Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Unified application deployment platform for Kubernetes with Plural.sh
217 Plays1 year ago
In the first episode of season 3, Ryan and Bhavin talk to Michael Guarino - the CTO of plural.sh about how plural helps users deploy applications on Kubernetes easily. They discuss the challenges associated with deploying applications consistently across different Kubernetes distributions, and talk about how Plural provides a unified solution that auto-generates Kubernetes manifests, HELM charts, and Terraform files and follows GitOps principles to deploy applications across Amazon EKS, Azure AKS, and Google GKE.
News:
- Kubernetes v1.26: Alpha support for cross-namespace storage data sources
- Best of 2022: 8 CNCF Projects for Cloud-Native Persistent Storage: https://containerjournal.com/features/8-cncf-projects-for-cloud-native-persistent-storage/
- Best distributes file/block for k8s - Reddit 2023 thread - https://www.reddit.com/r/kubernetes/comments/100wdrq/best_distributed_fileblock_storage_for_kubernetes
- JuiceFS https://juicefs.com/docs/cloud/use_juicefs_in_kubernetes.
- Chronosphere funding round - https://chronosphere.io/learn/115m-series-c-funding-chronospheres/
Show Links:
Recommended
Transcript
Podcast Introduction
00:00:03
Speaker
You are listening to Kubernetes Bites, a podcast bringing you the latest from the world of cloud native data management. My name is Ryan Walner and I'm joined by Bob and Shaw coming to you from Boston, Massachusetts.
Purpose and Goals of the Podcast
00:00:14
Speaker
We'll be sharing our thoughts on recent cloud native news and talking to industry experts about their experiences and challenges managing the wealth of data in today's cloud native ecosystem.
00:00:28
Speaker
Good morning, good afternoon, and good evening wherever you are. We're coming to you from Boston, Massachusetts. Today is January 11th, 2023, and I hope everyone is doing well and staying safe in this new year. Let's dive into it.
Holiday Reflections and Personal Goals
00:00:44
Speaker
Bobbin, how have you been? I know I'm jealous of where you were. Why don't you tell everybody where you were, because they'll be jealous too, I think.
00:00:51
Speaker
Yeah, first of all, Happy New Year, Ryan. Happy New Year to all of our listeners. Hope everybody had a great Christmas break, great holiday break, and are now recharged and ready to kick some serious ass in 2023. There you go.
00:01:04
Speaker
Before I start talking about my travel things, did you make any New Year's resolution? Apart from me losing weight again, I do that one every year. Same for me. Hopefully, this is our first video podcast. This is the most weight we have on and then as we progress...
00:01:23
Speaker
Yeah, it will. If you go the other way, we'll also notice, but just a very possibility. I did make goals, personal goals, honestly, external from, you know, work and technology. Honestly, we do this so much that when I make sort of goals and aspirations for, you know, personally, they're all having to do with getting away from technology. So for me, it was fulfilling sort of my adventurous side, right? So
00:01:50
Speaker
your point that you like to go to national parks and travel over the place. I've been sort of doing a lot more off-road motorcycling lately. I know I talked about a couple trips I did last year but I had set and I've already booked three trips for June to August and even November there might be a fourth one but as sort of goals for me to work towards to sort of like
00:02:16
Speaker
get more fit, you know, experience those places, a couple of Vermont ones in South Dakota, another one's in New Mexico. South Dakota, wow. Yeah, the Black Hills of South Dakota, also known as Sturgis, but it's not that event. It's actually an off-roading mecca, sort of like the equivalent of Baja California for sandriding.
00:02:41
Speaker
is sort of Black Hills is really good dirt riding, so I'll be going there. Anyway, I've made those goals and I'm trying to check off a bunch of them to feel fulfilled outside of work, not to get into deep philosophy on our first episode back or anything like that. This is the time when we can talk about these things. I think today, people will listen to it. If you talk about it in February, you're like, ah, okay, we already did a dry January.
00:03:07
Speaker
Yeah, not dry. But anyway, how about you? Resolution wise, I think I definitely want like this podcast to grow. So like, yeah, more listens. I do have some professional goals, for myself this year. And then from a personal perspective, do more trips that are outside the US now that like people might not know this, but I'm on an H1B visa, right? So I'm getting that
00:03:31
Speaker
You should figure it out. So once that's done, I want to travel outside as well. So maybe a couple of trips outside. So that's my non-professional goals, I guess. Awesome. I'm looking forward to going to Amsterdam. It has been a while since I traveled internationally, mostly because of COVID. And my family hasn't. So I'm actually bringing some of my family this time around. It'll be fun. It'll be like a work. And some people say, don't mix work and pleasure, but I'm going to do both this time around in KubeCon. It'll be a good time.
00:03:58
Speaker
I'm looking forward to it. Before I got married, right, at these trade shows called VMworlds and a couple of others, they did these spousivities events where you travel with your spouses and then they get to do all the fun stuff while you're working in the booth or working at the conference. That sounded a pretty cool idea. You just give you selfies from the fun things while you're sitting at the booth talking to customers. That's not fun. Customers are great.
00:04:27
Speaker
The break was good. Went to Puerto Rico, had a lot of fun there. The anticipation must have been killing our listeners. I mentioned it first thing. You didn't say where you went. You went to Puerto Rico. Yeah, because of some weird weather over northeast, I think the return flight got cancelled by a day. That's surprising. Have you been watching the airlines lately? I mean, did that surprise you at all?
00:04:54
Speaker
Since I was in Puerto Rico, I didn't complain. I was like, okay. Oh, I'm stuck in Puerto Rico. Oh, no. And then I had to come to like 20 degrees weather. But then New Year's was again, like that weekend was good. Went to Cape Cod with a bunch of friends for a couple of nights. So that was my break. How about you, Ryan? Yeah, I mostly spent it with family. I think we had 11 people here, four dogs at one point for several days, which is, I call it sort of the
00:05:24
Speaker
Twister, chaos, whatever you want to call it. I just accept it. I used to try to resist it. You just have to accept the chaos and you'll have a lot more fun. It was great to everybody around. We haven't been able to really do that consistently. I'm grateful to be able to spend it with family. Then we went and did some, there's a zoo that does a light show in
00:05:49
Speaker
in Minden, Massachusetts, which was kind of when my daughter loved it. And then we went and saw Disney on ice in Providence over the break, which, you know, I know nothing about ice skating, but it was very impressive, just like the acrobatics and it was intense. And also
00:06:05
Speaker
There's a, you know, I think it was Dunkin' Donuts Stadium, or I don't know what the Providence Stadium is called, but they, you know, when you fill it with like thousands of little princesses, basically around four years old, it's pretty funny to watch it, right? And have Frozen playing in the background, like that's awesome. Yeah, and also they sell beer there. It feels like you shouldn't buy beer because you're just like surrounded by, anyway, it's this whole thing, but it was a lot of fun. Then we spent some time in New York with the rest of my family and
00:06:33
Speaker
Basically, it's one of those breaks when you get back from your break and you feel like you need a break from your break.
00:06:39
Speaker
Yeah, that's why we have a long weekend this weekend,
Guest Introduction: Michael Guarino
00:06:42
Speaker
right? Like Monday the King Day weekend, that's just a break from all the bigs. You have off Monday? No, I don't know. I don't know if I do. I have to look. Okay, anyway, we've been blabbing enough. I'm sure those of you listening want to hear what's really going on. So we have a really cool episode for our first episode. We have Michael.
00:07:04
Speaker
Guarino, who is the co-founder and CTO for Plural.sh, talking all things unified application deployment with Kubernetes. And we're going to have him on in just a bit. But before that, we do want to tackle a little bit of news. It has been a little slow, just because of the nature of it being a break and things like that. But there's a couple things we want to talk
Kubernetes 1.26 Alpha and CNCF Projects Discussion
00:07:24
Speaker
about. The first one
00:07:25
Speaker
I'll talk about is in Kubernetes 1.26, which I believe we talked about a little bit before the break. But there is the alpha release of cross namespace storage data sources. So you were able to do this inside a single namespace, basically reference a PVC from another PVC and import its data. You do that across namespaces now that's alpha.
00:07:48
Speaker
And we wanted to talk about that a little bit. Then there was a really good article that I came across when I came back from break called the 8 CNCF projects for cloud native persistent storage. And this is a good overview article on Container Journal. I think there's a lot of good stuff that comes out of here.
00:08:07
Speaker
talks about a lot of the projects that probably we've mentioned and how guests on like Rook and Longhorn and and even some that I I didn't actually know about which is pretty surprising I feel like when talking about storage but you know there's there's a couple
00:08:23
Speaker
on there that really are focusing on things like databases or immutable data management and those kind of things. So anyway, take a look at that. We'll put it in the show links. And I know about you or our listeners, but I monitor Reddit a lot. I don't actively participate all the time. Sometimes a lurker, but there's always a threat going.
00:08:52
Speaker
about persistent storage or file block storage in Kubernetes because I feel like people are still, we've been living it for a while, but there's still a lot of people just coming to this world of being able to want to run and ask the right questions about how they're running data.
00:09:09
Speaker
services and data intensive workloads and applications. So January 1st didn't take long. A new thread went up called the best distributed file and block storage for Kubernetes. Now you'll find a lot of different opinions, of course, as you always do on Reddit, but you know, I would say the
00:09:32
Speaker
As far as the favorite goes that I've been seeing there's a lot of mention around a lot more Which you know consistently it's just people just being like I'm happy with long learn. I'm happy with long horn and That's great for them. I think there's a lot of good stuff going on over at Sousa And I know we've talked about it on the show before but you know
00:09:56
Speaker
Everyone else is also mentioned, you know who we were for as well as you know, the sefs of the world and everything But if you're new to this world is you know, these types of threads I think are enlightening. It also is a great form for you to like ask really simple questions whether those responses may be
00:10:13
Speaker
ones you want to hear or not. They could with a pinch of salt, I guess. Yeah, exactly. So yeah, we'll put that link there. I thought that was pretty fun. And then there was just a new to me file system, not new in general, JuiceFS, something I haven't come across and mentioned around the Kubernetes-based JuiceFS.
00:10:32
Speaker
in Kubernetes. I just, the name caught me, so great job marketing people over there. I don't know why it's called JuiceFS. Maybe someone could comment about why. I won't get into it, but we'll put a link to that and how it's used in Kubernetes. And I will hand it back over to you. Thank you, Ryan. So, I don't know if it's a slow week or I'm just slow this week, but yeah, I just have one article.
00:10:55
Speaker
So I just have a funding round from our cloud native ecosystem. One of the observability vendors, Chronosphere or Chronosphere. I don't know how. I've always said Chronosphere, but yeah.
00:11:09
Speaker
Yeah, they picked up additional funding. So what they did was they did a CDC a year back, I think, 14 months back, and then they raised or did an extension to the CDC round. So raising an additional $115 million, bringing the total valuation to $1.6 billion, which is a huge number. So I think when they did the CDC, the original one in 2021, they were a billion dollar company. They were a unicorn. They added more money to their bank accounts.
00:11:39
Speaker
bringing the total amount raised to 343 and the valuation to 1.6 billion. So congratulations everyone at Chronosphere. Hopefully you have enough runway for the next couple of fiscal years as we go through this term of this times, I guess. Almost as much as the Mega Millions jackpot, right? 1.3. You could almost bias Chronosphere.
00:12:02
Speaker
That's, that's how much money it is. Uh, I feel like I was just thinking about this and I know I talked about before we jumped on this podcast, but I feel like we could almost do an entire spinoff of you talking about crowdfunding and it could be like 10 minutes of you talking about crowdfunding. Anyway, I just want to put it out there. And if anybody's like, yeah, I really want that, uh, let us know. Cause I think Baffin, you know, you might have gone to something there. I would have a lot of fun there. Yeah. Again, I can talk about non
00:12:29
Speaker
cloud native ecosystem companies as well. But I can definitely do cloud native ecosystem. Great, great. All right.
Interview with Michael Guarino on Plural.sh
00:12:37
Speaker
Without further ado, let's get Michael on the show and talk about Plural. Michael, it's great to have you here on Kubernetes Bites. It's actually the first episode back from the new year for us. So we're excited to have you on and talk all things, you know, Plural. So why don't you do a quick introduction for yourself and for everybody listening or watching and what you do.
00:12:58
Speaker
Hey, thanks for having me on. Definitely appreciate the opportunity. So I'm Michael. I'm founder and CTO of Plural.sh. We're a company that makes it easy to deploy a large number of open source applications on Kubernetes. It's focused primarily on the big three clouds, AWS, GCP, and Azure. But for that, I've been an engineer at a number of different, fairly well-known tech companies. I spent time
00:13:26
Speaker
Then I worked on Vine, actually, at Twitter. Vine was a Twitter acquisition until its cancellation in 2016. Then moved to a startup in New York City called Frame.io that does video collaboration SAS. It has actually been recently acquired by Adobe. And then I worked for a little while at Facebook as well. So a wide variety of engineering expertise. And throughout that time, I had operated a lot of complex open source infrastructure.
00:13:57
Speaker
Facebook has its own bespoke infrastructure. Jeremiah was much more of a standard AWS shop. Vine was actually all AWS and Amazon was a combination of AWS and actually old legacy Amazon infrastructure as well. So yeah, a lot of what we're building up is overall support by that prior experience.
00:14:15
Speaker
Gotcha. So thank you, Michael. That was a good intro for your background, right? You gave a quick one-line description of what Plural does. But then if we have to dive into it a bit further, what is Plural? What challenges is it solving? Why is deploying open source apps on Kubernetes hard today? Can you walk us through that journey and the problem and the solution? Yeah. So a lot of the genesis around Plural
00:14:46
Speaker
Kubernetes landscape and realizing that if we roll back the clock, say to 2016,
00:15:09
Speaker
provision in an ETS cluster is going to be very, very low cost. Amazon is going to do all the hard work for you. Kubernetes is effectively a commodity. I think what's now happened is the hard work around Kubernetes has moved up the stack a little bit to the application layer on Kubernetes.
00:15:32
Speaker
take Air White as an example. I want ETL. I don't want to spend $100,000 with 5tran to do it. I want to use Air White open source and have a very comparable experience around it. But then if you go to the process of actually running on Kubernetes, you start basically going down the rabbit hole. You need to learn how to use Helm. Helm is a little bit weird. Then you need to know the details of it actually.
00:16:03
Speaker
test, maintain, tweak for your infrastructure. It's going to be different on AWS versus GCP versus Azure. You'll have, you have the details of Kubernetes on the cloud. So, um, like I am permission for pre-permissioning for workloads is very different between clouds, for instance. Um, so there's a lot of app specific, like intelligence that you need to have to be able to run a lot of these things. Um, and it became very clear to me that was, that
00:16:37
Speaker
focused on getting the control plane working. So what we do at Plural is basically, if you take a bird's eye view of what we're trying to do is we're trying to basically automate what, if you had hired an SRE to deploy that, deploy that air-wide version, what he would ultimately do. And what he's going to do is he's going to set up a GitOps environment. He's going to generate a lot of infrastructure
00:17:10
Speaker
to actually provision that and get it deployed in your cloud. What Plural does is we have a catalog of all the terraform help needed for deployment of all these applications, and then we just code generate it into the get environment for you. And then we have a console that we built that allows you to do all the management of the application once it's actually been deployed. So that includes things
00:17:38
Speaker
reliability of the application in real time. There's runbooks for more complicated operations around scaling. Scaling a database up and down is a fairly tricky thing. Adding a replica of all this can be done in a very graphical runbook with all the contextual information you need in terms of metrics and everything like that.
00:17:57
Speaker
There's also a log aggregation just built from the start. We use the final lowkey for that. And then the upgrading flow. So when we publish new versions of each of the applications, we're going to test it for you. Then we publish it into our canonical catalog. And in all the clusters that you create, if you deploy one of our instances at the console, it will subscribe to that catalog, pull it down.
00:18:20
Speaker
execute the upgrade, all the, the Terraform and how it needed to perform it. You don't end up getting, bargaining yourself with that long-term upgrade maintenance as well, which is like, I think actually probably the, the, the biggest like total cost of ownership that comes with an application. I feel like, uh, Bob and I have seen a lot of effort, uh, especially his past, uh, KubeCon in Detroit.
00:18:43
Speaker
around really sort of solving that complexity. You said Kubernetes is a commodity, right? I think we agree with that for the most part, right? There's still obviously shops who want to build things themselves, want more things, and that's fine, but I think there's a lot more going on and sort of
00:18:58
Speaker
user ability, user experience, application, you know, that side of things. So it's, it's really good to hear sort of this sort of take on, you know, sort of a automated virtual SRE, so to speak, in many ways.
00:19:14
Speaker
And I think your description helped clarify a few things, right? Operators, if you just do a quick Google search on what Kubernetes operators are, operators are marketed as those automated SREs or software SREs for your applications. But there are these other things that operators can't really handle. And then there's a discrepancy between how different operators functions. So having something like a catalog of applications that can be supported and run actually helps solve
00:19:43
Speaker
real customer problems, I think. Yeah, exactly. And we use operators all the time, actually. So a lot of applications need to provision Postgres. We use this a lot of Postgres operators to provision it for us instead of RDS. It seems like a better default because it's going to be cheaper. And a lot of these Postgres instances are not Tier 0 Postgres instances. So like, cheapness should be the preference, in my opinion. There's not an either-or
00:20:15
Speaker
But if you were to use an operator to say distribute air byte and then try and hand it someone, you still have that same learning problem. So their onboarding experience, they're going to have to learn how to use operators. They're going to have to learn the details of that CRD and all the tweaks of it. That's actually very complicated for a lot of people. A lot of our users are still frankly unfamiliar with Git. So are they going to get to that situation where they're going to be able to use an operator
00:20:44
Speaker
There's a long step of onboarding to get to that level of maturity in a lot of cases. And there's a lot of people who want to have an open source application and not pay that cost. So we still want to be able to serve them.
00:20:57
Speaker
Makes sense, makes sense. So I mean, it's one thing I'm noting there is that sort of your, a lot of individuals don't even know Git, right? So you have a, definitely a certain type of user. Maybe this leads into my next question is, you know, I read that, you know, plural sort of works out of sort of a workspace, right? And for that type of user or just your typical user, maybe you can help us break down, you know, what exists within that workspace? What, what does that actually mean, right? To, to the end user? Yeah, yeah.
Plural.sh Deployment Customizations
00:21:27
Speaker
Like I said, like what we're trying to do is generate the resources that that confidence already would have generated. So the workspace is going to be laid out, like all the applications that you would have, you were wanting to deploy, say I'm deploying air flow and air bite, there'll be a top level folder for air flow that we had top level folder for air bite. And then within that, there'll be a home chart for the deployment of the air bite, uh, Kubernetes resources, and then a Terraform module as well for potentially the need for provisioning cloud resources.
00:21:56
Speaker
In everybody's case, the cloud resources that are provision is actually an S3 bucket for storing logs. So everybody stores these logs into object storage. And then that can be heterogeneous in different clouds. So for instance, in Azure, they don't have to work for Azure or Blobstore. So you have to figure out S3 compatibility. We have a lot of stuff that does that. But they really are just plain Helm charts and Terraform modules. So you can actually add additional Terraform
00:22:25
Speaker
A very common case is actually adding PBC peers, so you deploy it into a cloud, into a PBC, and then you want to be able to connect to the adjacent PBCs. Another theoretical thing you could do is
00:22:41
Speaker
a lot of Postgres opinionated setup, like you can just create a RDS instance, have it there from right there, put a Kubernetes secret for the password of it, and then reconfigure your Airline Helm chart to use that RDS instance. And it's a very natural, like, if you're capable enough to do that, you should have everything you need to be able to.
00:23:04
Speaker
One additional thing that I should mention about the workspace is secret encryption. So anything GitOps, there's always a challenge around managing secrets because you could easily put a database password in a file. You don't want that file to be in Git where everything is Git. So we basically re-implement a project called GitCrypt, which your viewers might be familiar with, but it effectively, you can specify files to be
00:23:37
Speaker
encrypted file on GitHub. And that just works natively with the CLI and you don't really even have to think about it. If you have the encryption key for the repo, you'll just be able to edit everything in plain text. Makes sense. I know you said that plural generates a lot of this, right? So maybe give a sense of, you know, can someone go ahead and modify these things or does plural have to know or sort of
00:24:03
Speaker
about the application, or maybe this is more of a question around, can I BYO A, right? Yeah, there are some guide rails, especially around terraform, which is much more difficult to merge, but it's effectively a similar process
00:24:26
Speaker
code generation tools. And then you have the capability to edit it. But there's usually very clear surrounding comments around the stuff that Kube Builder is very, very noisy about. This is what we're going to be generating for you and don't touch it. There's a similar approach here.
00:24:48
Speaker
variables, you can add terraform files in addition to the ones that we create and we're not going to trample them or anything like that. With Helm, it's actually very, very easy because it's a YAML.
00:24:59
Speaker
So we can actually merge the yellow blob together in a intelligent fashion. It doesn't like, your updates are not going to typically collide with that in a way that doesn't make sense. So there's a decent amount of flexibility. I mean, that's always a question that comes up is like, I want things to be easier, but I also want to touch it all, right? The other thing with that is like you expose that capability to people and you
00:25:26
Speaker
create the possibility that they break things, right? And you don't just create it, you almost make it inevitable. And having Git in place is really crucial there. So you do make a customization. If you were to break something and then come to one of us and say, hey, this air write installation doesn't work anymore and I have no freaking idea why, at the very least I can go down through the Git history and see what you did.
00:25:55
Speaker
make the support process a lot. And hopefully roll back fairly easily then. So while going through the documentation right one of the things I noticed is for every template when I run the plural build command it generates or it generates all of these files in a specific directory so a specific git repo. Can I have multiple applications that are being tracked as a single entity if I had
00:26:19
Speaker
a complex app with, let's say, a Postgres database that is deployed through Plural as well, and then an air byte, and something else like kubecost on Kubernetes cluster. Can multiple applications be part of the same repo, or do I need a different repo for each app? Yeah. Basically, the mapping is like a cluster has a single repo, and then the cluster can have many applications. Our production cluster actually, we use Plural to play Plural, and the production cluster actually probably has like 30 applications in it.
00:26:48
Speaker
A lot of them are just like how we dog food, our catalog and test them. We use a lot of the stuff that we have in the catalog actually just for the operation of our business. Like we use SuperSAT for our visualization instead of Looker. We use AirBite for all of our ETL stuff. So, and they're all in the production cluster. But that's how the mapping works at the moment. And as a follow-up, is there a way to sort of, you know, a lot of Kubernetes customers are shared and like 10 and eyes, right?
00:27:17
Speaker
Are those like branches basically and get or how's that managed if like two teams want to use the same cluster? That's one thing that we don't really support the best right now. The main problem is
00:27:31
Speaker
like operator conflicts. So if you had already deployed the Zalando Postgres operator and then we redeploy it and we don't have a good way of knowing it, then they're going to start thrashing together. I'm sitting with ingress controllers, same thing with cert manager in theory. So that's one thing that we haven't done. We're still trying to figure out if there's actually a viable way of doing it because that problem is so difficult to solve.
00:28:01
Speaker
Like we kind of, my personal opinion is that mode of operation doesn't really make that much sense anymore. Like having like a single like company wide cluster, I guess you could sort of argue it's resource efficient. But if the process of provisioning a Kubernetes has become so easy, that's a commodity.
00:28:26
Speaker
of resources to individual teams. Yeah, and I think the reality is like, we ultimately see a blend of those two concepts, right? Most companies don't just have one giant, like in early 2017, everybody wanted to do it that way, right? I know I was at a shop that wanted to do it that way, we might have gone the other way, and that was really expensive because we ran on AWS.
00:28:47
Speaker
Besides the point, we wind up seeing this blend where you have a handful of clusters and maybe there's a couple teams working. I could almost map in my head the concept of sub-modules. You could have a sub-module per team or something like that in there. Those types of things I think are, as an SRE, you're used to
00:29:08
Speaker
dealing with different teams anyway. But I also think that the concept, you know, those collisions that happen with operators, things like that, it's sort of a Kubernetes problem, right? When you really break it down. Not really a plural problem. It's like, yes, it's just, I guess it's sort of a Kubernetes problem, because the reason those operator collisions become really big is because they have cluster-wide access. And so if you had an operator that was scoped to like a subset of namespaces versus another subset, maybe ability is here.
00:29:40
Speaker
But we have like, we've been building some degree of support for this. The use case, I think makes a lot of sense that's similar to this is, we have like a customer is asking for it right now is they have, they have a very opinionated way of setting up Kubernetes for security clients. And it's really they have like, you know, it's Kubernetes with a specific AMI for the worker knows that has been hard in quote unquote, beyond what address does, they have some security
00:30:10
Speaker
have their enterprise APM logging and everything like that. And so being able to build on top of that makes a ton of sense for us. And you can technically layer that onto a Kubernetes cluster that we normally provision with our customized stuff. It's possible, but going the other way, it's just easier for the user. The other thing in our case that's a little bit different is the way that
00:30:41
Speaker
What you're deploying is, they're just applications. You really shouldn't have that much opinionation on how Kubernetes works underneath the applications. It's just the implementation detail of how we've got created multi-cloud portability for the applications. But you could very easily just have an instance of Airbnb, an instance of Airflow deployed in plural land in your cloud infrastructure. And the real only concern is making sure
00:31:11
Speaker
Um, but like you don't have to be, there shouldn't be a huge need to be very precious about exactly how Kubernetes looks underneath as long as it works and it's operable. And we're doing our job of making your life of using those applications as easy as possible. Yeah. Yeah. I know. Uh, as long as like consistency is key, right? The whole idea around GitOps anyway. So I know we've run into it in, in sort of our, uh, Bob and I's world and storage when we
00:31:36
Speaker
And we talk about things like disaster recovery and backups, like those types of things. What do you draw the line on what's an application that should be and not, that is opinionated. So it is, you know, it still is going to fall on that team. I want to switch gears a little bit and just talk about sort of which sort of platforms are supported,
Plural.sh Cloud Platform Support
00:31:55
Speaker
right? So things like EKS, AKS, can you bring your own? Like how does Plural work in those worlds? Yeah. So we have first-class support for all the three major
00:32:07
Speaker
GCP and Azure. And we always use the managed control plan in terms of the Kubernetes server for those clouds. So it's EKS for AWS, GKE for the GCP and then EKS for Azure. We actually have support for Equinix, about a weird thing now. We had that a while ago.
00:32:24
Speaker
And we're working on some others. What we really want to add is a low cost provider. Something like SIBO would be kind of cool. There's a lot of people who they just can't afford a full AWS Kubernetes deployment, which the minimum cost of that is really about $200 a month. So they would want to use a tiny open source application and maybe pay like $50 to $100
00:32:53
Speaker
but not the full 200. And that is totally reasonable. And the only clear path to that would probably be to use SIBO or like find some way of doing it with shared infrastructure or something like that. So when you like talking about smaller sort of deployments like that, does that also, when you talk about major clouds, does it include EKS anywhere or sort of the private cloud? Like, is it still the same control plane, right? Do you support those sort of
00:33:18
Speaker
hybrid deployments too. Yeah, we haven't we haven't played with the guests anywhere yet. But that would be kind of interesting. We should definitely work on it. We haven't really done a whole lot with true on-prem deployments. We've come to us to want to just deploy in a vanilla cloud environment. And we haven't had that very huge demand yet for the on-prem stuff.
00:33:41
Speaker
Okay, and I think my next question is more around like the storage side of things, right? This being a Kubernetes bytes podcast. I know you mentioned that for the air byte deployment you do create like an S3 bucket, but for applications
00:33:56
Speaker
applications that are deployed on Kubernetes? Do you just use default storage that the cloud provider provides? And then how do you differentiate between applications that may need block storage or file storage? Because again, all of that is abstracted away from the user, but complexities that you still have to figure out under the covers to offer that simplistic experience to the end user. Yeah, yeah. So we mostly use the default storage classes.
00:34:22
Speaker
for stateful applications. And where there is blob storage, we will use the cloud's native S3 or equivalent storage. So that's honestly for operational simplicity. There probably are some weird use cases where like an online cluster of an IO would be more performant and like we can help them out with that, but we wouldn't make that default in any reasonable world. That said, there are some customizations that you need to do
00:34:53
Speaker
class in AWS CTS is not actually very good. They don't use the appropriate settings. So we will create a variety of different ones using different disk classes, and then we rewire the default. And we actually have an operator, the plural operator that has the ability to
00:35:12
Speaker
to modify default storage classes. We basically expressed that as a CRD because the Kubernetes named in a way is actually very janky and weird. You have to add that label to the storage class. And then we use that. So I don't actually remember off the top of my head what the exact settings we use in AWS. But it basically just gives, it's like, I think the default is actually higher cost and lower IOPS than another
00:35:41
Speaker
that I don't know why you can configure. So I say it just makes no sense. It makes no sense for me to be asked, though. Yeah. I don't even know if that's true, because you don't know what sort of hardware is underneath that. They probably are desperate to get into other data centers, but they can't do it. You never know if they're actually shooting themselves on their phone for that.
00:36:08
Speaker
The Equinox Metal setup is actually probably more interesting on that front. And in that case, we use Ceph with Rook for the storage class. And we deploy min.io to give Blob storage. And then Rook gets the storage class. It gets Blob storage. One kind of cool thing with this, though, and I think people aren't fully appreciative of how powerful it is,
00:36:39
Speaker
If you use a standard like UBS Block Store, UBS has pretty amazing redundancy. I don't know how many different ways it's replicated. It's at least three different ways. It has incredible reliability. Even if you just had a Postgres pod that's attached to that volume, Kubernetes natural restart capabilities
00:37:03
Speaker
to having a read-write replica that has failover. The Kubernetes restart of that pod is going to happen just about as fast as the failover, if not faster. It's going to rebound the disk. As long as the disk is as reliable as that failover would have been, you've effectively created technology equivalent to standard read-write replication.
00:37:29
Speaker
And I wonder if like at some point people will figure this out and start using Kubernetes and like really good block storage and replacement for some of these topologies that kind of don't make that much sense anymore. But we'll see. The one caveat is, again in AWS, AWS is just like a problem child in a lot of ways, but the disk isn't replicated across Stasis.
00:37:51
Speaker
Yeah, I mean, and given sort of where Bob and I work in our day jobs, we've been sort of living that life and can tell you, you know, people are doing it. It's definitely, you know, it is harder for some, especially I think maybe the individuals you're sort of working with who want that sort of easier and less complex, they're probably not thinking about like,
00:38:15
Speaker
all those complexities of like, let me run my actual database on this thing, right? They're thinking, you know, deploy my application connected to my data, probably. That's a pretty typical answer that even we see living in this side of the, on the other side of it, I should say. But it sounds like, you know, for the most part, if someone wanted to deploy a database, you know, it sounds like Laurel can, you know, connect to a PBC, enable Helm to go, obviously, you
Snapshot and Backup Management on Kubernetes
00:38:39
Speaker
know, it's less portable, you'd have to worry about moving your data if you wanted to kind of
00:38:43
Speaker
uh you know move that thing out but that's not a new problem right so yeah makes sense um now does does plural um allow you to also do sort of advanced things with that you know say say they are provisioning um a pvc that's on abs right can it take snapshots can it do those kind of like sort of more advanced data services in terms of backing up data and those kind of things or is that
00:39:13
Speaker
sort of external around the customer. Can you manage that through Plural as well? Yeah, so it's snapshot and backup restore. There's two different levels to this. And this is kind of similar to the Kubernetes app level as well. You can, they're just, we just use normal Kubernetes storage classes and a lot of those actually have base background to Kubernetes, the capability to take snapshots that that's in the Kubernetes API. But there's certain applications where that's not really, you want to go further and beyond. So with a Postgres database,
00:39:49
Speaker
does have that capability. And we've used it many a time actually. It will continuously stream the wall into S3. We have some lifecycle policies around that S3 bucket to make sure that it doesn't explode in size to some obscene amount. And you can just specify a timestamp and restore your database to that timestamp. Which is, again, a similar functionality you would get out of RDS.
00:40:16
Speaker
of RDS, the one difference, and actually we probably want to solve for this at some point, RDS is point and click. So they have a very good user interface in front of you that you can just do it without having to read an API docs or anything like that. A lot of Kubernetes operators are not in that world yet. So the reality is a lot of our users are, again, they aren't going to want to read that much detail in docs. They don't have the time for it.
00:40:49
Speaker
like bake that into our console and make it more accessible. Got it. Gotcha. Thank you. And so like till this point, right? We have covered how day zero works, like how the deployment works, how all of these files are being auto-generated and things like that. How about day two operations? Like I know we discussed backup and snapshots right now, but what if I want to like perform or set auto-scaling rules just to make sure that my database is scaling up as my application needs more storage? Can that be done through plural or that's like an outside out of the box configuration?
00:41:19
Speaker
Yeah, so the ideal way of doing all this would be, it would be via our console. So we want to make as much of this graphical as possible for a similar reason why backup restore with this Alana Postgres operator has some accessibility issues. And I sort of had mentioned this feature before, but the
00:41:38
Speaker
experience for that. What it actually ultimately works as is it's a low-code interface. There's actually an XML spec that allows you to configure the UI for each individual runbook and you can make it look and also
00:41:58
Speaker
if the input forms and stuff like that to do complicated things. Almost all the applications that include a database have a database runbook. And that database runbook includes adding another replica to the database, scaling as CPU and memories, and scaling as tests. And you can see all of the time series metrics for all of those inputs. So you can make an informed decision on all of them in one single flow.
00:42:24
Speaker
The other big A2 operation, again, is upgrades. And that actually just happens naturally by you subscribing to the Plural Catalog. And we'll do the upgrades for you and we'll test them and make sure that they're not going to blow anything off when they arrive. Which can certainly happen.
00:42:43
Speaker
And then some of the stuff you have to dive a little bit deeper currently, but we'll, we'll work on making it a little bit better, but, uh, like cluster auto scaling is something you kind of mentioned there. Um, we, we automatically configure the cluster.
00:43:07
Speaker
with taint supplies so you can have workloads accept a taint and actually be provisionless spot groups. And then there's a cluster autoscaler there. But the reality is sometimes that for various nuances of your workload, you might need to kind of reconfigure that set up with a different topology and stuff like that. And that's a terrible change. And we have some augmentation on that, but if you just edit a terrible file, then you'll have a slightly different node topology that might fit your use case a little bit better.
00:43:36
Speaker
I think that's really cool, right? I know like AWS has this open source project called Carpenter, which does that spot based node deployment, and it can help you mix and match instances. But having that plural and does that apply across all the clouds would be really cool. Yeah, yeah. All the clusters are basically set up that way by default. The goal is like, are the auto scaling setup
00:43:58
Speaker
for its utilization for a very wide set of apps. Like if you think of the different things that could be deployed in a plural cluster, we're giving people the ability to point and click deploy an Airflow alongside an Airflow with some superset. These are very different applications with different usage profiles. So if you're going to build an autoscaling solution for it, it needs to be extremely flexible and have the capability to handle really beefy workloads or really tiny workloads and all sorts of different things.
00:44:24
Speaker
God, it makes sense. Cool. We have a few time for a few more questions here. So I did want to dive into the security aspect a little bit before we move forward. And that's more or less like, you know, I've got a good sense of how Plurals kind of using managed Kubernetes.
Security and Authentication with Plural.sh
00:44:40
Speaker
So I imagine in terms of, you know, the Kubernetes knows themselves or control plane, you kind of rely on those things. But as far as the applications go, and maybe when CVS crop up or, you know, vulnerabilities in libraries and
00:44:53
Speaker
Plurals managing the applications. How does Plural work with the customers on that? All of the resources we publish, we also actually have a Docker registry in the Plural API. Then everything, all the Helm charts, all the Terraform code, and all the Docker images are scanned. You can actually see the scans in app.plural.sh at any given time. There are actual CPEs in
00:45:21
Speaker
on the standard Bluetooth image that has a ton. They aren't game breaking, but they exist. A lot of the Python applications, Python just always
00:45:33
Speaker
It's almost intrinsic in using Python. But you'll be able to see it so that that's observable. If there's something really, really bad, Grafana had a really bad vulnerability in one of his versions, actually. We'll see that also because we have that and we'll publish a new version alongside of their patch of it. And it will just go right into your cluster. You won't have to touch it. It's another automated deploy. There's some more things with security that's actually worth mentioning. The biggest one, I think, and we
00:46:04
Speaker
authentication. And I think a lot of organizations do a really terrible job of authentication for their open source. So if you think of what's happening inside Capital One, when they have individual teams that want to figure out how to deploy Airflow, you have one like overworked engineer who has to figure out how to get Airflow set up at Capital One.
00:46:22
Speaker
He's going to take the shortest path possible. And that path is going to include a username password authentication for that Airflow instance. That's completely forgotten until the end of time. So the reality is a lot of these enterprises probably have completely unknown security exposure at the application level for their entire open source estate. And they don't even know the full extent of their open source estate. What Plural does is we have an integrated OIDC provider in Plural. We use Ori Hydra, actually, for it.
00:46:51
Speaker
And when you do an installation, you can just opt in to using that YDC provider to authenticate to the application. So that A fluorescence to the air white instance would just have turnkey OAuth to your plural account.
00:47:04
Speaker
And you can bind a user or a group of users directly to the application to provision or de-provision them to the application whenever you want. It's extremely, extremely low touch. You don't have to figure out in the docs of the application how to set up the OIDC Connect. We've already done it for you and you just have to press a button basically. And that's really, really powerful and it's also powerful with
00:47:38
Speaker
to all the heavy lifting for it. But that's another really big security aspect for the application that's pretty important beyond just like the standard CV scanning stuff. In reality, that's probably a much bigger exposure than some low-level C library having a buffer effort.
00:47:58
Speaker
if you're being totally honest and like a lot of enterprise do a really good job of fixing their low-level c libraries and then they just have like all these poorly authenticated applications just around around and probably could like get who knows what so that's why the Palo Alto network stock has gone up the way it has over the past couple of years
00:48:22
Speaker
This has been a great discussion, Michael. I think just as the last or the closing question, I just wanted to ask if people like Plural from this episode, where can they learn more about
Resources for Learning Plural.sh
00:48:34
Speaker
it? How can they get started? I think Plural is open source, so how can they access it and start using this in their environments?
00:48:40
Speaker
Yeah, so you can visit our marketing website, www.pluralsh, that'll give you a high-level overview of all the stuff that we offer. You can create an account at app.pluralsh, and we'll give you a walkthrough of setting up your burst cluster. You can actually do it all in the browser. We have a Cloud Shell experience that will provision a local setup for your CLI. You just have to
00:49:07
Speaker
do it or you can actually use a GCP project that we create in our account for this is our period of time just to test right. You can also go to docs.plurallessage and that has our full documentation of the platform and all of its functionality and there's a quick start guide there that's a great place to look. If you just want to dive more into it technically that's also another thing like it's all up in
00:49:43
Speaker
And our main repo is github.com slash Pluralsage slash Plurals. So guys, give us a star. That'd be amazing. But you can, you know, you can see how good or bad our code is and leave whatever criticism you have there as well.
00:49:57
Speaker
And if you didn't get, remember any of these URLs, we'll have those in the show notes. So don't worry about like going back and, and, and noting them down. Awesome. Absolutely. And, uh, you know, it was a pleasure having you on the show. Will you be at, uh, I know Bhavan won't be at KubeCon. Will you be at KubeCon? Uh, you, this, this upcoming. I'm not sure about KubeCon EU. I was at KubeCon in A and I'll be at the next KubeCon in A for sure. Um, we have, my co-founder Sam Weaver is actually based in Los
00:50:27
Speaker
So we'll talk to Sam if you're in Amsterdam this coming April. I will be as well. So, well, maybe I'll hunt down Sam and tell him what a great guest you were then. Yeah, I'm sure he'll appreciate it. All right, well, Michael, it was really a pleasure you're having on. I know I learned a lot, so I appreciate you having on and maybe do it again in the future. Yeah, sounds great. I really appreciate the opportunity.
00:50:53
Speaker
Well, Bobbin, I think that conversation went really well. I know we've been trying to get Michael on the show for a long time, probably longer than he deserved, as I mentioned in the call. But it was great to have him on and talk about plural. I really didn't know much about plural at all until we started researching and talking to Michael.
00:51:09
Speaker
But what were your takeaways? What did you get out of that? I think plural solves a good enough problem that exists in the ecosystem. Deploying applications on top of Kubernetes is hard. If you just go to operatorhub.io, you will find at least five different operators for any application that you want to deploy. And obviously, you don't have the skill sets in-house to
00:51:32
Speaker
be experts and contribute to open source projects for all of these different applications that plural has. So like having a tool like plural that allows you to deploy applications from a curated app store or curated marketplace and then run it on top of EKS or EKS or GKE bringing in that abstraction layer really helps. So as a data scientist, I know if you look at their website, one of the examples that they keep on using is air bite. So as a data scientist, if you want to deploy air bite, you don't even know how to
00:51:59
Speaker
Run kubernetes you just go ahead use the plural cli's do a build or deploy and it will automatically like it deploy all the resources using a combination of hem charts kubernetes manifests and terraform files as well so i think i really like the abstraction layer that plural being brings to the ecosystem.
00:52:18
Speaker
Yeah, I think that, you know, I agree with that wholeheartedly, but I also think that this trend that we keep seeing from many companies, many projects in the Kubernetes ecosystem of sort of focusing on the developer experience, the application owner experience, right? You know, some things that rang true for me with what he was saying is that a lot of our customers don't know Git.
00:52:43
Speaker
A lot of our customers aren't as technical and they don't want to manage or run Kubernetes and I think now that we do see Kubernetes and a lot of the infrastructure platform as table stakes offered in these cloud providers and they work really well. You know seeing this sort of transition to.
00:53:02
Speaker
What can we build on top of all this right is I think a trend that we keep seeing and I know I mentioned this a little bit where we had this world sort of with Heroku but we didn't touch the infrastructure and I use Heroku just because that's an example and sort of a platform I used back when I was deploying applications you know whether it was JavaScript or whatever you just send it up there and it just worked.
00:53:26
Speaker
But now with Kubernetes, you have this mix of practitioner and infrastructure that they want that ease of use, but they also want to be able to touch it, right? And to be able to say, well, we'll do a lot for you, and we'll give you a lot of the pieces and you don't have to, you know, be able to put your hands in it. But if you want to get your hands dirty, you want more flexibility,
00:53:46
Speaker
we do give you that operation. And I think we've seen a couple of different companies, you know, cycle being one of them, you know, that give you a lot of that flexibility, but automate a lot of it on top of all infrastructure. So that's really good. I think that's an interesting and neat trend that, you know, I take out of that conversation as one to really keep an eye on.
00:54:05
Speaker
Great. So, this is the end of today's episode and the end of the first episode of the new year. I hope everyone is glad we're back, hopefully. And, you know, we've got another episode out for you soon. But with that, that is the end of today's episode and I'm Ryan. I'm Bob. Thanks for joining another episode of Kubernetes Bites. Thank you for listening to the Kubernetes Bites podcast.