Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Universal Control Planes for Kubernetes and Beyond
1.6k Plays11 months ago
In this episode of KubernetesBytes, Bhavin and Ryan interview Viktor Farcic, a Developer Advocate from Upbound, the company behind Crossplane. Crossplane extends Kubernetes into becoming a universal control plane for more than what runs in Kubernetes, however, you get to manage everything in a Kubernetes-native way. Hear what Viktor has to say about Crossplane and what hes been up to.
- 01:35 Introduction
- 08:29 Cloud Native News
- 16:15 Crossplane with Viktor
Cloud Native News
- https://www.chainguard.dev/unchained/series-b-funding
- https://www.honeycomb.io/blog/introducing-honeycomb-for-kubernetes?hss_channel=lcp-12957659
- https://techcrunch.com/2023/10/18/microsoft-launches-radius-an-open-source-application-platform-for-the-cloud/
- https://docs.radapp.io/
- https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html
- https://www.techtarget.com/searchdatabackup/news/366557752/CloudCasa-now-offers-self-hosted-Kubernetes-backup-service
- https://finance.yahoo.com/news/kubecost-launches-cloud-cost-optimization-080000850.html
Links
- https://youtube.com/@UCfz8x0lVzJpb_dgWm9kPVrw
- https://docs.crossplane.io/
- https://www.crossplane.io/community
Recommended
Transcript
Introduction and Sponsor
00:00:00
Speaker
As long time listeners of the Kubernetes Bytes podcast know, I like to visit different national parks and go on day hikes. As part of these hikes, it's always necessary to hydrate during and after it's done.
00:00:14
Speaker
This is where our next sponsor comes in, Liquid IV. I've been using Liquid IV since last year on all of my national park trips because it's really easy to carry and I don't have to worry about buying and carrying Gatorade bottles with me. A single stick of Liquid IV in 16 ounces of water hydrates two times faster than water and has more electrolytes than ever.
00:00:38
Speaker
The best part is I can choose my own flavor. Personally, I like passion fruit, but they have 12 different options available.
Meet the Hosts
00:00:44
Speaker
If you want to change the way you hydrate when you're outside, you can get 20% off when you go to liquidiv.com and use code KubernetesBytes at checkout. That's 20% off anything you order when you shop better hydration today using promo code KubernetesBytes at liquidiv.com.
00:01:08
Speaker
You are listening to Kubernetes Bites, a podcast bringing you the latest from the world of cloud native data management. My name is Ryan Walner and I'm joined by Bob and Shaw coming to you from Boston, Massachusetts. We'll be sharing our thoughts on recent cloud native news and talking to industry experts about their experiences and challenges managing the wealth of data in today's cloud native ecosystem.
00:01:34
Speaker
Good morning, good afternoon, and good evening wherever you are. We're coming to you from Boston, Massachusetts.
Casual Conversations and Wildlife Encounters
00:01:40
Speaker
Today is November 2nd, 2023. Hope everyone is doing well and staying safe. Let's dive into it. Bhavan, how you been, man? I'm doing good. November already. Can you believe it? Like I can feel it. Don't say that.
00:02:10
Speaker
Uh, 70. I think that's it. Holy moly. That's hot. I'll keep my house in 64, 65. Okay. That's why I get these high electricity bills. Maybe. That's it. I don't know. You know, it all depends on your house too. Like if you're like, let's go up more heat, you sure you got to keep it higher and stuff. But I say grab a blanket, you know.
00:02:22
Speaker
I'm not, I don't know. I don't like cold as much, clearly. And now it's officially like heater season. Like I have to like make sure.
00:02:34
Speaker
Or a jacket, yeah. Okay. I'm sure mine will make its way up as, you know, the winter goes on. Okay. Time to mess with the thermostat. How are you doing there? I'm good. I just got back from some time off, spent a week in New Mexico. Very interesting place. I know. Nearly got bit by a rattlesnake, but I'm still here. Oh, wow. What does nearly mean? Like, okay, how close did it get? A foot.
00:03:00
Speaker
That's too close for me. How did you evade it? Did you hit it? I was at the VLA, the Very Large Array in New Mexico, which if you don't know is basically one of the United States, maybe in the world, I forget, one of the largest radio-based telescopes. So if you've seen any really deep space images, it's likely taken with this VLA. It was made in the 1980s and it's been updated and stuff like that.
00:03:28
Speaker
Okay, crazy cool technology. But it's in the middle of this really dry high desert New Mexico on purpose, right? So less radio interference and dry climates, those kind of things. But there's signs all over the place when you're visiting this place. Okay, where rattlesnakes I spent like a half hour there, we were kind of passing through, didn't see a rattlesnake. I was walking back towards the entrance. I was like, I'll stop at the gift shop.
00:03:50
Speaker
Yeah, I touched the doorknob of the gift shop and I just hear the rattle of a rattlesnake at my feet. So imagine holding a door and looking down, right? So that's how anything was rared back at me. Didn't didn't strike at me. Luckily, I was wearing really like thick, heavy, you know, dirt bike boots.
00:04:09
Speaker
time. So, you know, in most cases, I might have been okay if it hit the boot. But yeah, I stepped back and I got a video of it and stuff like this. It's the closest I've been to a rattlesnake. I thought it was very kind of it to rattle. You know, it's actually makes a lot of evolutionary sense now. It's really nice of it to have that.
00:04:28
Speaker
Do you think like it's like an employee that works for the gift shop? Like everybody should get that experience. It just stands there. That's it. No, it was very real. It was a very real rattlesnake and the gift shop was closed. I didn't even get it. Damn it.
00:04:43
Speaker
Yeah that and uh so like natural tarantulas just out um were also pretty cool um apart from like the elk and antelope and stuff out there. No I think uh whenever like okay my wife hates spiders and its entire family like tarantulas. Okay that's good. Yeah.
00:04:59
Speaker
Whenever one of our friends went to a National Park in Utah last month and they just shared a pic of a talent dealer on the hike, on the trail, and she wouldn't even open that message. She waited for the history to scroll up in WhatsApp so that then she can open it up. She really freaks out. They're really cool, but they're really big. Especially if you're not from those areas, you're not used to seeing a spider that big just chilling out there. I know.
00:05:24
Speaker
We have wood spiders here in the Northeast, which get pretty big, but not tarantula big. Initially, whenever I've camped in New Hampshire or Maine, we haven't seen spiders as much in those campgrounds. Like you. I know.
Excitement for KubeCon and Upcoming Topics
00:05:44
Speaker
I know.
00:05:44
Speaker
This summer we went to Vermont to camp and yeah dude the entire campground was like had those tiny yeah spiders like we deserved the campsite for two days but then again my wife is afraid of spiders so we just had to leave in a day. One thing you can't escape is nature when you're camping. And spiders.
00:06:08
Speaker
Totally get it, man. Yeah, this is going to be a fun week. Obviously, KubeCon's coming up. Let's go KubeCon. I know. I'm just going to Halloween for those to do that kind of thing. I was the Mandalorian, by the way. Well, my daughter wanted me to be an astronaut, and I totally forgot to the day of, so I went to Party City. Closest thing I could find to an astronaut was the Mandalorian. I would say technically, he qualifies.
00:06:35
Speaker
So I didn't agree with that idea. Yeah, she did. She looked at me like, I was expecting a big helmet, you know? Yeah. Well, I got a helmet. I mean, a helmet does a helmet all the time. So I think it works. Nice. Anyway, yeah, KEEPCOM's coming up. You know, we have a fun episode coming up here with about crossplane and what's going on there. We'll introduce our speaker in just a minute.
00:06:59
Speaker
But I think before that, we have some news to talk about. We'll be right back after this short break.
Cloud Native News Updates
00:07:06
Speaker
If you've ever had a puppy and raised it to become a big dog, you know that changing food and finding the right food is hard to get right. Ultimately, you want them to feel good and act happy and be OK with what they're eating. They're part of your family, after all. I have an eight-year-old golden retriever named Roscoe, and he's always had a sensitive stomach. So finding the right food was kind of a pain.
00:07:28
Speaker
That's where Nom Nom comes in. Nom Nom's food is full of fresh protein that your dog loves, and the vitamins and nutrients they need to thrive. You can actually see proteins and vegetables like beef, chicken, pork, peas, carrots, kale, and more in the ingredients.
00:07:45
Speaker
So here's how it works. You tell them about your puppy, the age, breed, weight, allergies, protein preferences, chicken, pork, beef, and they'll tailor a specific amount of individually packaged Nom Nom meals and send them straight to you. If you're ready to make the switch to fresh, order Nom Nom today and go to https forward slash forward slash trynom.com slash Kubernetes Bites.
00:08:09
Speaker
and get your 50% off of your first order, plus free shipping. Plus, Nom Nom comes with a money back guarantee. If your dog's tail isn't wagging within 30 days, Nom Nom will refund your first order. No fillers, no nonsense, just Nom Nom.
00:08:28
Speaker
And we're back. Like this year, I've seen a trend where some vendors have already started releasing what they're like the KubeCon announcements a week before. So obviously instead of doing like a lot of news this time, I was like, let's keep it to three. And then we'll cover all the news that we see in the ecosystem the week after.
00:08:48
Speaker
Yup. So the first thing, starting with the funding round, ChainGuard, a startup in the DevSecOps or Community Security ecosystem, raised series B funding, $61 million. Again, with the trend, they didn't share what their companies now valued at, but they just shared that the total money they have raised is $116 million. A couple of interesting things that they do, they publish their own images. So
00:09:13
Speaker
their whole story is we'll give you the minimal hardened images that you need to run different containers that are signed by six store that include their own S-bombs instead of the user having to build their own images and then worry about CVs. They can just use this, the images that ChainGuard provides you. They have a cool list where
00:09:37
Speaker
instead of all the day zero and day one vulnerabilities and CVs showing up in images that are available on Docker Hub, like our images have zero CVs. And then they also talk about how this helps organizations reduce the noise that they see in their scanner tools, like scanning tools for their applications running on Kubernetes and the tools that they use to scan container images. So definitely an interesting startup working on real things. They also have like a professional services arm
00:10:06
Speaker
where they can do like assessments, trainings, integrations, and consulting work for you. So yeah, there is new money. Yeah, cool. Cool article about I think their integration with sort of an API in front of the vulnerability status so you can integrate it into the S-POM software stuff. You know, everybody loves that word. Yeah.
00:10:27
Speaker
Okay. And then the honeycomb, right? Our observability friends. I know we have been trying to get somebody to go deeper dive into observability and we might have an episode soon, but honeycomb announced a new offering called honeycomb for communities. Their whole story is don't treat issues like hot potato and transfer it between teams, like developers blaming it on platform or infrastructure teams.
00:10:50
Speaker
It's a Kubernetes issue, and then Kubernetes is like, nope, it's an application issue. No more hot potato. Enjoy your lukewarm to cold potato. Yeah, so they have a new dashboard where they have advanced correlation workflows. They have new default dashboards around node metrics and monitoring app pods that are running on top, and you can
00:11:12
Speaker
One of the examples that they have is like four different graphs and you can look at the timelines and map what was going on with each different component. And then they also added like a natural language query assistant. So instead of you having to write complex queries to find the exact part and find this specific metric that you're looking for, just tell it like, okay, give me XYZ about an application part and it will generate the query for you.
00:11:35
Speaker
That was pretty cool. So that's new from Honeycomb. And then finally, Microsoft launched a new open source project from their incubation team called Radias. So Radias is supposed to be an open source cloud native application platform. Initially, I felt like it was an IDP.
00:11:53
Speaker
But reading, and it competes with Backstage. But looking at their FAQs, even they call out that this is not meant to be a replacement for IDP or a replacement for Backstage.
00:12:06
Speaker
This is just an application platform that allows you to build application graphs for components that are not just running inside Kubernetes, but you have S3 buckets if you are leveraging existing tools, if you are relying on identity systems that are outside your Kubernetes clusters.
00:12:24
Speaker
You can visualize and implement everything in radius and then use that to provision it across multiple different clouds. Right now they support Azure and AWS. So if you want to look, this is still like brand new, right? Like they have been incubating this, now it's out in the public.
00:12:40
Speaker
But they use, from an orchestration perspective, they allow you to use Bicep, which is, again, the next generation of ARM or Azure Resource Management automation that they have. Or if you want to use the AWS Azure Kubernetes Terraform providers, you can use that too. So that's something new in this application platform or development platform ecosystem.
00:13:00
Speaker
I like how they make note to say that, and maybe open tofu, as long as it remains compatible, right? They're like, we want to, but we'll see. But yeah, that's it for news for me. I know we'll have a loaded episode after KubeCon. We will have a loaded episode of all the fun stuff that comes out and some of our observations and trends and stuff like that. Cool.
00:13:20
Speaker
I just have a few as well. So the first one was around security. It was an urgent security flaw in the NGINX Ingress Controller for Kubernetes. So this is one that I think a lot of people probably use. NGINX is a very popular Ingress Controller and used in a lot of examples as well. So, you know, possibly there's more of it out there, that kind of thing. But it basically allows attackers to sort of
00:13:48
Speaker
inject code, get security credentials, and kind of do all sorts of bad and erroneous things. So there are three CVEs listed in the article here. And it's, I think, as of this article was unpatched. But I'm sure that'll change soon. So definitely go take a look at that if you are using the NGINX Ingress Controller.
Deep Dive into Crossplane with Victor Farsik
00:14:09
Speaker
This kind of thing is pretty common, I think, especially if you're using bleeding edge stuff. And we hear about security stuff all the time.
00:14:16
Speaker
don't take a look at that. The next one I had here was that Cloud Casa, which I believe we talked about. In Amsterdam, they made quite some noise and just, you know, had a really great booth set up and a lot of people talking about it. They now move to
00:14:34
Speaker
self-hosted version. So Cloud Casa was SaaS-based, which is very useful for many people, but to certain use cases, they have to bring it on prem, there's data privacy, there's control aspects. And so, yeah, they have a self-hosted version of this deployment, which is in conjunction with its suite that is used for SaaS. Go check that out. I think pretty cool stuff they're up to.
00:15:00
Speaker
And the last one is around KubeCost, which we've spoke to you on the show. KubeCost. Yeah, KubeCost. So this is basically an advancement of KubeCost and what they're up to, but the thing I took most out of it is they supported access to provider billing.
00:15:18
Speaker
meaning cloud-based resources. They were focused on Kubernetes and everything you get out of Kubernetes, but obviously a big part of that is the infrastructure you're running on. So part of this update taps into the visibility that you have with your provider today. I think it's AWS Azure and GCP and more in the future kind of a deal. So hopefully that gives folks some better fully rounded capability to kind of look at their
00:15:46
Speaker
Overall cost metrics, because that is, Kubernetes is just part of the game at the end of the day. So now you can do it in one place, hopefully. Very cool. And that is our news for today's episode. All right, so let's dive into this episode. We have Victor Farsik, the developer advocate for Upbound, here to talk to us about crossplane and what it's all about and how it works. So without further ado, let's get Victor on the show.
00:16:16
Speaker
All right. Welcome to Kubernetes Spites, Victor. So glad to have you here. Why don't you give our audience a little introduction of who you are and what you're up to? I'm Victor and I work in Upbound. It's a company behind cross plane. And what I'm up to is hard to define because I change what they do on a weekly basis. So, you know, think of me like a kid, 10 year old that gets a new toy every week. That's me.
00:16:45
Speaker
That sounds like a fun way to be, honestly. Yeah. I know you've been super busy, so thank you for joining us. I saw that you guys did a whole virtual conference or something at a bound. I saw your talk with Kelsey just to get ready for this episode. That was a couple of weeks ago, yeah.
00:17:03
Speaker
OK, so very cool. Well, I know that crossplane has been something I've heard a lot about. I haven't done a ton of it. My myself looked into it myself, but I'm ashamed to learn more. Be ashamed. Turn around into the corner and stay there for a minute. Listen, I know a lot of people are excited about it, so you must be doing something good. That's all I got to say.
00:17:29
Speaker
So Victor, I think that's where we can get started. Can you give us a quick overview of what cross-plane is and what was the need for building something like cross-plane and when it started?
00:17:42
Speaker
Yeah, so when it started, I'm not sure, let's say maybe five, six years ago, you know, the idea or something like that. So there are two major parts of cross plane. One is what we call providers, which
00:17:58
Speaker
essentially allow you to extend Kubernetes to manage anything you want, right? Hey, you would like to use Kubernetes API to manage AWS resources, there is AWS provider. You want to manage databases, there is a SQL provider, Google provider, whatever, right? So, the idea is to extend Kubernetes beyond,
00:18:23
Speaker
what many people understanding is what Kubernetes is, right? Many people, when you speak with them, okay, so what's Kubernetes? And they will tell you, and this is my own interpretation of their words. Oh, Kubernetes is a thing that allows you to run containers. And I think that that's complete misunderstanding of what Kubernetes is, right? To me, the ability to run containers is just almost insignificant compared to what it really is. And what it really is,
00:18:51
Speaker
is an extensible API with the control loop that allows you to manage anything you want, right? Hey, if you install right now, I don't know, Knative, all of a sudden you manage serverless applications. If you install whatever else, you will suddenly be managing virtual machines and so on and so forth, right?
00:19:15
Speaker
And Crossplay puts it on a very different level, right? We have probably, if you would install all the providers, you would probably get around, and I'm guessing the number right now, a couple of thousand, maybe 5,000 CRDs that allow you to create your own custom resources that will manage something, whatever that something is. Too many. Don't install them all at the same time, really.
00:19:42
Speaker
No, no. So that's a word of advice. If you take a small cluster, relatively small, with a small control plane, and you install thousands of CRDs, your Kubernetes cluster is going to say, kaboom. And that will be the last thing you will hear from it, right? Because it's possible that I cannot confirm it, but it's possible that CrossFit was the first
00:20:11
Speaker
tool or a project to find the limits of Kubernetes in terms of how many CRDs it can handle. Now, the community behind Kubernetes is working to increase that number, but yeah, don't install 5,000. Nobody needs that. We've definitely heard from various people we've interviewed or just talking to folks in the community that
00:20:34
Speaker
Kubernetes is definitely becoming more of this generalized orchestration system, right? As you said, containers is sort of a means of prerequisite to an end early days where Kubernetes just really is orchestrating containers, but now it's a lot more than that, right? With cross-plane or even some of the edge kind of components that you can have where you kind of digital twins, and it's becoming more of this abstract orchestration engine, so to speak, where you can do a lot of different things with it. So it's really cool technology.
00:21:04
Speaker
Gotcha.
Crossplane Advantages and Setup
00:21:05
Speaker
And what I took away from it was, OK, so I can use crossplane on Kubernetes, but also manage cloud resources. So I can manage AWS resources, or Azure resources, or Google resources. Exactly. And there are already these providers that are built in, right? Exactly. OK. Exactly. So if I would put it in other words, the goal of crossplane from certain perspective would be to enable
00:21:33
Speaker
normal people, where I say normal people, I mean, not AWS, to do what AWS is doing. That means that enables people to create their own control plane, right? Everybody, that's almost a funny thing. Everybody has been using control planes for a very, very long time. It doesn't, nobody knew that they're using control planes. You think, okay, so I sent an API request to AWS and then that's it. No, that's not it. Behind that API,
00:22:03
Speaker
there is a control plane that assures that things are happening, that there be the right place, right moment, you know, all the shenanigans, everything that needs to happen for you to run a silly EC2 instance is done by a control plane. And big providers have been using control planes behind their APIs for a long time. Now, what we are doing is actually enabling true Kubernetes, everybody else to have something very, very similar, right? And that's where the
00:22:31
Speaker
The second part of Crossman comes in, apart from those providers. So those providers that I mentioned, almost nobody uses them in a way I explained so far, right? Because there is a second part which we call compositions.
00:22:48
Speaker
which allow you to create your own services in a way, right? Your own custom resource definitions with controllers and so on and so forth. So you as a person working in a company, you would say, okay, so we manage databases in our company. Excellent. How many people understand VPCs and subnets and all this stuff? Not many, right?
00:23:08
Speaker
I want to create a service that will enable people to manage a database. And then you create what we call composition that says, OK, this is the interface. This is the API that you can use to manage databases. And that API will be whatever you choose. Let's say, I will allow people to select whether they want Postgres or MySQL, whether they should run it in this region or that region, whatever the contract is that you want to establish with your users. And then behind the scenes,
00:23:36
Speaker
you will define what that composition does. Okay, so when they actually give me this contract, this API request, I will create behind the scenes everything needed. I don't know, database, with networking, with storage, with some schema, whatever that something is. So it enables you, so think of it this way, and I know that I'm going all over the place. You need to stop it. No, you're doing great. You haven't lost me yet.
00:24:03
Speaker
So what AWS is to, let's say you, and in a way what it is, is provides a service to you. That's what you can enable others to do, right? Kind of, you can create a service in a similar fashion with, by extending Kubernetes API, creating your own schemas and all that stuff and saying, behind the scenes, this will happen, but you don't care, right? You get the database. Yeah. Right. Like, to boil it down maybe to an oversimplified example, if I were
00:24:33
Speaker
onboarding new developers, I could create a composition that just says developer environment, and really I control on the backend what that means, whether that means a VM with access to data or something like that. Exactly. One way I tend to explain it is that we are all trying to create something that is at the right level of obstruction for somebody.
00:25:00
Speaker
There is a person who likes to, I don't know, compile their own kernel, right? And then there is a different level of abstraction that we would, you can call it distribution, right? No, I use Ubuntu, I'm not going to compile my own kernel, right? And so on and so forth. And the same thing is with this and say, okay, so
00:25:19
Speaker
If you want to assemble 57 different components in AWS to get the database, go ahead, right? Or I can give it to you as a service. Gotcha. Before I move on to a little bit about how it's installed in the Kubernetes cluster and things, I want to ask one more question, which is, what in your words would be the benefit of using Crops plane to manage cloud resources over native tooling from those clouds?
00:25:46
Speaker
Okay, I'm going to do something very tricky and answer it with a question. Okay, good. And either of you can answer both. Yeah, sure. What is the benefit? Are you using Kubernetes? I'm assuming in some capacity theory. Okay, what are the benefits? Why are you using Kubernetes?
00:26:02
Speaker
Bob, you want to go first? Yeah, sure. Like for me, Kubernetes, I think provides that consistent orchestration layer, right? Like regardless of where I'm running, I know I can just copy paste my YAML files and it can be deployed against any environment. I think that's consistency is the reason for me.
00:26:18
Speaker
OK, you? Yeah, for me, it's a number of things. But I'd say in this sort of context, it's definitely about having sort of a single platform, right, that I could deploy on prem, you know, give my background to where I work.
00:26:35
Speaker
as well in the cloud and utilize that abstraction layer, again, talking about abstractions, as the component that I interact with rather than necessarily having to write something like Terraform for everything.
00:26:50
Speaker
So the answer to your question, or going back to the question, is that. Yes. So actually, or to put it in another way, whatever the reasons why you're using Kubernetes for whatever you're using, let's say for your applications, packages, content, and images, those same reasons equally apply to something else.
00:27:11
Speaker
Right? Why is it better to use Kubernetes? And I'm talking about Kubernetes API now, right? And the scheduling and the control loop and the drive detection, all this stuff. They're equally valid for containers, as for Wasm, as for Lambdas, as for databases, as for other clusters or VMs. Kind of like that same logic is either good or it's not good, right? To manage something. And if it's good to manage one thing, then it's
00:27:39
Speaker
just as good to manage something else, right? It's a management, it's an orchestration, right? It's a management platform, call it what you want. But the arguments are equally valid for whatever is the good. The bad thing would be if you ask, no, Kubernetes is not good for me, then that answer would be valid for cross point as well.
Customizing and Extending Crossplane
00:27:58
Speaker
Don't go there. Just move on down the line. Exactly.
00:28:02
Speaker
Got it. Okay, great. So I want to switch gears a little bit and talk more about the specific technology and how someone would start to, I guess, use it either on their laptop or in a Kubernetes cluster. So what does it look like to get cross plane up and running? So there are three parts to it, right? There is installation of... I'm going to make a parallel bit, let's say Terraform, and I'm making a parallel without really entering into debate Terraform, this or that, right?
00:28:32
Speaker
you need to install Crossplay itself. Just as you would install Terraform CLI in this case, right? You need providers that will, because it would be silly that it already comes with those 5,000 or whatever different endpoints. So install providers and we have actually, in the past we had provided like AWS, now we split it. Now you have provider BC2 and everything related to EC2, provider RDS, AWS RDS and so on and so forth. So you can pick and choose what you want.
00:29:03
Speaker
And the third part is optional, even though everybody uses, and then you create your own obstructions, right? Just to avoid dealing with individual resources yourself. Got it. And is the cross plane component in sort of like the cluster itself done by Operator or Helm, or like how is this actually
00:29:27
Speaker
Yeah, so everything is happening inside the cluster. That's one of the big differences. We are API-based tool in a way. It's not the CLI that you can do what it can do and cannot do what it cannot do. You're interacting all the time with Kubernetes API. You want to apply this resource, you apply that resource, and then something happens somewhere.
00:29:55
Speaker
gets created, right? You want to query all EC2 instances or everything that has this label, right? So same operations that you would do with Kubernetes. And this is the good part. It is Kubernetes native. And what that means is that it works with anything else.
00:30:15
Speaker
Right. So you want, you're like, get ups. Excellent. Use, use Argo city. We don't care. It's a Kubernetes resource. You want to ship locks to lucky because that's what you're doing. Yeah. Continue doing it. Right. You like married monitoring your stuff with Prometheus continue doing it. Right. So it's very focused on certain aspect and it assumes that.
00:30:37
Speaker
you're leveraging the power of the ecosystem itself, right? So we are unlikely ever to create a special mechanism to ship your logs, kind of. Why would we? Or metrics, right? Okay. Yeah, that makes sense. So, you know, once you have the CRDs up and running, you can use the cross-plane CLI or just obviously interact with the CRDs with kubectl or the API. Yeah, kubectl, or you can package it as a Helm chart and then Helm install or ship it to Argos as to Git and then
00:31:06
Speaker
synchronize it without a consider flux. It's like dealing with any other Kubernetes resource from the operational perspective. And Victor, I wanted to ask like you said, like once I have cross-plane installed on a control plane cluster acting as a control plane and it can spin up AWS credentials, how are those access keys stored on my control plane cluster? How does cross-plane have access to AWS or Azure or other Kubernetes cluster where these workloads are actually getting deployed, right? Yeah, so cross-plane
00:31:36
Speaker
Grossman assumes that, so actually, when you install a provider, let's say a WS provider, you have provider config that said that you essentially and this is simply for the version, you say, this is the secret with micro nationals, right?
00:31:51
Speaker
And now, whether you create the secret by kubectl echo, whether you create the yaml file with the secret and then push it to git and let argocity synchronize it, if that's what you're doing, please let me know what's your repo.
00:32:08
Speaker
Or you're keeping the credential side in secret manager vault or Azure Google Cloud and then you use all. Existing boot sets will work. Yeah, again, same thing. We assume that there is a secret, how you create that secret up to you. Okay, gotcha. And the next question is more around compositions, right? I know you already spoke a little bit about compositions, but I wanted to learn more about it and also talk about what are composition functions and how are they different? I know in the recent conference that you did, that was a main topic of discussion, right?
00:32:38
Speaker
You're talking about the things that are not released yet. Excellent. You must know. So like any more around compositions, like, okay, as an admin, I'm creating those as I know I'm going into the platform engineering spectrum, but like golden parts or, or easy ways for developers to do things. Okay. And for developers and for yourself, right? I mean, the same thing.
00:33:04
Speaker
If I would go back in time and go back to the time of Terraform, right? You would be creating Terraform modules, hopefully. Now, most people never did that, which is ridiculous and probably could fill in the whole episode of a podcast why people didn't do that. But yes, you want to group things. And I think that that's partly misunderstanding of what Kubernetes is. Somehow people think that
00:33:33
Speaker
Okay, Kubernetes, I set up Kubernetes and I have a platform to do stuff. And my answer to that is absolutely freaking no. You get nothing. Kubernetes is very low level, right? It makes no sense for majority of people. So if I go to, let's say, and I'm going to ignore now cross plane completely, right? Just to switch the subject and say, hey, dear developer,
00:33:57
Speaker
You can run your application in Kubernetes. And that person would say, hey, that's fantastic. Yeah, I heard about that. That's great. How do I define the application? Then you say, no, you cannot define an application. That's impossible. I mean, in Kubernetes, out of the box. Oh, you know what? You can define a deployment in a service, in a virtual service, and ingress, and 50 other server things. That's not an application. Those are building blocks. Those are low-level details that were never supposed to be used directly.
00:34:27
Speaker
That's why I'm a big fan of Knative, right? Knative does that obstruction. It's just that Knative is opinionated. We are not. No, this is how you define application, right? And I'm going to deal with low-level details that honestly nobody cares about.
00:34:43
Speaker
Now, I'm old. If more than two minutes passes after I start answering questions, that means that I already forgot your question. I don't know what I'm asking. Sorry for that. No worries. It was more like compositions which you already spoke about. So compositions are that way to actually create something meaningful, right? To me,
00:35:03
Speaker
If I talk about applications, what applies to everything, to cluster databases, ingress and service and deployment and all those things, that's not meaningful. Create something called application or create something called backend application. That has a meaning. That is something that somebody can understand. That's what compositions do. I know you said composition functions are not yet released yet, but why the need for something new?
00:35:32
Speaker
Yes, so we had a long debate that basically when you create those compositions, right?
00:35:39
Speaker
People started making requests. Hey, this would be great, but I need to dynamically create resources through a loop. Let's say that I'm going to loop through subnets, ABC, and then I want them to be created instead of specifying it explicitly, each one of them. And that's cool. We can add loop. Why not? But then there is another request. I want conditionals. And there is another request. We want this and this and this and this and that. And then it explodes.
00:36:07
Speaker
And from mine and also other people working on it to experience, that almost always leads to that project becoming a trash can, right? When you actually, you start designing a DSL effectively and you start fully feeling all those needs. And that's a never-ending game because it's never going to end, right? It's an infinite amount of requests.
00:36:33
Speaker
Sorry, go ahead. So we started doing some of those things. And now this is not, I'm not promising anything, but it's even possible that we're going to remove some of those things we did. Because again, it's just becoming a trash can. So instead of extending the... I was going to say, to be fair, your documentation just says, also says, I'm looking at it right now, it says, the crossblade may drop this feature at any time. So it's very clear.
00:37:03
Speaker
Yeah, exactly. Exactly. So what we thought to do instead is functions that you mentioned, right? So, okay, this is the schema that is well-defined. It will not change much. This is what it does, right? And it's relatively static, right? And it's supposed to be like that. But then you can actually send
00:37:29
Speaker
use sort of a pipelining composition and say, okay, this is what the schema does, but I can take this input, pass it to a function, and function is going to send some output, right? We don't care what that output is. We expect to have a list of resources that should be created in a cluster, right? Gotcha.
00:37:52
Speaker
Now, and then if the capabilities are not there, okay, you take five resources, pass it to a function. Function is going to output modified version of those resources, or it's going to remove some of them, or it's going to add more. I don't care. It's in and out, and what you do in between, it's up to you, right?
00:38:10
Speaker
And for example, I've been like yesterday, I've been working on a function that does the example I said loop, right? I take input, I loop through it, generate some subnets or namespaces or whatever resources list, pass it back to cross plane, cross plane does the work, right? So it's a way how to extend it without creating a DSL that is impossible to comprehend at the end of the day, right? And then you as a consumer,
00:38:37
Speaker
You will have two choices, three actually. Use cross-plane composition schema as is. It works for some. Or extend it with functions that are already made by somebody else. I can imagine in not so distant future having some kind of a marketplace. When I say marketplace, I don't mean for selling, but for sharing. Or you say, hey, what I need to do has not been done by anybody else.
00:39:06
Speaker
I'm going to write a function and it's going to do that. And we are not even opinionated how you write your function. You like go, write and go. You want to use Helm to do some processing, do it, right? Q, Java, whatever you want. We just expect that there is a clearly defined input and output of that function. That's all.
00:39:25
Speaker
Yeah, I could see this really being useful almost in the security context a little bit, just where my head went, in the sense that Crossplane could have a composition that sets up some general stuff and someone could create it, but then a function could verify or tap in and check some security components or add to it or whatever it may be. It kind of magically happens behind the scenes so the developer doesn't have to worry about it.
Crossplane Use Cases and Integrations
00:39:51
Speaker
It can be anything, at least not.
00:39:53
Speaker
One example that occurred, and this is an example of something that would be silly to ever baked into cross plane itself, compositions, is that we have a person or a team or a company asking, hey, I want to go to AWS API, calculate the list of IPs that I should use in this or that, and then come back through it and use it in that definition. Yeah, no use for that to have it baked in.
00:40:22
Speaker
Well, speaking of customization, right? Say, say if I had some obscure API that would, you know, start my dishwasher, make me an espresso and fluff my pillow, could I, you know, extend cross plane to include that as a provider if I wanted to? And how does that work? You can, yeah, yeah. As long, as long as that's something, uh, has an API that the provider can cross plane can talk to. So if your espresso machine is so funky and so modern that has an API,
00:40:51
Speaker
then yes, you can do it, right? I know of an example of a provider that orders Domino pizzas, pizzas from Domino. Anything, as long, we just need an API to talk to, and that API, I mean, it can be almost any API, not really any, because we need to be able to ask for the state of that something to get the answer to know what to do with it, right? But yes. Gotcha. Okay, so Victor, I think talking about the
00:41:22
Speaker
I don't know the contributor base. I think I saw a number somewhere that there are like 1500 plus contributors to the cross-plane projects and way more users. My question was, do you see like from a persona perspective, right? Are these developers that are building these compositions and treating or using them to deploy their applications or you see more of the operations side or the SREs or the platform admins putting these out and enabling self-service for their developers? How does, who's the user here?
00:41:52
Speaker
I think that let's say the buyer, and when I say buyer, I don't mean for money, but the person who gets cross plane is more often than not, and this is not the rule, nothing guaranteed, is not the end user, but rather a
00:42:10
Speaker
uh, intermediary between cross plane and the end users, right? That's that, that person that creates those compositions, right? Um, so let's say, uh, the DBA, just to keep databases example, right? I want to enable people to, uh, manage databases.
00:42:28
Speaker
I'm interested in Crossly because it enables me to create those compositions and shift left. Now there are people who use it for themselves. We're in a company where developers have zero rights. You write no JS code. That's all you will ever do. I manage Kubernetes and then that's the end user. But it's becoming more and more popular to shift left really for many, many different reasons.
00:42:59
Speaker
Yeah, I was kind of building on that. I was kind of thinking through, and maybe you have insight into this as how often cross-plane is used directly kind of like we're talking about and or as a tool to like an internal IDP or something like that, right? Very common, very common.
00:43:18
Speaker
People would create those compositions that they find what something is, whatever that is. And then they would, now the rest depends kind of either, Hey, you just defined this YAML push it to git and the magic will happen. Very often it is combined with a backstage or port, some other front-end. So, okay, we're going to give you web UI. And that's also one of the nice things about having API.
00:43:44
Speaker
Because if you use some other tooling that are not API based, if you would want to build some, that, uh, web UI interface on top, some kind of graphical user interface, you would most likely need to hard code every single page. Okay. This is the page, how you define either this or that. Right.
00:44:02
Speaker
what you can do with crossplane, with Kubernetes in general, right? It doesn't have to be crossplane. It's that your graphical user interface becomes extremely dumb because all it has to do is go to the cluster and say, what are the CRDs you have? Yeah. Oh, sure. Yeah. Here's the list of CRDs. Show it to the person on the screen, Karo. Okay. You can create something called backend application, frontend application database cluster, right? Because those are the names of CRDs. You click that button,
00:44:29
Speaker
and then it comes the form right with all the fields but how do you get those fields you know how to call them in the app you go back to the cluster and say dear kubernetes can you please please please give me a scheme of this object right yeah and you just paint it on a screen so it becomes
00:44:49
Speaker
more native, I mean, it becomes that front-end type of development that in every, everywhere else we've been doing for many years, front-ends are dumb. They're asking APIs what to do, how to do, and so on and so forth, right? It's just the machine that calls an API and paints it on a screen in a way. I imagine the only thing that would still really need to happen there is like what data type input validation, because like to do this, the CREs don't give that information, right? In terms of like you create a form,
00:45:17
Speaker
Does it need an integer? Does it need a string, that kind of thing? Actually, schema, some things, yes, some things, no. Okay, very cool. It's open API schema when you define those compositions, and you definitely can define string, integer, this or that. You can define the values available. You can define quite a few things, not everything you will need, but that's also where very often,
00:45:44
Speaker
CrossFit is very often combined with GitOps, like Argo City Flux, with Backstage for the user interface, and then with something like Hiberno or OPA Gatekeeper for policies, right? Whatever is not defined in schema, you can define as a policy.
00:46:00
Speaker
not only a schema. So you can have a schema that says the options are ABC, but then you will have a policy that says, yes, but in this namespace, it's only A. Don't even try it, right? And then you would normally apply the policies that accompany those CRDs with policies.
00:46:21
Speaker
Got it. Very cool. I do have one thing I've kind of been thinking about this as we're asking you questions is, you know, does crossplane fall into the categorization of like digital twins in the sense that, you know, we just had a conversation about, you know, cube edge and how it's kind of creating the concept of digital twins for external
Getting Started with Crossplane
00:46:42
Speaker
devices, right? So a little sensor or something like that, but it's represented as an object or a CRD in the Kubernetes cluster.
00:46:48
Speaker
Does that ever get talked about in the sense that Crossplane is kind of creating a digital twin for something else that lives somewhere else?
00:46:55
Speaker
Very much. I wouldn't say very common because digital twin common concept is not yet widespread, but those who know it, that's one of the reasons they're choosing cross-plane. With the only small correction, it's not the CRD, CR becomes a digital twin, right? So CRD would be a shipping container, right? And then you have 5,000 CRs.
00:47:21
Speaker
that represent 5,000 shipping containers. So as long as your digital twin is not supposed to be visual and kind of like in 3D and all that stuff. I imagine most people think of just like, oh, it's just another version of me. So it's not a hologram. We don't give you holograms.
00:47:42
Speaker
Give us a year. Okay. So Victor, I think talking about these are some awesome use cases, right? I also wanted to like ask about like, what are some of the other things that people are using cross-plane for and where are the areas that people shouldn't consider cross-plane? Like I'm sure like there might be some areas where like, okay, maybe choose something else. This is not the use case for cross-plane. Yeah. So.
00:48:07
Speaker
My first criteria, the question that I actually indirectly already said early on, kind of cross plane is not for people who are new to Kubernetes, right? Or we haven't been using, oh, I discovered cross plane. This is going to be my entry point drug into Kubernetes. No. Because cross plane can be very
00:48:33
Speaker
for certain people can be very daunting, can be very scary and complicated because there are so many things happening which are very, very natural if you're familiar with Kubernetes, right? Oh, there are events and then there is a concept of parent and child resources. You know, this resource create that resource that create this resource when you want to know where is something you need to follow the trail and so on and so forth, right? Which are very, very natural if you're experienced with Kubernetes, but if you're not,
00:49:01
Speaker
Please, please don't become our user. You get lost. Probably nobody before said that in a public kind of podcast, kind of, please don't. Yeah, especially who works for the company. Honesty goes a long way. That's what I have to say.
00:49:18
Speaker
Speaking of that, then let's transition to, if people were to not follow your advice, go directly against what you just said and get started with crossplane, even if they're new, where would they get their feet wet? Where should they start? Crossplane.io has documentation. Depends what type of a person you are. If you're like reading documentation, then Crossplane.io. I will admit, documentation was
00:49:48
Speaker
horrible. I was trying to find a better word but I couldn't. I haven't heard one person like come on the show and been like our documentation is awesome. Just like waiting for that day. It was bad. It's good now. It's not perfect but it's like let's say for a year or so we put
00:50:07
Speaker
You know, uh, so documentation is fine. A lot of examples and all those things. And then, uh, I also published. So if you're more visual person, I published probably four, five, six, seven, I don't know video so far about crosswind on my channel. So that's, that's another place. And then Google is your friend.
00:50:29
Speaker
Beyond those two? Can you run it on your laptop if you wanted to get started, or do you have to have a problem? Yeah, I run it on my laptop all the time. Now, just don't install all 5,000 series. I just want to see your memory go all the way down. Or you can, I don't know, make studio with 200 gigs of RAM or something like that, then go for it, yes.
The Value of Opinionated Content
00:50:54
Speaker
Very cool, very cool. So you mentioned your YouTube channel. Can you tell us more about that? It's DevOps Toolkit, right? Yes, DevOps Toolkit, exactly. If you look for Search for DevOps Toolkit, it's almost certainly going to pop up first. Yeah, it's a hobby, right? And
00:51:14
Speaker
part of the reason it's kind of I think it's in a way special or the reason behind it is in a way special that I got sick from reading articles and watching videos and stuff like that where every single
00:51:29
Speaker
It always, did you notice that every article ends up with it depends? Yeah. And I hate that. I honestly hate kind of. Okay, so let's talk about pipelines. You can use Jenkins, you can use Travis, you can use CircleCI, GitHub Actions, Argo Workflows. And the conclusion of this is depends. It doesn't.
00:51:47
Speaker
You want someone to tell you what to do, opinionated? No, I want opinion. I like opinionated people. You being opinionated does not mean that I have to agree. It does not mean that I need to do everything you say. But I want opinionated people that tell me, this is good, this is bad, and this is horrible. How many times did you hear people say, this is really bad?
00:52:14
Speaker
Yeah, no bueno, kind of a no. It doesn't happen often, right? And I wanted to do that. And so I go through stuff. And sometimes, I don't think I have a single video that did not end up, they all end up with frozen cones. And I don't think that I had the single one that doesn't have cones, kind of. Doesn't have cones. So then your videos are going to, I'm not going to watch one. I'm just going to be like, it depends.
00:52:36
Speaker
at the end, at the very end. That was going to tell me what to do. I've done just the good marketing to lure you into the pens, yes. I've heard this argument in various forms. I think the most recent one was an X thread, which you can go down a whole rabbit hole there, but basically someone saying it'd be great if documentation were to lead with one example that works really well versus 10 that sort of work sometimes.
00:53:05
Speaker
Like don't just start with like an easy hello world example. Give me something that's complicated like that. I can follow along and then actually learn about it rather than the basic one on one use case.
00:53:16
Speaker
Yeah, and it doesn't even have to be exact. I mean, I do almost everything handsome, but it doesn't have to be even an example. It can be, okay, if you're telling me about pipelines, don't tell me that they're all equally good because that means that you never tried any of that kind of thing, right? Yeah, I'm going for SEO results. Because if you list everything, that's how you get ranked higher, right?
00:53:38
Speaker
And that can also not offend other people. Well, it's hard to do these days. Speaking of offending other people, in case you do any writing... Do you have a list of people I should be offended? No, I was like, if you don't need writing that, you may offend other people. Where can people find you and maybe some writing that you do, blogs or Slack? Don't find me. I'm a lot so...
00:54:06
Speaker
In the past, I was publishing books and writing articles. Now, I think that I'm mostly on YouTube and in conferences, in public work, and of course, kind of project themselves. But if you look for Victor Farsik or V Farsik, first letter of the name and then last name, you'll find me. I'm everywhere.
00:54:24
Speaker
He's everywhere. He's everywhere, folks. So go and find him. Very cool. Will you be at KubeCon Chicago? Oh, yeah. Yeah. Every KubeCon on all three continents, yeah, starting with Rejects. That's my favorite part of Rejects. We need to pick up some stickers, Ryan, for Crossplay and all the other projects that we have worked with.
00:54:49
Speaker
That's right. So yeah, hopefully we'll see you there. Um, we will both be there as well. And, um, I think that's, that's really all we had for you today, Victor. I think it's been really enlightening about learning more about what you're up to, what's going on with crossplane and how it works. So I wanted to thank you for being on the show again. Thank you for carrying me.
00:55:08
Speaker
All right, Bobbin, that was a fun conversation. I know Victor's always a hoot to talk to, and he's up to all sorts of fun things on YouTube. We talked about it during the episode, but go check him out. Check him out what he's up to. He does a lot of really awesome content. But yeah, what are your takeaways from the episode?
Closing Thoughts and Community Engagement
00:55:25
Speaker
I think I really like crossplane and it's time to like get my hands on again. Like I think I used crossplane like a few years back when it was brand new and they had like a cool candy stick logo or something like that. Now it looks like with the whole platform engineering movement and IDPs right crossplane.
00:55:42
Speaker
is becoming relevant and top of mind again. I know we have seen a theme in our conversations, right? At DevOps Space Boston, when we were talking to Alex, he was like, IDPs should be read only, like you don't want somebody to mess with an IDP. Victor is like, why do you even need a UI for your IDP? You just need orchestration and automation capability. So I think Crossplay definitely
00:56:06
Speaker
follows the same principles. It still gives those golden parts or composition flows for developers to deploy resources and manage their applications. But you are not forced to go to a UI to do all of those things. So I think that's the thing that stands out. And also the fact that it was built before...
00:56:27
Speaker
I don't know if it was before Kubernetes. I think it was after, but it takes care of resources that are outside Kubernetes as well. So not just a Kubernetes specific tool, but it can also help you deploy an S3 bucket or an RDS database if you wanted to using those providers that Crossplane has. So pretty cool stuff. And it's an open source project that will have its own booth at KubeCon. So you can go and ask more questions there.
00:56:51
Speaker
Yes, always a good opportunity if you are at KubeCon. Yeah, I generally think, I know I mentioned, I think during the episode, sort of the data center operating system, right? We see this kind of concept come up a lot. Kubernetes is being used for much more than just Kubernetes. I think Crossplane is a great example of that, you know, being able to, like you said, manage those things. And one thing we talked about was compositions. I thought the flexibility of compositions and to customize them is
00:57:18
Speaker
It's a really powerful tool, especially when it gets to come to IDP, right? The concept that you can say, well, I want an object that represents pretty much anything you want, but I gave you an example of a developer environment. You're onboarding someone new, you can have your IDP kind of configure what you want.
00:57:34
Speaker
in the environment, all three APIs, I think a really powerful tool, right? And, you know, that comes with complexity, right? Victor did say, you know, don't start here. But I think that comes with anything that kind of builds on an abstraction of something else complex, right? No, I like the fact that he's like, even though this is running on Kubernetes and can manage everything, but because it's running on Kubernetes, you need to understand how that works.
00:58:01
Speaker
But everything is a custom resource. There are a custom resource definition in cross planes. If you don't know what those mean, you'll have a really hard time figuring it out. There is your benefit of UI right there. There it is. You don't have to understand it if you just click a few buttons. I mean, I'm just being devil's advocate here. No, no, no. That's true, right? And again, we know backstage is super popular. And like there are vendors like VMware and Red Hat and all of those that are building these enterprise versions of backstage. So definitely like a UI helps. It's just interesting to see different perspectives.
00:58:30
Speaker
Absolutely. Cool. Well, um, you know, brings us to the end of this episode, but we'd always, as always, please join our Slack. You can find the button. Excuse me. I'm getting over a little cold. Uh, to find our slack and Kubernetes Bites.com. Uh, Bob and I will of course be at coupon Chicago. Look for our sweatshirts.
00:58:50
Speaker
Yeah, there you go. If you spot us, we'll give you some stickers. There you go. We have to have stickers in our pockets, then. That's really what I just put. Always, really, always be prepared. Like, Moist Scouts, but Kubernetes Bites version.
00:59:03
Speaker
Of course, check out our YouTube channel, subscribe there, give us some reviews, whatever it may be. We did get a few folks in Slack suggest some episodes. Awesome. Thank you. For those who did that, we will definitely get on and take that advice. Anyway, I think that brings us to the end of today's episode. I'm Ryan. I'm Robin. Thanks for joining another episode of Kubernetes Bites. Thank you for listening to the Kubernetes Bites podcast.