Cloud Native Computing Foundation KCD UK 2021, 15 Sep 2021

Previous Meeting

⏯

youtube image

►

From YouTube: KCD UK 2021 | Day #1 Track #1

Description

No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).

A

Okay, I'm gonna have to go, live a different way.

B

Right: okay, ready.

C

Guy I need screen share it's disabled.

D

C

Hello good morning, good morning we're having just just minor technical difficulties, of course, because it's the first day it's all good.

C

Show you're due to start at 10 15, so you can just hang out and listen to us. Do the introductions and then matt will do a quick introduction for you and then you'll you'll start.

A

Okay, guys we're live. So if you'd like to start your instructions, please.

E

uh Good morning, hopefully we are live. Is this thing on somebody? Tell us please, because we can't see it um welcome folks, I can't believe we've actually done it paula. We are here, um welcome to kubernetes community days, uk 2021, um unfortunately we're not in person. It would have been fantastic to to be together and bring together all the communities um in the uk, um but uh that was not to be so we're kind of virtual, um along with a couple of in part in person watch parties.

E

um I am in sunny manchester at the manchester watch party, so you can come to work life here in manchester and join us. We get going with today's schedule, there's some thank yous and things that we need to run through. So if you could give me the next slide, please paula! So thank you to all our speakers.

E

um We're going to see some fantastic talks over the next couple of days. I'm not going to name them all at this point, um but they're all great um I've. I've personally uh read all of these abstracts. They look fantastic. um So next slide, please paula! So big! Thank you to our sponsors and without sponsors. None of these community events could be possible, uh we'll be giving some more information about the sponsors later, but thank you to tram shed for our technical uh stuff.

E

Thank you to snake control, plane jet stack, cystic and storage os um next slide. Please um thank you also to our workshop providers. Jet stack uh control, plane, um souza solo, dot, io container solutions and sneak some fantastic um stuff. There that's gonna, be presented all free, so please support our sponsors and go and check those workshops out. um I should have done. Oh thank you also to our watch party sponsors tramshed for the watch party in cardiff um and soft iron, who are sponsoring the work uh the watch party uh here in manchester.

E

um So I guess um before we go any further, I should probably do some quick introductions which I completely forgot to start with. So for those of you who don't know me, I'm matt jarvis, I'm director of developer relations at sneak and I'm joined by my fantastic co-organizer, paula kennedy um this morning, and I think it's over to you for this next bit right, paula, oh.

F

C

Thank you so uh just to introduce myself thanks matt, my name is paula kennedy. I am ceo of a startup called cintaso and I am so excited to be part of this community and to have worked with my co-organizers. To put this event on, uh we've got a couple of more thank yous, just a shout out to our charity partners who you'll be hearing a bit more from later today, they'll each be doing a talk to tell us about what their their work is, and so before we kick off, I've got just some housekeeping activities.

C

So, first of all just a reminder: we are governed by the linux foundation code of conduct. So even though this is a virtual event, it's still important that we follow the code of conduct and that we are kind to each other. If there are any issues at all that you see or that you experience personally, please feel free to contact the organizers. You can message us at hello at kcduk.io or via slack.

C

If you have any problems with the organizers, you can also report directly to the linux foundation themselves.

C

Just a reminder of the fantastic organizing team that we have, you can see all of our names here, we're all in slack and if you email that hello dot, io email address, the email will come to all of us and if there are any code of conduct issues, we will take them very seriously to join the conversation. Please join us on the cncf work. Slack workspace.

C

If you haven't already joined the joining instructions, are here on the screen. You just need to go to slack.cncf.io and then you can join the slack workspace and find us. We have a few channels set up. We have the kcd uk one for general conversation, so you can introduce yourselves, have network, have some conversations and then we have two specific track channels for asking questions to each of the speakers. So we have a track one and a track. Two. Our speakers will be in those slack channels, so they should be able to answer questions directly.

C

We will be trying if we have time at the end of each talk. Moderators will try to ask a few questions live so please post any questions in there or thoughts and comments.

C

Finally, we have some amazing cool swag to give away. So, if you haven't yet registered, you can sign up at kcduk.io and get some cool swag we're on twitter, so our twitter handle is kcd. Uk underscore io. Our hashtag is ktduk. I feel like I'm going to be saying: kcd uk quite a lot over the next couple of days, uh and obviously we have our youtube channel where you'll be able to see each of the talks stream separately and the way that this event is working with our tram shed.

C

Tech partners means that the talks will be instantly available to watch after they've finished. So if you do miss something, you better go and watch it pretty quickly, so I think that's all the housekeeping.

C

Thank you very much for joining us. We are so excited to be here. We have an amazing agenda, lined up which you can find on our site, kcd, uk io, and so I would like to say on with the show, join us on our next youtube link for our amazing opening keynote, which will be with cheryl hung.

A

So I'll just jump in there it'll be the same link so just keep watching now.

F

E

Yeah, it's going to be good, let's bring all.

G

C

Thanks guy thank.

G

You all right so.

A

Over to cheryl.

H

Thank you so much matt and thank you so much paula, hi. Everyone welcome to kubernetes community days, uk I'm cheryl hung and honestly. I am more excited about this talk than probably any I've given in the last year, um and the reason for that is that it's been a long time since I've spoken completely freely, I'm no longer at cncf and I'm not speaking on behalf of apple either, who I joined last week. So today I am just cheryl speaking purely on behalf of cheryl.

H

um I don't even have any slides. So I'm just going to talk straight to you. um First of all, today, I'm not going to talk to you about why you should go cloud native or anything like that for one thing since you're here I assume you already know about cloud native.

H

Secondly, as matt and paulo just said, you have two entire days of expert speakers who are going to tell you all about the latest and greatest in cloud native.

H

So, instead, I want to talk to you about three things that I learned working in an open source foundation that changed how I think so what made my experience different to most jobs.

H

First of all, cncf, or rather the parent organization, the linux foundation, is legally a non-profit and, of course, they're sending membership they're, sending tickets to events and so on, but there's no shareholders and profit was not the priority.

H

In fact, when I was first interviewing there, I was told it is the closest thing that you'll find to public service in tech, and that makes it very different to how most companies think, because most companies need to focus on making a profit.

H

So I have three messages: here's the three messages that I learned number one after cncf, you could be number two failure. Is an option. Number three treat your career like a portfolio the first one. This first story comes from when I was interviewing to join cncf- and I was sitting here in my kitchen waiting for my telephone interview feeling a bit nervous. You know butterflies in the stomach, watching the minutes count down until the phone rang. So I pick up- and I say hi this is cheryl and this voice booms back at me.

H

Hi cheryl, I'm dan khan executive director at cncf and after you leave cncf, you could be executive director of your own foundation or you could found your own company or you could go into vc and I was like oh hold on wait, wait a second! I wait. I thought I was supposed to be persuading you that I would be good enough to do this job. I've never been to a job interview where the first thing that they, the interviewer said, is after you're done with this job, but working with dan.

H

I realized that is exactly how he thought all of the time he was never about. Are you good enough to do this thing today? He always thought. How could I set you up in the future so that in the future, you'll have even more opportunities to do those things that you want and to do the things that you can't do now and I try and take that and apply that to all of my interactions when you have some success.

H

Think about how you can share and how you can pass on those opportunities and especially to underrepresented groups as a minority in tech, I'm suspicious towards organizations who proclaim how diverse and inclusive they are and what's made. The biggest difference to my career is individuals who say I'm going to take a chance on you, because I believe you're capable of doing something, even if you've never done it before, and I feel very privileged to be able to do that, for others.

H

The opposite mindset, and probably the worst managerial advice I ever received, is uh as a manager just push work onto other people. You know, in other words, managing people. It's just about pushing work, getting rid of work. You don't want to do yourself forcing other people to do it. It creates a lot of resentment and it particularly doesn't work in open source where people don't report to you so instead think about how do I set you up? How can I set you up for the future?

H

So that's after cncf, you could be the second lesson. Failure is an option.

H

This comes from probably a month after I joined cncf, and I was trying to figure out what I was doing there and what I should be working on.

H

I talked to a lot of different people came up with a list of maybe a dozen ideas that I could work on, and then I pitched them back to dan during those one doing a one to one.

H

He listened to me very carefully and then simply told me: failure is an option, in other words, there's no point agonizing over the list and figuring out what things are perfect, because the only way to find out is to try a lot of different things and get comfortable with some number of those failing.

H

I certainly had my failures within cncf, but some of the things I launched became hugely successful and the truth is no one remembers the failures, even I don't remember them anymore, and I think this relates to scarcity versus abundance mindset.

H

If you think, resources are scarce and finite and failure is not an option, then you'll never do anything unless it directly ties back to your own goals, and then you only do those things as cheaply as you possibly can. Instead, a mindset of abundance says you can always find something to share. Share your advice. Share your experience.

H

Invite someone to a community that you're part of to an opportunity that you found or just share a bit of fun.

H

Failure is an option, because only when you're comfortable with failure can you be a leader, not a perpetual follower.

H

This brings me to my third story. The third story is treat your career like a portfolio. This is a few years down the line. I was becoming more established within the open source community. I was receiving more outside invitations for paid speaking engagements and to advise startups, and I asked chris anchor who's the cto of cncf.

H

Is it okay for me to do work outside of cncf, and he told me treat your career like a portfolio, in other words, diversify, diversify, diversify?

H

None of us would sell everything we own to buy tesla or bitcoin, and yet in a company, we're usually forced to devote 100 of our work time to that one company. So how do you square those two things?

H

My answer to that has been community because the more people you know the more opportunities that you'll find over time treat your career like a portfolio portfolio, diversify your network, meet new people constantly and you'll find those opportunities that you would never have known about yourself.

H

So here are those three lessons I learned from cncf after cncf you could be set people up for future success. Number two failure is an option, get comfortable with failure, so you can try new things without fear.

H

Number three treat your career like a portfolio diversify meet lots of people outside your current team or your organization, so you can discover those hidden opportunities and since you're already at kubernetes community days uk. This is the perfect time to try those three things out. Think about what advice or opportunities you can share reach out on slack to the people that you don't know or reach out to me. I'm on twitter or shower and get over that fear of embarrassment, because failure is an option.

H

Thank you so much. I hope you found this interesting, enjoy the rest of kubernetes community data uk and I'm going to hand back over to matt and to paula.

E

Thank you, cheryl. That was fantastic. I I think that's a brilliant choice and you know really thought-provoking. um Have you actually started your new job yet.

H

I have this is my second week.

E

Awesome brilliant! Well, I mean it's a big loss to to the cncf community, but um good luck to you in all of your future endeavors. You know it's been an absolute pleasure uh working around events and things with you over the last few years.

H

Likewise, and one of the things that I really value about community is people are people, you know just because I'm going to a different company doesn't mean that I'm disappearing forever, so I've loved working with this community and I fully intend to keep working with it. As long as I possibly can.

E

Great stuff- well, hopefully, you're not too busy today to hang around and catch some of the fantastic speakers. We've got coming up and thank you again for for joining us and for opening the show. um So uh I guess without further ado, um we'll hopefully move on paula. Do we know what's happening with our technical issues at the minute, or are we going to come back to that and explain a bit later.

C

Yeah apologies folks. We had some slight technical difficulties, but we are frantically in the background trying to update the uh twitter page and the kcd uk dot io website so that you've got the up-to-date youtube link. Although I guess, if you're hearing me, you must already have the link. So that's kind of.

E

A very good point: yeah, if you're, if you're seeing us, then you're clearly in the right place,.

F

Absolutely hopefully,.

E

Our next speaker is, is maybe ready. I know we come to him slightly early, so perhaps he's not we're going to have to fill. I think. Well, let's see what we can.

C

We could talk about one of our sponsors.

E

Yes, I was just thinking that. Do you want to do uh do one of our? Why.

C

Not uh just whilst we're waiting for our next speaker, why don't I do a quick readout for sneak who's, one of our diamond sponsors. So just a quick bit information about sneak. They are a cloud native application security leader. They enable 2.2 million developers to build securely with a vision to empower every modern developer in the world to develop fast and stay. Secure.

C

Only sneak provides a platform to secure all of the critical components of today's cloud native application development, including the code open source, libraries, container infrastructure and infrastructure as code sneaks developer. First approach enables technology driven companies to scale security in today's fast-paced, digitally transforming world sneak's security platform is powered by its industry-leading proprietary vulnerability database maintained by the expert sneak security research team that also powers security, solutions from strategic partners such as atlassian, datadog, docker, ibm cloud, rapid7, red hat and trend micro.

C

The company works with global customers of all sizes to empower developers to automatically integrate security throughout their existing workflows.

E

Excellent, thank you for that paula and uh sneak also uh pay my salary. Yes, so clearly I am horribly biased, um but and that that's a that's a really good timing as well, because our our next speaker is is uh I'm sure, familiar to to many of you in the in the community, um certainly familiar to me as I work with him every day, um and uh so let's bring gareth rushgrove onto the stage.

I

E

Hi everyone hi gareth, hey good morning. Thank you. We've come to you a little bit early, but uh you know as unsurprisingly, all the things have fallen over this morning already, but hopefully we're getting back on track now.

I

No, no! No for all.

E

Right so shall we uh give gareth the floor.

I

Yeah, okay, so uh good to meet everyone um I'll jump in. I will jump into slides shortly, but uh just to say hi, I'm gareth, ruskarov vp of products at sneak, um also sort of- I guess like well, I say occasional, but it's far too much time spent uh hacking on open source projects for a good, while now uh probably most recently with contest and open policy agent, but around the kubernetes community and docker community and public community and a bunch of others.

I

So let me share my screen and we'll get started.

I

Matt, can we see my slides.

E

I

Fantastic, so um uh welcome everyone, I'm going to talk about software bill of materials uh for cognitive applications, um but don't worry if you don't know what software builder materials is I'll do a bit of an introduction. There um isn't a super deep dive, talk, we're not going to see loads of demos and examples and get into the weeds of this. I really want to just put this in people's heads. um Get people started thinking about this space. Tell you about a bunch of the interesting things that are happening and maybe give you some homework.

I

If this is of interest to you, uh as mentioned, uh I'm a gal struck, a vp of product speak um and a whole bunch of other things uh when I'm not doing that, including curating. The devops weekly email newsletter.

I

um Ask me anytime about sending an email every sunday for 10 years, like very strange thing to do so.

I

Okay, so what is a software bill of materials this? This might be something that you've come across um before it might be something that you never come across at all, but I don't think it's something that will be fundamentally unfamiliar and when you sort of work out what it is, um but here's a description uh that I think sort of encap and it sums it up really, it's a complete, formally structured list of components, libraries and modules that are required to build a given piece of software and that and the supply chain relationships between them.

I

So, fundamentally it's a list of ingredients. It's the list of ingredients for a bit of software, and it's not just the how we build the instructions it's the what's in. There is like sort of details. It's all the messy bits of how are they connected.

I

But why is this interesting? Why is this something that maybe isn't just part of how we work already um and why is it interesting now in particular, um there are a number of different use cases for like having a list of all the software in all your software, um and I think these three sort of sum it up to a degree like you've got sort of intellectual property management problems and that might be compliance, oriented that might be export rules and that might be open source license issues.

I

There's all this sort of stuff around, like an audit department needing to know how everything is in order to decide what regulation and rules need to be enforced, and I think, if you're in a larger organization, you've probably come across some of this already you're, probably doing this already that s, so software build materials which is really an implementation detail under the hood of that, you also might not work in a large company, and you might not have come across that, but in any case it sort of feels like a important, but hopefully someone else's problem to a degree.

I

Probably the one. That's bubbling up more and more recently is software supply chain security that we're much more conscious today than maybe when a lot of the technology we use was built and designed that there are risks inherent in how we build software and open source is undeniably good at many different things, but it absolutely means that the number of contributors to the piece of software that you're producing is a lot greater than you can probably reasonably fathom you're getting software from lots of places.

I

It's coming through various different tools, build systems, source control systems, a compromise at any one of those points potentially opens you up to an issue yourself and we're seeing more of those attacks. We're seeing attacks on the sort of like package management infrastructure, we're seeing attacks on source code management systems and so understanding what goes into your software is the first step, arguably to being able to maybe reduce the risk, maybe manage some of those vulnerabilities and understand them.

I

um End of life like when, when is, is something in your chain actually no longer maintained, um and there are also just requirements around high assurance systems, like not, everyone is going to be working in a sort of high security, high threat environment, but at some point those environments were very niche. They were very much in the sort of government military industrial sort of complex.

I

Today, that's less true and what is critical infrastructure is a good academic debate, but it's becoming broader than taking down like uh the internet and mobile phone signals, like those things, are life impacting at this point in a way that maybe they weren't 20 years ago, um so software supply chain security.

I

I think there are multiple aspects to it, but fundamentally understanding what is in the software we're shipping, I think, is part of it. um And last but not least, I think there are a number of interesting use cases just on asset management and that title I'm not sure about, because it sounds boring, and I don't think it is. I think there's all sorts of interesting use cases that if we knew what software we were running, we could actually like come up with and solve just research around usability and usage is interesting process improvements.

I

um Why is this organization using 103 different versions of open ssl is probably a good question, but not when we're even capable of knowing the answer to the number of things we're using today in lots of cases so search and visibility built on top of good software build materials infrastructure, I think, is in the future, but I think powerful for a number of different problems.

I

But why? Now because this doesn't feel like a sort of a problem that is brand new and yes, maybe the security stuff is more in the news today, it's more powerful today. There are more threats today, but this doesn't feel like something that someone has just invented and it's not the conversations about software build materials date back and probably from the start of really software being composed of multiple parts.

I

um But I would say those conversations have mainly been within um some areas: around they've either been implementation, details or other tools like some of the ones that I work on at sea.

I

There have been um conversations in like sort of strange corners of fosdem about uh licensed compliance that I hang around with they've been standards, bodies or people very close to governments that scale problems. um The good news is a lot of that. Work has laid the groundwork for us to actually be a lot further forward now than we might otherwise be, and what's really lighting a fire.

I

I think, under a lot of those conversations and taking them from being maybe a more academic, slightly standard geeky type place, I'm uh happy in um to something that I think is going to become a lot more mainstream over the next 12 to 18 months, and that was an executive order by the biden administration back in may, and this mandates not just a load of sort of work on actually finishing a bunch of this standards, work and publishing guidance and recommendations from the u.s government, but it mandates adoption of those by u.s government entities.

I

um Now that you might think is I well we're not in the u.s you're, not selling to the u.s. Who cares the supply chain impact of that, given the number of companies that are and who are selling into the us are selling into the uss supply chain is actually huge. So I think the impact of this will take time but will be felt everywhere.

I

There's also the fact that solving this requires software and software companies are definitely rushing to solve these problems and adopt some of these standards and practices. So I think you will see a lot more noise about this, both good and bad.

I

I think you will see adoption of this in some cases, probably too quickly and other cases not fast enough, um but there's a lot of history and background that if you are interested in the sort of anthropology and there's all history here, definitely worth digging into um shout out to the ntia in the us, national telecommunications and information administration.

I

um Probably not a government agency you're super well familiar with. um They don't have exciting tv programs uh following their agents around. As far as I know, but they've been doing some really good work, which was very much focused on like a multi-stakeholder process. They weren't trying to make decisions. They weren't trying to mandate. They were trying to bring often quite opinionated people who disagreed violently together over several years, really to sort of work out some of the consistent items of what we, what everyone cared about, rather than what some people cared about.

I

There's also a lot of work going on, and I think some of this has been going on at the same time, but a lot of it was, I think, probably accelerated the dates sort of add up um in around sort of frameworks that we can adopt to apply some of the the sort of standards that are emerging um like these are good starting points.

I

If you really want to understand like the the problem like, I covered the problem at a very high level, these don't they dig into the details like sort of basically breaking down different use cases, different threats and how you might address them and then coming with high-level sort of frameworks of how you might sort of measure your maturity and solve some of the problems inherent like with supply chain security in software and so the work that mainly google have been doing around salsa.

I

um Oh, what's have uh the software component work um more recently, microsoft with skim and the cncf themselves have published a really good document as part of the security work, so software supply chain best practices. um All of these are interesting to look at that. They solve different problems. um Different, like sort of some of them are very recent. Some of them are a bit more mature.

I

um I think combined they're, a really good starting point, an introduction to this whole space, why it's important and how you might go about solving at the organizational rather than technological technology scale.

I

I touched on something there as well, which was a bit more detailed, a bit more on the technology side that there are um emerging standards here to help us reason about like technically okay. What is a software build material um because it's fine to say it's a list of software, but you can go well like okay, here's a spreadsheet, here's another spreadsheet! Here's a word document! Here's a pdf here is a text file. Here's a csv file. um All of those are software builder materials.

I

They are all lists of the software, but not only are all of those in different file formats, they're, probably all in different, like naming conventions and version formats, and they include different bits of information and there's like it's fine, if you want, if you think this is a tick box exercise, that's probably fine, and someone gives you one. You take a box and say: yes: we've got software materials. Job done, move on you're, never going to consume it. No one's ever going to use it. That sounds like a waste of time.

I

um What we need there to make this work are interoperable standards. We need ultimately producers and consumers to agree on what we mean technically about our water supply. Bill materials is, and this is the important work that has been going on. I think for a while, and now suddenly is meeting user demand and user need, and there are, I would say, really two clear standards that are probably both going to be to some extent widely adopted, at least to start with.

I

um One is cyclone dx, um which was actually originally uh sort of not directly spun out, but as a result of work that went on the dependency check project from owasp and actually now the cyclone dx project, which was spun out separately and has been a community effort very much open source centric um has actually now just become a first class or what project, and so I think, having that banner will help it grow and there's lots to like about the how they're, publishing schemas and how the interaction works.

I

uh Turn up and pull request issues very much: a sort of open source, centric sort of development model, um spdx that you might have come across uh for its list of economical list of license identifiers, um but actually the sbdx project is broader than that. It's about software package data exchange, it's been standardizing in on software, build materials bits for a long time. um There is a stable spec and it's actually just been going through. uh Basically iso certification.

I

um So there's nicer standards around this now the new sddx3 bit as well solves some of the more. I think supply chain, oriented problems and it's looking quite promising, but it's still early, um so there's a bunch of history, and so some of the people involved might say these are not emerging. These are in common usage.

I

I think they are in specific places, but not broadly. These are not embedded everywhere and I think that's what we probably need to see um just to really get the benefits and see software dog materials become a thing that actually everyone talks about, or at least doesn't talk about that maybe users and benefits even without knowing about it.

I

There are commonalities between these two, which is good, and there are already tools that allow some interop um you could get into arguments about. Why are there two, rather than one uh there's an x-killer? You see a xkcd joke about that somewhere, um but there are, but there are common elements and other standards could emerge here that address the same set of common elements and again, I think, will happen as an interrupt sort of conversation already, but these are the sorts of things that you're talking about. Okay.

I

Where is this who gave me this? Where is this from what? What is this okay? Well yeah? But what version is this and what how how do I identify this amongst other bits of software? What what stuff?

I

What software does this relate to you'll know from whatever package management tool chain you're using there are the dependencies you include, and there are the transitive dependencies that come along for the ride and maybe transitive distractions and transit into transitions of transitions and, like there's a long chain there, that the relationship is is just as important as the individual bits of software themselves and who created it, and when- and these are the sort of core tenets, I think core elements of uh the software villain materials like you can go beyond this.

I

What other information is there about this software that might be useful to the consumer and and again for both the cyclone, dx and sdx? There are uh schemas that describe this in jason and there are some protoboss schemers around there are xml schemas around. This is actually arguably quite good for something like xml, where there's a lot more richness to the schema declarations, which is a strange thing for me to be saying.

I

So I think there are three things about software building materials that are worth sort of thinking about when you sort of start considering like how they might play in a software stack um the first one that everyone goes to, and I think too many people stop at is. I need to generate them and then success and the first bit is you probably do need to generate. Then the second one is not true. It's not the end. This is very much the star. um There are tools emerging here, both from within the cyclone and spdx camps.

I

There's a good set of cyclone dx plug-ins for different package managers. The maven one actually is particularly particularly rich and there's a long tail and a maturity problem there which I'll come back to, and there are other tools as well that have been doing this for a while or a newer that are also starting to be able to, as normally as well as generate things in their own proprietary formats, also output, things in standard formats. That's how standards become the de facto.

I

They end up being used by multiple tools that previously just output, proprietary formats and I think you'll see this crop up as an implementation detail of lots of tooling and then get exposed as a first-class interface. um So there is work going on here um and I'll come back to some of the. I think where this needs to go from where it is today um there, but certainly if you want to get started today, there are probably some tools that will help you generate response.

I

um But what do you do with them is a far far uh I guess more nascent space.

I

um How do you store them like, if you think of all the software that you're producing and all the versions of software you're producing and all their dependencies, not just in terms of like the package management sort of libraries you're bundling in, but maybe container dependencies, maybe service dependencies like and the whole chain of that? It's huge like where'd, you store them and how do you keep them up to date? And how do you know what the latest versions are? All those problems become the next problem to solve.

I

Once you move past okay, I can generate them great. What do I do? um This is much earlier, um though there are a bunch of things uh going on here that I think are interesting, and this is actually an area of a lot of innovation happening. I would say around the sort of cloud native communities and like the bom repo server is a good example from the cyclone dx folks. um I don't think it's specific to cyclone, but actually it might be.

I

I played around with this a little bit. It's really a web server that gives you an api for accessing this. That's accidentally s bombs, a side note there is, I think, uh maybe a little bit like the work that led like led from docker to the oci specifications as well as the s-bomb specs. We probably need specs that describe access.

I

um You've got in the container world. You've got the registry specification that describes all of that. How do we access install these things and you've got the image spec that describes the actual thing. I've not seen much movement there. I think it would be good to see like specifications extracted out of some of the implementations and some standards submerged there as well, but that's maybe getting ahead of ourselves because realistically, there's not a great solution for starring today.

I

Everyone ends up a bit hand, rolling something um interesting things here, actually uh shout out to dan laurenk uh who's working on the six star and uh project um he's been doing some work around looking at. How do we use oci registries to store these s-bombs, because why can't I store it like if I've got a container image? Can I start the s-bomb with the container image?

I

Well actually with the artifact uh spec in oci? Now, yes, you can, and you can even sign those things together with something like cosine, so there's some good early signs of like the tooling here, and I think this is from a storage layer perspective. A really interesting idea like what, if we just said, like s-bombs they're, just next to the thing that they are representing in a container world or using an oci registry as a distribution mechanism. That's a really powerful idea. I think, but a lot of work to do here.

I

This is a problem you've run into, and I think you should not focus too much on generating there'll be a lot of work. There you'll find something you get started. This is like if to make value, I think this is part of it. You need to be able to star and then access and retrieve, um because at the end of the day, that's not the point either. The point is to consume like okay, you've got all the best bombs. What are you going to do with them? What value do you get from doing so?

I

Yes, you've now spun up some infrastructure you're, now storing something you've got new steps in your pipeline, generating all this stuff. Do you just end up with bits on discs that never get used? That is a reasonable fear. That is something that some people in the broader security community are saying. S-Bombs are a bad idea, because we don't. This is not going to happen.

I

I'm not hopeful, I'm generally, the hopeful person like. I think this absolutely can happen, but we need to have people thinking about focusing on it and building things and demonstrating examples. um There are really strong use cases here, which I think helps and checking for licenses checking for vulnerabilities again. Actually I I work at. I think this is what we do. We generate an s-form and we check for licenses and vulnerability issues, but that's generally been coupled it's generally been an implementation detail.

I

Suddenly both are independently valuable and I think that's an interesting like sort of decomposition that we'll see more broadly around. Like some of these spaces, um I mentioned I'm a uh I created contest, I'm a contributor to the open policy agent project when I get time, um there's lots of interesting things here around enforcing policy, and you can think of an s bomb as a really rich document.

I

Well, I can now write policies against that using rego. I can what, if I want to, I don't know, prohibit packages from github or I want to say no to specific uh licensed npm packages. That's just a policy decision. I can encode that, in regard I can, I can put all of my slams through it and I can surface the violations, so I think there's lots of like we have the low level components there actually fairly straightforward to build singular demos. On top of that. What does that look like at scale? I think, is interesting.

I

um So you can like this is a chicken and egg problem. No, no one really has a large storage of s-bombs in a in a standardized sort of accessible format to build these things on top of, but it's coming. We need to do all these things. I sort of feel we'll probably need to do them all in parallel to see the value if we focus just on generation and then on storage, we'll be so far along that we won't have value and it collapsed.

I

I mentioned some other things. I think search here is a really interesting case. Imagine just the ability to really sort of quickly seamlessly ask questions of your organization's software supply chain like like how many versions of this library are. We using you sort of get this in some places. Out of some tools, but this is a way of doing it in a decoupled and I think more open way. um I think there's a lot of interesting potential to build on top of those types of interfaces.

I

So the last thing is really okay. If you think this is interesting, um then I mentioned the sort of framework documents and the sort of some of the introduction documents earlier. They're. Definitely a good start to go a bit deeper um if you're, like already okay, I buy this, I want to get hacking. I want to get involved. I think this is an area where there's a huge potential to do so, um and I think there are three areas um that are interesting.

I

um One is client libraries and I think for this to work. We don't need a tool over here that generates an s-bom. We need this to just be built into like how go does packaging, how cargo works, how mpn works, how maven works like we need first class I like plugins, um is part of it um like it has to be upstream, in my view, for this to be something that really has an industry-wide effect.

I

Otherwise we're just going to be constantly playing catch-up on variations and new versions of those things and generating forms that are not correct. A lot of the early tools around generating s-bombs are going to be good to play around with they are going to miss things.

I

um We need to solve that problem, otherwise we're just going to be constantly finding holes in the whole value stream.

I

um The other thing is client libraries, um the work on uh spdx, the spec is again like there are experts involved there and I think the spec is coming along for our sdx3 exists for two um cyclone dx, similarly has been evolving really quickly and there are some like the that actually has like really good gist, schemas and protocol schemas and uh the xsd definitions.

I

But actually, if you go use any of these things, you need to be someone who goes like great jason schema. I love json schema, oh fantastic xsd. I know this backwards. We don't have good like higher level libraries in nearly any languages. At the moment um we don't have tight definitions, we don't have classes, we don't have things that really lower the barrier temperature. Using these tools, it's schemers.

I

um I have a strange history of doing weird things with schemers. uh Even I don't really want. I want the client, client libraries. I want the higher level tools to add things. So, if you're, a low level, client library person, I think there's a bunch of things you can get involved in and last but not least, I mentioned that this sort of we need tools to consume s-bombs and yes, there aren't many out there yet but get building some to see what might be valuable. What's an interesting use case, what do people hook onto?

I

I think these are great opportunities for small focus projects or combining project x with s bombs to see if something valuable comes out. The other side, I think, actually we'll see an explosion of talks and little projects over the next year, or so that do just this. I think that will be a good sign. Not all of them will be right, not all of them will work.

I

None of them will end up being maintained, but we'll work out collectively what the value is, and some of those, I think, will become really powerful, interesting sort of again, like industry, scale, open source projects.

I

So um with that I'd like to say thank you for listening and again, hopefully this is interesting sort of space to get some people involved. It's a good mix between the sort of standards becoming real world things.

I

I think it's a great opportunity if you want to get involved in a space where there's a bunch of problems to solve- and I think ones that will impact like a wider industry if you get them right or you end up building the right things.

I

Thank you very much any questions. Let me know.

E

Fantastic, thank you gareth. That's super interesting, I'm really interested in in um in the whole s-bomb world. You know I spent a lot of time around the embedded space and I I kind of feel like some of those ideas that, from the embedded space have sort of moved over into the mainstream. Now you know it's particularly around traceability. If we look at I'm thinking of things like base rock linux and stuff like that, that you know we're all about which particular git commit, you could trace every single software back into yeah. I.

I

Think they're like the embedded space is like is often being it's hardware, people and hardware people have to deal with this already because they're, like the costs and economics and the industry as a whole, is generally supply chain is a thing. Software has not been the case and I think we're realizing in hindsight. It sort of has to be.

E

um I think we had one question from the audience for you, which I will just. uh Oh I've got a couple actually, so um the first one was was uh steve. Murray asked: how is this different from a cmdb.

I

ah Good question, I think so I I think, there's a difference between configuration and the sort of the what goes into something um I think like that. Difference is a bit subtle, um but I think one is about input. One is that what went into the creation of this and the other is invariably about sort of much more focused on?

I

What's like the the actual thing that's running so again, I think sometimes cmdbs have been stretched or actually have some of these properties, um but one of the things I think as well with cmdb is- and some of us have the similar problems here. Like do people use the rich data in a cmdb like the problem with cmdb.

I

That, in my view, is never the theory, um and I built some similar sorts of things that I would like on top of the puppet cmd puppetdb back when I was a user and that puppet, but how many people actually have a really successful cmdb story? There is absolutely the same risk around s-bombs. um I think s-bombs need to be embedded in software development and cmdbs never were yeah. It's a good rabbit hole to jump down that. I won't do do now, good question.

E

Great awesome, so I know we have one more question in the uh in the track. One slack channel, perhaps gareth, might hang out in there for a second afterwards yeah, I will jump over. There sure got a question for you, but uh so over to you paula, to introduce our next speaker.

C

Thanks matt thanks gareth for that great talk, so uh we're delighted to announce our next speaker. We have dr katie chong talking about using data to save the world so over to you, katie.

D

Thank you. Thank you very much for inviting me along. So it's a little bit different to what you guys are normally talking about. I'm just going to share my screen.

D

Okay and so hopefully, you'll be able to see my presentation has that worked yep, yep, okay right so um so. Thank you very much for inviting me along. I have to blame my best mate chris crans for this, um so he roped me in to come and talk to you today about climate change. um So I work at aston university, which is in birmingham. uh I work there as a lecturer and as a researcher and I'm going to talk to you today a little bit about how we use data to try and save the world.

D

Hopefully, uh okay, let's here we go so about me, I'm a chemical engineer. Most people don't really know what a chemical engineer does so to try and explain it. It's uh chemical engineers basically work out how to make stuff, so we take things from raw material, so um water foods that kind of things and we work out how to make useful products from them in a safe and cost effective way.

D

So if there's anything that comes into your home, like water, energy, food, anything that's made out of chemicals, normally a chemical engineer has had something to do with that. We kind of like large-scale plumbers. I think that's a good way to describe it, so we work out how to to make things flow, make things move around and large-scale operations, and because of this we use a lot of maths. So whenever we're doing our calculations to uh work out the size of equipment or whether something's actually going to work.

D

Looking at the chemistry, for example, we use a lot of equations and maths to do that so, as well as being a lecturer aston, I'm also a researcher and director of this place. So this is the energy and bioproducts research institute at aston university and here we're very much focused on climate change and all of the solutions to climate change. So there's loads of really clever researchers that work within this building to try and find those solutions to help us save our planet.

D

Hopefully, if you ever come to visit, which you are more than welcome to do- we've got lots of interesting kit there next door's a pub which is one of the good points about about our building. So this is the energy and bioproducts research institute at aston.

D

So what do we do? What do I do? So? My research is all around finding ways to try and save the planet. So you've probably heard about all the doom and gloom around climate change. What is going on with our world? uh There was the recent ipbc report which, unless you were hiding under a rock, um you would have heard about about how it's a red alert from our uh climate and our planet.

D

So basically we don't have another planet, so we do have to find ways to try and stop destroying our planet, damaging our planet and doing activities that aren't really helping.

D

So there is no planet b and all of the work that we do as researchers is about carbon, so what's been happening, is that we've been using fossil fuels for about 100 or so years now, and as we release that carbon, it goes up into our atmosphere and it's acting like a blanket which is keeping us keeping our con our world really warm and causing all sorts of issues. So whatever we're trying to do as researchers, it's all about the carbon, so every single um atom of carbon matters.

D

So if we can save a kilogram of carbon, do by doing something small that does make a difference. So a kilogram of carbon dioxide fills up 17 standard party balloons, so every kilo of carbon dioxide that you can save will save those 17 balloons of carbon dioxide and every every one of those kilos does make a difference. So we've been doing lots of research to work out the impact of our activities on trying to reduce that amount of carbon, and we know the reasons why uh this is what we're seeing.

D

So this is in the past couple of months. This was flooding in belgium and germany, so this is what is happening because of climate change, so as well as floods we're having droughts. So this is in california, and the main reason why I do it is to save these guys. So whenever I start getting demotivated about the the state of things, I think about the lonely, polar bear on his melting iceberg, and that motivates me to to carry on.

D

So that's why I'm doing it um is to try and save mr polar bear on his iceberg right. So, when we're doing our research when we're all the clever climate change, researchers are doing stuff.

D

So what sort of data do we actually use so in every so in that building that you saw, we've got pieces of equipment like this, so this one on the left here this turns wood straw, all sorts of different materials into a liquid and the one on the right turns those sort of materials into gases that we can then use for fuels and chemicals.

D

So whenever we do an experiment like that, we collect loads and loads of information. So it's a huge amount of information, and this is just a small snippet, so we collect loads and loads and loads of data points. Thousands of data points from each of those experiments, so we get the the raw data. So it's part of our job then to interpret that data. So this one here is just the result from a single experiment, so we can track along what's happening, so we can really understand what's going on so then we take that data.

D

We interpret those results and then we come up with some um useful results. So then we have to decide okay. So how are we going to use that? We've got the result of our our data, how we actually going to use it, what we're going to use it for so as chemical engineers as climate change, researchers, we use that data for a lot of different things.

D

So, first of all, we use it for engineering design, so we need to work out whether the things that we've done in the lab are actually going to work in the real life at large scale. So we use all of those numbers to look at whether we can make that bigger, whether it's going to make people money, because no company is ever going to invest in a process if it's not going to make them money, so we use it to calculate costs and that's something that I do in particular.

D

So I do something called techno-economic analysis, which means I do the engineering design, then I'll work out how much it's going to cost to try and help companies. Businesses. Policymakers understand whether this solution to climate change is still going to make the money as well um as well as saving the planet.

D

um Another thing that we do, of course, is the environmental performance, so as part of this work, we can use all of that data, then to say: okay, is this better or worse than what we were doing before so we're using it as evidence to support our research, so we can decide which direction to go and the most important reason uh the most important use of all of this data is for us to share our knowledge. So, um as a lecturer, I share all these results to all of my students as a researcher.

D

We share it with between each other and we write journals. We do talks like this. We go to conferences, we talk to policy makers, so it's about sharing that knowledge. There's no point in us collecting all of this information. If we're not going to share it and open research is a huge thing in academia, so all of our work is is funded uh publicly funded. So we get all of the money to do our research from the government from the european commission and that's your money, that's the taxpayers money.

D

So we have to make sure that all of this information is available for you guys if you ever want to look at it, so we do have to make all of our our data available. So there are various repositories for that and various ways that we do that. So if you are ever interested in a research project, then you should be able to get your hands on that data, to make sure we're spending your money wisely and to see what the the final results look like. So open research is really key to good research.

D

So then, how do we use that then to save the world? Hopefully we're trying our best here um the results that we get from um all of these experiments. All of that research that is funded by taxpayers by you guys um the results of that then help inform they help inform other researchers so that we can tell each other any avenues that look good, any that don't look so good. So it's to try and direct our research, so we we spend all of our attention looking at the stuff that is worth investigating.

D

uh Really importantly, we use it to talk to the government and policy makers because without them buying into what we're doing nothing's going to change so until the government and policymakers actually force people to do stuff, nothing, nothing really changes. So we use it as evidence to those guys as well, and sometimes they listen. Sometimes they don't. Unfortunately, we use it to talk to industry so that industry can understand how best to make their processes more sustainable, which are the ones that they can do while still making money.

D

So we give them lots of information about how their equipment is going to behave, how much energy it's going to need that kind of thing, and most of all now people are interested in okay, so how much carbon is that going to emit? uh No one wants to be releasing carbon anymore, which is great and then the public.

D

This is something that I'm particularly passionate about uh is is is informing people about uh all of these things that is going on to try and help save the planet and the more we speak about it, uh the better it is so keep talking about it. We can see the power of talking about um climate change just by looking at people like greta who, just by talking about it, um has had all of the the schools protests.

D

If you look at david attenborough, he is just one man talking about it and the power of that person, so using these results help inform all of those people as well. So hopefully all of that data that we're collecting all of that research that we're doing is helping us to find solutions to climate change. So all of those numbers are helping us to to help find those solutions.

D

So a little that's a little quick introduction, but if anyone wants to ask me any more questions about climate change, what we do on bioenergy biomass any of that stuff, then please drop me a line, and you can also find me on twitter as well. So thank you very much for listening to me waffling on this morning.

C

That was fantastic. Thank you. So much katie welcome one quick question from from me actually uh for folks who may be inspired by that and want to do their own part like what are the things that we could do ourselves is. That is there ways we can contribute join shout. Is there any strong recommendation? You'd say like this is the one thing that you should go out and do.

D

um Well, there's loads of little things that you can do it's about making making more sustainable choices. So, for example, don't put your heating on put a jumper on um just try not to buy so much stuff, um because whenever you buy something that you've got to think about all the carbon that's gone into into making it all of the emissions that go into making it as well as the transport and all of that kind of thing uh consider reducing the amount of meat you eat.

D

I'm not saying that you do have to go vegan, but um that's the extreme end, but you can't just by reducing the amount of of carbon that you emit. um It's just about making sensible and sustainable choices.

D

And if you want to get involved, then you can just keep an eye out for the local events that are happening. So I'm part of a big project called supergen bioenergy and we do lots of projects that the public can get involved with. um So we've got one running that will be running soon and it's to talk to school kids. uh So we're getting the view of school kids from around the world on uh what they think about climate change.

D

uh A massive event- that's coming up this year is cop, so cop 26 is where all of the countries from around the world get together to talk about climate uh this year, it's in glasgow, so there are loads of events happening around that lots of public events as well. So look for cop26 and you should be able to find lots of things going on around cop uh that you can get involved with uh and joining so yeah it's about making it. So we just need to make sure that we keep talking about.

D

It is the most important thing.

C

Fantastic well, thank you so much. I realize this may not be the normal audience that you speak to, so we're really grateful that you could join us uh thanks for chris asking you to join, it's been brilliant. uh So that's the talk from katie.

C

If anyone has any questions for feel free to add them into our slack channel the track one slack channel- and we have our next speaker- lined up and ready to go so I'm very excited to be able to introduce salman, iqbal and he'll be talking about community kubernetes days, which is quite interesting because I read the title and I was like: is it not at community days but anyway, fantastic? Thank you for being here, sir man I'll hand over to you. Thank.

J

You very much, uh can you hear me? Okay, is everything just give me a thumbs up? Everything's good? Well, uh thank you all very much for having me. I am very excited to be part of kubernetes community days. uh I think the title of the talk I I changed this slide it's community over technology- uh uh and you know- we've heard cheryl talk about this morning about how important the community has been. I think I just want to extend a couple of things.

J

I'm pretty sure you all know how important the community is and why why it is important, and I'm sure you already know the answers, but I just like to emphasize on a couple of points that technology changes all the time and we've seen that happen. Things do become obsolete.

J

Things do change, but the only thing that's constant is the people around. You is a community. So what we in this talk uh I'll take a few minutes to talk about uh how you can join an existing community or how you can build the one that you have or how you can start your own I'll just quickly. Introduce myself uh before I introduce myself I'd just like to give a big thanks to all of the kcd uk organizers.

J

uh You've all done an amazing job, good job, putting this together, especially paula, uh chasing me up for all this stuff. So I apologize for being so slow, but really amazing.

J

It's a great conference and it's not an easy feat, trying to put an event like this together, getting all the speakers together and putting on the workshop- and you know growing our community, which is what this talk is all about. So thank you to all the organizers on here. My name is uh salmonic ball. I work as an emma lops engineer for a company called app here, we're a cloud consultancy company check them out app here, dot io.

J

I also work as a kubernetes instructor for learn k-8s and uh the thing that I'm most proud of uh are probably quite a few things that we achieved, but one of the things that I'm most proud of is to be part of the cloud native wales, the cloud native community that we've started here in worlds with louis denim perry and a lot more people and allied as well.

J

You can find me on twitter at seoul management if you have any questions about anything about mlaps or kubernetes, or if you would like to help with you. If you like help with the community, please drop me a message on at twitter on soulmanikpal, so I can I'll. I can start with this comment saying tech can be confusing and I'm sure you've all seen this a landscape for cloud native technologies. If you haven't, you can head over to l.c ncf dot io to have a look.

J

It shows a number of projects and cloud native solutions for all sorts of areas, like databases, orchestration tools, container runtimes registries and so on and so forth. This is intended to show a well-traveled path of technologies that can be used when implementing your solution. However, it is quite confusing if you look at it.

J

How do you know which solution to pick for the thing you that you're solving problem for, for example, if you have to pick a storage solution to implement for your project, which one would you choose, the one that's got the most stars on github or the one that has the most funding? How do you know which solution to pick narrow down based on the requirements that you have? Maybe there's a handful of solutions that you know you can do you can implement yourself and trial them out?

J

What, if the solution that you picked today becomes obsolete in a few months or years? What do you do then? Do you start again on your own to try and figure out? What's the best thing to do, solution to pick again, technology keeps changing, as we all know keeps changing all the time we get new projects. We get new frameworks, we get. We have to look at new products that keep getting announced at a rapid pace. This can all be very daunting.

J

Wouldn't it be good if we can talk to the people around us and I'm sure a lot of people are ready to do that, see how they're trying to solve a challenge. You'd be surprised at how many people in different organizations, different walk-up walks of life, uh different backgrounds of are facing similar challenges.

J

As you are, or as your organizations. You can talk to people around you in your own company, in your own city, in the meetups and learn from them. You can reach out to them in any channels that are available to you, because the people in your community, as I said, are constant and this technology will keep changing. But I know that I can always go back to the community that I have people and reach out to them and ask any questions.

J

If I have any challenges I reach out to the people we've it created together, we've got. We got together in cloud native worlds, community a lot of people on this call, matt uh and paula and uh in in other communities as long as the community is there, and it is inclusive and welcoming to everyone where everyone can feel safe being part of it, and everyone adheres to a code of conduct.

J

That's been set out and you know they feel uh they can ask for help without any hesitation. You'll see that individuals in their community will learn not just about the technology, but also about themselves and the people around them and grow as people as person anytime. I have a problem they have to solve. I reach out to the people. I've met through various communities and asked them for help and guidance.

J

F

J

Should you go around looking for a community to join? Of course, you can always head over to meetup.com and search for community of that you're interested in maybe in your local area. Maybe the maybe the area that you are interested in. You can even search internationally. Most events currently are happening remotely, so we'll be great to be a part of them.

J

You know you can reach out to people all over the world and at cloud native worlds we encourage uh new joiners to message us and let us know if it's their first time, so we can so we can welcome them properly and introduce them to people in the community.

J

If you like any specific open source projects, they most likely have some slack or discord channels. Kubernetes has a number of these communities that you can join in and introduce yourself. You can go and help people out and you can ask for help as long as you're kind, and you can also follow people on twitter. I follow a lot of people. I look up to on twitter and they're, always mentioning some of the some of the some of the the events that are happening. That I can. I can join, for example, casey.

J

The uk that's happening, that's how I found her from the people. I already know so. There's many ways that you can find a community that you can join and be a part of uh how about if you'd like. If you want to start the community that you thought didn't exist, how would you go around doing that? It can be in person or it can be virtual.

J

You know I'll speak from experience, lewis, den and perry and myself. We started cloud native wales in january, 2018, we've done over 25 meetups in person and virtually, and I think I can handle my heart. The best thing that could happen to any of us was cloud native worlds. Community I've been working in technology for about nine years now, but I can say that's the best thing: that's happened because the amount of people I've met and I worked with there's so many people.

J

I look up to have worked with in in in the past, and currently it would never have happened if it wasn't for the community that had joined and we grew. We get so much support from other cloud native communities when we started and the cloud native competing foundation there's so many people who helped us. Like you know, we can't really thank many people. uh All the people is cheryl who helped us when we started matt and so many more.

J

What I'm saying or what I'm trying to say is if you want to start your own community well in the cloud native or any other, there are others who are willing to get out of the way and help you start and grow. Your community we've done many meetups in the past.

J

These are all, and that's the ones that that I'm putting up- and these are the people- there's quite a few people in here- that we used to look up to and we got to meet them and learn from them and grow our knowledge and learn from the best basically, and that would have never been possible if we never did cloud native wales. So what I'm trying to say is join a community if there, if one doesn't exist, start your own.

J

How would you start your own community if you, if you wanted to- and I think it boils down to a very simple thing which is helping others? If you help others, others will definitely help you. You can join other similar communities and help out there. You know anything that need. Maybe you can help in organizing events. Maybe you can help solve someone's problem. If they have a question, maybe you can? Maybe you can answer them?

J

Maybe you can create your own content and put it out there. You can write a blog or or video or a podcast whatever it might be. You know people will reach out to you and ask questions and you can help them out.

J

If there's someone you like you'd like to speak at your, you can do a live stream. If you wanted to on youtube or you can do it in person, you can reach out to them and politely request. If they can speak at your event, you can do the event remotely as well or if you want to do it in person. Hopefully we will get to the in-person stuff.

J

Quite soon you can reach out to companies in your cities and that's what we did and asked if they can sponsor for you to hire a venue or pay for food. Sometimes people learn best, and this is what we found is by doing things. Some things hands-on. You can host your own hackathons and do your own workshops, something that you might know very well is going to be new to somebody else. If you think oh docker is you know it's quite basic, everybody knows docker, but it might not.

J

It is new to a lot of people, so you can hold your own workshop and others can join in. You can do it remotely or you can do it in person, and this is the bit that we thought works out quite well. We could do giveaways, uh you could do giveaways by asking for tickets from other conferences, and this is what we've done in the past. If I've spoken at a conference, while lewis has spoken at a conference, we ask for tickets to give away to our attendees, because tickets for conferences are quite expensive.

J

You can ask for swag to be given away like we usually used to go to the conferences and get swag from from the stands and give away at the meetups, and people do usually like that. But I think the best thing you can do is have joint meetups as well. There are going to be meetups in your in your area or within your country or within your continent, that you can. You can do uh joint meetups with, for example, it's kcd uk.

J

A lot of communities came together to do this conference, I'm not so I've just written down a few birmingham, edinburgh, london manchester wales, a lot of cloud native communities and people came together to put on a great conference, so community you know is it is at the heart of what we're trying to achieve and there are benefits you might say. Okay, it's all good. I can help others out what is in it for me and there's tons of benefits, and I can only speak speak from my experiences in terms of career progression.

J

I never thought I'll be able to do the jobs that I'm doing nowadays or meet the people that I am meeting nowadays or learn things that I'm learning nowadays or you know. um I've worked at a number of places now worked at app here, learn k-8s and that would never never have happened. So there are benefits to yourself too, and I think um one thing of remind for the organizers or, if you're joining committee a starting committee, this one simple thing that we've found is that is that makes it very successful.

J

It's just to be kind. The people around you, the people who are joining wherever it is just to be kind treat people like you like you, wanted to be treated, I'm going to end up end on one last bit. Is you know this this code from benjamin franklin, but building a community and culture of respect and working collaboratory collaboratively is the way forward. Continual learning always ensures that you know we're growing together and listening uh and hearing uh and being empathetic to the people around. You is the way you deliver.

J

The best solution and community is all about bringing everyone together on a journey, so technology that exists today is not going to be here tomorrow, but tomorrow the people around you will still be around and you can ask them and you can lean on them and you can help them grow and move forward, and with that I thank you. If you have any questions about anything, if you'd like any, uh if you like any help with your community, please reach out to me: that's so manik bar we are.

J

uh We would like to help you out in any way possible. uh We run cloud native worlds as well, and you know kcd uk, but I'd just like to thank you all for listening and hopefully that was useful.

J

That was a useful talk. uh That's all from me.

C

Fantastic, thank you so much simon. I honestly feel like you were just reading my mind, some of those things you said I just wholeheartedly agree with, and I know it's not to be underestimated. The amount of work to put on a meet-up or to put on an event, but everything you talked about how rewarding it is, is just it rings. So true for me, I just wondered if uh you had any funny stories or things that have ever gone wrong with a meet up. I know.

K

C

I mean we've had some technical issues this morning here with our events and youtube links, and it's funny how, even when you plan every single thing, something always happens. Something goes wrong. I just wondered if you could share any any little mix-up. That's ever happened to you or, like you know, the worst crazy thing that happened.

J

Yeah, I think, there's always when, when, when you're organizing an event something happens, I think one of the first virtual meetups we were doing uh uh lewis and I put a link to. I can't remember: I think it was a google meet yeah. It was a google meet, so we put out a google me, so anybody could join in and start typing whatever they'd like to type. So somebody just got the link from somewhere, I'm not sure where, because I think it was on twitter and they started just spamming. The tweet.

F

The the stream.

J

So we just have to like block them and try and sort that out. I do know you. uh Luckily it's never happened. The cloud native wales, but at other meet up that you're doing a joint one. A heckler turned up because they didn't agree with some cryptocurrency stuff. So but you know that that got dealt with uh quite quite swiftly. So you know these things do happen, but uh yeah. I think um you just have to improvise and uh react. uh When that happens, I think yeah anything that's happened to you.

J

That's been that's been funny.

C

uh I think I mean, like you, said many many things could go wrong. I think the the most challenging story that happened to me was running an event where, on stage one of our speakers uh collapsed and he was fine. He was completely fine, but it was just a reaction to stress somebody heckled him and he wasn't quite ready for it. So he collapsed on the floor and people thought it was funny and they were laughing. They thought he was joking, but no, he was out cold.

F

C

It was like it was quite a stressful moment, but uh he was fine and he got.

J

Up and he finished his talk, and it was good, it.

C

J

I just remembered, because I had the last photo that I had up you could see the confetti on the floor was denim. Perry broke the ceiling by blowing that confetti cannon and and I'm sure, there's a video somewhere when he did that he broke the ceiling of where we were so that also happened.

C

Fantastic well, thank you very much for that talk. If anyone's got any questions or comments for someone you can post them in our slack channel. I'd just like to welcome one of my co-organizers chris chris. You want to do a quick introduction to yourself.

L

uh Yeah, thank you. I'm. uh As someone said, I think we all come from different backgrounds. I I look after I live just outside birmingham. I run a couple of meetups in birmingham, including recently getting involved with the cloud native birmingham crew and it's just been a yeah just to re repeat what some of the things we said before. It's been a pleasure working with paula josh. You know matt the whole team.

L

Really I want to list off everyone um yeah, and I guess that to some of the points we just talked about there, I think sometimes the hecklers at the at the meetups, don't realize that we don't get paid to do this. You know we're we're not there as there are sponsors, but we don't most of us don't work for the sponsors. We usually look to separate ourselves from this and um I think the hecklers think we're there for some sort of commercial or financial benefit, but actually we love meeting people.

L

You know we love helping other people out some of the best things for me running. The meetups is seeing that dawn of kind of understanding. When you explain something and people like oh yeah, now I get that and it's just brilliant and seeing people again seeing people get jobs and networking. Through these events, it's fantastic, seeing people kind of grow in part because of the communities absolutely.

C

So folks, uh we are at coffee break time. Thank goodness. I don't know about you, but I am definitely ready for coffee, so we will take a quick break and then we'll be starting back again at 11 40.. This is where we split into two tracks, so we have posted the links on to twitter, but uh there was a track one and a track. Two youtube streams. So please join us back again at 11 40, and we will see you soon.

M

M

All right, hello and welcome back um I'm here with my co-organizer chris, and I would like to welcome you to the first, uh the first track of talks for today.

M

First up before we get on to our first speaker, I just want to remind everyone to join us joining another conversation over at slack, so that is slack.cncf.io um and if you're listening today and you haven't registered, and you want to get your hands on some swag um head over to kcduk.io and you can register there it's not too late um and with all that out the way I'd like to hand over to our first speaker for this track. um His name is joseph irving.

M

Joseph is a member of the team over at rvu, and today he's going to be. um Let me double check talking about multi-cluster networking with psyllium and friends. So, let's hand over to joseph.

G

Oh hello, everyone uh nice day, nice to be here. um Let me just share my screen: okay, okay, I should should be uh visible for you all. I believe cool um yeah, hi yeah, I'm joseph.

G

I work over a rvu if you're not familiar with rvu, it's kind of a collection of uh leading uh comparison services across the europe, so we've got like usewitch.com confused uh in the uk and then we've got brands like uh tour in spain and leloncs in france, um all of which you know, compare energy broadband, those kind of things um yeah, and today I'm going to be talking about our journey through the realms of multi-cluster networking, an area which has a lot of options in it, and still, I wouldn't say a clearly defined like path of what most people should do.

G

Necessarily so far, I at least share with you what we've done and what's worked for us or what hasn't worked for us in some cases, um yep. So even a bit of context, um I work in a team known as airship. We provide a platform for the developers that work at rvu. We build out common infrastructure, common tooling. That kind of thing to take away. The management from from teams, so they can focus on. Actually you know developing websites and stuff, not worrying about uh machines or patching or um how?

G

How am I going to get metrics, how many logs etc? That's kind of our job? To do that, um however, things weren't, always this way back in the older days of rvu, all the teams used to run their own infrastructure themselves, which was a mix of all sorts primarily running in aws, but you know some would just be standard. Ec2 machines might be like ecs clusters, some people were using puppy, ansible to provision machines, etc. It was uh up to the individual teams and we decided as an organization.

G

It would be more valuable if we consolidated on one platform instead of having all these teams managing themselves, which is where my team was formed so slowly over time we moved everyone over to a set of kubernetes clusters as kind of base infrastructure, but when this happened, this created a slightly new dynamic that was new to the company of we're now all running on the shared infrastructure, and we don't necessarily have control over it and what happens when? Inevitably, you know that infrastructure breaks right.

G

That was a big worry of um what happens if a cube now is clustered goes down yeah. We have multiple kubernetes clusters, but you know um how.

F

Do we cope with.

N

G

N

G

Going down um so we needed a way to root traffic between the clusters in an event of a failure, especially for our most important apps that make the most money on our websites. um So we needed something to sit in front of kubernetes. To do this. For us and one of the first things we found while looking around, was a project called envoy. um This is a project by lyft, it's a cncf graduated project and it does all the kind of things you'd expect from a modern proxy.

G

It's lightweight it can do health checks, retries, uh load, balancing, etc. um One of the things we were particularly interested in was its ability to do uh dynamic configuration, uh so it has a api which you typically communicate with by grpc, and you can use this to like load the config into it in a very dynamic fashion.

G

um So so these all seem like uh good, good, good attributes for a proxy uh to solve this problem for us, so our first pass and what it's look like um looks roughly like this, so we had a envoy cluster. It's like a cluster.

F

G

But we had a envoy sat in front of our kubernetes clusters and it had some configuration in it which told it which service was running in which cluster effectively, so it knew that our main energy comparison service was running in one cluster, maybe two clusters, whereas our credit card service was running in in the other two clusters, and it would have this configuration, and so it knew where to read the traffic when it came in it would also, you know, handle um health failure.

G

So if, if one of the clusters was down it, could it could uh read the traffic to a cluster that is still healthy, um so this gave some some benefit straight away. um However, the main downside we had of this cell was that it was the envoy configuration was static. It.

K

Was completely.

G

Static, it was a giant uh yaml file that we had full of envoy configuration, which I don't know if you've looked at, is not the uh the most attractive to write yourself. um But you know if a developer wanted to add a new service or if they wanted to change what cluster their service was running in or say it's now running in free clusters or whatever they had to you know, raise the pr we had to redeploy the infrastructure and whatnot, so it wasn't the most um easy thing to do so.

G

We thought there must be a better solution to this. We alluded to earlier, there's a dynamic configuration, but uh how? How do we get this configuration and we we looked at the ingress object that already exists in the cluster as a source of inspiration. So on the left we have ingress resources, kind of standard generic one, it's an ingress.

G

It has a host and a port and the status which is normally added by your cloud provider, whatever's doing ingress behind the scenes, um which includes the kind of address of what things should hit the um english on.

G

And if you look on the right, we have a small snippet of a much larger um envoy configuration and you'll find there's a lot of uh there's a crossover right there there's some some things that you need are clearly the same in both like, for example, all one we really need to know about is what host names do I need to look for and where should I be forwarding this traffic to, um which is like, in our case as a winning address, is going to be some aws load balancers, which are seeing in front of our clusters, so we saw we had the information already in the clusters envoy just needed that information.

G

So how do we give it to it um and that's where we build our own thing uh as it didn't seem to be anything that did this for us, so we built a tool. uh It's called a dressel after the north tree of life that connects the many realms. We have a north naming convention. Please look up norse mythology if you want to work here, um but we built this there's a open source on uh github.

G

If you want to peruse it your own ledger, it's just built and go, and it acts as a kind of mix of a controller and it's a mix of like a kubernetes controller and an envoy control plane. So what it does is it goes and watches uh various kubernetes clusters for ingress resources and based off these ingress resources. It translates that into envoy configuration and sends over to our envoy cluster. So, for example, if you have an ingress in one cluster, you guys will pick that up and configure one void to do that.

G

If you had the ingredients in two clusters, it would see the same ingresses in two clusters and you know configure envoy to route to either of those clusters.

G

um So this was a nice and easy way to allow people to come, get the benefits of envoy without really needing to even know about it, because from all a developer's perspective, is they just create an ingress object um in one cluster? They create another cluster envoy. Does their asteroid or gets configured for them? They don't need to worry about that detail. They just use ingress, which is a fairly common standard uh objects that everyone's familiar.

A

G

And yeah, and it gave us the advantage of yeah if the cluster goes down. For example, it will, as alluded to it, will read the traffic to the ones that are working based off health checks and whatnot. um This was a good, a good like first start um some reliability. I guess for our clusters, especially in the early days of using kubernetes. This was more more frequent than I wanted, um but what we realized we had done here was we had accidentally created some kind of service mesh, um see it.

G

It soon became apparent to uh our developers that, instead of going between clusters going through envoy, was a very efficient or easy way to uh connect to our internal services so that they could talk to each other, um and this started to become a de facto way of uh kind of cross-cluster. Communication was to go through envoy, um because you know it always. It always knows where the service is, and it will always uh root you to where it's healthy.

G

um So this is a kind of like slightly zoomed out detailed look of what this might look like if we view a request. So if you first look at the black line here, this is like a standard- let's say user request from a website. You know it goes through to envoy. You hit some load balancers, it's a node, it's like proxy to an ingress, pod or something and then finally ends up in an actual. You know application pod, that's serving the website or something.

G

Then this pod wants to go talk to some other downstream service in our like micro service architecture, and it does the same thing all over again and would have gone and uh yeah the same loop and who knows this pod may want to talk to some other micro service, and you know this uh loop can repeat quite a few times um so there's some obvious downsides to this uh well, one of which is we're adding quite an extra.

F

Bit of latency every.

G

Time we do this, there's not it's. uh It's.

F

G

Biggest legacy in the world, but once you add up quite a lot of these hops, they can become significant enough to be a problem, um and it's also uh one of the other key things. It's losing something you're losing identity. By doing this, by going out of a cluster, then back into a cluster, um it's hard to distinguish whether this is kind of like service to service traffic, whether it's.

F

You know user traffic, it's all just coming from envoy. Yes,.

G

That's this load of network traffic. So if you want to use things like kubernetes network policies, things like that, it all becomes a lot more difficult, um so yeah, so with the advantage of it being easy to use and envoy was also doing a lot of the hard work for you, but the disadvantage of we were getting this extra latency and um this lack of uh identity, uh which which we could be, could make life very difficult for us. So before we probably need a better solution for this.

G

This wasn't the original intent of our um thing and the the obvious place we looked to was some kind of service mesh right that service mesh can do this kind of stuff. um So we started a journey of exploring a variety of the service meshes so we're out and about at the time, with a few key features um that we were interested in um the primary one. As is the topic of this talk with molly cluster services. uh You know it had to be able to do uh across cluster.

G

That's so pretty important, the second one which might be nice to have of something we were quite kind.

G

And when I mean real, I mean the pod ip of your pods is the same. It comes from the same cider that your your vpc is, for example, and you're, not using like a virtualized network you're using real little polyline piece.

K

G

This allows you to you can do stuff like it can simplify networking. You can do things like you know. We actually like bbc flow logs on your pods, or things like this, that it can make life easier and uh third and bottom and in some ways the most important was it had to be easy to add to our existing stack. We didn't want to have to rethink um how we did everything um to be able to use this. um This was a fairly small feature we wanted.

G

We didn't want that, to you know: change application code, for example. To take advantage of this feature, especially the current way, was so easy. How would we convince people to use it if the new way was um much more difficult? So we went out. We we reviewed a load of service, meshes, I'm not going to like pick on all of them by names or anything. So, but we, we reviewed a load of them and we found some common problems uh across across the ones we did. Look at a big one was didn't support.

G

Multicluster, especially when we looked at this number. They just didn't support it, so that was that that was a non-starter um second was a few of them were quite quite complicated and had quite a lot of additional features we weren't interested in. um They were doing a lot, whereas we needed a fairly specific thing and the added overhead of operating these services didn't seem uh worth it compared to what we were actually after and and the third one was often they.

G

They seem to require changes to how you consider architecting your applications or your clusters or whatnot, and it was it, seemed like it was going to be too much uh work involved in actually changing them. Whoever.

K

G

Some of these might be slightly uh different uh in uh present day as this was a little while ago, but um I think a lot of these uh cases are still somewhat true.

G

And another big one which I don't mention was like they thought was uh the problem. We had with side cars so side cars. Are they common pattern for service.

F

G

um Which is you have your standard pod? You have your application containers in the zed pod and you this was. uh We have a sidecar container uh that runs alongside this, that does all the networking stuff, so he often might terminate tls it does the service discovery etc.

G

But there were a few key problems with this that that stopped us from progressing much further, one of which is they didn't work in the init phase. If you have init containers, they wouldn't be able to use a sidecar container and there's often complications around the startup shutdown of your body. Let's say you know your application containers start before your sidecar containers you, um you might have some strange network uh shenanigans going on.

G

um We, we lose quality, front jobs, cluster in our clusters, and we we found that they would forever forever hang because the side cars wouldn't know to terminate when the job was finished. Now these are all generic problems to side cars. um A lot of service measures that use this kind of approach have- and I know over the years- have been more and more workarounds to uh to fix some of these problems, um but they do cause complications and don't work in every scenario. So we found this to be slightly undesirable at the time.

G

So after looking for all of these, we found a new project that we were familiar with. That seemed to fix a lot of our things and that was uh cilium, so cilia, developed primarily by a team called eye surveillance, currently is in the process of becoming a cncf project. I'm still in voting, I believe so. I won't preempt the result but yeah. um It should be a sincere incubator project soon, hopefully- um and that's some key things- we liked a lot one- was it ran as a demon set?

G

It's not it's, not a traditional service mess it's more of a cni. I would describe it as, but um it runs as a demon set on all your nodes, so it doesn't need to. uh It doesn't need to uh go into the.

K

G

Pods of your um applications, it's just running on each node. um It supported real eyepiece. It does that using aws elastic network interfaces in eddy respectively. That does also support them in other clouds. I'll talk about that, I say has a feature called cluster mesh, which was the um you know. The main thing we wanted it's. The custom is a way of uh networking between kubernetes clusters using psyllium and some well, maybe just a cool thing, but it also does everything using a technology called ebpf.

G

um Now I'm not an expert on ebpf, so I am not going to spend much time talking about how it works in this presentation. So there is a presentation.

C

G

About that yeah by uh by josh, and I believe.

F

G

Please use that if you want to know more about evpf, um but it's a very cool new networking technology, which uh wright rules directly to the kernel instead of like ip tables, which is that quite the.

F

Standard way, a lot of q.

G

A stuff would have done it in the past um and last and probably most importantly, was it didn't, require any application changes to use any of these features we could deploy.

K

G

And just start taking advantage of all of its features um so yeah. So now, I'm just gonna quickly go over how it works.

F

I'm again high level.

G

um Starting off with ip allocation, so how does it give our pods real ips and it does it in a fairly elegant way, um similar by the way to the aws vpcc, if you're familiar with? Yes, it's illusion, but effectively cilium just allocates real ips from your cider to an.

K

Elastic network.

G

Interface on your on your node: if, if you get a pod, it will just um you know, give the pod an ip and then allocate that to your elastic network interface at the same time. So it's all a real aws ip that you can use in your clusters. um That was straight away. uh Nice.

K

Mostly a nice do some kind of ip.

G

Application but yeah this is how uh tyler does it specifically, um but more interesting, perhaps was how it handles services. So um on the left here, we've got a kubernetes, node and and psyllium's running on it and on the right here we've got just a standard kind of.

F

G

Service in kubernetes, where you have a name and you have like a cluster ips, a pretty standard way of doing a service in queue, and you have two parts that are associated with that service. They match your selectors, etc um and then what psyllium does uh behind the scenes? It's slightly simplified. But what it's doing is it's writing some bpf rules which associate that cluster ip, which is just a virtual, fake ip um with those pod types, and it's writing them into the kernel, um in which case the two pods shown here similar.

F

To what kind of like q.

G

Proxy does with uh ip tables um and that's how this works for standard service. Simple, not not much, nothing too crazy here, but what you can then do with cilia is you can expand this to cover multiple clusters? So if I have the same service in cluster, a let's say, and then the cloud service again in cluster b and psyllium will realize it's the same service in both clusters and we'll just compile the rules to forward to any of the ips, regardless of what uh cluster they're in.

G

um So you just get this list of rules. If it can, it can hear any of these um so whether it be in clustering or cluster b. You know it's available to you. Also. This is working off of a service. You know if the pods aren't ready or not. They won't come up as ready, endpoints and wouldn't be added to this list. So um that's a nice uh bonus of that um yeah, and this is very simple because it means you're, not there's. No there's no complicated shenanigans going on from the app's perspective.

G

It just hits the service as it would normally, and it now has just more options of where to go. It can now go to a different cluster as long as that ip address, you know it is rootable and well not to that part. They will just go there. We're just talking pod ips to photo piece there, which all just real ips in that case and.

F

K

Is how do you turn this.

G

On- and this is what's the best part about psyllium is this- is a normal uh service uh definition kubernetes and the only thing that's different about this service, which is the psyllium service that can go across cluster. Is this annotation here we used to add an annotation of a psyllium global service trip, and this was enabled for your service. You do that and you need to ensure that the service is deployed in any cluster which you want to access the service from as well. You.

F

G

The kind of address for your your pods to hit as long as this service exists in the clusters. You need to access it from and.

K

It has its annotation.

G

K

G

I've known you don't have to have any pods behind service, so you can deploy the service in a cluster with no pods that match it, and that would just allow other pods in that cluster to hear that service and get rooted to some cluster, where those pods did exist.

G

um That's effectively how it works uh yeah, so that gave us a what easy way of of doing some cross cluster communication, and so this is a simplified uh diagram of what we had earlier, which is the new journey of we just go from one part and it just directly talks to another pod.

G

There's no there's no going around uh in and out et cetera, is actually just taking one iphone you're directed to what I uh another ip address, and it does it all kind of without even needing to know, what's going on um so that that was. That was how we solved that problem um and as well. Not only are we avoiding this, you know latency ad, for example by.

B

K

G

We're now doing it from pod to pod and psyllium is aware of what pods are talking to what pots yeah. We are still maintaining all the pod identity in this scenario. So um if we want to apply uh security, security rules find like network policy and stuff it all works, we can use our pods labels, services etc. um For this to work, which is which is nice if you're, if you need to do that kind of thing now, um we found once we'd done this. It was.

G

It started to become very easy to like uh link an arbitrary number of kubernetes clusters together as well, um we're primarily in uh aws, so something we took advantage of which we hadn't used before was aws, is a transit gateway feature for those not familiar. Transit gateway effectively allows you to simplify um peering connections between between vpcs significantly, um whereas in a traditional aws setup you might have had to peer all your clusters together in this kind of complicated web of peering connections with transit gateway.

G

You just um add that to each vpc um and then the you know it works like a hub and spoke in the network. Traffic can just flow from one cluster to another cluster and vice versa. As long as the root tables security group rules etc, correct. um This should just work. um So if we wanted to create a new cluster and add it to the mesh, we just you know spin it up, uh attach it to the transit gateway and tell him about it, and then the networking just just works.

G

uh So this was this was nice um and then easy um much much preferable to uh connections. If you have done a lot of those in the past um and we found this works quite easily as well uh between different clouds. So we also have some stuff running in google cloud. um Primarily some of our data stuff uh runs in gcp and gt.

G

We do a lot of stuff with bigquery and whatnot, so we do have some clusters over there and just by connecting um the two clouds together, which in our case we just connected them via a vpn to our transit gateway and using a trend of vp. On the gcp side, we could uh easily share network connectivity between them in a secure fashion and psyllium. Again, just just works.

G

You know we have celium deployed on our gk clusters, it also uses uh native uh ip addresses and then our gk clusters and allows you to hit services in our eks clusters just as easily.

F

G

um You would, um if you're in adress right you just you're hitting.

K

A service it does not make.

G

Any difference what cloud you're in as far as this is concerned, so yeah, so you can use this term, it's an arbitrary number of clouds, so it works very uh nicely and easily so yeah. That was um that was kind of our general networking step that we we've done with uh psyllium. um Only downsides to this approach is, is one question, though, and um the first one we hear quite quickly.

G

I guess was uh that it does use ebpf as its primary way of doing stuff and when things go wrong with ebpf, it can be tough, especially for someone like me uh to debug. What's going on um compared to the more like vanilla uh ways that traditional service meshes do it, you might need to learn some new skills to debug some of these issues. I will um well, I must say it was more when we were starting than we did here. We don't really have issues with saloon.

K

G

And there was also the psyllium community are like amazing, like if you go on the uh psyllium slack and say to them my thing doesn't work. They will spend way more time than I. I would have thought trying to help you debug it. I've spent many hours literally hours with them, sending them diva blogs and things.

K

And so they're very.

G

Very helpful and very.

K

Nice, as a community.

C

Never never had that kind of surface.

G

So they're very impressed on that path.

B

And then the second one.

G

Was more about um like the kind of missing link, I guess is still around like with our old setup. We went through envoy and we got all the benefits of like health checks and we tries- and uh you know it's doing- it's load, balancing and whatnot, and by going pod to pod, you do lose a bit of that right, you're, just doing simple basic kind of like round robin style um load balancing, but there's no there's no redries or anything built into psyllium. It's just it's just doing ip.

G

um So you know your apps will need to uh implement some kind of retry logic or stuff like that. If you need it um that that is a downside of this approach, though.

K

Some might say for plus side like.

G

uh There are arguments to be had for it's better to have this kind of logic in a in an app, but it's.

K

Things you can work around, but yeah something doesn't.

G

uh Support police out of the box um yeah some like future of this is a is a well we've. We have basically only just scratched the surface of what psyllium can do. It's it does a lot of stuff uh they're always going to be adding new features to it and it can completely replace. Remember please replace uh q proxy these days, which we will it can. uh Has this amazing uh graphical ui called hubble which can show you all sorts of nice networking um data visualizations. What's going on in your clusters?

G

There's my ipsec um using psyllium now exists um so yeah we've. We barely even started to take full advantage of all the stuff. It's uh it's delivering, which is uh I'm pretty pretty exciting, and uh just uh I thought, even though it can be ran with other service measures as well. For example, if you want to use a like kind of like sidecar approach, service mesh syllium works, just fine with that yeah there's no problem uh working in tandem with these things. In fact, it has.

K

G

On their website for doing those, if you want to um so.

F

Yeah, it's not.

G

A problem, if you do further down the line, um if we do decide, we need something uh more traditional, but I know if we want to do something like a tls.

K

Visual tls style.

G

Setup or if we're trying to um do retries genetically, maybe.

F

We will look into.

G

A service mesh, but it's not being there, it's not a current issue for our organization, at least, but it.

F

G

um So yeah- and that brings me kind of the to the end of this uh talk. um If you've got any questions, please let me know um you come to me on twitter and there's the kcv uh slack channels on cncf slack, where I'll be happy to answer any other questions.

G

Hopefully this gave you some at least gave you one story of how how people are solving.

K

G

This problem, as I said, I still think it's a very open question of how to um easily mesh together different clusters, so um this is this was one example of it. There's many of us and uh I look forward to when someone does settle on what's the best one yeah, but for now it's worked for us. Thank you.

M

Thank you so much joseph that was, uh it was brilliant. um We do have one question uh if you don't mind answering that uh over in the slack channel, um if you'd like to answer it now, I can, I can say it out loud or you can pop open over there too, make.

F

Sure you get to it yeah, that's good! Now,.

M

um Are you using psyllium with the amazon, vpc cni or as a replacement.

G

I've, you might say originally, we used it with the edus vpcc and I, as that was the only way of doing it so which we chain it with the it used to be chain so yeah and the vpcc, and I would do the um uh uni allocation and then cillian would do the rest. But these days it can be used as a complete replacement, which is where we're using it in our newer clusters.

G

M

All right: well, um that's all we had uh thank you again for um your time and um I'm sure that if there are any other questions that pop up they'll be in that slack channel, so thanks again for that.

L

Yeah feel free to jump into slack and interact with joseph. You know be around be keen to keen to answer questions.

M

Amazing and on uh on that note, I'm going to hand over to chris to introduce our next speaker.

L

um Thanks uh thanks josh um and it's you know great to introduce uh ewing. um Although he's his talk, I think he's been designed to give me a tongue twister, so I'm gonna try and call this out, so it's ppp8s uh pine phone pocket and, most importantly, pub ready, kate's uh lab environment for the full-time kubernetes ckx student. um It sounds like a fascinating talk, so I'm very much looking forward to it so over to you.

L

You know a couple minutes early so but hopefully there'll be some questions along the way as well so handing over to you.

O

Great I'll try and get my screen shared and uh we'll see how we go.

F

O

And, of course, that's why I'll quit and re rejoin. So I'm glad I was on time right I'll, see you in just a sec.

L

And whenever there's technology involved, there's always going to be challenges so just waiting for you and to come back, um don't forget to join us over on slack um again a shout out to some of our workshop sponsors to have a look on kcduk.io.

L

There are a number of workshops running through this week from some of our workshop sponsors. um There are some I'm just trying to see if I can find a link to them all uh which I'm not gonna, be able to do. Of course,.

M

Shops.Kcdio dot, uk cool.

L

We've got some workshops.

L

Workshops run by jet stack by control, plane by souza solo, io, container solutions and snick, uh some really good ones. uh These aren't sales pictures. These are one. These are. These are workshops kind of designed to help. You learn something new kind of get get hands-on with this stuff. uh Some of them are, you know, just a couple hours investment and you need access to some free cool kit, and some people can help you out with that. So I love.

L

I love a good, hands-on workshop, so go and check those out uh or reach out reach out to any of us on twitter, if you've or wherever to if you've got any questions about stuff.

L

um Just while we're also still waiting for you and to come back, um there are some watch parties going on. I I know that they're going on at the moment, so hi folks in manchester um also there's a couple of social events. Attached to these, uh um we've got the pub quiz later on uh being hosted out of cardiff, which will be, which is promises to be lots and lots of fun. So please do stick around for the pub quiz uh later on today.

L

uh I think there's a couple of social events happening around some some of the different meetup locations. So uh if you're already connected to the meetups in on meetup.com they'll, be they'll, be talking about what they're doing, where they're doing it and uh how to get how to get joined uh I'll, be heading into centre of birmingham, which is a novelty for me, because I don't think I've traveled for uh a while, so I'll be heading into central birmingham to um uh to have a look into that uh someone's asking to post the workshop links.

L

Well, we'll get you and set up and I'll post so post the workshop links into youtube in a second. Thank you for the request um and.

M

um I guess again we'd like to shout out our sponsors real quick um again, while we wait for you and come back, um our tech sponsor today that is helping us with the live stream, is tramshed tech and we've also got sneak control, plane jet stack, systig and storage os, um who have all been instrumental in making this day possible. So thank you again.

L

Yeah, absolutely we wouldn't be able to do the sort of things without without without those supporters, so please do give them a bit of love and attention, uh especially the tram tram shed folks, because without this we wouldn't be live. So uh are you getting on you and great to see you back? You managed to sort of problem.

O

We're getting there and.

F

O

That brings us into the presentation. I hope.

L

I can see your screen pretty cool.

O

All right so apologies for the tongue, twister um that wasn't quite the the intent of the title, though um it's good to get some added bonuses along the way right. So what I'm going to talk about today is some experiences I had um basically going through cka ck ad exams and also trying to be a bit more mobile, a bit more portable with how how I do that um not being chained to the to the desk or to a laptop somewhere.

O

And a topic or a question that often comes up fairly promptly after um suggesting this is a this question or a variation of it right. um So I thought about it. I went back and looked at sort of how how I got here- um and it's probably worth taking us through a bit of a history of what's going on so like many uh many things, this all started as a rather stupid discussion over beers as a works, drink somewhere or whatever um back in 2020 q1, um not that long afterwards.

O

We have this uh this small pandemic, that a few of us are familiar with breaks out and that eventually leads into me having my first, uh my first staycation. So I got all the buzzwords so my first covid staycation um and I ended up using that that week for really my own sanity I'd. I pretty much had enough of um covid and lockdowns around q3 last year um and so spent a week having a look at um how to get kubernetes running on top of android on a on a stock phone.

O

I'm not going to go into much of that today. um If people are interested to to search for it, there's a presentation somewhere else on youtube. I think it's london infrastructures code channel, if you search for the k8s on android and or my name, there's probably going to going to bring that up, and so I got to got to present that, um and one of the questions that came out of that session was what would it take to run kubernetes natively on a phone, and you know that was a that was an interesting one.

O

I sort of took that away churned it over in the back of my head and didn't really think too much about it. For a while and then um became aware of this thing called the pine phone, or I guess, pine 64, and particularly the pine phone, which is a mobile phone running linux.

O

So I got one of those delivered and not too long after I got that delivered. We find ourselves, at least in london, I think most of the uk back in lockdown through january, and so after um various sort of lab explorations, some of those with the pine phone and some of them not.

O

I managed to I managed to get through the cka and ckad exams, so I guess a selling point for this talk is you you might learn something possibly that will help you with that. Certainly I'll give you a novel way to do it a bit later through the year, um because I started to get interested in now: sort of linux running natively on phones. I ended up with a oneplus 6t um q, uh q2 and q3. There were sort of various uh various continuances of of this sort of exploration and um obviously in q3.

O

We find ourselves here today.

O

Another question I get is: why am I hating on raspberry pi? What's so wrong about raspberry pi and the honest answer is: there's nothing wrong with raspberry pi right I mean the portability is perhaps not quite as good as having a mobile phone, um but there's a lot of great things about about raspberry pi. You know if you really want to take one, a raspberry pi to a pub plug it into a usb power board. You can do that. um I think the really the main reason for me not exploring that much more was.

O

I was already aware of other people that have done you know, frankly, some fairly cool stuff.

O

um An example here is a twitter link to somebody who's sort of come up with a a k-8, raspberry, pi set of nodes and a cluster that sort of you can take anywhere, maybe not something I want to put on the bar with my pints, but um you know there's already prior art here and, um and so I just decided, look let's, let's not go competing with people that are doing really cool stuff, let's go and try and look at something a little bit interesting, a little bit different.

O

So that's really the only reason not not to use raspberry pi here.

O

Another question is: why not k3s um this? This comes up quite a bit, obviously kfrees being a lighter, lighter version of kubernetes, but again the way, at least in my mind that I've justified some of the time I've spent on this is being exam prep um and so really again, that's why my focus has been around k-8s and um and linux.

O

So moving on to these these devices pine what um so, it's probably fairly well known, sort of out there now, but um back when I first sort of caught on to it. I was having to explain this a lot more. It's basically a give or take 200 usd mobile phone that runs linux, natively fairly small sort of I guess, ram footprints or capability and depending on which version you get um fairly small sort of built-in storage as well.

O

Sd cards mean that you can expand that and um whichever version of the pine phone you get today, you can expand um sort of your storage. With with that um for what I've been working with. I guess if somebody is inspired after seeing this and thinks gee, I want to go out and play with this look at this stuff.

O

The convergence package is the one I've been using, which is the the free gig version both of these currently shipped with manjaro.

O

But it's you know easy to require and fairly easy to install a different, distro and there's varying sort of coverage of distros now on pine phone for most of the sort of major ones out there.

O

Another uh piece of hardware that came along um in the day or along the days was the the oneplus 6t so having sort of uh explored a bit around pine phone and started to look at what was what was possible. um The mobium projects which we'll come onto shortly, um announced in um in collaboration with some of the uh is it the one mark os? um Basically, um there was a working kernel that meant you could you could boot uh boots or linux on the oneplus 6t and the nice thing about this device.

O

Is you know the pine phone is really great. It's a really nice sort of device and projects to play with, um but the oneplus is newer hardware. So it's a newer system on a chip. um It's got a bit more ram. It's got a bit more storage built in um downsides of no sd card, but um you know there's enough to there's enough to play around and experiment with um another sort of small downside.

O

I guess is that, um depending on, depending on your familiarity with building um android and getting that onto devices, there's a bit more to sort of mentally, manage and understand in terms of the build process. For that.

O

So the lab: what does what does this? This lab look like um to give you a bit of a it's, a nicer nicer sort of presentation to do face-to-face and be able to have people sort of come and say: okay? Well, let's, let's look at this look at how this works, but just to give you a bit of a taster for it really we're talking about free phones um that top phone there, as it says, is: there's nothing special about that samsung device! It's a pure stock, android device.

O

The only thing it's really doing is providing an internet gateway and and a wi-fi network for the for the other phones to connect to- and I went that way, mostly just for sort of interchangeability and portability. It's trying to make this trying to make this modular trying to make it something that's easy to to not be carrying lots of stuff around and then the other two devices on here are just the oneplus that we spoke about and also the pine fan.

O

As I think we spoke about before, and so at the moment, pine have decided that they're shipping, all pyramid phones with um with manjaro um and manjaro's arch-based um now k8, has been packaged. I went back and checked. It looks like sort of mid-december k8. It's got package for manjaro, but what I was seeing when studying and certainly um trying to do, exam prep was that really a lot of the other materials are debian based, um and so I was trying to align myself with with what was going to work well for the exam.

O

um Also, you know looking at getting mobian running and seeing what that meant. You know, but what did it really mean to run some flavor of debian on the phone? Did it really work? Was it real? That was where I was sort of interested in looking so again, depending on what folks want to do.

O

There are easier paths to probably achieve some other things from from an exam, prep or even just a study, even just a toy perspective, um but this is this is the path I went and why and again, as we said after I sort of started down this path, um the the oneplus was supported by postmarket os and and as a result of that mobile as well, and these days, um like I said, pretty much all of the distros are available in some shape or form.

O

Obviously, if you start to change or install operating systems on phones, you're, you're, getting into flashing um the onboard emmc or an sd card, where the phone supports it. um Just a few notes here about how I went about that.

O

um I've typically left the the stock operating system, or at least I've intended to leave the stock operating system in place on the device um and and then sort of flash, an image that I want to experiment with or work with onto the sd card. uh The theory that at least coming into this was that it would be a completely self-sufficient device that could um you know you could run linux, do everything you needed to flash different operating systems and so that that's another reason. I went down that road.

O

um How you set yours up if you chose to go, that way is really. I guess comes down to how much of a how much of a toy is the device you sort of use for it. um Do you really care about performance because, let's face it, you could possibly sort of tune tune this setup, but um that's not really. The performance isn't really a major factor that I've considered as I've been working with this.

O

For my needs and again how useful is it to be able to rewrite the sd card without needing either a um another computer or that's a linux mac windows? Whatever machine you know, can you can you self-serve yourself out of things using just the just the phone, or do you actually still need a pc at some stage in the life cycle.

O

And I guess to summarize some of the gotchas, um so these are armed devices right, so any any sort of challenges you that you face anywhere on arm. If you face, if you face someone, I'm somewhere else, you're gonna face them here, um just a again a novelty one, because it was something I was kicking. The tires on things like doing uh an eks um distro build, um isn't possible at the moment, or at least wasn't possible a few months back um using purely arm.

O

You've got to basically build some of that stuff on on intel and then move it across um resource constraints. Again, particularly the pine phone I mean, neither phone is a super computer, but particularly the pine phone has sort of. I guess an older system on a chip. So it's a reasonably old processor or a set of processor cores um and ram is particularly constrained.

O

I guess some sort of free gig on the on the on the higher spec pine phone is, is the limit of where you're going to go um as we sort of move into the mobian or the operating system side of things.

O

Mobian's got a few quirks at the moment where there are certain things they do with their kernel, which means if you want to run docker, for example, um and in fact, if you want to get cni's running properly or at all, um you end up having to recompile the kernel for for various either kernel flags that aren't in there um or in the case of the uh the cni's. And this was an interesting learning for me.

O

I hadn't stumbled across anywhere else, but if you're building custom kernels make sure you you've got the naming the naming standards correct, because it seems um at least the two cni's that I tried um are expecting a certain standard and then just won't um run if they, if they find a kernel of a different naming and then the biggest one. I guess as well is that um you know it's um it's amusing, to build a linux kernel on a on a mobile phone.

O

It's amusing as long as you can put the device down, walk away and ignore it because, um let's say it takes a number of hours and so particularly where I've been working with the um the oneplus I've. For the most part. I have I've sort of cheated right and cross-compiled, because I just wanted to get stuff done in a relatively timely manner, particularly as you're exploring and sort of finding. You need to rebuild kernels a few times because of various settings. It starts to get a little bit tedious um and another um another.

O

One here is the temperature of thermal management.

O

This this device can run quite hot if you, if you leave it compiling for a while, and I have actually- um I have actually picked it up and thought do I do. I really want to walk away and leave that somewhere and with the uh the temperature it's getting to do. I have I have. I got the right insurance for my house at this point, um or do I want to do something else, so it's definitely something um if only from a safety point of view, to just keep in mind.

O

um So just coming back into pine phone um and some of the things in case folks are thinking and looking at this um one of the things I went into this thinking was, you know: can I make this a daily driver it'd be really nice to have a native linux device, no um no sort of third party things on there, no sort of google play, or things like that. Can I run just a pure linux device and and personally I've reached the conclusion that not yet um it's a really really great project.

O

I think there's a there's. A lot of really cool work been going on and still is going on and there's a lot of things going on to help get linux into into this and other mobile devices.

O

um But personally, there's just a few and they're quite small sort of things that um that I think you know it could be, can be ignored depending on what you're doing with it, but from a daily driving point of view and just sort of silly little. Things like the usb connector um isn't uh isn't the the greatest um the greatest solution that the port tends to um for most of the either cables or docks that I've got doesn't connect very well um charging the battery doesn't work very well when you're docked.

O

um So for the purposes of I guess sitting in the pub. That's not too big a deal right. If you're you take the device out, you use it, and then you charge it when you're back home. um But if you try to do anything sort of with the convergence mode, then that's um yeah, you start to run into sort of annoyances.

O

And lastly, just um as a simple thing, you know one of one of the ways I have used. These devices is to sit, go and sit somewhere. I've got a spare, I don't know anywhere between five and 35 minutes, where I'm somewhere away from my computer or away from my desk. I want to just go and explore something read up about something experiment with it. Some of my experiences with web browsers on pine phone has just been a little bit less than I've managed to sort of work around.

O

Actually, if there are any folks that do know better and think they've got a nice setup, particularly on mobian, I'd, definitely be interested to hear from folks on that.

O

So if you wanted to go this way, which device would you choose and of course right, it's then it's depends answer and that nobody ever gives you a straight answer these days and I'm certainly not going to break the mould with that today.

O

So, depending on whether you're looking at costs depending on wherever you're looking at you know, small things for a phone like does phone calling actually work, it really depends which way you, which way you would you would go.

O

My sort of overarching theory is that if you want, if you're familiar with linux, you'd like a you'd like a linux device, particularly with um with kubernetes to to experiment with I'd, probably go down the path for the pine phone, just because there's a few less moving parts um um when getting things set up, getting things built um if you're fully familiar with sort of, I guess android development and by android development.

O

I guess I'm talking about android operating system, development and evolution, and you know you're you're, happily, flashing phones um as as, and when then probably these things don't matter um for me. Coming to this as a you know, the real purposes I want to study, I want to learn. I want to learn: kubernetes, internals or better learn, kubernetes internals and things like that. um The sort of barrier to entry on pine phone was um was a bit a bit lower.

O

I felt um and yeah I mean theoretically, you you could use, um you could use the pine phone as the um as your only device and you know, run run your kubernetes cluster connect it to a screen if you really wanted to or and sort of browse what your, what you're reading, what you're studying that sort of thing on one device.

O

So, are we pub ready, um I'm not going to do a demo today I was I was intending to, but um we're here where we are so what I've got is just like it's a bit of a bit of a teaser for you around um yeah around getting this getting this working, um as you see on the left, getting getting docker working with the necessary um prerequisites so that we can then get some interesting that the the previous uh presenter was talking about psyllium as well.

O

So uh if you, if you want us an environment, to practice your psyllium configs on then definitely this is something that you could uh at least at least experiment with.

O

And that's all I'm going to run through today. um I thought because I'm not doing a demo. The best thing to do is really sort of whizz through here share share some of the highlights or highlights and learnings that I've had along the way and yeah. I've just opened things up to answer questions as to um if people are interested, they'd like to know more and um and yeah go from there.

L

So, if anyone's uh thanks like that, you and that's what that's awesome, that's really interesting project. um If there's anyone's got any questions feel free to either ask in in youtube I'm pointing at my screen, which I know you can't see youtube over there slack over. There um feel free to ask a question: either location. um If we don't get chance to get to it, live now, I'm sure you and I'll be around later on either on slack or on twitter or whatever um yeah. I mean that's fascinating.

L

I guess a question for me: were you using uh you know bluetooth devices to help with that, or were you using the little screen to do all your keyboard inputs and and so on?.

O

So, um generally speaking, I've not used any bluetooth devices at all. um However, the the I guess, one of the key points about the convergence um model of the pine phone is that it comes with a dock, which means you can connect a as it happens. A raspberry pi keyboard and a raspberry pi mouse, um and you know you've then got the choice of. Is your eyesight good enough and you want to use that tiny little screen, or are you actually just going to connect it up to a real real screen?

O

Where you can see what's going on and get things done? um I think for me, a lot of the usage has been. um I. I typically find myself with a little bit of downtime when I suddenly think what about x and it's really nice to just go. Oh I've got this thing in my pocket and I can I cannot go and look at the manual.

O

I can go and execute the command, and you know within certain boundaries it will run one and it will tell me what the output was and why I got it wrong and that's really that's. When I've put up with the um the little keyboard, because yeah I mean that's fun right, it's a nice novelty, it's quite amusing, uh but the second or third minute of that gets a little bit frustrating as you go along sure.

L

I can imagine I can imagine, and I guess I probably answered my question. I was going to ask about battery life as well, but everybody gets if you're if you're getting frustrated after 15 20 minutes, then battery life probably isn't too much of a concern.

O

Yeah, so I mean, interestingly, the convergence mode and there's, if folks want to go and look at it, there's various sort of articles about why it is the way it is, but um the convergence mode prevents fast charging. So it's actually, if you're using the dock, that's when the battery drain starts to happen, and it you know, depending on what you're doing you can mostly keep sort of a steady state of battery, but I think the challenge for most people, at least for me, is when you're with your dock somewhere.

O

You expect if it's charging, because you expect it to then walk away and work, and when you get a different experience, it's just a bit. Yeah you've got to factor that in um if you were doing a lot with it as a as a sort of a novelty devoid a novelty and something you use remotely and don't necessarily sit and use docs it work. It charges perfectly fine and works really well.

L

Cool awesome. um Thank you very much for that. uh I know we're we're uh about ten minutes early, but um but on the flip side tonight we get to get to lunch, so um we're breaking for lunch now for just over an hour, so we'll be back at 1 50 when we're gonna hear from stemettes uh from florian from stemettes. um Please do come join that because statements is a fantastic charity, doing a lot of work for um uh for underrepresented, individual individuals in our community and wider.

L

So it's not just technology, it's also science and and so on, maths and and others what stem stands for. um So please do come back for track. One we'll be doing the the talk from stemettes will be track one and then we'll split again at two o'clock for track one and track two we'll be talking we'll hear from andrew martin uh talking about who who's afraid of the big bad supply chain and on track two. We talk we're talking a guide to evaluating dependency updates to kubernetes.

L

So enjoy your lunch, any questions at all for anyone, please come interact with us on on the cncf slack, we're looking to talk to so.

M

Yeah, so um the slack address, uh just as a reminder for everyone is a slack.cncf.io and again, if you are interested in attending any of the workshops coming up the rest of the week head over to workshops.kcduk.io.

M

M

And on that note, we will break for lunch and we'll see you in a bit over an hour.

L

Enjoy your lunch.

C

C

Hey there, everybody welcome back to kubernetes community days uk, hopefully you've had a nice lunch break. You've had a time some time to think about the talks from this morning and you're all set for some excellent talks this afternoon.

C

So one of the things we mentioned this morning was part of the event is we are supporting two uk based charities. The event kubernetes community days is run by volunteers and is not for profit, so any money being raised from sponsorship.

C

We want to give back to charities that are in in our community, and what we've tried to do is this time is actually offer a chance for those charities to give us some information about what they do. So I'm really really excited to be able to introduce florian she's going to talk about stemettes and the work that she does with that charity. So I cannot wait to hear. Thank you so much for joining us.

N

Thanks for having me hi, everyone hope you're having a really great day and again, thank you to the kubernetes team for letting me talk and for partnering with us this week.

N

um So my name is florian vidynya, I'm a manufacturing engineer by background um and have been a stemettes alumni for about eight years now, they've been struggling to get rid of me since 2013., um but yeah I've participated in a number of their programs over the years, um outbox incubator, a couple of others and have also been very privileged to speak to their wide network of young women that they engage. So the first question is: who are stemettes?

N

um We are so we're an organization working to show that stem is for women, um young girls, non-binary folks and for all, and so we were founded by dr anne-marie mafidon in 2013.

N

She is the youngest girl to ever pass her a-level in computing and, while speaking at a tech conference, she discovered she was part of the shrinking women in stem minority, and so her new year's resolution was to change the social norms around technical women through the stemettes project. I really admire her.

N

I think she's an eminent thought leader in the space, a real advocate for change and has created an organization that lives up this value day to day um and just a quick plug if you haven't already anne marie, was on channel 4's countdown last week as part of their black to front programming. So if you haven't had a watch, I encourage you to do so this afternoon.

N

So we work to inspire support and motivate young women between 5 and 25 into stem fields, um and one of the key parts of our work is that our programs are free to attend, fun-filled and always food-filled, and we operate across uk and ireland and and we recognize that there are multiple ways to enter these sectors and so engage with industry, academia and entrepreneurship, influencing teachers, parents, peers and communities.

N

So what we do um can be broken down into three layers um and we kind of work to to build a number of interventions for our target audiences, since we work with such a broad range and such a wide age group and and we try to help, develop the young person's journey and and help them to start.

N

The bottom lanes right at the top, we measure all our impact through the annual report, which can be found on stemettesfutures.org, but the the first part is really around inspirational content, so aggregated across social media and our various platforms. We work to engage with young people and build that strong social following and these are generally through. Our social media stem sign, newsletters and our closed social network um and that's available 24 hours globally to all and then, as you rise to sort to the middle.

N

We build this impactful events, which are shorter term interventions between three hours to a week and that's where we connect young people with their peers in really relaxed environments and those usually take the form of panels. Hackathons and future summits, which are a larger scale, um conferences and then at the very top, is how we build intersectional cohorts and we think about creating longer term interventions. And that can go from a week to a year.

N

And this is how we try to create that continuous pipeline of engagement with stem skills and with the sector from sort of 16 onwards. And this is through our mentoring, certification, academies and our stem clubs, and three things I really want to to signpost is that those partnerships across three areas really aims to create engagement with young women from five all the way up to 25.. In our 2021 report, we found that 75 of our alumni have gone into stem careers by the age of 26 and we really focus on intersectionality.

N

So 21 of those who engage in our programs were eligible for free school meals, which is how we tried to track low income backgrounds um and 48 of the young women we engage with were from underrepresented, ethnic backgrounds, and I think that shows how we we understand that the women looking to get into the stem sectors are not a homogeneous group and we're aiming to track their progress.

N

So I thought I might bring it back to the people and and who are these young women and what do they end up doing going forward? um And I always really love talking about these three examples: jess and aj. I know personally and both fantastic women, so jess um she said stemettes in three words is empowering motivating and strong.

N

She attended our events as a team and she's now building a successful stem career and serves as a role model and speaker on our program, so she's now part of our youth panel and what I find really amazing. She never really talks about this, but I think she should shout out from the rooftops is at 21 she's, the youngest agile scrum master in the world, and I think that's fantastic, um and then we've got a coding event attendee, who, on her 13th birthday, the only place she wanted to be.

N

Is that a stemettes hackathon, which I think is awesome. um So she said today is my 13th birthday and I'm spending it exactly where I want to be at the stomach hackathon, and I think that that says enough um and aj. I met eight years ago when we were both working together in the outbox incubator. She's attended hundreds of our events volunteered hundreds of hours of time and has helped to run with our workshops and he's now working with one of our partners um hosting events, um and she started that fif she's. Sorry.

N

She started at 15 and and has now come full circle, and these are just a small sample of the multitude of women that you come across throughout the stemettes network and who develop relationships with each other throughout the forums that we create, but also advocate for themselves. Around are looking to engage with each other and to create that sort of community of women who are hoping to change the sector going forward.

N

um And I think this is really key, because we know historically, that women are less likely to pursue stem careers if they have a lack of role, models and peer groups, and I think creating that is, is extreme key factor. um And I just love the fact that cements have created and facilitated a community. That is entirely self-directed. And you can see that on the zine.

N

And you can see that on the the closed social media network and so um having reached 50 000 young people, we're looking to grow, that future generation of innovators and we're continuing in our work and we'll continue to do so so just to end is kind of how can you join us on our mission?

N

So there are a number of ways to get involved with stemettes, and please do contact me after if you're, if you're interested, if you believe that your organization might be willing to partner and fund a program, we'd be welcome to working with you. We are also just a charity system.

N

Futures is a charity, so if you can donate um also volunteer as an individual with inspirational, um operational or fundraising support, I think it's really key that we build role models for from people who are already in the sector, and so we always look for people who are in stem who are willing to engage with young people and follow us on social media at stemettes like retweet, and engage, have a look at what we get up to and subscribe to our newsletter, which is where we often put all the information about upcoming events um and kind of future partnerships.

N

So thank you for having me uh really great to have a bit of a platform, but please do feel free to contact us and looking forward to seeing what the rest of the day brings.

C

That was fantastic. Thank you so much I I it's a topic that I am very passionate about and there's so many I have so many questions that I would like to ask like. I would personally like to join in, so thank you for that information. At the end, I will definitely try and figure out how I can participate. I also have a ten-year-old daughter who is quite into minecraft and roblox, which I'm trying to encourage, because she loves trying to play games and write her own games and so she's quite into that.

C

uh So thank you so much. Thank you for the work that you do and thank you for coming to talk to us about it. Thanks for having.

N

C

So uh after that fantastic start to the afternoon, I am really excited to announce our next speaker, so we have got andrew martin presenting next and he will be speaking about who's afraid of the big bad supply chain. So andy, I will hand over to you.

P

Thank you very much indeed right hello, good afternoon everybody and welcome to who's afraid of the big bad supply chain. I challenge you not to sing it in your head.

P

I am from control plane and thanks to the team that have helped and supported with this talk, uh various bits of um flagrant self-promotion, while I'm here uh sans sec, 584, attacking and defending containers and kubernetes is, uh is our leading course for sans lots of red and blue team exercises. In there. um Some author and coursework for o'reilly lots of training um I'd be remiss not to mention my excellent co-author, mr michael hassenblas, who has assisted and co-authored this hacking kubernetes book with me as well.

P

Amazon informed me. It is now available on pre-order if you would like to help artificially inflate the bestseller list.

P

This is a view on threat, driven attack and defense for kubernetes, beginning with the humble pod expanding through the other entities, looking at hard multi-tenancy and networking and emission control and policy and finishing with organizations detailing historical cves and looking at how to threat model and defend your kubernetes.

P

But today we are going to talk supply chain, the uh great expansive and ominous supply chain that I'm sure you've heard lots about. It will be a hot topic at this year's cube con. It has been a hot topic in this year's presidential edicts and u.s organizations.

P

So what is the supply chain we'll start with and explain it like m5, then we'll look at how to attack it like we are a pirate, we'll look at signing approaches which are one of the mechanisms we can use to defend ourselves. um I know that uh mr garris gareth rushgrove also spoke about s-bombs, which is uh software bills of materials, which is another thing we can do all integrates with signing.

P

There are lots of technologies in this space, so I'll attempt to give a brief, teardown and then finishing with the grandiose software factory a pipeline for creating pipelines again comprised of a number of moving parts, and hopefully this will give you sufficient oversight to uh enter the fray copious oceans and welds of thanks to the friends and peers and colleagues who have done all the ex excellent work in this space to get us to where we are today, we're very much not finished, but there is a huge and exciting community of uh enthused individuals and we'll talk more about these people and their technologies today.

P

So what is a supply chain? First of all, it is so hot right now, anything we depend upon can be expressed as a supply chain in a military context. This is aircraft carriers being made from nuts and bolts and bits of metal. All of those things come from somewhere and are planned from a pharmaceutical perspective.

P

We've seen the supply chains that have affected the the covert vaccines they are multifarious and distributed, and they need combining and coalescing and all of these things at each stage. We cannot allow contaminants into the process. We must be sure that we have the right uh concentrations and all these kind of things.

P

The same thing applies to foods. We've seen a different part of the supply chain impacted recently in the uk, where an inability to ship food items- and I say ship specifically that's loris in the uk at the moment. So although the supply chain is able to generate or sort of breed and farm the food, we can't actually get it from farm to table.

P

So just one portion of the supply chain being compromised or in some way damaged, has a knock-on effect and and as a downstream consumer, we can no longer eat chicken wings, perhaps manufacturing as popularized by by ford and toyota.

P

Just in time, we can just bring in the things that we need from the supply chain onto the factory floor um and then, finally, the the supersets are almost full of those examples. Software software is comprised of other pieces of software that come from other places built on hardware running other software, running microcode, the uh yes, it's turtles all the way down. We will attempt to disambiguate some of those things.

P

What's the point here well, as a consumer we take and we trust whatever we're given as a producer. This is difficult because should we be trusting anything and everything? Absolutely not. We have seen this go badly wrong many times so a software supply chain, then any code that ends up running in production.

P

This is a malleable definition: I'm going to stick with production, because production is where the lifeblood of the company, the customer data flows and is stored and manipulated and used. So it's probably the juiciest place it's where an attacker would want to get to and what could possibly go wrong. Well, we can't be sure that our supply chain is competent at all stages and it may be subject to events such as these, which, as I'm sure you can imagine, would take a few days to clear up so software supply chains.

P

Everything is software, we've transcended um various different uh renaissance periods and with cloud native, we can now define everything as software as yaml as code.

P

Ultimately, we can package package all of these things up into oci images, and we have a relatively universal transport container if you like, because an oci image is just, of course, a collection of tables, so our software applications yeah. Of course, the infrastructure that they run on the infrastructure is code, security and policy is code.

P

We can put all of those things into a container and put them through specific pipelines, all sorts of different pipelines. We don't really mind that there's so much of this, but the point is from a software factory perspective. These are all behaviors that we would defer to automation. For what does that mean? It means that a build server, ci cd, build automation.

P

These things are remote code execution as a service. They operate on behalf of developers in order to complete tasks that developers would otherwise have to do themselves, such as cloning source codes, building the thing pushing container images deploying to production, ideally with a git ops workflow rather than a direct push. We've also got our security testing. We are scanning our dependencies, we're scanning our container images, we're scanning our networks, we're checking for expired, tls certificates, we're making sure that our infrastructure's code configurations don't change. Somebody goes through and does manual change, we're alerted.

P

We also remediate and, of course we can do wider, non-functional tests like our performance and load. The point is: these: are all build server responsibilities, so the supply chain, everything is software and we compose our software of other people's software.

P

As I say down to the micro code, which is a little terrifying, so we rely on the people who give us that code that we're, depending upon for uh correct non-violent, um maybe kind and technically correct code, and as we see with the alice bob and charlie example, anybody who is able to get in the middle of a supply chain can add an implant or malware or malicious code.

P

And if that code sits quietly on its way to production and then suddenly is executed in the production context where it has access to customer data, or it can add itself to a commander control, malware botnet type network.

P

Well, then we're looking at the beginning of potential compromise that, if it expands beyond the constraints of the initial impact um point of um point of entry, it can be very expensive to clean up might end up with a crypto locking infestation. That sort of thing the point here is that any entry into a system is bad news for us and because we're trusting such wide long expansive supply chains.

P

They are difficult to secure. Arguably, full supply chain security can't ever really be reached, and we just need to raise our risk tolerance to a point that we're comfortable we're unlikely to to become victims.

P

There's multiple different types of supply, chain attacks and the compiler based supply chain attack has been the new software security frontier for a number of years. uh With these gentlemen, with this gentleman actually reflections on trusting trust, talk a little bit more about that, but just looking at this question of trust again, we trust everything in a supply chain, the source code and dependencies that either we build or our developers build or the github autopilot accidentally back doors.

P

For us, we must trust those our build systems, we're taking those component parts and placing them together into something that probably can't be introspected into particularly easily.

P

This is where software bill of materials and a shopping list for the contents of built artifacts is useful because you distribute a closed source artifact or a compiled artifact or an open source artifact equally, along with this bill of materials, and that allows us to know every single place in an organization that a potentially compromised package version is installed, but if we don't trust our build system and somebody ships us a fake s-bomb or they change a version or they put again malware within the final deliverable, which is maybe compiled artifact or container image.

P

Well, then, everything else is compromised downstream. The network that transports that thing to the application repository the application repository contents at rest finally deployed systems. Any of these points are an avenue for compromise, and the nature of reflections on trusting trust is such that a compromised compiler can spit out compromised and backdoored binaries.

P

um This is, uh as I say, a philosophical musing that was backed up with code um getting on for uh 35 plus years ago, 37 plus years ago.

P

Okay, let's look at how to attack a supply chain. Well, first of all, uh this is the um 8-bit monstrosity dread pirate captain hash jack. He is hacking, kubernetes archetypal adversary and is typecast as a state-sponsored organized criminal. What does he want to do to your supply chain? I hear you ask he wants to trick it into running his code in production.

P

This is the goal, an implant, a back door, a botnet commander. Control of some description in production gives us a jumping off point with which to attack the rest of an organization. What have we seen recently? We've seen reville attack the colonial pipeline and shut down uh oil pipelines in the uh on the east coast of the us that was done through a compromised supplier to the uh to the the colonial pipeline systems. We have seen solar winds, which were attacked by a foreign intelligence service.

P

Their build infrastructure was compromised so that when a compilation of the solarwinds product occurred, a malicious piece of code was added just before compilation time, and then the source code was removed directly after compilation time, so there were no build artifacts residual in the build environment that led or gave anybody reason to suspect something was afoot.

P

What happened there well solarwinds was a highly privileged piece of software. It still is, and therefore everybody who consumed that piece of software solarwinds being the supplier and microsoft and the government and in the us being consumers they suddenly had a back door in their systems and, as we say um again once you have that initial access to to an organization system, we saw um multiple secondary and tertiary attacks occurring, especially against the government and u.s government and microsoft.

P

As a result of that initial supply chain compromise code curve was a supply chain compromise within cicd infrastructure and xcode ghost, even though it's a number of years old now was a compromise of xcode, so somebody was distributing a malicious version of xcode that compiled a backdoor into all ios apps it generated.

P

There is a wonderful catalogue of supply chain, compromise, courtesy of the cncf technical advisory group on security. If you would like to learn more about any of these things, they're a very friendly and open group, um full of uh full of excellent contributions and white papers, and it's really a wonderful place to learn this courtesy of uh of that group. Then, how do we attack a supply chain? Well, we can go for the source code.

P

This means getting access to a developer's, end user device and eud, or it means stealing their credentials so that we can write into a source code repository. It might mean installing a key logger so that we can get access to those things it might mean getting remote access, yes, etc. The developer tooling. This is, then the compiler type attack um or potentially attacking, as we can see, vs code github here on the right hand, side the publishing infrastructure, once we have secured the source code and the tooling.

P

If we're then building and distributing things from compromised hardware. Well, once again, all bets are off trust and signing. Maybe the build hardware is secure, but we've managed to steal the signing keys. So I can now build any piece of software, sign it with a legitimate key and make it look as if your trusted producer gave it to you. Attack chaining is, of course a superset of some of the above and negligence. Is things such as committing one's code? Sorry, one's keys to github and should hopefully be avoided by things like source code scanning.

P

A note on source code itself, whether or not to sign, commits with gpg keys, is a matter of some contention. In my mind, it is better because this means that we provide a secondary or another factor of authentication to say very specifically at this point in time. The person in control of this key liked this sufficiently to generate a signature. It's really all that it says it's a human-based trust system, because ultimately, this trust is all based on how humans interact.

P

People have different views. The linux source tree prefers to only merge or sign a merge commit, because that then implicitly trusts everything that was merged in one go in my mind, for open source, the rapidity of change and the size of a pull request versus a kernel patch set means that just adding that extra factor gives us in my mind a lot more security.

P

Sorry, a little bit more trust there. We go very specifically, of course, the source repository. This is preventing um people getting access to uh hosted version control systems if we're hosting our own. It is imperative that access to those is constrained and that the operations team managing them are restricted as well same for the build infrastructure. It's normally a soft underbelly of any organization's, collective software, delivery, pipelines or lifecycle. I suppose, because again with seeding control to the machines, rightly so, but that requires some level of access for debugging, complex and advanced heisenbugs and non-determinism.

P

We can affect the trusted supplier. This is very much the solarwinds style of attack and yep. We can also go upstream to attack things like npm or maven or rubygems, and then, finally, we can say well, let's ignore the whole supply chain, except for the runtime environment.

P

If we ship a compromised container, then when all the good com, all the good code comes and runs in that container, we can still get access to it because of a backdoor operating system component, and then we can steal the keys that have been added or spoof the identity, masquerade and legitimately access things and data stores that are around the place.

P

So salsa is a supply chain security framework from google, it broadly predicates itself on hardened infrastructure in the first place, which may or may not be the case. But if we look at all the places that we can attack a very simple pipeline code review from the developer, the source control system itself, the code as it's in transit from the source control system to the build server, the build platform, so the build steps that are building the thing or jenkins or a tekton a bad dependency.

P

So this is an upstream attack against npm, for example, and we'll demonstrate one of those in a moment, bypassing ci cd, entirely so having direct access to the packaging repository and just tampering, adding some malicious code and publishing a new version.

P

We have a compromised package repository itself, so maybe an internal actor has manipulated that maybe credentials has been stolen. Maybe someone has got access through a vulnerability and finally, just using a bad package in the first place, as in the package was there but yeah we've then pulled it and become compromised in some way. Here is an example of um I've got a few examples, a few demos, but in the interest of time I'm only going to do the first one and the longer version of this talk will include a couple more.

P

What will we do here? We will.

B

Firstly, not do that. Try this there we go so um we have got.

P

Okay, so this is an npm package json, so I'm going to try and install this as if it was from the public registry- it's not on the public registry, because it will excuse me, I will be flying soon- it's not on the public registry, because it's malicious- and I wouldn't like to um to do such a thing.

P

What is notable here is that there is a pre-installed step. Why is that a bad thing? Because when we go to install this package before the package is even installed, it runs my shell script. You may be able to infer from the name xfill what it does. It's backdooring applications installing a key logger. It's just enumerated the contents of my gpg and ssh keys. This is a good reason to run second factor authentication, because it's very easy to steal these things and there's not very much that we can do about it.

P

We need to make sure that what we pull from these third-party systems is trusted. The best way of doing that, unfortunately, is to denormalize them into a local proxy or cache of some description and make sure that they're of a decent quality before they're pulled. This involves a lot of manual code review. It is not a great look, so we should be confident about exactly what we're using in these contexts and uh yeah air gap is probably not practical for everybody. What else can we do? We can back door a container.

P

So if we are running kubernetes- and I trick you into running a container image or building a container from a compromised base image when it runs in production, it makes this reverse tcp connection to a port that I'm controlling and listening on somewhere on the public internet. It's an outbound connection, so it's going backwards through the firewall in the opposite direction, to how an internet-facing fireball was traditionally considered to operate, and that gives me access to your kubernetes there's numerous ways to get not to get around but to protect ourselves. Here.

P

Of course, we know about scanning images, minimum viable cloud native security, intrusion detection. We shouldn't be opening shelves, we shouldn't be spawning shells or opening network connections to the internet. We can do better than nothing there. We can do build time, behavioral analysis to pick this kind of stuff up, so does the implant fire. When it's put into a malware lab type environment, we can use evpf tracing to detect some of the intricate details of what are being done there.

P

This is uh this is on the bleeding edge. It's um it's not so widely. um It's not really widely deployed at the moment, but we've been doing some interesting proof of concepts around that work and, of course, this is all just predicated on. We must have a good security context and capability config shout out to cubesec and the oci setcomp bpf hook for deriving setcomp profiles using ebpf, okay. What other forms of build compromise might we have or supply chain compromise here?

P

Let's just think about exactly how we build software for a moment. So um courtesy of dan lorenk, who has a numerous, has numerous uh images in the next few sections and pieces of software as well. We start with the software configuration management repository. The build system grabs our source code.

P

It builds an artifact which is probably a container image for us. It may be a compilation of a binary and it generates prominence. That is a way of saying. I have done a thing, and here is a cryptographic signature to prove that I did it when we go to deploy into production. We use a policy engine to prevent things that do not have provenance records being deployed, and we will come back to this concept.

P

This is now the uh this is now the target of how the software factory and the secure build system is intended to work. um Get these to keep con, if you possibly can. uh This is why I'm traveling now in order to uh try and get in in time, uh mike liebman and timothy miller will be demoing.

P

uh Some really interesting attacks on compilers, and this is some of the work that we've been doing over the past year or so and uh there's an end-to-end example in here where signed images are tested at a mission control time, in this case by caverno, to make sure that everything that is deployed to production is signed. So these container images right now um we have been a number of years getting up to this point and I'm very excited to say that we are close to it.

P

um Another song in inspired interlude here sign me to the moon all right in the last few minutes, then what is signing signing is the combination of two entities, a key pair and a piece of data to create a signature and use that signature later to reverse the process and verify that the data matches the signature using the public portion of the key pair distributing the signature alongside the data gives us verifiable certainty that the contents of the signature or the metadata in it was signed by a person who trusted it at that point in time, and we're really back to this concept of human trust in toto is a tool to support this in the build pipeline.

P

So for tekton chains, which is um which is a kubernetes-based build system and changes, the attestation part to the signing part in toto is the core technology, so between the checkout of code and build and the test. Each of those events is tested against the layout file like this. So we're looking at a step to say, create this when we do a git clone, we expect this demo project foo pi to exist.

P

If that does a piece of link metadata as we can see, those signatures is generated, and that forms a chain of trust that we can use to tie together all of the build stages so far so good, that's only the build stages, we're going to create a signed artifact at the end. We want a container image. We want the container image to have been built securely, but also be provably secure.

P

This is where we get into container signing. This has been a slow moving space for a while note. 3 was the original and best, but we have now seen cosine and recall turn up from the sig store project which provide a much simpler way of doing. uh What notebook was doing before recall, specifically, is interesting, because it provides a transparency log analogous to a certificate, transparency, log for metadata and signatures of arbitrary things in this case container images.

P

This gives us trust that everything that's been signed is publicly visible and verifiable and that the keys that we use are verifiable externally. It should be noted with bells on that. This is all about trusting people. Software does not compromise itself.

P

A lack of transparency into software composition is suspicious and don't let people tell you otherwise open source software is by definition, open and chicanery, and prevention of transparency, obfuscation, perhaps is the word shouldn't be accepted. We really must do better as an industry.

P

So what we're looking at here is uh not only the signing and publishing of the artifacts, but the certificates that go with them and those public logs, so that we can monitor them for signs of compromise or a lack of a signature that we expect before we get finally into the software factory. One more concept is spiffy. This is a way to try and replace passwords by giving everything an identity.

P

It is a root of trust based system, and it is the core technology in istio that enables workload, identity and mutual authentication between microservices spiffy and in toto glue, together with this bit of code again, um another fantastic team that we've been collaborating with this year to try and get some of this stuff over the line, and they have been they forked in toto and added the spy workload api. So we can verify in total certificates based upon x509 certificate constraints.

P

With all these underlying pieces of technology we get to a software factory. A software factory builds other software factors. It is a pipeline for building pipelines. This means it is devops on steroids. It really requires very well lubricated pipelines, etc and its aggressive automation we care about the whole shebang here from infrastructure to application. Any one of these points in a software factory may be compromised and then would invalidate the the level of trust that we place into these things. The department of defense has a reference design for these things.

P

It is um up and running with the the castle run program. Everything is automated. It's the uh it's, the core line here and the cncs tag. Security once more, are doing exceptional work and building out a reference software factory architecture. So what we see here in the middle is our ci cd pipeline, we're orchestrating these um the fetching, the building of the artifact and the publication, and then in the at the bottom of the diagram, not the sdlc services but the last green layer.

P

We see an identity, a tester, and that is taking metadata about the behavior of the sorry about the metadata about the properties of the tasks and using those to generate an identity which can be used to integrate with the rest of the system, and this fundamentally is the idea that we give everything an ephemeral identity and we don't use username and passwords across the way it fits with all the good stuff we've been talking about in toto six store, cosine recall, spiffy spire.

P

There is a lot of complexity here, and things are really um just emerging and getting underway. I urge you, if of interest to jump in, and dan lorenk, who is one of the authors and founders of the six store project, has a zeros trust supply chain paper, which I recommend very highly. I hope that's been an interesting introduction. Thank you very much for your attention and, yes, beware of the supply chain. Thank you very much.

C

That was great thanks. Andy, we did have one question that got posted into our slack channel. We've probably got time just just to answer this one, so that worked out well. uh So the question is: if there are no current checks in the current pipeline, where do you suggest people to start with in their supply chain? Security journey assuming breach, is a good approach to take here.

P

That is a very good question. We can defer to the salsa document for an answer: salter level 1 recommends collecting provenance information and even if the, even, if there are no checks, we don't trust the supply chain and the build infrastructure itself just collecting what is essentially metadata and s-bombs um about the things that we're building, even if it doesn't protect us, gives us some uh some view of historical provenance and in the event for compromise, we can start to build up some idea of how it happened from there.

P

After that, of course, we do want to have slightly more trust and start to include some of these signing systems so that we can cryptographically prove that what we said at the time and signed uh hasn't been tampered with and was true.

C

Okay, interesting, thank you. I don't think I've heard a talk where someone mentioned the word chicanery either, so I particularly enjoyed.

F

C

Thank you, uh okay, so if anyone else had more questions for angie, then please post them into the slack channel or into the youtube chat and for our very last talk of today. It's got an interesting talk. Titles that kubernetes is doomed, so I'm quite excited to find out how kubernetes is doomed and I'm really delighted to welcome and curry to the stage.

C

Hey anne hello, how are you paula? I am very well, it's been an excellent day so far and I'm so excited to hear your talk. It's lovely.

Q

To see you and I'm sure it would be almost as lovely to see everybody else if I could see them one day, one day we'll be back in person again um right. So I'm going to share my uh application.

Q

My screen contents, great nope, oh click right and you can. Can you see me all right, see me? Okay, I'm just going to switch to my presentation right. So can you see me okay? Am I good to go.

C

I can see your face. I can only see a black screen next to it, though,.

Q

Okay, let me uh let me it does it sometimes, I'm quite surprised, it's not offering me the ability to.

Q

To just no that's no use um I'll, try a new new share.

Q

Share my entire screen.

C

I can see something.

Q

Sure can you see that.

C

Q

Excellent right, sometimes sometimes doom zoom doesn't work very well with chromebooks. So.

C

F

C

Q

My screen now full screen. Yes,.

C

Q

Excellent good good, good, good, good right uh all right, so it's about time for me to kick off. Should I kick off yet or should I give it another minute.

C

Go go ahead, we're live, we're live, no swearing.

Q

Right uh well, my name is anne curry and I have been in the tech industry for depressingly enough nearly 30 years now- uh and I was I used to work on high performance c, backhand servers these days. I'd do something a little bit different and we'll talk to talk I'll mention that later in the talk, but my aim today is to talk to you about the direction of travel of um operations and architecture.

Q

What I think will will be affecting us in the next decade in the next 10 years.

Q

Now um the cloud don't worry, don't panic, I'm not about to say it's the cloud, because that would be crazy talk. The cloud is what's completely revolutionized architecture and operations in the past 10 years, but I don't think that that in and of itself, not not directly is what's going to be pushing our direction of travel in the next decade.

Q

I think in the next day decade it's all going to be about the climate and it's not, and also don't worry, I'm not about to tell you that this is that your data center all about to burn to the ground or be washed away to the sea or anything like that, um hopefully, within the next 10 years. That's that won't happen.

Q

But what will happen? What we know will happen in the next 10 years and will have a significant effect on us is. That is how the cloud is: architecturally, responding to climate change and the effects of climate, because for the past five years or so, I've been involved in campaigns to move the cloud over to sustainable hosting uh and in 2020.

Q

We had an amazing, uh an amazing step forward in that which I'd I'd, love to say, win. But let's face it. It's not jeff bezos woke up one morning and decided he was going to do it and it had absolutely nothing to do with anybody else, but um in 2020 all of the major cloud providers committed to being carbon zero by 2030.

Q

So now, in nine years time- and this isn't some kind of airy fairy half-assed uh carbon neutral commitment because they're all that most of them already there already so google cloud has been carbon neutral since 2007, which is an extraordinarily long time. uh Azure we're a bit later, but they've been they've, been carbon neutral since 2014.

Q

aws they're still not carbon neutral. They are in some regions, they're uh carbon neutral in ireland, in frankfurt, canada and oregon. So if you want to be carbon neutral now, that's where you should be hosting, but they have nonetheless joined everybody else in committing to be carbon zero by 2030 and say, carbon zero is a much.

F

Q

Harder target to meet you can be in many ways: carbon neutral just means you're tracking, what carbon you're emitting and then you're paying for offsets of one form or another, uh and that's it's nice that you're doing the tracking and it's nice that you're willing to shell out a little bit of money to buy the offsets. But offsets are not that useful. What we actually need in the long run is a commitment to not emit any carbon as a result of your operations, so uh carbon zero.

Q

Is that commitment, no carbon from uh electricity and no carbon from uh hardware production?

Q

That is a ridiculously difficult goal, uh and I have to say uh in all the time that I was campaigning for this and and all of us a lot of us were campaigning for this. I think we were oh. We were ridiculously naive. uh We all thought that once the cloud committed to be carbon zero, if you were running on the cloud, then you would just become carbon zero.

Q

It would become carbon zero underneath you and you wouldn't have to do anything, and I was thinking that was fantastic, but that was in retrospect completely foolish of me because when I start look to look into how they're doing it and what they're having to do, you realize that I don't think they're going to be able to do it without our help without us getting involved without changing the way that we do things as well and why.

Q

I think that is the subject of the next part of my talk, which is which is what they're doing and why. I don't think that in and of itself, they can do it so their first step- and this is really good. I can't criticize them for doing this.

Q

Their first step is that they have spent huge amounts of money uh getting more renewables into the into the national grids, so they've put shed loads of money into either building um wind farms, solar farms themselves and piping, the the power directly into their own data centers, but more commonly. They have signed up to be guaranteed purchases of power coming from third-party um wind farms and solar farms. Either directly with the with the companies building those farms all with the within that with the local grids uh and they've spent a lot of money on this.

Q

So over the past decade, uh google has commonly been the biggest non-government purchaser of renewable power in the world. uh Last year it was ada, it was amazon and that's probably hardly surprising because, as I said, google have been doing this for years, and amazon have suddenly woken up and decided that they need to do it as well, and so they're chucking it they're having to chuck in huge amounts of money, and this is great because a few years ago I think, when I used to talk about this people's most common objection was well.

Q

If the clouds decide that they're all going to be the run on on sustainable power, then all they're going to do is suck all the sustainable power out of the grids and there won't be any for anybody else. And it's you know, there's it's a zero-sum game. We haven't improved things at all, but in fact that's not what they're doing they're they are guaranteeing that more renewable power goes into the system. So that's all great.

Q

So that's all good- and I kind of in my old dream, my old dream world, where I was feeling very positive about this. I thought that would be all that was required, um but that was really because I hadn't properly thought things through, because there is a significant problem with the renewable power. Well, some renewable power uh there's a significant problem with wind and solar, and that is that sometimes it rains, sometimes it's even the night, wind and solar. Sometimes it's not windy.

Q

Wind and solar are naturally variable available, variably available power sources. They are not pumping out power to you all the time. uh You'll there'll be times when there's tons of power and times when there is no power very little power now, and that isn't the way that data centers work. Most data centers need power all the time. Your applications mostly need to run all the time and there are places where you could have data centers, where that would be the case and the power would still be renewable.

Q

I mean obviously, if you're running it's the reason why we it's the reason why we still have fossil fuels after all of these years and we've known for you, know, half a century, that's about climate change and about the greenhouse gas effect, but um fossil fuels are so damn good. uh They are reliable, they're, cheap, they're, easy to transport, there's a reason: it's not craziness that we've we've been so reluctant in moving to renewable power uh power sources, um and there are places in the world where you won't have to worry so much about this.

Q

There are places where you could put your data center, where you would have renewable uh power that was reliable.

Q

So maybe you could be in france where there were loads of nuclear power uh or you could be in iceland, where they've got those of geothermal or you could be in canada where they've got loads of hydro, but that isn't everywhere and that isn't where most data centers are because, let's face it, most data centers are in the east coast of the usa, so there is there's always there is going to be a huge problem with reliable sourcing of power for data centers.

Q

Now the way that climate activists have been pushing to handle this for for many years and I tend to agree with them. I think this is a very sensible way of doing. It is using variable pricing for electricity, so at times when there's tons of it because the sun shining and the winds blowing, then power is extremely cheap, maybe even free and at times when, when there isn't any, we know there's very little renewable power available and maybe carbon is having to be emitted to the atmosphere in order to provide any power at all.

Q

Then that's power should be incredibly expensive and I think that's kind.

G

Q

Because um I'm not one of these um communist climate activists, I think that capitalism works quite well, but it has to be incentivized. If, if we, if the government subsidized that subsidizes bad energy production, then there's there's no reason why anyone should do anything about it. There's no reason why we should start to adapt to a world of variable power. So I really hope- and I think that it will be the case that we'll get very uh electricity pricing more widely.

Q

They have it in spain at the moment, but that's that's kind of the the forerunner of this kind of thing. So it will be useful. It'll be helpful. We think it's all inevitably coming, um but it's probably not gonna solve absolutely well. It probably will solve things for us in the long run, but we, it won't just transparently solve it- for us, it'll incentivize, to make incentivizers to make the kind of operational and architectural changes that we'll need to make to take advantage of variable electricity pricing.

Q

So, let's step back for a moment and um and just remind ourselves about what the cloud providers have signed up to absolutely actively signed up to for uh 2030 and what that means that they've signed us up to, because we are all fairly locked into the cloud uh and that's only going to become more so over the next 10 years, uh so what they do we're doing, and it's a good- and in this case it's a really good thing to do, and I so I can't object to it.

Q

But I don't think it's going to be um zero cost for us. I don't think we just get. It's just gonna happen with us or something to worry about it. So they've signed up to zero carbon emitted as part of the generation of electricity that is used in their data.

Q

Centers they've also signed up to reducing embodied carbon in the hardware that runs in their data centers, and that generally means that they'll have to make hardware last a lot longer and use it better, and all of these commitments are generally for most of their data centers on top of variable availability power. So from solar from wind, because that really is the work the workhorse I would personally, I would love it if we were, if we'd all gone to nuclear.

Q

We just didn't have to worry about this kind of stuff, but we didn't and we're not likely to quite sometimes so I think we have to grok the world that we're in is one in which that power will be variably available. I know that there's loads of storage, everybody's, desperate for storage, but all of the storage.

Q

um All of the storage solutions at the moment are sub-optimal they're, expensive, um they're, not they're, not a like for light replacement for oil, even even hydrogen, which is kind of that that exxon and shell would like to believe was the like flight for replacement for oil is not as good, it will cost more. So I think we have to accept that we're going to be handling some variable availability of power.

Q

So how how are I mean? I wonder how much uh they'd thought about this really thought this through before they committed so their zero carbon um deadline. Last year, some of them certainly had google certainly had, but I'm seeing a lot of activity now it suggests so that's that they've upped their game a little bit and they're trying a little bit harder on this.

Q

So let's look first at google who released an interesting paper on what their next, uh apart from buying a whole load of uh renewable power, what their their next steps would be in actually using that renewable power and meeting their 2030 commitments.

Q

So um this is a very interesting paper. It came out in june or july uh about the next generation of scheduling and programmatic orchestration. Now this is kubernetes conference. So we all know that google have been the kings and queens of programmatic orchestration, the forerunner to kubernetes and they've used it to physically shift encapsulated tasks around in their data centers to.

F

Q

Server density and use less energy to do the same work, which is all great for um for climate change. It's all great for reducing the amount of bad energy that you're produ, putting into the atmosphere, um bad energy that you're, uh using and and as a result, carbon goes into it. But it's not enough. We need to actually have a bit of a paradigm.

Q

Another paradigm shift in how we do this and at their next stage I think they're trialing at the moment is more, um is the trying harder to shift tasks in time and they call this temporal displacement and um because they are googlers and they do like their sci-fi and it's interesting, because what they're doing is in many ways very similar and just an extension of what they've done in the past. What's what their schedule is, and then their old programmatic orchestration did and in some ways it's the complete opposite.

Q

So the similarity is, it requires encapsulated tasks that are well labeled and they move them around. It just happens to be moving them in time, rather than just in in location. So yeah we live in a 4d world. Why not?

Q

But in some ways it's the exact opposite of what they were doing, because what they were doing before was they were trying to pack uh their workloads onto machines as tightly as possible so that those machines were maximally used. They got really high server density, really high utilization, and that meant everything was more efficient and it meant that you got more out of your machine during its lifetime. So you, you didn't use up too much electricity and your hardware lasted longer.

Q

The aim of the new thing of temporal displacement is to actually reduce a server density at certain times or reduce that the amount of work that you're doing at certain times of the day, when there's no green power available to reduce the amount of work, you're doing and actively potentially turn machines off, so in many ways the opposite of what they were doing.

Q

But the idea is less energy used when there's no good energy to use. Now there are various things that they need in order to accomplish this. So, as I've said, they need good orchestrators, which they've got uh schedulers, which they've got that actually encapsulated tasks which they've got, which is all good, but you also need uh tasks that are uh lower priority and not as urgent that don't have quite as high an sla um on uh as a brockton sla and when they're run they don't have to be run immediately.

Q

They can be delayed deferred, they can be delayed until the sun comes up and um they have that. But we don't always have that. So that's one of the things that they pointed out in this in this paper is that uh they can run this and they can get this to work and actually that they're, um oh I'll, put links to the paper in my twitter feed.

Q

So you can have a read if you want, but uh their initial results are a bit rubbish but as they point out, it's their first go and they expect it to get better. And we hear in the grapevine that the results are getting much much better as they move on as they move forward.

Q

um But they can only run all of this on their own workloads. They can't run it on the google cloud and the reason is that, within their own workloads, they know a lot about those workloads. They know which ones can be deferred. They know an awful lot about uh about how urgent they are. But when you move to you, when they look at the vms in the google cloud, those are just black boxes. They have no idea what they can defer.

Q

So they can't do any of this clever stuff on that, and that is going to be an issue, because this temporal displacement is going to be required. If we're going to handle variable power.

Q

So is there any? Is there anything that that does do that for us that allows us to encapsulate tasks and indicate that we don't really mind if they get deferred a bit?

Q

Well, um if you look at the amazon sustainability blog at the moment, and and it's giving guidance on on how people should write more sustainable code in the future, they're pushing spot instances quite heavily, and I would tend to think that that's a very good idea, so a spot instance I mean everybody knows a spot instances.

Q

You've you've wrapped your application uh uh in in it effectively in an enabled aws spot instance, and you said, run it when you got the chance that gives aws and aws orchestrators and um and schedulers the chance to uh balance that and run it when they can and take account of everything else. That's going on the system, so their schedulers have more information than your local kubernetes. Scheduler would do and uh you've told it that you've.

Q

Given a lot of information about that task, you said: look I don't mind when it runs just make sure it runs at some point and as a result of that you're paying a lot less money, and that reflects the fact that actually, these boss instances help aws and the other providers also provide them um to make their systems more efficient and it cuts the cost for them. It has a a a lower, marginal marginal cost.

Q

uh Everything I'm talking about it's it's good to us in a certain. It is good up to a certain point, but it's not perfect, so um it causes problems with hardware, but um those are other problems that we'll hope that google fix and at some point hopefully I'll talk to you about what they did to fix them.

Q

I won't worry too much about too much about this now so given, given that I've told you that google and amazon and and uh azure have an awful lot of work to do, but the way that they are attempting to do it is using programmatic infrastructure and scheduling. It seems a little a little perverse for me to say that kubernetes is doomed given that kubernetes is a programmatic orchestrator with scheduling, um but I think there are some.

Q

There are a couple of really quite terminal problems with kubernetes at the moment when it comes to this new world of advanced um temporal shifting scheduling the one of them. This is essentially not even the main one is it's that there is not enough variety of tasks. So, if you're running uh kubernetes, the likelihood is you're using it to manage an enterprises worth of workloads and google themselves point out in their paper that that isn't really enough tasks to to get really good utilization to get the efficiency up to the level that they need.

Q

In order to meet this zero carbon um deadline is uh they need re? They need massive variety of tasks of tasks, sizes task, priorities, tasks, urgencies and you just don't have that. So that's a bit of a problem. Your workloads are probably not labeled enough. You probably don't have enough higher priority and low priority workloads anyway, but even if you do they're not sufficiently labeled and um but the first one will be very hard to fix. The second one is fixable, especially if you've got 10 years to do it.

Q

The third one is totally fixable, but you're gonna need to start demanding it. Kubernetes has around it's an associated with it, a lot of tools that are high priority that run all the time. Like your service mesh that just burn too much cpu a lot of those tools.

Q

They are too inefficient and if a tool is going to be running all the time as as these tools nest, necess by necessity, have to do, those tools are going to have to be super efficient and at the moment that has not been a requirement, but it will be over the next year, 10 years, it's going to become an absolute requirement and you need to be pushing back to your suppliers and saying, okay, I want service meshes. There are a lot more efficient loans that are being offered to me now.

Q

There is a reason why the cloud providers do not run the commercial uh service meshes. They are just not good enough. They're, not efficient enough to meet these deadlines and just meet these goals.

Q

So, going away from this uh away from this talk and and going back to work, what do I think you should be thinking about and you've got time you've got years on this, but it's it's a big change and we need to be preparing for it. um You need to be architecting, architecturally thinking in terms of high and low priority tasks, and I'm using that literally high and low priority task, not high and low importance tasks.

Q

It's a classic of management that you have uh important tasks and urgent tasks and that they are not the same thing um just because a task is low priority. It's not urgent, doesn't mean it's not important. It might be your most important task, but you need to split out what's urgent and what's not urgent, um because that's going to be utterly required in a world of variable availability power embrace spot instances, because with kubernetes you can be managing spot instances as well as your normal kubernetes workloads have a go at that.

Q

Make sure that you can do that and encourage your developers to start thinking in terms of designing architecting to use spot instances, because, with a spot instance it's it's that they can be incredibly efficient and they can be used by the cloud providers to to to help them move towards those those um zero carbon goals in a way that stuff. That's that you're managing yourself that they can never. They can never do that as well.

Q

um So I said distributed systems work well with if you're splitting tasks out, if you are carving application, carving micro off your monolith, start thinking in terms of, can you carve off uh applications that have a consistent sla associated with them in the right now? Spots are the most obvious, but I think there will be more sophisticated spots in future. That's that maybe um that will allow you to say well. I need this to run within the next hour.

Q

I need this to run three times a day, um a bit of a a halfway house between spots at the moment and systems that that you just have entirely under your own control. um Think about what regions some regions are much more energy have much more sustainable energy in them than others. We talked a little bit about that earlier targets. Your efficiency improvements at things that have to that are urgent, that you're going to have to run like that.

Q

That's where you really need those efficiency, improvements and efficiency improvements are a pain in the neck and take ages and um yeah yeah, so so target them all the stuff that you can't stick in a spot, because if you can stick it in a spot, it doesn't need the efficiency improvement as much and make sure you're using the engine devices and if you're gonna be lacking power, those devices has power. If they don't have power, then they won't be logging into your systems. So almost by definition, the device has some power to work with.

Q

You could always fall over to using that failovers using that, if you need to, but you'll have to think carefully about how you achieve that for your particular applications uh and uh as a little um a little thought experiment for you to be thinking about, or for you to be setting for your development team could.

F

Q

Run 90 of your global cpu usage on spots now that might seem like a crazy thing for me to suggest and actually cpu usage and energy usage are a very good. um uh It's good rule of thumb that your cpu usage and your energy usage are pretty much the same kind of thing.

Q

You might think that's crazy talk. I couldn't possibly do that, but have a think about it, because actually there are quite a there are several ways that you could do that uh on almost any system. uh It's the kind of thing we used to do in the 90s. We didn't have any any cpu or memory or anything else, but you say come up with cunning schemes for doing these kind of things and and they do work quite well.

Q

There are more efforts and you do have to think about them, but you know it's quite a fun thing to think about crazy stuff like that and because actually in 10 years time, that is the situation you'll be in I'm afraid, um unless we completely discover some amazing new storage uh technology during that time, which I think is unlikely. um So that's that's your main takeaway from this. The second takeaway is uh my job these days, as well as talking to conferences and doing techy things.

Q

I am a science fiction, writer, a speculative fiction writer and uh to celebrate this conference today. My first book utopia, five is on is available for free download today, today, only so uh go away. Google utopia, five on uh amazon and fully boots, uh get yourself a free copy.

Q

So, yes, that is uh my talk. So paula.

C

That's brilliant thanks. Anne I'd do a quick, a quick recommendation for the book as well, because I've read it. It's very good. I'm working my way through the rest of the series, so uh I'm very excited uh we hadn't got any questions posted in the slack channel, but I did have one question so I'll. Just ask my own question. You mentioned about efficiency of tools and you specifically called out service measures as being pretty inefficient.

C

If I'm looking at the cncf landscape, in which there are many many many many tools, how would I know which ones are the more efficient? Is there any way of knowing just by looking or is there some some place? I can check.

Q

No, there isn't, although it is one of the things that so I'm involved in the green software foundation, the the microsoft and linux foundation um group to start giving advice on on how to write greener software and how to operate greener software, and this is one of the things we'll be looking into. So what's what should you be doing? You know, what's putting putting a little bit of pressure on the uh on the writers of these tools to make sure that they are more energy efficient in the future.

C

It would be interesting if there was if we got to the point where there was some kind of a score, and you could you could choose your tool based on its kind of green credentials, would be quite quite an interesting metric.

Q

Yes, yeah, like juicy washing machine yeah exactly, I think the green software foundation is quite keen to do that. So I think that that is.

C

Super well. Thank you. So much for your talk. It's been fantastic, matt, sorry, yeah.

E

I was just going to say to you to ann's point about spot instances, um it's worth noting that um uh at least up until fairly recently, I think the entirety of yelp used to run on on spot instances. So it is certainly possible for even large-scale web scale um applications to uh to do that.

Q

Well, that's very good. Yelp were ahead of their time. Man.

C

Fantastic, thank you so much ann. If anyone has any questions for anne, then please post them in our slack channel and thank you so much for joining. That was a great talk. Thank you very much for having me so matt we're at the end of day, one reached.

E

The end fallout we're still here we're still.

C

E

What a day it's been fabulous, um I know: we've we've had some teething issues shall we say with with technology. These things are never easy. um Despite all of the uh the months and months that we've all spent over the last uh couple of years, video calls and streams. It still doesn't always go entirely to plan. So apologies to to any of our speakers who were affected by that or or any of uh any of you watching. I hope um everybody's had a great day.

E

um I've certainly enjoyed all of the talks and uh and the chat and slack I'm sure the same applies for you, paula right. It's.

C

C

It's been real, no, it's been fantastic. Thank you. Thank you to all of the speakers and it's I've been so pleased to hear so many different talks. It's it's interesting. Even in this kind of somewhat niche space of kubernetes there's been we've had so many broad talks and conversations has been fantastic. So a big thank you to all the speakers and I'm delighted that we've reached the end, but this is not the end of the conference.

E

No not at all I mean I guess before we uh it's not even the end of the day, yet paula we've still got, we've still got absolutely awesome pub quiz which, uh which lewiston and parry is going to run for us and we're just uh waiting until he joins. So please do stick around for that um before uh that, though we should. um We've thanked all our speakers today. Speakers um we've got more fabulous speakers for you tomorrow.

E

um We should thank our sponsors again right so uh to sneak control playing jet stack, systig and storage os. uh Thank you so much for supporting um these uh kubernetes community days. um I guess.

K

E

Also worth giving a shout out to all of the cncf communities in the uk kubernetes community days, as I'm sure everybody knows, are uh community grassroots community events supported by the cncf but ultimately put together by uh community folk in their spare time um from the ground. And and so we should have a big shout out to cloud native london cloud native wales, cloud native bristol cloud native birmingham cloud native manchester cloud native edinburgh cloud native glasgow.

E

I don't think I've forgotten anybody, but hopefully that's all of them um who who really keep the uh the cloud native community uh going in across the uk. So uh thank you to all those folks and um we should also uh thank our workshop providers. Hopefully some of you managed to uh spend some time at some of our sponsor workshops.

E

So thank you to to all the folks who've run those jet stack control playing uh solo. I o uh container solutions sneak and souza and thank you for our watch party sponsors. I know I've been at the watch party here in manchester and I know that the folks are at the watch party in cardiff. um So thank you to tram, shed tech and to soft iron for sponsoring those.

E

And uh thank you to our charity partners. We haven't added up exactly how much money we've raised. Yet how would paula, but I know it's quite.

F

E

So um that's great um so stemettes and and protector. Thank you uh for getting involved with kubernetes community days. uh You know this whole event's been for charity. Everything above the costs of putting it together, we'll all go to those fantastic charities.

E

uh I don't think I've forgotten to say anything there paul anything. You want to say.

C

uh No just a reminder that we have, as much said, we have the pub quiz starting soon.

C

We are just waiting for our excellent quiz host luis to join us, and then we have it all again to do tomorrow, so we are starting at the same time, I think we're starting at 10 o'clock tomorrow morning and we have got a fantastic track of keynotes we're opening with amanda brock from open uk. So please be here at 10 o'clock to join us for the for the kickoff and then we've got two tracks again same format as today.

C

So we are really really really excited to see all of those different talks. The talks that you've heard today will all be available to rewatch as well. So once we have the the recordings kind of polished up they'll be available on our youtube channel. I know we've used two youtube channels today, but all of the talks, if you want to go back to them, will all be available on our youtube channel, so you'll find them all there.

E

And uh well, I know we'll also try and fix the couple of talks that the pre-recorded ones will upload the actual high-res video of those right, because I know they were not not great on the streams right so.

C

Yeah absolutely the talks were great.

E

The resolution so we'll make sure the video quality is good for those uh for those ones that uh that we did playback pre-recorded right.

I

E

This louis denim parry I've heard greg I've built this poke quiz up now, as he's left.

C

Hopefully, he's going to come back uh and ask us some questions, I'm hoping that they're not too difficult, because.

E

I can't reboot this machine at the minute right: okay, more technical problems.

C

Who would trust technology right easier.

E

In person we've started on the beer by now for a start.

C

I know I was wondering when we when we might start.

E

I think it's still slightly early.

C

How's, the how's, the watch party in manchester- that's where you are.

E

Yeah good, um we are in uh work life um a manchester um co-working space, so it's been great uh great conversation watching the different tracks had some lunch so yeah, it's all been fantastic.

C

Nice that sounds good and have you got drinks available for the pub quiz tonight.

E

I'm not sure, I'm actually in a different room, because it was uh a bit difficult to get the uh the technical aspects of presenting from the same room. We wanted to avoid feedback, but uh I think so, and I and I suspect this uh there's going to the pub in the uh future of this group at some point once we are once we have finished here.

C

Are you are you staying for the second day without that same watch party tomorrow,.

E

Yeah I'll be in manchester tomorrow, I'm also hosting another live stream all week, so, which is why I had to uh to jump out earlier this morning. So I have to do that thursday and friday as well so yeah and hosting two kind of conference. Things in one day is.

C

Fun, that's pretty impressive! If anyone can hear that weird squeaky, that's my my dog who's asleep under the table and is having some kind of a crazy dog dream yeah. I don't quite know what she's doing. Okay.

F

What's happening here, then.

C

E

C

To commercial break, whilst we wait for lewis to join us.

E

See what's happening, let's see if we can find out what's uh what's going on here.

B

F

A

C

E

C

Is the man himself I.

E

Was running out of philly lewis so uh uh breathe it's over.

A

So, yes, sorry about this um another story for another day over a point: if, if you ever see me in person in the conference in a nutshell, just in the future there's so many war stories, I've got today, it's been phenomenal, but how have your days been well, so I.

F

A

Do some filler on just getting the quiz up and running.

C

F

A

F

Good there's been some excellent talks.

C

Oh hello, watch party.

A

Awesome awesome, so the quiz will be ready and momentarily. As you see me, frantically type, I'm not finishing up the questions right now is I'm just gaining access. I've just had to swap computers because that's what we do isn't it this is. This is what we build for. This is what we prepare for within our phone. If we're not dependent on a single vm, we should never have a single dependency. So um so we just brought in chaos quizzing. To be honest, it's uh nice, but honestly these questions, though, that they are they're intense, so.

C

I was hoping you were going to say that they were quite easy to give us a chance. Oh.

A

No, no, no, no, no chances are being given.

E

How is this going to work then lewis? What's the how's.

A

It going so we're going to be using a tool called kahoot for this um if anyone has been uh with families during the lockdown you're, probably well aware of what kahoot is and um for one of those family quizzes that you've been in, so I'm just going to share it. Now, I'm going to ask for my friendly av assistant to help me out so we're just going to remove some spotlights hi watch party manchester lovely, to see you.

A

I went to umist, incidentally, and that's my university of choice and I've never been allowed back into manchester ever since so yeah that that is not a spoiler for the quiz and it's just a it's a fact of my life right. If you go to kahoot.it and then you'll be requesting a pin, so the pin is nine nine one, five four six one: either uh matt's identity has already been taken or matt's just joined in equally we're just going to do this as a quick run through and we've got a warm-up round.

A

um So we've got a bin I'll leave this for a couple of moments.

A

Danny has now joined the party um yeah. Now I'm very much looking forward to catching up on them on on today's events and uh I'm looking forward to it tonight and equally tomorrow. I've got some more time for the conferences, so yeah, but it's been a pleasure working with everyone to do this, and uh I've got some references. I think in some rounds.

A

See, incidentally, like when I usually do this, I just take someone else's identity. I just take andrew martin from control, plane and uh yeah. Then we'll see how it goes right, we'll get started with this one. Now, let's get, let me get rid of my face. We don't want to see that cool right, I'm going to get started on this quiz. We've only got three questions on this one because I didn't want us.

A

I didn't want us to test in production that, yes, other danny perfect. That's that's what I'm talking about several great names right, we're going to get started on this one, but don't worry this isn't the main quiz. This is the biscuit format, so we're using this just to test out our user interfaces.

A

So if you look on the screen share, you should see that this is the biscuit introduction round a warm up with biscuit policy we're not talking about cookie policies. This is kcd uk we're all about the biscuits.

A

So this is an example of a quiz question. So can you just name me this biscuit now: you've got 20 seconds in this instance, um and you should see on your device that you've connected with you should see a red, blue, yellow green. um If you're color blind, you should see different shapes anyway. What kind type of biscuit is this, and I don't even know if this is my coffee, but I'm going to go for it.

A

It was a rich tea, see. I it took me two hours to source a picture of a rich tea that looked like a digestive, this okay, see and if you're frustrated now take this pain and multiply it by an exponent. Like a huge number, that's what's going to happen at the end of this quiz, but it was a rich tea and who would start biscuit quiz with a rich tea. This fall, but that.

A

Now there might be another question where it's true or false. So do you add milk before hot water when making tea? So in this it's either true or false, and there's obviously only one right answer so whilst you're doing this? Incidentally, if you're searching google for this answer right now, this I don't know what's going on. Like that's true yeah, I don't think I don't think any search engine is going to help you for this quiz this afternoon. So false!

A

Yes, no one in their right mind would add milk to a mug before putting well tea bag. First, hot water, look just up your game, get a teapot, just sort yourself out with a tea pot pour that tea pot put the milk in afterwards. That's all you have to do.

A

Matt knows away, um as you can see by the scores they're not set, so it is fastest fingers. First, we really want to see those fingers shout out to uk references from the 90s there.

A

Finally, we've got some answers where you have to try your best at being able to type. So you will see occasionally some gifts, and here is uh lord and savior, paul hollywood um in the bake, tent and baking some biscuits. But what biscuit should he have baked to be defining the best biscuit available to us if you've been recently looking on twitter, then there's a thread that I've had with dan pop and given a deeper detail into it and um instantly.

A

I think my memoirs as to my life with biscuits will be released at the end of this year. So these um shout out to one of them biscuit oh gee, where's. No, it is for chocolate, hot knob and thankfully, someone's got. I think we've got two people with that. um As you can see, I I've allocated for spelling as well, but it should be one word, but anyway there we go. So that is our quiz, not our four quiz.

A

We've got lots more uh tech questions, but in our biscuit walmart in third place, it's dave, you congratulations, dave and you get a cursed cream guy. You get the pink wafer, but with the chocolate hobnob of success, I think we all know who it is. It's matt right. So there we go uh matt. I will take payments for giving you the answers to those questions. um After the end of this month, yeah.

E

It should be okay if all the rounds are about biscuits right.

A

Well, I think that is it I am. I don't actually think there is another round on biscuits, so I'm just going to stop my shared moment and I'm just I don't know if you could see me doing that, but I'm just going to get the next, I'm going to get the real quiz up and right now the real quiz. Let's just warm up biscuits, are important.

K

So I think there might be an issue with the youtube delay, because because of the question I don't know, how is there a way we can adjust youtube.

A

Rolling in production, okay, cool- I'm going to do this, but we're going to have to do a buffer. So so, if you don't already know who I am hi, I'm here with jen and parry, I'm the head of training control plane. What I usually do is that I fix things in production whilst on either zoom youtube.

A

Incidentally, you'll probably find me tomorrow on clustered with some other pals and colleagues from control plane. So what I'm just going to quickly do we've got 30 seconds for the quiz questions youtube.

A

You know what let's go for it. I think we should just go for it danny, we'll we'll put this in our retro for next time. um Let me just get the next quiz up and running.

A

I think we've got over 60 questions and right, let's go! Let's go. Let's go.

A

Actually, oh, what I'll do is there we go? This is all about fixing you'll, be able to see it on your phone at the same time, so the phone I'll get it. So that question appears on your phone. There will be a delay, and um yes, so let me just make sure I have that setting there we go cool, okay,.

A

Right and please may I share the screen asking my abled colleague, the beauty of running on multiple different operating systems. It's um it's fun, so cool. If you think the last five minutes have been awkward, get ready for the next half hour, this is going to be them.

A

It's going to be intense um thanks. Thank you av. um Yes, so we've got a new quiz set up um right. Remember our code of conduct. At this point um I have tested this out with some select words. um Now, I'm I'm sure that we've got some people who are security, focused or penthouses. Who will try to really push some things? So um yes, so what we'll do is we'll probably leave this running for two minutes?

A

um Well, so do that maybe I'll just take the opportunity to be serious for two minutes and whenever I give a talk, which apparently is quite rarely nowadays for whatever reason, one thing that I'd like to highlight is mental health wealth, mental wellness um personally, I've suffered in the past with not feeling great and whatever that may be, but most people would call it depression um and obviously, for the last 18 months it has been an absolute slug and everyone has their own battles depending on.

A

However, deep they are um the one thing that is really helpful and has really helped me is just being told that don't ever try to compare yourself to someone else's pain, whatever pain, you're feeling is the pain that you're feeling um people can't necessarily see it in your head, if you're feeling absolutely terrible and I'm sure that there are so many people around you who would never feel that way about you.

A

So if there is anything that if there is ever a time or moment of weakness, there's a number of support networks around you, um I would always say my dms are open, but there are definitely other people are available, but there's always an option. There's always help and yeah. So on that that is going to be the most serious thing, I'll possibly say this week.

A

um But to that point: yes, it is a serious matter um and I hope everyone's well and I'm really looking forward to being able to see people in person um virtually it's kind of cool and uh it's helped us it's been a means, but I think we're full we're all we're all getting into that position when we just really want to be in a conference center together and who would have said that in 2019, who, in their right mind would have said that okay, so cool, I think we've got a couple of players in so this will be on youtube.

A

This is definitely something that you could play again in the not so distant future, but why would you do that? I honestly do not know, but we'll see, let's see how our pub quiz goes. So this is our kcd pub quiz.

A

Right so we started off today: we've you might be at one of the watch parties you might be in the office you might be at home and so far you've probably brewed. Several mugs of tea started off with coffee. Probably you probably have the same age as me now, where, if you drink coffee after 2 pm, you don't sleep until the other day.

A

So with that being the case, it's time to get in the pub it's time to get down there, it's time to get pork, scratchings or pickled egg, whatever maybe get that crisp back open up that you share with everyone around you um I'd best of luck to try and find any of these answers in an encyclopedia or dictionary or any search engine.

A

These have come from the twisted and crazy minds that is and allergens and myself from clinton, wales and also with assistance from graham from control plane. So without further ado, let's get started so. Oh there we go. Hopefully you can still see my screen.

A

Our first round is going to be name that programming language from the snippets.

A

So I'm going to show you a picture of uh some code because that's how I share my code by taking screenshots that's how people should share code, um I'm going to show you a programming language. What I would like you to do is I'd like you to type the name of that programming language, so this will be appearing on your phones now and, if you're watching on youtube, this probably appeared 10 seconds ago. So can you name this programming language you've got 30 seconds to tell me which programming language. This is.

A

You've got two answers: we've got four answers.

A

To me it doesn't matter it's just getting a container, that's all! I need just get it running. That's all that I want so. Yes, let's see what answers we got. We got a couple. It was closer. We got one person with it, who's it going to be. Hopefully it's not going to be not lewis, but let's see I didn't know. I gave matt the answers to this quiz as well. I do apologize. I.

E

Only know this because I've actually had the pleasure of writing some closure myself. So.

A

Oh, you seem a pleasure. It sounds a bit more pained voice.

A

Well, here we go: let's get ready for the next one, which one is this hello world in which language, I guess, if we are in person, we give bonus points for the output that you'd have I'm sure andre we're just trying the water here we're just getting warmed up. This is this. Is that warm-up room.

A

So we've got five seconds left.

A

There we go, we've got a couple up and it was go and yep again we're being lenient, with graham from someone who is dyslexic, I'm making sure that people have got some opportunities for these ones and yes, we're finding that some people are starting to hit as well we're getting started now, but matt is well in the lead.

A

So what is this next programming language? That's coming up, so we're starting to get a little bit deeper. Now.

A

So originally, when we ran this quiz, there was also to do the outputs, but I think it was too much inside these.

A

It was c plus plus and on our panic stations late at night yesterday we made sure we added a plus plus as well, and there we go so remember it is the fastest finger. First, it's whoever gets. The answer. First gets for more points, the more points, the most points for it: okay, the next one.

A

Oh no, this one. This one is an interesting one and just have a read and try to figure out what it could possibly be.

A

So, let's see, if anyone got the answer this one, this one's called arnold c, um I think we'll see a programming language, but look don't okay. I understand you're getting frustrated, just save that energy just leave it for a big outburst in a bit of time. We won't be doing it. We won't be going through 63 languages by the way. So this one, um let's see we can get you with this this.

A

You might remember this from back in the day. You might remember this from some spreadsheets without any spoilers, necessarily and uh yes still being used today. I believe the hello world wins on myself.

A

So we got a couple in there. Yes, it was visual basic.

A

That's being dethroned by abes and uh let's go on to the next.

A

Now this is a programming language. It's I think we found out about it in hack news initially, but anyway, that's maybe go and check there maybe go and see that. But can you name this language.

A

If not, can you get something? Can you put another answer up on the board which.

A

Maybe maybe shift left with feedback just give feedback with the answers, and then um I can mould this quiz as we go through today. I wish it was css. um It was pete and again, there's spent quite a few minutes last night trying to find out how to pronunciate it and we confirmed well. I think we confirmed it.

A

It was late and it was time for bed. Okay, here's another one. um This just looks like pain to me. um Yeah. I can debug that that's easy enough. I can debug in two minutes open up your ide of choice, and then you see that- and it's just like right- that if you multiply that feeling by five that's kind of how I felt today we're stressed, but um there we go.

A

All right, let's have a look.

A

I think that's how you pronunciate it. Otherwise, I've just said that, and it's going to be forever on the internet and.

E

Someone got it right.

A

Did you get that right? No, oh tim! I think that deserves a round of applause. Already. That's that's fantastic!.

A

Here we go, I think we've only got two more left on this coding one and then we're going to get into some other rounds as well. So- and you name this programming language.

A

I think I might need to check out code of conduct as well when I'm trying to pronunciate some things. But um yes, we will. We will we'll add it to the retro.

A

So I think we got one, no it's lol code, so I'm thinking of adding some of these to our ctf later at cubecon in north america next year. This might be uh some fun. Well, not really going to learn much. I guess from that now this one you're probably going to have to look in your phone for this one there's a lot in there.

A

But um yes, this was again a recent one. That was, I think it was the magazine, guitar, weekly or guitar monthly, whichever calendar event that magazine has owned. It was once featured in that magazine, which probably gives it a little bit of a clue as to what this language is.

A

Rockstar, so uh a lovely chat, dylan beatty wrote the rockstar language and also, if you check out his youtube channel, he's, got some great songs about apis. He does have great songs, but apis he's phenomenal. So right here we go we're going into our next one. I don't necessarily know if you can see the banner as of soon but name the technology from name the technology thing from its emojis form.

A

What does that mean? Well, let's just get straight into it, so I'm going to show you a couple of emojis and then I would like you to tell me what it is technology. So we have three emojis there.

A

What could they possibly reference.

A

Maybe I should have given a tip on this one. Well, we'll see, we've got some couple events going in these. You need to open your mind and that's probably the hardest thing to do. After the first day of our conference.

A

It was a keyboard shortcut, so we had a key. We had a sleep for boredom and then we had someone cutting their hair again somewhere somewhere in the world right now, people are flipping their desks name. The technology thing from this emoji form, so we've got two emojis there. What could they relate to.

A

I just realized I look like the face emoji, but with the eyebrows underneath my eyes representing the bags that I'm suffering from at this moment inside. But yes, so this one web king web crown no, it was webmaster. Oh no, I got webmaster right, we'll see how we do on the next one, maybe I'll, try and give some hints. So this one come on. It's we're! Obviously, just it's where those photos are being stored. Isn't it it's um yeah just keep them on someone else's computer. Just.

A

Do you remember when mobile phones used to be cheap, like you'd lose a mobile phone once a week of team, and then you could get another one for a couple of pounds nowadays, it's you need to remortgage your house and still just get a new phone anyway. On that one we've got cloud, ask about. Yes, it was icloud all right. We've got some movement on the table.

A

Let's go on to the next question, so we're getting some speed now right.

A

Now, what does that night landscape show? It shows us stars, it shows us many many things far far away and that arguably people in sci-fi films will go and look for and what do americans eat in their balls in the morning and then? Finally, what do we use to transport?

A

Put them all together and you've got a three-letter acronym.

A

Is usb universal serial bus? I know serial's not spelled correctly, but well then tim we've got this tim keep with me, tim name, the technology thing from its modiform, so we've got a light bulb and we got a fishing rod.

A

Light bulb and a fishing.

A

Now I can't remember last night was a dry night and I can't remember well, this one was actually lightning now we would have had lightning brothers, this whitening there is. If anyone else has got this, then bravo glass face euthyn online online online. Oh gee whiz, oh god.

A

We wrote this and that felt painful. Oh no technology thing from this emoji form, so we've got a battery and a point.

A

So that power and then what's the hand doing so, what does the battery provide?

A

Is everyone's favorite uh slide deck thing, slidex.

A

Yeah, I don't think I'm going to be able to watch myself after this when, yes, it was powerpoint, seeing the way that the cogs in my head are slowly creaking around trying to remember how we did this. So yes, we're a third of a way through. Don't worry, not too much pain now so here we go this one's, so we've got okay. So it's a convenience thing like um it's a spa and londis.

A

uh What other ones do we have in the uk um and happy shopper, we'll call it happy shopping, we've got a cake: we've got a cup and a city, uh so the cake would be with age potentially store age capacity, store age cap, a city.

A

To be honest, I don't think I'm ever going to be invited to a public event again only just be shouted out on stage for for this quiz. Okay, so what part of the hand is that's been shown on the left and and then what are being painted on and then I think this could go back to photos you might have on your system and how do we preview? Those.

A

And we've got so: what are we painting and what does a fonzie use to communicate so eloquently.

A

Fun paint, um I I think, there's a collective groan if uh you're, not one of the seven who received those points and we got movement on the table, matt is just teasing with us he's coming back with a vengeance back in the game.

A

So I right we're almost there, um so this one's back in the day it feels it feels back when I was in school. So what are we doing to shut this person up again? I promise I'll stop talking after this quiz and then what kind of transport is it.

A

See being welsh as well, um I could have put the bus on there as well with a person, because we call them drive so zip drive was the answer to that one.

A

That's back in the game own only ever so slightly, though here we go with the next one, everyone's favorite, if you're at kcd uk today. um This is what we're talking about the majority of the time.

A

How do we manage our containers with ice cubes? Well, we have soft drinks with ice cubes. Then we go to beer, sporting events and finish with cheese to get those random dreams about thinking of how to manage our containers online. I don't know what I'm talking about. I should probably shut up at this moment, but here's ice beer, cold, cheese, hubernet, cheese, cuban cube beer, nuts cheese was also an answer that I would have definitely allowed. Him would have allowed cupid cheese.

A

That is, if you, if you attend the training, that is, is people usually focus on cube. Ctl, keep battle, cube, cuddle, all those things for me. It's cuba, pianet cheese.

A

That's that's how we should be talking about cuban attitudes right there. We go um so matt's up on top tim is closely following ben abe, and his mum are doing phenomenal and john is in fifth place right. So I think we're on to the next round now, which is our cloud sudoku round.

A

Now we call this kai sudoku, but then- and we realized that it should be called heroku sudoku, so name um name one of the missing factors, so you got 60 seconds to do this so within here we've got the 12 factor application and um the 12 factors. We've got code base, build release, run disposability processes, dev crowd, priority, config pool binding backing services, admin processes, all your favorites. But what are the three that we're missing?

A

So if you can type any one of those free just type, one of them don't type all three of them. If you do that, you're not going to get anything um I'll, try and start to include some references now game shows in the uk, probably not on this one, this one's going to be a bit too difficult. um I think the next round actually is going to will bring back some bruce forsyth into the next round.

A

Actually well we'll see.

A

Yeah here we go we'll go for a family fortunes reference, so we've got transport if it's on the board. I'll give you points myself. No, so we got dependencies logs and concurrency with the three missing factors again that was the speed based round. So there we go just smack onto the table there right here we go.

A

Here's our higher or lower play your cards right round, so we've got a docker file for you and I'll show you the first docker file, so here's our example docker file. If I build this docker file, um this image is 907 meg in size.

A

Now the next dockerfire file, I'm about to show you you've, got to tell me if it's higher or lower in size than this one, so without further ado, higher or lower. Can you tell me if it's going to be higher or lower than 907 megabytes.

A

Remember fastest finger first: um oh, let's look at some of these binaries that we've got okay, so this looks like a multi-stage build. Has that caught anyone out um we're just copying across a binary, so we've gone lower. It was lower.

A

And we'll find out how much lower by in the next slide, when we confirm is it higher than lower than 43 megabytes so that one was 43 megabytes now this one. So this looks like we're: building this from uh one of control, plane's favorites, justin brazell and we're using her uh dockerfile to build wine.

A

Higher it was yes, it was higher. So let me just check: well, let's see what what's happening on table first. So yes well done everyone, so that was 684 meg. So is this one higher and or lower than 684 meg?

A

So basing this on ubuntu bionic, um you know we'd love to now implemented labels in metadata and yeah. We're running so we're updating it. We're installing the samba nginx open ssl gets doubly getting killed, so it was lower and in the retro I'll have notes as to how much it was lower, buy instead of enterprise. Next but well, then john g, you have got a correct streak of three in a row.

A

If it's I think like at this point, I think we should pause for five seconds just to let john update uh linkedin just so that he can say that he's got three correct answers on the darker font quiz. um So is it higher lower or lower than 355 megabytes? So can we use an ubuntu in this one, uh so we're also using so it's essentially the same as last time, but also I'm nervous. It's going to be higher or lower. What do you think.

A

So it was lower because we did the auto remove. I think so. That's 355 meg! So let's see and pick it well, then I think that's lightning fast with that finger on the lower.

A

So is this higher and lower than 306.? We only saved a little bit, but is this one higher lower so we're doing a if we're basing it's on golang we're installing a number of things uh we're setting a terraform version, um then we're doing a git checkout?

A

Yes, I can read it, but it was a multi-stage build. It was lower.

A

Yes, well done, tim and john um in oh and greg now, you're on four correct answers in real, quick you're going up if you're not aware of what a multi-stage build is please please go and see it. It's a great way to reduce the sizes of your docker images, as well as improving security, potentially um always depending on how you run it more by security, comes ctf so round five. So this is a picture round, and this is all about the movies.

A

So we're going to see uh a picture from a movie where they're showing some uh technology that we would consider, but it was an alpha. It wasn't even a beta, and so can you tell me the movie so, yes name a movie with a text still in author, that's a better way of saying what I just did, but so again this is a type answer. So this one just name the franchise, we're going to start easy on this one.

A

So can you tell me the franchise that smoothie is in again for the 90s reference to face any fans of football from the 90s? This kind of looks like uh kevin keegan based on uh based in a football match in space in the year, 3000 there's a reference to busted there as well, apparently um yeah.

A

I love it. If I see them in production, love it, oh god, that's on youtube, forever done it right. There we go. What was it? It was, oh glad you hate it.

A

It was star trek right and also we saw the uh first uh well, no we'll just save the first watch device, whichever your favorite brand of watch is like smartwatch. So this time you need to name a movie, not the french flight, so which movie was this so in this movie. I believe this was around the 90s as well.

A

This is probably when you find out that this movie just makes you feel a lot older than you should, but this was the second installment of a certain british movie with an actor who has gone on to be in mamma mia. I guess as well as numerous other films. um Yes, we've got james bond, but I wanted the movie. I didn't want to know his james bond. I want tomorrow, never dies. Yes, he was remote controlling his uh bmw. I think it was five series through carpark.

A

So that was a firm favorite from a 1974, um a certain uh certain attendee rainbow movie.

A

Have a look in here which movie? Is it then look at those icons, I'm some I'm sure someone's got an icon set for that with a setup but name the movie. I want to know which installment it was as well, not just which person it is but tell me which movie. It was just a numerical figure. That is.

A

Yes, it was well, it was iron man, 2., okay for people who wrote two. Yes, you were right, and maybe I should I I will add it again to the retro I'll become better. I promise, but probably after this quiz, again you're going to go through a whole world of pain. Before then name the movie.

A

Incidentally, I meant was just a tablet device, I guess.

A

Well, you know it was probably a seafood heaven, maybe as well. This is a great movie. If you haven't seen it.

A

Joaquin phoenix, I believe, and apologies if I pronunciated that completely wrong. I am absolutely terrible with names and it is part of my job to meet lots of people so.

A

um Oh, it was her um a great great movie and is about a.I.

A

Apologies for the cough, um so let's name this next movie, everyone's favorite.

A

I'm sure you've seen the trailer several times for the next installment but which one was this.

A

I just need a two-word answer.

A

Thank you for whoever put that in.

A

Great answers all around there, it was the matrix and obviously that was the oculus rift well that I could be before so which one's this one.

A

Where are we scraping our metrics? So how are we scraping the metrics, and this is arguably the best grafana dashboard I've ever seen, but if you can do better, please just dm me and uh send me a picture.

A

Who is this brain.

A

No, it's uh louis's brain is uh it's just pretty much, it's just a drum set and no one's even playing the drums, it's being there and there's just cobwebs around it. That's what's his brain right now! Well done dave came back in there.

A

What movie is this one?

A

This is one of his classics.

A

So we've done a couple of different ways of spelling this. I think as well, we'll soon find out and inevitably you'll probably find out that we haven't done it all correctly.

A

Yeah, um it was doctor strangelove, yeah cheers that was right. um Three of you got it awesome. uh My status, though, is um no one needs to know my status updates right now.

A

Okay, I think we're coming to the close on this one, but name the movie. So what one's this.

A

An iconic movie from.

A

Knowing everything about you, the analytics that we've got going on the original form.

A

This is getting personal now yeah. If I've got red eyes yeah, I'm definitely going to have red eyes tomorrow, night well friday morning. Essentially, but yes, there we go well, then john.

A

Oh, we did have one more movie, there's probably no one after this as well, okay, so this one, the person who has yet to age and uh arguably I've aged more during this quiz than this person has in the last 30 years. So it's.

A

Yeah, I'm just going through a range of emotions during this quiz. This is quite therapeutic, but we're almost two thirds of the way through, so that that's a bonus so which movie was this. This was minority it report out. Yes, I think free, britney and dps.

A

Cool another movie, how many movies do you put in oh come on? Obviously this is the creme de la creme. We have another movie round at the end, but uh before that we've got something else. So this one I need to know not the franchise but which one it is. So if you can change your answer- and you didn't put the number of the movie quickly do so.

A

Okay, I think five of you are going to find me after this, but that's all cool. It was back to the future too, um obviously going forward in time to 2015.

A

A

I I still skate, and I fell off my skateboard in front of my son's primary school a couple of months ago in front of all the other parents. That was another thing which I wish I hadn't admitted on the score. Now I don't think we've gone into hollywood seminars yet, but we'll soon find out, because regarding first of all, we're going to go to the game show whose tweet is this anyway.

A

So in this one, you need to tell me who who sent this original tweet this original original content.

A

So now you've got some selections that you can do so we are all made out of stars, but your outback shouldn't be now. This tweet is referenced a lot, but it is not referenced enough to styles. By simply read now. I think the cogno is is very keen on your our back policies. If you don't know who mick cognoll is then get whichever listening device uh streaming service or just even if you get cds, just simply red stars, classic that's sick. So was it much.

A

Who originally sent this tweet? Yes, it was in cold, water and stanley. If your outback is made out of stars, then um yes look at securing their back policies quite quickly.

A

Here we go right same one, well different tweet, introducing vanilla code framework right, nothing deployed nowhere. So who did this? Was it kelsey hightower? Was it joe veda? Was it our very own josh or was it brendan burns? It was kelsey hightower and the other tweet that we could have referenced with this. We decided not to so dressed for some, like pop-up video information for further notice, who tweeted who tweeted this picture of their honked mug. So we're just going to slowly reveal this.

A

This is like catchphrase now, um just say what you see say what you see. Well, click, who you see so who originally sent this uh this photograph of the mug on twitter and stanley. To me, it looks like two geese on the side and it was liz rice. It wasn't allen or paula or christopher. It was liz rice's uh mug, but from clavcon there we go.

A

Matt has the highest answer: streak of ten.

A

Oh cheryl just shared some great advice on not fearing failure and having a mindset of abundance. Kcd, uk quesadilla- so this is this- was a tweet from earlier on today. So did oyster I'll tweet, the spank to itself did nick tweet. This did hadrian uh tweet this or danny. Did you tweet this? Let's find out who tweeted it.

A

Correct it was adrian adrian tweeted well done if you've been uh keeping up to date on twitter's or if you just look twitter or if you just hit the closest button to your finger. So this is a multi-select one who tweeted this.

A

Who sent this tweet and it's a multi-select.

A

Correct there's balls everywhere: it was just dead, balls and headballs. If you don't know who ed balls is he featured on a dancing, show and and cookery show- and I guess he did some stuff in parliament at once, but anyway, that's that balls, who also just tweeted edwards. Once there we go right.

A

This is a final round now you might be thankful to hear you'd be able to get out of this virtual pub conference yeah. So last orders at the bar please and uh let's get in so. Can you name the movie with the terminal, so we've got a movie.

A

With a terminal in it so which one would this one be absolute classic of 90s went back to the other day, but yes,.

A

Keep calling cube admin the movie that's um coming to a cluster sometime soon, but no, it was hackers.

A

I think that might be getting away with this now. I think.

A

That's when the pop quiz at the conference are you okay?

A

So can you name me this movie now this one was phenomenal, like I think it was released straight onto youtube, initially, um there's some great cameos by mr david hasselhoff himself, but someone who occasionally comes to wales as well still so come to wales. You might see behalf, but um yes, so who well? Which movie? Is this not? Who is the character because we all know who the character is it's hackerman, but what was the name of a movie.

A

Awesome thanks: it was kung fury um if you haven't seen. Kung fury, definitely check it out. It is a phenomenal movie and someone just produced it and put it into youtube. Great I'll, share links on twitter. If I can never find my phone again, if no one is trying to find me name the next movie so where so, when I first saw this, I literally did think this was a young elon, musk and just starting out his empire. um But it wasn't. It was a different movie and which movie is it.

A

This was more games.

A

uh And also, if paula stark, I I hope, paul's dog has made an appearance so far in the conference today. Postdoc is.

A

Not been great to get to know the dog over the last couple months. Oh now, this one used to be a gift. So this is a gift, oh jeez. Why is it of hugh jackman, um so huge jackman? Yes, that is right. I'm thinking it's huge yeah. It is hugh jackman anyway uh famed for many musicals playing wolverine everything else. He was in a movie where he was hacking away. um It's named after a certain animal within the sea.

A

Halle berry was in that movie, but this was when he was dancing like we all do on our standing desks when we're writing code- and if you haven't seen this movie just yeah, uh I haven't got it: two people have got swordfish so just search uh hugh, hugh jackman, uh hacking, swordfish and maybe just quick quiz now just go, and do that because that that's like my debug spirit, animal is huge.

A

All right, let's get on to the next one, so this one's a little bit difficult like.

A

So this is part of the franchise, but I want to know the actual movie itself and no they're not looking for me, this isn't a team of cloud native engineers and enthusiasts and everyone else just trying to find where I am just to find me to save this pub quiz. What did he do why? Why did he make us do this now? But this was another movie when they were trying to find someone, and there is a bit of an ultimatum.

A

It was close, I should have just given it to born, but it was one person a born ultimatum.

A

Anyway, we're not we're almost uh hanging there hanging there right. This is one of those classic movies. The anime ones remember seeing this first of all should I be on. I have a fear of mannequins there's this truth that I am terrified of mannequins and people used to put mannequins in rooms when I wasn't aware of it just to absolutely terrify me and when I saw the hands do this in the movie gee whiz, I knew it was a cartoon, but it wasn't for me, keep going.

A

This was ghost in the shell. Well done, whoever got that and again. If this wasn't the remake, this was the original.

A

Right so name the movie but which fascination movie is this and again, just with that screenshot there was a gif and it spins out, and it goes out and everything else. I will be sharing the act, so we originally did this on google slides I'll share the original slide deck with this post quiz. So if you want anyone else through the pain and suffering that you've just been through you're, always more than welcome to do so, but equally, if you've got some other questions or think of any other rounds that you want to contribute with.

A

Please do because yeah, it's only.

F

A

Please please let that descent, but yes, it was oh, I thought it was fascinating 23 as well, but no it's fast and furious. Eight. Apparently I spoiler alert, but I think on a fast and furious nine. I haven't got around to seeing it yet, but you finally get a card move which I remember when it was just about getting to the first quarter mile. That's when I was invested in the fast and furious franchise listening to ja rule, but now they've taken cars and moons in nine. How it's like she's anyway!

A

That's why I didn't work in hollywood um name, the movie!

A

So again this one where he was just hacking away. I'm gonna win that keyboard.

A

But incidentally, this he's probably using one of the dell laptops when you've got that when you've got the camera just in the most unflattering places, for how does jim carrey get away with that? How do you get away?

A

Well, where is that camera anyway? That must be in the monitor. So this is ridiculous. It's just this isn't fair, but yeah.

A

ah Truman show classic one: it was bruce almighty.

A

I think matt's got this, I think, but we've got only a couple left now, so I think we've already seen this gift today, but the classic um returning everyone's favorite we've got to return to the office movie. So let's watch this together. Let's have a watch party and watch this movie to get into that really happy mood as to how the working environment before we have to go and see hr.

A

That's one way to debug your cluster.

A

Yes, office space.

A

Thank you for whoever posted that encouraging comments at the risk of uh at the risk of losing out on that one right. um I don't know, I think it's let's ah here we go so yes, the original. For me, this is the first time I saw a computer in the movies where I thought you know what computers are for me because.

A

I've still yet to build a container just to say, uh uh uh but again maybe the clouds have captured a flag at security days, kubecon north america- maybe we can finally get across. Maybe we can make this happen. Oh.

F

A

Just do vlogs, okay cool, so the dinosaur movie. Yes, it is jurassic park right. That is it! Thank you ever so much for your time and your patience and let's see, I think we all know who's on and spot number one, but in third place we have john g. Bravo brother! Thank you playing! Then we have tim tim. You had some air against this by the way, but that is why this is it. We've got matt matt the person who brought this conference together.

A

Awesome matt well played matt and uh abe's mom um honorable reference uh jv as well well played well paid. So I guess I said: I'm gonna pass back to my av for a second I'm just going to stop my share and see how we're doing.

A

So matt, are you still there.

E

Yeah, I'm still here, I guess we're done then, for the first day of kubernetes community days, uk.

A

Oh, it's gone so it feels like nothing's happened, all that I've aged several years in a day but how's.

E

It been for you, we've done our thank yous. We want. Thank you everybody. I thank everybody all over again, perhaps one last. Thank you to our sponsors, um uh who I haven't, got my slides, handy words. Well, we've got.

A

Well, we'll we can do one final game.

E

uh We'll remember the rest of them tomorrow morning.

A

E

Thank you, everybody who's attended today, and we shall see you uh at the same time tomorrow.

A

Yes enjoy your evenings all see you tomorrow.

A