 13 00:00:46.759 --> 00:00:48.960 In at the three, well, I think a company is 14 00:00:49.000 --> 00:00:51.039 prevent configurations. 15 00:00:51.240 --> 00:00:54.000 And fun fact, you actually also my co founder at 16 00:00:54.079 --> 00:00:57.079 episode number seventy six, so I give a reference to 17 00:00:57.119 --> 00:01:00.000 this episode and I won't go into details about exactly 18 00:01:00.039 --> 00:01:03.479 how we're doing that because it's plain it's there. Besides 19 00:01:03.759 --> 00:01:07.840 leading the product Editree, I'm also leading the local community 20 00:01:07.840 --> 00:01:10.719 of get up in Tel Aviv, which is the biggest 21 00:01:10.719 --> 00:01:13.719 one in the world over twenty five under the users 22 00:01:13.879 --> 00:01:17.480 and beside it and just love development. 23 00:01:17.560 --> 00:01:19.840 I actually was a developer before I. 24 00:01:20.000 --> 00:01:24.319 Went into the tree and as a product leader. And 25 00:01:24.560 --> 00:01:27.400 another fun fact, I actually have a lot of degree 26 00:01:27.519 --> 00:01:29.879 so I have nothing to do with development. It's all 27 00:01:30.280 --> 00:01:33.120 learned and I actually love early love code, and this 28 00:01:33.159 --> 00:01:35.000 is how I got into this space. 29 00:01:35.280 --> 00:01:36.640 So you said you have a lot of degree. 30 00:01:36.959 --> 00:01:39.319 Yeah, this is correct. I actually have a lot of degree. 31 00:01:39.359 --> 00:01:40.439 And I was supposed to be a. 32 00:01:40.400 --> 00:01:44.319 Lawyer, and so the prospect of being a lawyer was 33 00:01:44.480 --> 00:01:47.120 so horrible you decided, no, I'm going to work in 34 00:01:47.200 --> 00:01:49.400 tech instead went. 35 00:01:50.959 --> 00:01:51.599 Something like that. 36 00:01:51.719 --> 00:01:55.480 Basically, like, while I dealt with law, I always loved 37 00:01:55.519 --> 00:01:59.680 the technology, so I did like law and technology stuff. Basically, 38 00:01:59.760 --> 00:02:02.519 it was a lot of open source licensing because a 39 00:02:02.560 --> 00:02:05.280 lot of people never never really understood what is the 40 00:02:05.599 --> 00:02:08.360 open source and open source people never understood what is 41 00:02:08.439 --> 00:02:09.639 low So I was in the middle. 42 00:02:09.680 --> 00:02:13.000 There was able to talk with both sides. But during this. 43 00:02:13.000 --> 00:02:14.960 Process I actually fell in love with the technology and 44 00:02:15.000 --> 00:02:17.479 then decided it is part of the open source it's 45 00:02:17.560 --> 00:02:19.960 much more interesting. So I got into the open source 46 00:02:20.039 --> 00:02:23.400 to developing by myself and then went into the process 47 00:02:23.400 --> 00:02:25.680 of being a developer. So I have all degree, it's 48 00:02:25.680 --> 00:02:29.879 somewhere on the wall, but I'm not using it. 49 00:02:30.159 --> 00:02:32.520 So it's not that you thought law was too simple 50 00:02:32.520 --> 00:02:34.520 and you wanted a better challenge. You wanted something more 51 00:02:34.520 --> 00:02:37.439 complicated like Kuberneties to work with. That wasn't the thought process? 52 00:02:38.199 --> 00:02:41.639 Yeah, something like that, get out of your comfort comfort zone? 53 00:02:41.800 --> 00:02:43.800 Are you like certified in law? And you sent out 54 00:02:43.840 --> 00:02:46.319 kind of season disiness platters because I think that would really. 55 00:02:46.240 --> 00:02:48.479 Come in me And sometimes I prefer not to do 56 00:02:48.520 --> 00:02:51.080 that because again I did it like a few years ago, 57 00:02:51.199 --> 00:02:53.759 so I'm not up to date to all the new 58 00:02:54.319 --> 00:02:55.520 rules and stuff like that. 59 00:02:55.719 --> 00:02:58.000 But you're up to date with Kubernetes, right, this, this 60 00:02:58.039 --> 00:03:00.599 is correct? Yeah, what's the latest new feature here? Excited about? 61 00:03:00.879 --> 00:03:01.159 Wow? 62 00:03:05.280 --> 00:03:10.000 We promise not exactly too many for me to mention. 63 00:03:10.599 --> 00:03:14.080 Cool, But you did write an article that we've got 64 00:03:14.120 --> 00:03:16.919 here on why you need to use kubernating scheme of 65 00:03:17.000 --> 00:03:20.719 validation tools, and you actually looked at two different ways 66 00:03:20.759 --> 00:03:24.960 of doing that, Cuba vallel and Cube conform. What was 67 00:03:24.960 --> 00:03:27.199 the motivation behind it? I'm assuming that there's like a 68 00:03:27.879 --> 00:03:30.800 backstory here of where something happened and you were like, 69 00:03:30.919 --> 00:03:33.120 oh my god, we cannot go through this again. 70 00:03:34.240 --> 00:03:34.479 Yeah. 71 00:03:34.520 --> 00:03:36.919 So actually there's also a third option. It's like actually 72 00:03:36.919 --> 00:03:40.360 doing it with cube cattle, and so the backstory is 73 00:03:40.400 --> 00:03:43.159 that ed the tree. Like I said, we're helping companies 74 00:03:43.199 --> 00:03:46.840 prevent coubernet dismiss configurations. We're doing that by scanning the 75 00:03:47.080 --> 00:03:50.319 manifest files and giving them indication if it's up to 76 00:03:50.360 --> 00:03:55.719 the standards that was defined by the organization Police also called. 77 00:03:56.400 --> 00:03:57.960 And something big that we. 78 00:03:58.039 --> 00:03:59.960 Got is that a lot of people thought told us 79 00:04:00.080 --> 00:04:02.639 that it's passing the policy, but it's still not a 80 00:04:02.680 --> 00:04:06.520 valid Kubernetes file. How come because I know someone forgot 81 00:04:06.520 --> 00:04:09.759 to configure it correctly and instead of calling it, I 82 00:04:09.840 --> 00:04:12.400 know API version with version in a capital letter, it's 83 00:04:12.400 --> 00:04:15.280 all smaller or something like that. So it's still passing 84 00:04:15.280 --> 00:04:18.360 the policy. It's because it can have like a readiness 85 00:04:18.399 --> 00:04:21.560 prop and it can have a proper label and everythings correct, 86 00:04:21.680 --> 00:04:25.399 but on the technical side, it's not a valid Kubernet's file. 87 00:04:25.600 --> 00:04:27.759 And then we had the question is this something that 88 00:04:27.800 --> 00:04:29.800 we need to catch or we don't need to catch 89 00:04:29.920 --> 00:04:33.839 because again it's passing the policy. It's only a problem 90 00:04:33.879 --> 00:04:36.759 on the valid on the Kubernetus validation side. So I 91 00:04:36.800 --> 00:04:40.240 got into this space and start to investigate, and while 92 00:04:40.279 --> 00:04:42.600 doing the research, I found it it's actually a common 93 00:04:42.680 --> 00:04:46.199 problem that people have and there's only three ways to 94 00:04:46.240 --> 00:04:49.839 solve it. So one of them is with cubabal, which 95 00:04:49.879 --> 00:04:52.279 is a really good tool. It's actually the most popular 96 00:04:52.279 --> 00:04:55.199 one that most of the people are using, and this 97 00:04:55.360 --> 00:04:58.079 is a way to do the validation offline. The second 98 00:04:58.360 --> 00:05:02.120 tool that I found was cube confirmed. It's another open 99 00:05:02.120 --> 00:05:05.160 source it's really good too tool. And by the way, 100 00:05:05.199 --> 00:05:08.680 I just want to say Yan, I really love this tool. 101 00:05:09.079 --> 00:05:12.160 Thank you for that. Yan is the actually the person 102 00:05:12.199 --> 00:05:15.560 that write this tool. And Yan he actually took cube 103 00:05:15.560 --> 00:05:17.879 e val and he improved it. He did a lot 104 00:05:17.920 --> 00:05:20.360 of great stuff that you can see on Cube e valle. 105 00:05:20.399 --> 00:05:23.720 And it's also all maintained because Yan is kipped maintaining 106 00:05:23.759 --> 00:05:26.079 this project. And then there is also the third option, 107 00:05:26.199 --> 00:05:29.759 which is actually using cube cattle. But the funny part, 108 00:05:29.920 --> 00:05:32.600 and I was really surprised about that, is that, in 109 00:05:32.680 --> 00:05:35.079 opposed to all the other stuff campabilities that are really 110 00:05:35.160 --> 00:05:39.279 well documented, this part of doing scheme of validation with 111 00:05:39.439 --> 00:05:42.519 the native tool, which is cube cattle, it's not documented 112 00:05:42.680 --> 00:05:45.680 at all. I actually went through the code itself, like 113 00:05:45.839 --> 00:05:49.439 the co code inside get up to understand what is happening, 114 00:05:49.519 --> 00:05:52.040 to understand how it's walking, which flag I need to use, 115 00:05:52.240 --> 00:05:55.040 and I looked everyone like I Google. When I Google it, 116 00:05:55.279 --> 00:05:57.720 I got like two pages. This is how weird it. 117 00:05:57.639 --> 00:06:02.000 Was talent with our corner of the internet there, didn't you? 118 00:06:02.079 --> 00:06:04.199 Yeah, like someone can hide a body and the results 119 00:06:04.240 --> 00:06:07.120 about how to do schemu vilation with cube cattle. 120 00:06:07.279 --> 00:06:09.000 You can hide a body there and the resultso no 121 00:06:09.040 --> 00:06:11.680 one will find it. Nobody will find it, No one's 122 00:06:11.680 --> 00:06:14.120 looking exactly. 123 00:06:17.399 --> 00:06:18.959 It's going to be your new title. I was just 124 00:06:19.000 --> 00:06:20.839 wondering as you were describing these, are any of these 125 00:06:20.920 --> 00:06:24.439 integrated with HELM or these if you're writing your Kubernator's 126 00:06:24.480 --> 00:06:26.600 configuration files manually or through some. 127 00:06:26.560 --> 00:06:29.680 Other that's a really good that's a really good question. 128 00:06:29.920 --> 00:06:33.639 So if you think about it, and basically it's also 129 00:06:33.680 --> 00:06:38.399 a Combernetus manifest and in dead we're also rendering Kubernetus manifests, 130 00:06:38.759 --> 00:06:41.079 So it doesn't matter like all of them will walk 131 00:06:41.160 --> 00:06:44.160 with the head. It's only a matter of do we 132 00:06:44.199 --> 00:06:46.639 have like a native integration that it will be connected 133 00:06:46.639 --> 00:06:49.680 to M directly or another way to do that is 134 00:06:49.720 --> 00:06:53.240 to render the manifest with HELM and then passing it 135 00:06:53.480 --> 00:06:54.800 to one of those tools. 136 00:06:54.879 --> 00:06:57.079 Yeah, that's an interesting way of doing it. Just just 137 00:06:57.120 --> 00:06:58.160 have Holme render it for. 138 00:06:58.160 --> 00:06:59.879 You and then throw it off to one of exc 139 00:07:00.000 --> 00:07:04.399 exactly like people forget people forget that you exactly that 140 00:07:04.600 --> 00:07:07.560 helm is actually in the end, there's a Kubernetus benefit 141 00:07:07.600 --> 00:07:10.040 that's generating, and this is what's getting pushed to your cluster. 142 00:07:10.240 --> 00:07:12.839 Usually you don't see it because it's pushing it directly, 143 00:07:12.959 --> 00:07:14.959 but if you do ham template, you. 144 00:07:14.879 --> 00:07:17.519 Will see the file itself that is pushing. Cool. 145 00:07:17.600 --> 00:07:20.120 Now I have an extra step in my make files to. 146 00:07:20.079 --> 00:07:23.800 Add I think that's a great that's a great point. Though, 147 00:07:24.120 --> 00:07:28.879 where do you recommend people do the validation checking out? 148 00:07:29.319 --> 00:07:33.360 Yeah, so just for the people that listening and didn't 149 00:07:33.399 --> 00:07:34.680 read the article, we. 150 00:07:34.720 --> 00:07:35.920 Just say that good use. 151 00:07:36.279 --> 00:07:38.600 If you have a scheme of validation errow, it will 152 00:07:38.920 --> 00:07:41.560 get cut in the end because basically, when you try 153 00:07:41.560 --> 00:07:44.680 to deploy it your Kubernets cluster, Kubernets with throw an 154 00:07:44.759 --> 00:07:47.560 errow to tell you that it's an invalid a combneti 155 00:07:47.600 --> 00:07:47.920 is file. 156 00:07:48.079 --> 00:07:48.680 That's all good. 157 00:07:48.720 --> 00:07:51.759 The problem is that you want to catch those arrows 158 00:07:51.800 --> 00:07:53.720 as soon as possible. You want to shift them left. 159 00:07:53.839 --> 00:07:55.959 You don't want to wait until you try to deploy it. 160 00:07:56.040 --> 00:07:58.519 You want to catch them when someone is submitting them. 161 00:07:58.800 --> 00:08:02.319 And that's the problem. Because with cube cattle there's something 162 00:08:02.439 --> 00:08:05.639 that is called like it's a dry run flag that 163 00:08:05.680 --> 00:08:09.920 you can say something something applied minus dry run and 164 00:08:09.959 --> 00:08:13.079 then it will connect to your cluster. It will check 165 00:08:13.199 --> 00:08:15.480 if it's a valid file. If it's a valid file, 166 00:08:15.639 --> 00:08:17.759 it will not apply it. This is why you have 167 00:08:17.800 --> 00:08:20.959 the drying flag, but you to give you the indication 168 00:08:21.040 --> 00:08:23.759 if it will be accepted or not by the cluster itself. 169 00:08:24.040 --> 00:08:27.120 So that's really cool. The issue with that is that 170 00:08:27.519 --> 00:08:30.079 you actually need to have up and running cluster and 171 00:08:30.160 --> 00:08:32.399 you also need to have a connection to that. So 172 00:08:32.600 --> 00:08:35.200 going back one step and we said that you need 173 00:08:35.240 --> 00:08:39.720 to validate those manifest files as soon as possible. Usually 174 00:08:40.120 --> 00:08:43.360 local machines or CI machines don't have and you don't 175 00:08:43.360 --> 00:08:46.320 want them to have a connection to your cluster, so 176 00:08:46.399 --> 00:08:48.440 that's become an issue. So you need to find a 177 00:08:48.440 --> 00:08:52.159 way that you can do it offline. When I'm saying offline, 178 00:08:52.200 --> 00:08:55.120 I mean with no connection to your cluster, but also 179 00:08:55.120 --> 00:08:57.600 in a way that you can run as soon as possible, 180 00:08:57.679 --> 00:08:59.519 and not only when you want to push it into 181 00:08:59.519 --> 00:09:03.200 production or into staging, also to your cluster, which means 182 00:09:03.200 --> 00:09:06.240 to the cluster. So, like I said, you have cubival 183 00:09:06.360 --> 00:09:08.399 that you can do that with you can write run 184 00:09:08.480 --> 00:09:10.559 it locally, you can add it as a step in 185 00:09:10.600 --> 00:09:13.559 your CI and you can also do it in the 186 00:09:13.600 --> 00:09:16.799 CD before we trying to apply something. So that's one option. 187 00:09:17.080 --> 00:09:19.480 Another option that you can do it with is with 188 00:09:19.639 --> 00:09:23.039 cube and phone and same you can implement it in 189 00:09:23.080 --> 00:09:25.799 the same ways because like I said, basically it's almost 190 00:09:25.799 --> 00:09:26.320 the same tool. 191 00:09:26.360 --> 00:09:27.240 It's only I. 192 00:09:27.240 --> 00:09:30.399 Would say it's like cubivalve with superpowers with the cube 193 00:09:30.399 --> 00:09:33.080 and phone. And the other way for you to do 194 00:09:33.120 --> 00:09:36.080 it is actually with a tree. So with a tree we, 195 00:09:36.360 --> 00:09:38.279 like I said, it was an issue that we add, 196 00:09:38.519 --> 00:09:42.360 so we also added those capabilities to our tool. And 197 00:09:42.639 --> 00:09:45.960 if you are checking for policies, there's also pre acquisites 198 00:09:46.039 --> 00:09:48.279 that we will check. So we will check that you 199 00:09:48.320 --> 00:09:50.799 have a valid Cubernetes file, and if it's a valid 200 00:09:50.840 --> 00:09:53.679 Cubernetes file, it will also check to make sure that 201 00:09:54.240 --> 00:09:58.519 it's also passing the policy that you define on the organization. 202 00:09:58.960 --> 00:10:00.519 So this is also something that you can do. 203 00:10:00.799 --> 00:10:04.399 I will also say that another thing that is interesting 204 00:10:04.879 --> 00:10:06.840 and I wrote in the article, is that you have 205 00:10:06.840 --> 00:10:08.440 another flag with cube cattle. 206 00:10:08.720 --> 00:10:11.799 So we have two modes. You have several mode and 207 00:10:11.840 --> 00:10:12.759 you have client modes. 208 00:10:12.919 --> 00:10:16.879 Basically you can check both of them requiring you to 209 00:10:16.919 --> 00:10:19.799 have a connection to a cluster. Something is think that 210 00:10:19.840 --> 00:10:23.480 I discovered was that actually there's an open bug in 211 00:10:23.559 --> 00:10:29.519 the Kubernettis project, and the open flag is saying yeah, yeah, yeah, 212 00:10:29.559 --> 00:10:32.360 among those one thousand bucks that are opened there, and 213 00:10:32.559 --> 00:10:36.519 this open bug is actually saying that this is not 214 00:10:36.559 --> 00:10:37.720 the expected results. 215 00:10:37.879 --> 00:10:38.960 If you're using. 216 00:10:38.720 --> 00:10:42.840 The flag dry run but on the buts a client mode, 217 00:10:43.000 --> 00:10:45.679 it should not need to have a connection to a cluster. 218 00:10:46.000 --> 00:10:48.480 But right now it's not walking, so it's still requiring 219 00:10:48.559 --> 00:10:51.200 you to have a connection to a cluster. Another interesting thing, 220 00:10:51.360 --> 00:10:54.879 and this is also I explained in the article, is 221 00:10:54.879 --> 00:10:57.600 that there is a discrepancy between the validation that I've 222 00:10:57.759 --> 00:11:01.000 done on the client side and the validations that are 223 00:11:01.039 --> 00:11:03.840 done on the SEVI side if you're using cube cutted. 224 00:11:04.279 --> 00:11:07.200 So answer question, well, now, go ahead, go ahead, and 225 00:11:07.200 --> 00:11:07.960 then I'll argue with you. 226 00:11:08.039 --> 00:11:08.440 That's fine. 227 00:11:08.559 --> 00:11:11.279 So just to wrap it up, the best way to 228 00:11:11.320 --> 00:11:14.159 do that is as soon as possible, you should run 229 00:11:14.279 --> 00:11:19.639 those validations across the entire process from your local environment 230 00:11:20.039 --> 00:11:24.120 through ci CD and just before you're going to deploy 231 00:11:24.159 --> 00:11:26.919 it or any other automation process that you have staging, 232 00:11:27.039 --> 00:11:29.480 production whatever, do is as soon as possible, and do 233 00:11:29.559 --> 00:11:30.159 it all the time. 234 00:11:30.320 --> 00:11:32.200 I actually wanted to argue with you a little bit 235 00:11:32.200 --> 00:11:34.919 on a point about not having access to a cluster 236 00:11:34.960 --> 00:11:37.559 while you're doing these validations. I would think you would 237 00:11:37.559 --> 00:11:39.600 need access to a cluster, because what if I'm doing 238 00:11:39.639 --> 00:11:42.559 like no affinity is or okay, that's the only case 239 00:11:42.600 --> 00:11:43.840 that I can think of, actually is when I have 240 00:11:43.879 --> 00:11:46.080 not affiinity. So I don't have a real strong case 241 00:11:46.080 --> 00:11:48.000 to argue with you. But if I'm doing that right, 242 00:11:48.000 --> 00:11:49.559 I would want for it to say, oh, you're setting 243 00:11:49.559 --> 00:11:51.879 this note affidity on something that doesn't even exist, or 244 00:11:51.879 --> 00:11:53.639 it doesn't make sense, or it's not going to come up, 245 00:11:53.720 --> 00:11:56.039 or I don't know something like that. I would hope 246 00:11:56.039 --> 00:11:57.720 it would be smart enough to tell me that you're 247 00:11:57.720 --> 00:11:59.559 doing something wrong, and it would need to have a 248 00:11:59.600 --> 00:12:01.360 connection car cluster to do that right. 249 00:12:01.679 --> 00:12:04.879 So think about it like in big organizations that you 250 00:12:04.919 --> 00:12:09.799 have a lot of developers and so usually we're saying CIS, 251 00:12:09.840 --> 00:12:12.440 but we need to remember the CICD are two different steps, 252 00:12:12.600 --> 00:12:15.320 and there are a lot of organizations that I'm familiar 253 00:12:15.320 --> 00:12:18.960 with that the CI step is taking X amount of 254 00:12:19.080 --> 00:12:21.639 time and only then coming to the city step. So 255 00:12:22.159 --> 00:12:25.840 during the CI step that people keep changing the manifest, 256 00:12:25.960 --> 00:12:29.159 it's not necessarily going to be deployed right away. So 257 00:12:29.600 --> 00:12:32.000 at this step, then when you have the CI process, 258 00:12:32.159 --> 00:12:34.519 you want to run different checks, but you also don't 259 00:12:34.559 --> 00:12:36.159 want it to have a connection to your cluster. 260 00:12:36.519 --> 00:12:38.000 Only when on the city. 261 00:12:37.679 --> 00:12:39.600 Step you want to have a connection, you have to 262 00:12:39.639 --> 00:12:42.919 have a connection to your cluster. So if you separate 263 00:12:42.960 --> 00:12:46.679 those steps, which usually happening in big organizations, the CI 264 00:12:46.720 --> 00:12:48.279 step don't have connection to your cluster. 265 00:12:48.480 --> 00:12:51.679 So I'm looking through your article and some of the 266 00:12:52.200 --> 00:12:55.200 you have this nice little table that compares cubevel and 267 00:12:55.279 --> 00:12:58.000 cup perform against client mode and server mode of cup 268 00:12:58.039 --> 00:13:00.879 pedal and what things were caught and what it didn't. 269 00:13:00.960 --> 00:13:02.919 And I'm clicking on some of these here, and it 270 00:13:02.960 --> 00:13:04.919 looks to me like in some of these cases it's 271 00:13:04.960 --> 00:13:09.120 looking more for syntactic validity than contextual validity. I don't 272 00:13:09.120 --> 00:13:12.080 know if that's the right phraseology there, But for example, 273 00:13:12.080 --> 00:13:14.000 I look at the label value and it's the wrong. 274 00:13:14.080 --> 00:13:17.399 Example has a label of dash dash stash, which is 275 00:13:17.440 --> 00:13:19.960 just it's invalid. It's invalid syntax. It's not that it 276 00:13:20.200 --> 00:13:22.639 that label. I guess My question here is does this 277 00:13:22.799 --> 00:13:25.440 check that the label make sense or just that it's 278 00:13:25.440 --> 00:13:26.399 syntactically valid. 279 00:13:26.639 --> 00:13:27.960 So that's a good question. 280 00:13:28.240 --> 00:13:32.360 So basically, there are different steps of validations that you 281 00:13:32.399 --> 00:13:34.559 need to pass if you want to have a valid file. 282 00:13:35.000 --> 00:13:37.440 So first of all, let's think about it like on 283 00:13:37.480 --> 00:13:39.600 the general air view. You want to make sure that 284 00:13:39.639 --> 00:13:43.320 all your cuberneties files have to be a valid diamined file. 285 00:13:43.399 --> 00:13:44.159 That's first of all. 286 00:13:44.279 --> 00:13:46.840 After that they have to be a valid Kubernetes file, 287 00:13:46.919 --> 00:13:49.919 which means they need to follow a specific structure. After that, 288 00:13:50.480 --> 00:13:54.440 the values inside those files need to be valid, and 289 00:13:55.000 --> 00:13:58.480 different steps or different tools will catch different errows that 290 00:13:58.559 --> 00:14:00.639 I just mentioned. So with a tree, you will catch 291 00:14:01.120 --> 00:14:03.320 all theres, will make sure that it's a valid diamond file, 292 00:14:03.360 --> 00:14:05.559 will make sure that it's a valid tubunetifier. Will also 293 00:14:05.600 --> 00:14:09.240 make sure that the value is avalid and we cube valid. 294 00:14:09.360 --> 00:14:12.320 It will make sure that it's only a valid Kuberneti structure. 295 00:14:12.600 --> 00:14:14.840 So you have different vialiations that will make But by 296 00:14:14.840 --> 00:14:17.799 the way cube Cattle, once you try to deploy it 297 00:14:17.799 --> 00:14:20.759 to your cluster, it will make it will check all 298 00:14:20.840 --> 00:14:22.559 the stuff that I mentioned, So it will also make 299 00:14:22.600 --> 00:14:24.360 sure that it's diamal file to also make sure that 300 00:14:24.399 --> 00:14:27.440 it's notified and also valid value. But again the problem 301 00:14:27.519 --> 00:14:29.919 is that it's too late in the process, because it's 302 00:14:29.960 --> 00:14:31.919 only when you want to deploy and you just want 303 00:14:31.919 --> 00:14:33.840 to ship all this information to the. 304 00:14:33.840 --> 00:14:39.600 Left to the right, right to the left, to the. 305 00:14:39.639 --> 00:14:43.039 Left to left in Hebrew, also or do you shift 306 00:14:43.080 --> 00:14:43.919 right since you're the other. 307 00:14:44.240 --> 00:14:46.440 We read the opposite. That's the problem, you know, that's 308 00:14:46.480 --> 00:14:47.360 why the confusion. 309 00:14:47.440 --> 00:14:50.399 We're really from We're really from right to left, So 310 00:14:50.679 --> 00:14:51.879 like make. 311 00:14:51.759 --> 00:14:59.840 No sense the Japanese shift up, cultural adventures and DevOps. 312 00:15:00.200 --> 00:15:02.080 I had a great question, and now I completely lost it. 313 00:15:02.200 --> 00:15:03.799 You want to shop to come back? 314 00:15:05.799 --> 00:15:07.759 I think, okay, Well, I was just thinking, you know, 315 00:15:08.320 --> 00:15:10.919 like this whole idea of okay, we can say that 316 00:15:10.960 --> 00:15:13.480 it's a valid YAMO file and the valid Kubernetes file, 317 00:15:13.559 --> 00:15:15.480 but doesn't make sense. And to me that's always been 318 00:15:15.519 --> 00:15:18.320 like such an interesting problem, like one of the more 319 00:15:18.360 --> 00:15:21.559 interesting problems, especially because my background is high performance computing. 320 00:15:21.919 --> 00:15:23.799 So anyways, I think that we show like a crossover 321 00:15:23.840 --> 00:15:26.559 event with the machine learning people where we just make 322 00:15:26.639 --> 00:15:28.679 them train a really big model on a whole bunch 323 00:15:28.679 --> 00:15:31.120 of Kubernetes configurations where it makes. 324 00:15:30.960 --> 00:15:31.440 Sense or not. 325 00:15:31.759 --> 00:15:33.200 That might be the only way to do it is 326 00:15:33.240 --> 00:15:36.120 have like a massive decision tree that nobody actually understands 327 00:15:36.159 --> 00:15:36.960 that says yes or no. 328 00:15:39.240 --> 00:15:41.600 I think you just described Kubernetes exactly. 329 00:15:44.679 --> 00:15:45.600 Yeah, a little bit. 330 00:15:45.840 --> 00:15:48.559 Okay, I remember my question. I'm curious what does your 331 00:15:48.799 --> 00:15:52.720 workflow look like when you're working on Kubernetes manifests? Do 332 00:15:52.759 --> 00:15:56.480 you run these tools in your editor for example on save? 333 00:15:56.840 --> 00:15:59.879 Do you use githooks? Do you use CI pipelines? What 334 00:16:00.000 --> 00:16:01.559 does your setup look like? How do you do this 335 00:16:01.600 --> 00:16:02.120 in practice? 336 00:16:02.279 --> 00:16:08.399 Well, I'm biased, a musing I own, but yeah, but 337 00:16:08.600 --> 00:16:11.360 I'm telling you so what I usually see that people 338 00:16:11.360 --> 00:16:13.440 are doing this is why we credit this tool, is 339 00:16:13.440 --> 00:16:16.960 that they understand the value and they're trying to shift. 340 00:16:16.720 --> 00:16:18.600 It left right. 341 00:16:18.639 --> 00:16:21.399 You're trying to shift it left and they're doing it 342 00:16:21.440 --> 00:16:25.600 with pre committos. That's one. Then it's implementing inside the CI. 343 00:16:26.080 --> 00:16:28.840 The problem is that you need to implement a lot 344 00:16:28.879 --> 00:16:31.639 of tooling in order to get those simple vialidations that 345 00:16:31.679 --> 00:16:34.480 I just described. So you need to have volunteer for 346 00:16:34.600 --> 00:16:37.480 your YAM. Fine, you have a to have a cubival 347 00:16:37.600 --> 00:16:40.840 or cup performed for kubernettes. And then you need to 348 00:16:40.879 --> 00:16:45.559 have some way to actually do the policy checks, which 349 00:16:45.600 --> 00:16:47.960 can be performed with different tools that I have to 350 00:16:48.039 --> 00:16:53.440 pause doructure files JQ for example. Just trying some ideas 351 00:16:53.559 --> 00:16:55.440 if someone want to get crazy into it by himself. 352 00:16:55.960 --> 00:16:59.519 So it's actually requiring a lot of cluing and a 353 00:16:59.519 --> 00:17:02.360 lot of teaching and a lot of different tools that 354 00:17:02.480 --> 00:17:05.440 need to walk together, which become to be like a 355 00:17:05.480 --> 00:17:07.279 massive headache if you want. 356 00:17:07.160 --> 00:17:07.519 To do that. 357 00:17:07.839 --> 00:17:09.640 And this is why we build a tree. 358 00:17:09.680 --> 00:17:11.680 We're trying to do it in one tool, make it simple, 359 00:17:11.880 --> 00:17:14.440 make it fun so you can it's a sea light tool, 360 00:17:14.480 --> 00:17:15.920 so we actually enforced it. 361 00:17:16.039 --> 00:17:17.799 Or you can put it everywhere you want. 362 00:17:17.839 --> 00:17:20.240 You can put it on your local environment, you can 363 00:17:20.240 --> 00:17:21.720 put it in your CI, you can put it in 364 00:17:21.759 --> 00:17:24.279 your city, you can put it everywhere and it will 365 00:17:24.319 --> 00:17:27.000 do all those validation for you out of the box 366 00:17:27.200 --> 00:17:28.799 and a really simple and easy way. 367 00:17:29.039 --> 00:17:30.920 That's very cool. And is it all open source? 368 00:17:31.240 --> 00:17:32.079 Yes? Yes? 369 00:17:32.400 --> 00:17:37.319 And again like yeah, so there is a magic sauce 370 00:17:37.599 --> 00:17:39.400 in the tree, Like it's not. We don't have a 371 00:17:39.440 --> 00:17:42.279 secret API. We are not doing something that like every 372 00:17:42.279 --> 00:17:44.400 developer can do. What we're doing it, and we are 373 00:17:44.440 --> 00:17:47.400 totally okay with that. And the cool part is that 374 00:17:47.440 --> 00:17:51.039 we're just trying to make it much more simple for you, 375 00:17:51.079 --> 00:17:53.240 so you don't need to do it by yourself. So 376 00:17:53.279 --> 00:17:56.400 you don't need to configure this plit commit and you 377 00:17:56.440 --> 00:17:58.920 don't need to configure this and integration by the way 378 00:17:59.119 --> 00:18:01.160 soever henp like, and so we can do it natively. 379 00:18:01.440 --> 00:18:03.680 We just want to make sure that it's simple enough 380 00:18:03.680 --> 00:18:05.319 for you to use our tool and not to try 381 00:18:05.319 --> 00:18:08.279 to build it by yourself, because we all really believe 382 00:18:08.319 --> 00:18:11.400 in buys is built, that you should be focused on 383 00:18:11.480 --> 00:18:14.240 building great stuff that out of your coal business and 384 00:18:14.279 --> 00:18:16.640 not try to build and not try to build stuff 385 00:18:16.680 --> 00:18:19.000 that are not and you should prefer to buy them. 386 00:18:19.640 --> 00:18:22.119 So this is how we think about it, and this 387 00:18:22.200 --> 00:18:25.200 is why we're always trying to make sure that we well, 388 00:18:25.240 --> 00:18:26.480 we always want to make sure. 389 00:18:26.319 --> 00:18:28.240 That all the stuff that we're doing will give you 390 00:18:28.240 --> 00:18:29.160 a value as a user. 391 00:18:29.359 --> 00:18:31.400 That's very cool. You said something I didn't quite touch. 392 00:18:31.400 --> 00:18:33.880 There's a plug in for something, was it, Homer? 393 00:18:34.160 --> 00:18:34.279 Was it? 394 00:18:34.480 --> 00:18:34.640 Yeah? 395 00:18:34.720 --> 00:18:38.279 Yeah, yeah, So you asked about the nice so I 396 00:18:38.359 --> 00:18:40.559 mentioned because we ask about them. So, for example, we 397 00:18:40.640 --> 00:18:43.519 have a native hamp plugging so when you're doing ham 398 00:18:43.599 --> 00:18:46.799 in stall, it will do all those validations, which actually 399 00:18:46.799 --> 00:18:49.200 to make sure that is a validamter file, to make 400 00:18:49.200 --> 00:18:51.480 sure that it's a Kuberneties file, to make sure that 401 00:18:51.519 --> 00:18:54.279