.tech Podcast - Kubernetes as a cloud operating system

blogs· 5min

September 15, 2022

Natan Yellin joins us to his insights on the challenges of running software at scale, which now involves maintaining more complex system architecture than ever. Then, he walks us through the open-source tool Robusta Dev and how it can make running systems on Kubernetes easier!

Natan Yellin is the CEO of Robusta Dev. He has a background as an engineer and has been tackling the challenges of the business world in his role as CEO.

Challenges of running software at scale

The requirements of software solutions have gone up. When he first got started in programming, Natan would typically: take an application like WordPress, upload some files over FTP to a virtual server and then he'd add some caching solution if required. Today, this kind of level of solution is considered sub par.

Applications are expected to:

  • handle any level of live traffic
  • give performant responses
  • take into account security concerns

Simply put, the bar for an MVP is much higher. Small teams are expected to provide a lot of the same things that people are used to from the big tech giants.

The shift left

As the expectations of software uptime and functionality have gone up, engineers are shifting left and are responsible for oncall.

Natan thinks there are pros and cons to this approach. When it comes to oncall, engineers are responsible for everything that's happening in production, which is more work, but at the same time they are more connected to the issues that matter to customers.

The other aspect is getting software setup and running. One approach is to say: when running software in Kubernetes or another platform, developers shouldn't know anything about the operational concerns of that underlying platform. Natan thinks this approach is misguided, as developers generally like to learn and explore the DevOps aspects.

Kubernetes and its complexities

 Kubernetes seems to be the de-facto choice when it comes to building systems, even if more simple approaches would suffice.

Empirically, the industry is replacing Platform-as-a-Service (PaaS) and simplified higher level abstractions with Kubernetes. Natan attributes this move to two major contributing factors:

  1. Often people start with PaaS solutions to keep things as simple as possible. Ultimately, companies reach the upper limits of what's possible with these solutions and switch to Kubernetes to continue scaling with the flexibility Kubernetes provides.
  2. Once they're over the learning curve, developers rarely want to go back to a higher abstraction layer. Often, the transition to Kubernetes is one way and companies that migrate to it will continue to use it for all their services.

However, becoming proficient with Kubernetes is quite an undertaking, as it's such a complex orchestration system. Natan's personal opinion is that front-loading the concerns of managing complex requirements is actually an advantage, as it allows teams to learn from the beginning of the project, when services are simpler. The realities of your system will sooner or later catch up with your engineering teams.

Kubernetes has an active, helpful community. This has helped Form3's transition from Amazon ECS to Kubernetes. The fact that it's a widely adopted, open-source platform also means that the community has built solutions and tooling that they needed.

Introduction to Robusta Dev

 Robusta makes setup and getting started easier. It provides runbook automations, letting you define rules for what should happen and how to debug different issues that occur. It pools in all the context that you need on your resources, making it easier for both new and experienced engineers to run Kubernetes in production. Robusta doesn't set up clusters, it wraps around around existing technologies in a simpler way.

Users do not have to configure anything to get started. All of the core functionality is open-source and requires zero configuration. Robusta provides an engine that users can then leverage to write their rules, but it has built in knowledge that is constantly evolving as well. Alert data is decorated by the Robusta runtime, so it provides fully dynamic explanations.

Robusta provides support for a wide variety of synchronisation channels, most common being SlackMicrosoft Teams and Opsgenie. It also provides an interactive platform, which provides automatic or manual actions that can remediate alerts. These make it easier for engineers on call to remediate issues all without code changes.

 The bigger picture

 Natan explains that Robusta was built to solve the bigger problem of software becoming more complex, rather than the narrow problems of running Kubernetes in production. The big idea is that it's possible to capture the knowledge of issues and how to fix them and deliver them as automations, exactly when you need them. This is where the excitement and power of the Robusta platform comes in.

Make sure to explore these excellent resources to learn more from Natan:

by Adelina Simion Technology Evangelist

Further resources

blogs · 7 min

Exploiting Distroless Images

Daniel Teixeira, Lead of Offensive Security at Form3 discusses exploiting Distroless images, covering the topics of:

  • Google Container Tools Distroless Base Image
  • Attack Surface
  • Abusing OpenSSL functionalities
  • Attack scenario

September 22, 2022

blogs · 4 min

.tech Podcast - Measuring the success of engineering teams

Evelina Vrabie joins us to share her insights into measuring the success of engineering teams. She tells us about the role of an engineering manager as well as the four types of success. Then, she walks us through how to measure productivity and high performance through research-based frameworks.

August 16, 2022

blogs · 6 min

PKI certificate management

 I have a rough understanding of PKI certificates, how they work, and what TLS is in general. However, I've always struggled to understand the details, particularly from the point of view of an operator. How do I check if a certificate is valid? How do I check who issued it? What does it even mean to "issue" a certificate? To make matters worse, I'm frequently confounded by the variety of different file types used for certificates. Is it a pem, or a crt, or a pub? Speaking of pub, what's the difference between the TLS certificate my server uses to encrypt traffic, and the certificates I use for SSH authentication? In this post, I will answer these questions and then walk though a practical example of using certificates for TLS via a local nginx proxy, modeling the client/server TLS you often see on the web.

August 5, 2022