By Guests: Itiel Shwartz (LinkedIn, Twitter)
Itay Shakury (LinkedIn, Twitter)
Companies: Komodor (Twitter) Aqua Security (LinkedIn, Twitter)
Show: Let’s Talk
Validkube is a new open source online tool to help developers quickly validate, clean, and secure their Kubernetes YAML code all in one central place. The site leverages many open source technologies including kubeval, kubectl-neat, and trivy. In this episode of Let’s talk, we sat down with Itiel Shwartz, CTO and Co-Founder of Komodor and Itay Shakury, Director of Open Source at Aqua Security, to dive deeper into the project, how it’s helping in building tools that will remove knowledge gaps and lots more.
[expander_maker]
Swapnil Bhartiya: Hi, this is your host Swapnil Bhartiya and welcome to TFiR Let’s Talk. Today we have two guests, Itiel Schwarz, Co-founder and CTO of Komodor and Itay Shakury, Director of Open Source at Aqua Security. Welcome to the show.
Itiel Shwartz: Hey, happy to be here.
Itay Shakury: Thank you. Happy to be here.
Swapnil Bhartiya: Today we are going to talk about a new open source project, Valid Kube. But before we talk about that project, I also want to understand the whole landscape around Kubernetes and what led to creation of this project. We all know the biggest elephant in the room is Kubernetes today. The question is not who is using Kubernetes, but who is not using and why. Maybe toasters they don’t run on Kubernetes yet. When we look at this massive adoption of kubernetes, also in the areas where we will not thinking about earlier. When we talk about the creators of Kubernetes, they also say, it’s a platform of platforms. It was not meant to be a developer go and push a button everything gets started. It was meant to be complicated and very, very comprehensive. If you look at CNCF landscape, there are so many eye concept products there. So, it is a complicated complex. But if you look at the adoption, where are not, everybody’s Google, not everybody’s Microsoft, there are a lot of companies. So, I want hear from you is that when we look at this adoption of Kubernetes, what are the challenges that a lot of users face due to this complexity? What are those?
Itiel Shwartz: I guess that’s so. I think basically with Kubernetes and generally with cloud native becoming so mainstream one of things that changed was that developers got more responsibility. It was gradual movement. You know, it started in different areas like first QA, then ops with DevOps, and our security as well. The developers are responsible essentially to the security of their applications. In this context of Kubernetes and cloud technologies, we see what we call now a shift left of the security from protecting the production environment to providing tools for developers. By the way, I’m saying developers as a code name. It can be DevOps people, operations, engineers, or whatever, but these engineers to have the tools to understand how their applications are going to be deployed, how their code is composed. We are seeing more and more tools that are geared directly at those engineers such as value.
Itay Shakury: I will say the biggest problem or one of the biggest problems is like you said. The ecosystem is so vast, is so big, that there are a lot of knowledge gaps in terms of best practices, in terms of validation, in terms of security. The knowledge gaps exists basically everywhere because Kubernetes is so complex. On top of the Kubernetes complexity, we now have the community complexity that is creating more and more tools to basically to extend Kubernetes. In this very vast sea of complexity, we wanted to bring a very simple tool that will allow the users to get response on his YAMLs like the basic, the basic building blocks of kubernetes are the YAMLs that we are deploying. It can be a deployment that [inaudible 00:03:45], CRD doesn’t really matter, but the very cool thing about Kubernetes is everything is mapped into YAMLs files, right? Valid Kube was design in order to give the users a very simple ability to validate the YAML file that they have in their hand.
It might be to validate the format in this group. It can be to check for security vulnerabilities, and it can also be just giving a raw YAML and getting a clean YAML in return, because kubernetes has a lot of metadata and sometimes you just want to get the raw fields. That’s the project that I built and we are serving in Valid Kube. I will say the main thing that we try to target is the simplicity of Valid Kube. Basically given the YAML get all of the irrelevant interest in information without the need to install any CLI or to understand too much other tools.
Swapnil Bhartiya: Just, I want to interrupt you both. We will talk about Valid Kube. I want to, I’ll specifically focus on that. Let’s just focus on the problem area so that we can build a story, because Adam knows that we also break the interview in different segments. When I talk about the challenges, so I want a segment where all I want to hear from you is that. What are the challenges people face so that people will be able to relate to them. Then, okay, so we have seen these challenges. How, what are the problems then? It’s like a building a narrative of a story. If you in the Titanic, if you show the ship has sink from the very beginning, there is no story left. So, we are trying to build this, go ahead and story there. So Itiel, I’ll just go back to you once more. I want you to take one more stab on this one and which is more about, because of this complexity. What kind of challenges you see that people face in this space?
Itiel Shwartz: So, I would say the first one is basically wasting a lot of times. Trying to reinvent the wheel. They lack the knowledge, they the information, and they are discovering different methodologies that elite organization already possess. This is like a simple lack of experience that causes a lot of time you wasted. I think that’s the first and foremost problem. When we talk with people who use Kubernetes, they are saying how much of their time is wasted on discovering Kubernetes capabilities on one end and trying to troubleshoot certain issues on the other hand. I will say this is the main time chunk and the main frustration point for a lot of users. You know, you can see already, the Kubernetes is too complex movement that is trying to raise it head and telling you that you don’t really need Kubernetes.
Sometimes I do agree for some organization it might be an overkill, but that’s a different topic. Even for organizations that do need Kubernetes they waste a lot of time and because, and the CNCF ecosystem is great explanation. You look at, you look at the landscape, you see they’re rely on like 300 tools and you can’t really know all of them. Each one of them try to solve a specific problem or a specific use case. It is so hard just to get acquaintance with what’s the best practices, what’s the best tools and how do I use them.
Swapnil Bhartiya: Right, Yeah. I mean, I think the crux there was knowledge gap and Itiel you also talked about shift left. There are two things that I want to just go deeper into. That one is that, of course there is issue with knowledge gap. We don’t have a lot of people who understand. Also, a lot of these new cloud technology that coming on monthly basis. How will we find people who are go into the practice? When we talk about the shift left movement, Itiel I’m asking you, is what is also happening is that in the early days we have, we used to have folks who were specialized in X and you can trust them. Hey, they know this job. I mean, they were like kind of silos back in those days, but you had networking engineer. They knew everything about network right now, what is happening is a lot of things.
As you said, you use the code name, developers. There are a lot of things that are moving in developers, basket pipelines, which is also, we have seen burnout happening already. There are so many things they are responsible for now, which could also be seen that a lot of people may be deterred from using these cloud technologies, but is not happening. They are still using. But then what is happening is a lot of bad things will happen when you are using tech. I also want to understand, from both perspective, which also very well aligned with knowledge gap is there. That is the lead cause and effect of, you want to embrace a technology, but you don’t have folks. So, can you also talk about this problem as well?
Itiel Shwartz: I think that you alluded to a problem that with this new stack, the cloud native slack stack, there is a collection of, let’s say cross-cutting concerns that are above the metaphorically below the application, actually below the application that are in the Kubernetes model, still in the application programming model and the developer or the engineer is responsible to those. But the traditional application developer is not concerned with these kind of things. I’m speaking about things like connectivity, security, observability, all of the non-functional requests, basically. Actually, so Kubernetes is the fact that it provides the unified API, allows us to solve this problem generically, and there have been attempts to solve this. It’s not at the Kubernetes level. There are multiple attempts. There are more than one. There is the service measures and side cars and all kinds of different solutions. But I think that this is the direction that things are going to take these crosscutting concerns and solve them at some infrastructure level for the developers, so that they can just deploy the applications and get the job done.
Swapnil Bhartiya: I want to hear your perspective as well on the knowledge gap and this challenge, how it’s leading to some problems.
Itay Shakury: How is causing the problems or how is being handled? What do you think like causing.
Swapnil Bhartiya: Causing the problem because the next step will be to introduce Valid Kube. So, we talked about those problem areas loud, let’s focus on the solutions. So, what the question is going to when you mention, the knowledge gap there and, but the fact is everybody is embracing Kubernetes. When you are, you want to embrace a new technology, but you don’t have the knowledge that will lead to a lot of problems. That could be very, very serious problem depending on what your business is. So I want to understand that.
Itay Shakury: So I will say regarding that we we are seeing the knowledge gap and like it. I said, we are seeing a lot of solutions that are basically more technology in order to solve like the main lack of knowledge for technologies. I think at least for the short term it is causing more confusing than like necessarily helpful. I think like, what it’s going to happen is first of all as Kubernetes is going to get mature more and more people will know Kubernetes, right? This is like the fact of life in five years, there will already be a much more, a lot more Kubernetes experts than today. The tricky thing is that in the meantime, the new tools that comes, that come in order to help us abstract the Kubernetes issues are not that baked in.
I think like service [inaudible 00:11:52] that I mentioned are a great example and they tend to fit backfire for a lot of the users. Like I talk with a lot of Istio users. A lot of them swore to me that they’re not like they’re not going to use Istio ever again. It is you need to be very judgemental. I don’t know. You need to think before implementing and going and running for like the new sexy tools. Cause if not, it’s like you are trying to learn Kubernetes and Istio at the same time and I see more and more people doing that. It is so hard. It is complex.
Swapnil Bhartiya: Which also kind of leads to, we created a very good segue to my next question, which is that complexity is there, but nothing is slowing down the adoption of Kubernetes. A knowledge gap is there. Shift left movement is happening. So a lot of things are happening at the same time. So what I see what the ecosystem needs to do as you also alluded to that is you kind of sleep, you’re tired. You want to take a nap?. My questions are so boring. Okay. So, these problems are their knowledge gap, and a lot of things are moving to, I think what we need to focus on is to make things easier for developers to lower the bed of entry where they can enter without having to worry about all these problems. So can you talk about the efforts that are going on in the industry? And one of the many efforts is Valid Kube project that open source project. So, so talk about the efforts going on, and then we’ll talk about the origin story of Valid Kube, where it was created, how it’s created and what problem’s trying to solve
Itiel Shwartz: I actually like the question about lowering the barrier of entry, because I think this is generally true to what we’re trying to do with open source. Open source generally lowers the barrier of entry and it makes the technology more accessible. We as a company, for example, we have the technology, we sell it, but we also put it out as open source because it makes it more accessible and more people can take the first step. Honestly, it’s not really just about here is the solution to all of your problems. It’s, you can take the first step we with open source. I think that this is why open source has such an important role in cloud native security. The tools that are available in open source today are, I mean, amazing compared to what we used to have. So there are good tools, their resolve real problems and people should start using there. If you’re looking for a first step, this is a really good first step.
Itay Shakury: I will say there is a double edged sword in lowering the barrier of entry, because I think the first entry barrier is very low already to deploy a Kubernetes application. All you need to have is a YAML file and a cluster. That’s it. No chef, no puppet, no AWS affinities nothing. So, I think the interesting thing is not necessarily lowering the barrier of entry, but more walking the users towards better understanding, the start is easy. And then you think about, oh, what about the security of that? What about the configuration best practices? What about different tools? I think the very cool thing about the open source and value Kube is to take you not doing like only the first step, but taking you towards like the second and third step, you already know a little bit about Kubernetes.
You already have your YAMAL files and now you want to validate that they are in good format. Now you want to make sure that they don’t have any security vulnerability. Now you simply want to get like a clean YAMAL so you can reuse it later on. I think like what we try to do is to take all of the things that really bother us and our customer in the second day, we already install Kubernetes. And then like, we are getting a lot of validation errors from Kubernetes or we are installing Kubernetes. And now we’re having a lot of configuration problems. So value cube is here to tell you, you know, give me like your parts, give me the things that you are already using. And I will help you without you needing to think about anything. I will try to give you like a first aid.
I will try to walk you through like the best practices you need them to do anything. So I, I think the cool and bad thing about Kubernetes is a very, very low barrier. You can simply like get an app running and exposed to the world in a very short YAMAL file. I think what we try to do and preview, and like the open source that we rep try to do is to help you like own it really like to help you gain regain control over like the YAML and over the system. And not necessarily like the first step, but maybe like the second step.
Swapnil Bhartiya: When I mentioned, when I was talking about lower, the barrier of entry, it was less about day zero day one, y because you know, you can install everything, the ideal, just start date, day two. That’s what I meant, by lowering the better interval, like to make it secure, to be able to manage it, to be able to update it. That’s where, so that’s what I meant. I just want to verify that now I want to just go a bit deeper into Valid Kube. Can you explain what it is and how does it work?
Itay Shakury: Sure, Valid Kube is a website, like an open source website hosted on AWS that combines three open source projects that interact with Kubernetes YAMAL files. To simply put it, you can bring your own YAMAL file from your own cluster or from wherever. It has three options. The first one is validating, validating the specific YAMAL file that you have is in best practices and in order to do so, we are using QB Val, which is the most popular Kubernetes validator, a project. The second option that is the cleaning. You can give us a YAMAL file from your Kubernetes cluster that has a lot of redundant field or a lot of noise and we clean it up for you so you can reuse it. That is a project that is based on Kuberny, which is an open source project that was created by Itiel that is here with me. The third one is the security aspect, and we are using an open source project named previ that scans the YAMAL file for best practices and security best practices. So giving a YAMAL file, we can do all those three. And we took like very popular and good community project into a simple interface that allows even beginners to interact with that and to get the feeling if their files are in like the best condition.
Swapnil Bhartiya: Excellent, Now, since of course Komodor, is there Aqua is there, I also want to understand what kind of collaboration, of course I say the project came from them, but I understand, what kind of collaboration is around, Valid Kube side, how these two companies are engaging.
Itay Shakury: Yeah. So we, we basically took Trib because it’s a great project by Aqua and we use it like internally and we, and, and Kuberny is also like a project that we use internally. So we took like the project that we like and uploaded them basically. So there was no like the first, ylike it’s, everything is open source, so we just used it. And we talked with Aqua because like it, Itiel is responsible for two out of three project here. So we thought it can be very fun to collaborate here. And I will say our goal is for the community to add more features and more functionalities. We try to give you like the best thing you can do with Kubernetes without the need to install anything. And we do hope to add more and more features. Itiel, you also want to answer it.
Itiel Shwartz: No, I don’t think so about the collaboration. It’s, it’s like very clear, like there, there are tools use the tools and it works for both ways in terms of like the, the value Valid Kube. I would just add for my point of view as, as like, if I’m taking a step into the shoes of the user, what I really find nice about Value Kube is that it’s right there in the browser. There are many tools you can find the internet in the internet, many, many tools to solve many different problems. The fact that there’s just a website that I can go and copy paste the thing from my computer or from the server into a browser really quick, just to validate it. I think that’s a really nice experience that is, is somewhat missed with the, the big tools because they focus on like, how is it going run in production tomorrow in the big company, but sometimes, you know, it starts with the developer that wants to solve a problem real quick. So I, I think that’s a nice approach.
Swapnil Bhartiya: When I was talking collaborating, as Itiel, you mentioned it’s open source. The open source is not a one way street. Like the users becomes contributors work time and that’s how any project succeed. So my point was more or less like, you are not a consumer of these opensource product, you yourself opensource a lot of your own projects. So it was more or less about, collaborating on, the projects that you use. But I think for, for, even if I look at the GitHub page, it’s like very new project, but I basically was trying to understand, if you folks do collaborate rate on,know, if they’re the books or, features. So that, that was more or less focus on that. But I think we are good there. I think I have answers to most of the questions. Okay. So of course you focused know, just know that and it’s, as you said, it’s an open source project. Everything can be seen on GitHub, but if I ask you what kind of roadmap you have, what’s in your pipeline for this project?
Itay Shakury: Yeah. I, I will say mainly to see the community adaption and maybe add more tools. I know that there are tools like polaris, popi, and so on that also take YAMAL files and the cubes score that take YAMAL files and give you like different answers. So the roadmap is basically to add more and more capabilities into Valid Kube So users can enjoy like the full variety of things you can do over Kubernetes YAMALS, which is like really, really big in a simple manner. So that’s the plan for like the upcoming few months more projects and maybe like improve the UI risks.
Swapnil Bhartiya: If I ask you from your perspective, you know, how do you see it helps, you know, the projects that you create because when you have a user like Komodor, which, you know, they actually, they bring more users to you as well, because they are, you know, using, consuming your projects. So can you share your insights? You know, how, how does, you know, it look for you?
Itiel Shwartz: From an open source perspective, like the more the merrier. It’s always looking for more users and more feedback to improve the product over time. This is what drives open source. The more users we have, the more like cases we know about the more requests we get, and we can even get some, not, not just ideas, but also like contributors to send fixes or features to our code. I think that in terms of like where it can go in the future or roadmap, so it from trader for example, a project that we maintain, which is it has a its own life like, right. It’s like, it’s not part of Valid Kube only. So we, we are improving the infrastructure as code capabilities there, which contributes to valid code and things that probably we can also add to, to the project to Valid Kube can take use of, for example, things like adding remediation advice. We found an issue, but here’s a guide on how you can fix it or how you should avoid it next time, or like a specific line indicator to actually highlight. This is exactly where the parameter that you misconfigured and things like that definitely will improve in trivy and Valid Kube to take user.
Swapnil Bhartiya: Itiel, Itay, thank you so much for taking time out today and not only talk about this new project, but also the bigger problem that is there for the Kubernetes user community and ecosystem that you folks try to solve. So thank for sharing those insights. And I would love to have you folks back on the show. Thank you.
Itay Shakury: Thank you very much.
Itiel Shwartz: Thank you.
[/expander_maker]
