Cloud Native Compass

In this episode of Cloud Native Compass, hosts David Flanagan and Laura Santamaria dive deep into the complexities of the Kubernetes release cycle with guest Kat Cosgrove. Kat, a sub-project lead for SIGrelease in the Kubernetes project, shares her experiences and discusses issues such as burnout, handling drive-by PRs, and the nuances of managing a fast-moving open source project. They explore the structure of the release team, the challenges of maintaining CI stability, and the ever-evolving nature of contributing to Kubernetes. Alongside tech talk, the trio reminisces about their work history, the challenging debates over project management, and the quirks of maintaining open source projects. Kat also recommends a book, a movie, and an album, providing a well-rounded blend of tech insights and personal favorites.

Click here to watch a video of this episode.
Featuring

• David Flanagan - Host
• Laura Santamaria - Host
• Kat Cosgrove - Guest

• (00:00) - Introduction
• (00:08) - Meet the Hosts and Guest
• (01:24) - Kubernetes Release Process Overview
• (03:22) - Challenges in Kubernetes Release Management
• (04:08) - Team Structure and Roles
• (06:29) - Open Source Contributions and Burnout
• (11:06) - Managing CI and Bug Triage
• (15:28) - Release Delays and External Dependencies
• (16:51) - Press Embargoes and Publicity
• (20:46) - AI in Open Source Documentation
• (22:13) - The Challenges of Open Source Contributions
• (23:06) - The Auto PEP 8 Incident
• (23:49) - The Overwhelming Decisions of Maintainers
• (24:01) - The Etiquette of Open Source PRs
• (26:39) - Personal Experiences in Open Source
• (28:56) - The Accidental Involvement in Kubernetes
• (32:17) - The Chaos of SIG Release
• (34:31) - Kubernetes 2.0 and Backwards Compatibility
• (37:07) - Book, Movie, and Album Recommendations
• (38:51) - Conclusion and Farewell

InfluxDB 3.0 Rewrite

InfluxDB, a time series database, underwent a major rewrite to create InfluxDB 3.0, also known as IOx. The decision to rewrite the database was driven by the need for strict control over memory management and high performance. The project started as a research endeavor and gradually gained traction within the company. The team decided to build around projects under the Apache Foundation, such as Apache Arrow and Apache Data Fusion. In April 2022, InfluxDB 3.0 was officially announced, aiming to improve performance, scalability, and cost-effectiveness for users.

IOx Database Engine

The new database engine, IOx, is designed to handle various types of observability and monitoring data, including metrics, traces, and logs. It aims to provide a single store for all these signals, eliminating the need for separate databases. However, querying the data efficiently is still a challenge that the team is working on. The goal is to make IOx the go-to solution for storing and querying observational data, not only for server infrastructure monitoring but also for sensor data use cases.

Challenges and Considerations

Working with logs, tracing, and structured events in time series databases poses challenges. The dynamic and inconsistent nature of schemas in logs and tracing use cases can make extracting structured fields difficult. Time series databases also have limitations in handling tracing front ends and require an index to map trace IDs to individual traces. While metrics, logs, and traces are the gold standard for observability, there is room for improvement in terms of usability and performance.

Flux and Data Fusion

Flux, a scripting language developed for InfluxDB 2.0, addresses user requests for more complex query logic and integration with third-party systems. InfluxDB 3.0 incorporates a parser in Rust to translate SQL queries into a Data Fusion query plan, benefiting from the performance optimizations of Data Fusion. However, bringing Flux to InfluxDB 3.0 proved challenging due to the large surface area of Flux and limited time and resources. Updating the Flux engine to use the 3.0 native API could potentially resolve these issues.

InfluxDB Development and Open Source Licensing

InfluxData is focused on improving the core query engine of InfluxDB and enhancing its capabilities and performance. They have created a separate community fork of Flux to allow collaboration on its development. Paul Dix, the co-founder, believes that true open source should be about freedom and expresses his intention to keep InfluxDB 3 as a permissively licensed project. He discusses the recent license change by HashiCorp and the growing distrust in the developer community towards VC-backed open source projects. Putting InfluxDB into a foundation may not be feasible due to the lack of multiple contributors.

Here are 5 key takeaways from this episode that you don't want to miss:

1️⃣ The People Problem: Laura Santamaria raises an important concern about verifying AI-generated outputs and tackling the challenge of the "people problem" in AI development.

2️⃣ Verifying Data Authenticity: JJ discusses the challenge of proving that a data blob originated from a specific model and how this issue is being addressed by companies like IBM through pile cleaning and legal penalties.

3️⃣ AI Misconceptions: We debunk some common misconceptions about AI, including the belief that it is an all-knowing fact machine.

4️⃣ Trusted AI: IBM's approach to building trusted models, with dedicated engineers responsible for cleaning and verifying data, is explained. Plus, we discover IBM's partnerships with Hugging Face to leverage the open-source ecosystem.

5️⃣ The Impact of AI: We delve into the potential positive and negative implications of AI, and how the rapid advancement of this technology presents challenges with trust and validation.

💡 Fun Fact: Did you know that 95% of open-source language models are trained on a data set called "the pile," which contains pirated and copyrighted material? Discover why this has implications for copyright and patent laws!

As always, the conversation in this episode is engaging and eye-opening. JJ Asghar provides insightful perspectives and sheds light on the future of AI development. Don't miss out on the valuable information shared!

Questions We Covered

1. How can the problem of untrusted data in AI models be effectively addressed?
2. Should companies like OpenAI and Microsoft be required to provide their data sets for verification purposes? Why or why not?
3. What are the potential risks and challenges associated with using AI technology without proper regulation?
4. Should AI creations be eligible for copyright protection? Why or why not?
5. How can we ensure the accuracy and trustworthiness of AI-generated data, especially when it comes to extracting information from sources like PDFs?
6. What are some potential positive impacts of AI technology, and how can we maximize its benefits while minimizing its negative implications?
7. How can the rapid advancement of AI technology be balanced with the need for trust and validation?
8. In what ways do copyright and patent laws need to evolve to accommodate AI technology?
9. What are the implications of China having its own set of laws and approaches to technology that may differ from other countries?
10. How can individuals navigate and better understand the AI space in order to make informed decisions and contributions?

I interview Marc Boorshtein, the CTO of Tremolo Security, an open-source identity management company that focuses on authentication, authorization, identity, and automation. Marc explains that their most popular tool is Open Unison, which allows users to log in to their Kubernetes clusters with whatever authentication system they have, such as LDAP, AD, Okta, or Azure AD. Open Unison also provides secure access to the dashboard and integrates with other cluster management applications.

Next up we shift over to the issue of certificate revocation in Kubernetes. Marc explains that Kubernetes doesn't know how to handle certificate revocation, which can be a security risk if a certificate is leaked or an employee leaves the company. He recommends using OpenID Connect or impersonation to access the cluster instead of relying on certificates. Marc also discusses the default time to live on service account tokens issued by the Kubernetes cluster and the importance of not using service account tokens when talking to clusters

This episode provides insights into the challenges of identity management with Kubernetes and strives to help you improve the security of your Kubernetes clusters.

In this episode, David and Laura catch up with Mikkel Mørk Hegnhøj from Fermyon to break down the latest in WebAssembly. They’ll cover how it’s changing cloud computing, what’s new with Spin and WASI, and why devs should care. Tune in for some great insights!

Click here to watch a video of this episode.
Creators & Guests

• David Flanagan - Host
• Laura Santamaria - Host
• Mikkel Mørk Hegnhøj - Guest

• (00:00) - Introduction to Server-Side WebAssembly
• (00:25) - Technical Difficulties and Banter
• (01:01) - Guest Introduction: Mikkel Mørk Hegnhøj
• (02:00) - WebAssembly Evolution and Spin 3.0
• (05:02) - WASI and WebAssembly Components
• (10:23) - WebAssembly in Kubernetes
• (16:26) - Spin 3.0 Features and Future Directions
• (19:25) - Distributed Promises and WebAssembly
• (19:58) - Frameworks and Programming Languages in WebAssembly
• (20:58) - Polyglot Development and Experimentation
• (22:40) - Practical Use Cases for Polyglot Programming
• (24:37) - Enterprise Benefits of WebAssembly
• (25:29) - Component-Based Deployment in Kubernetes
• (28:20) - Developer Experience with Spin and WebAssembly
• (33:28) - Open Telemetry Integration in Spin V3
• (35:50) - Future of Spin and WebAssembly
• (37:40) - Closing Remarks and Upcoming Events