Introduction to Kubernetes Bytes
00:00:03
Speaker
You are listening to Kubernetes Bytes, a podcast bringing you the latest from the world of cloud native data management.
Hosts Introduce Podcast Focus
00:00:09
Speaker
My name is Ryan Wallner, and I'm joined by Babin Shah coming to you from Boston, Massachusetts.
00:00:14
Speaker
We'll be sharing our thoughts on recent cloud native news and talking to industry experts about their experiences and challenges managing the wealth of data in today's cloud native ecosystem.
00:00:29
Speaker
Good morning, good afternoon, and good evening wherever you are. We are coming to you from Boston, Massachusetts. Today is July 2nd, 2026. I hope everyone is doing well and staying safe.
00:00:40
Speaker
ah Today we have another great episode lined up for you guys.
Interview with Alex Zendla, CTO of Adira
00:00:43
Speaker
An interview with Alex Zendla, founder and chief technology officer at Adira. um It will be a great conversation around community security, container security, and how we need to think about security, especially when using GPUs inside our Kubernetes clusters, both for training and for inference use cases.
00:01:02
Speaker
Should be a great conversation. So without further delay, let's get Alex on the pod. Hey, Alex, welcome to the Kubernetes Bytes podcast.
Alex's Tech Journey
00:01:10
Speaker
um Why don't you take a minute and introduce to our listeners who you are and and how did you get here?
00:01:16
Speaker
Yeah, thank you for having me on. I'm super excited to chat. um So yeah, I'm Alex Zinla. I'm the CTO of Adara. Adara is a security company. We build ah things, especially in the container security space, but more generally infrastructure security.
00:01:34
Speaker
um And I am, what am I, 27 years old now as of this month of of recording? Um, and, I have something like 13, 14 years in tech. Um, so i started very young in tech, uh, my first full-time job.
00:01:55
Speaker
It wasn't technically legally a full-time job, but I was working full-time hours, uh, uh, 14. So I started basically on my 14th birthday. ah working in tech and first in the Internet of Things. And then eventually I kind of retired after 10 years in IoT and started Adara in order to make computing more secure. of you So i ah I got my start in tech ah from Minecraft, actually. um
00:02:29
Speaker
That was really where I got programming experience. i would say before that, it was like I was a Linux sysadmin. When I was like 10, you know, trying to, ah you know, host Linux servers on the beat up laptops that I had. and um And that was kind of where my interest, I guess, in computing and like, oh, the internals of stuff matter. um But um really programming started when Minecraft came out and I started making mods. And that led me into the Java ecosystem, which actually then led me into the Dart ecosystem, which then led me into IoT, and which was a mix of Java and Dart.
00:03:15
Speaker
And then, yeah, now I'm here. That's awesome. Like that, that's, I think, so before each guest, right, I do use the AI tools and ask them like, Hey, can you help me do some background on the guests? And like one of the things, even, even Claude was like, yup, you should definitely ask Alex about her, about the early stages, because I think you are at IO like super young. And then obviously the IoT experience, it's super cool. Like, damn tech at 14. It's awesome.
00:03:46
Speaker
Yeah, I'll tell you, like, I grew up in a lower middle class environment. I did not have tech. Like, tech was not like, ah oh, I've just got all these computers. No, like, I i had a hand-me-down laptop that my dad got for free. um My dad was was worked IT at the university.
00:04:08
Speaker
So my inroad to tech, like, messing with tech was, like, at the university itself. Hmm. Um, and so that was kind of where I got to mess around with things. Um, and basically like I've told this story before on on the podcast, which is probably how Claude knows about it, because it's one of those things where I, when I said it for the first time publicly, I was like, should I be sharing this? Because I'm not sure I'll like sign something when I was a kid or not. But, ah
00:04:39
Speaker
Basically, i got in trouble with Google when I was 12 because I had a Google account before kids were, before you were supposed to have a Google account. And actually, I think it's even more restrictive now, I think, in some states, but um especially in the UK now. um But, you know, back in back in this time, I think it was 13 is the earliest you could have Google account. Well, I had been working on Chrome OS stuff at the time.
00:05:11
Speaker
And ah basically what happened is i was on the forums talking about stuff and I mentioned my age. And the forum moderators or community managers at Google, as I now know, noticed this and they go, hey, like, this isn't right. They talked to their lawyers. And basically I got a phone call with a Google lawyer and the community manager. And they were like, legally, we have to take away your Google account.
00:05:41
Speaker
However, because you're so interesting with this Chrome OS stuff, which I was just doing like shell scripting and stuff, like nothing actually interesting. um But, you know, for a kid, I guess it was interesting. yeah So they ah ah they invited me to Google I.O. So I got to go to Google I.O. 2012 for free, all expenses paid. And that was where I got my first wholly owned computer. It was a Chromebox.
00:06:10
Speaker
And I ran chroot on the Chromebox to play Minecraft. And I think I installed Ubuntu at the time. So yeah, anyway, that's ah I'm sure that's how Claude knows about that. Oh,
00:06:26
Speaker
it's It's in your model training now. yeah I didn't even have a search on. The podcast might have been a while back because the latest model doesn't know about it. Yes, absolutely.
00:06:37
Speaker
So let's talk about the data. right So can you, like you said, it is in the container security ecosystem.
Adira's Container Security Innovations
00:06:43
Speaker
We have had folks, everybody from, let's say, Armo Security to whiz before they were acquired by google to chain guard very recently and even they referred to adira and during the episode so uh what does adira do that other image scanning tools don't can you talk about that a bit Yeah, so I think it's it's really interesting. Anera is different in so many ways. And I always think it's funny that companies often model the type of person who runs them. um And ah we're very different as a company and we're also ah people-wise and we're also very different product-wise.
00:07:25
Speaker
So ah I guess an important point is that Adara was ah my co-founders, Ariadne and Emily, are actually ah came from ChainGuard prior to Adara. And um they had built, Ariadne in particular, built Wolfie, which is the base of ChainGuard images. And a Wolfie is an open source GNU, Linux distribution, la Alpine. She also worked on Alpine.
00:07:51
Speaker
And what we realized is like, okay, we've patched the vulnerabilities. We've made the pipelines to do that. We built the tech. And I'd say we as in I wasn't part a Chain Guard, so I should clarify that. But Ariadne, thinking from that perspective was like, what's next? And I had been working in IoT at the time.
00:08:13
Speaker
And iot t the IoT stands for security, as everyone says. wish There is no S in IoT. So, you know, i was really trying to solve, like, how can we make edge devices more secure? So I started building what eventually became Adair's foundational tech.
00:08:31
Speaker
And then I started talking Ariadne, and we realized, like, All this time is being spent on patching vulnerabilities. And there's recent stuff now about like, you know, you can now get patches from vulnerability before it's even disclosed and all these things. And I think that's great. Like I'm not, there's nothing wrong with that.
00:08:52
Speaker
But I fundamentally believe that the way that we actually do computing is fundamentally insecure. The fact that a patch is required to make sure you don't get completely owned is a side effect of how we build computing and infrastructure today.
00:09:11
Speaker
And the primary reason for that is in the switch from VMs to containers, we forgot that boundaries matter, that security boundaries matter.
00:09:24
Speaker
And I wanted to do something where I wanted a technology that actually gave security boundaries to containers and to other things, applications in general, that actually protected the system.
00:09:42
Speaker
and your application from each other and prevent lateral movement without the sacrifice of the various different problems that can occur when you provide isolation. um You know, if you've heard of a project like CATA or G-Visor, conceptually what I wanted to do was similar, but there was a major problem with those projects.
00:10:06
Speaker
hey they weren't really production-focused, as in they weren't really trying to make it like usable for a downstream user. it was It was a tool in the toolbox, and you sort of got to build it yourself. um And then in GVisor's case especially, but also in Kata, performance was kind of an afterthought. like It was like, hey, we need it to not be completely awful,
00:10:32
Speaker
But 30% performance impact was the norm. And yeah it's it's so silly. yeah Yeah, and no one's going to deploy it. i mean, when I see GVisor deployed in particular, it's usually as a last resort of we have no idea what to do.
00:10:50
Speaker
um And I also think GVisor's design, by the way, has some fundamental design flaws, like implementing the Linux kernel in Go is not a particularly great idea because of garbage collection and other things. And um then there's also the problem of it's running on top of the Linux kernel anyway. So there there was all these things. And and with Kata, you need a nested virtualization and a bunch of instances didn't have that.
00:11:15
Speaker
So I tried to build a technology that solved these problems. And so ultimately what Adara is, you know, we're on the Kubernetes podcast. So the most important thing is Kubernetes itself. And like, how do you integrate that cleanly? So we did a bunch of work on building out a, from the bottom up, from the hardware up, how could we run a Kubernetes kubelet, effectively, a Kubernetes node that is properly isolated. And so if you use Adara today, what you get is effectively every single Kubernetes pod is completely isolated into its own system security boundary. which gives a high degree of ah security and protects you against vulnerabilities that ah provide lateral movement or privilege escalation. And then we don't just do VMs. It's not just about, oh, you know now we have the VM boundary and that's it. We build on top of that by building out functionality that A, secures ah the system as it is. So implementing network in a secure way. And providing all of these additional functionalities and things that you can consume in your platform to be more secure. And I think that's what makes us so different is we're trying to solve it from the bottom up without making you rethink your application. Because the same image that runs a normal Kubernetes will run on Adara Kubernetes. Okay.
00:12:46
Speaker
so then a follow-up question right if if i've been using kubernetes in production for the last five years let's say if i wanted to get started with the data does that mean i have to redeploy a brand new kubernetes cluster with it installed and migrate my application like a blue green deployment and then move it over or can i do like a brown field ah onboarding of my existing clusters and make them more secure So this is the cool thing. we don't We're not a Kubernetes distribution. yeah Instead, we distribute the node images or or allow you to install on top of an existing node. And what that means is that you can effectively upgrade your existing cluster into an Adara-enabled system and get that isolation and security by default without ever having to change how you actually do things. And this is super important to the way that we think about it because other solutions that try to do any sort of security or of this form, or more often than not, it's like, you know, dev environment type stuff. yeah When you're trying to do that stuff, they either A, just install on the on the normal system some binaries and then you know, try to run, um like, additional namespaces, which doesn't really solve the problem because you still have the Linux kernel fundamentally that is monolithic and is a security nightmare in a lot of ways. um
00:14:16
Speaker
And then you have the other systems which try to, like, basically get you to use their cloud environment and then you, like, plug it in as, like, ah as an additional node. And so this creates, like,
00:14:28
Speaker
kind of the worst of all things kind of set up. And so we fundamentally believe that if you're going to do this the right way, you need to make it work with the way that people actually think about production today.
00:14:40
Speaker
yeah And this is proven true in the market because people who would normally not consider this to be an an important thing for them because, oh, it's too hard. We've made it easy enough to adopt that it actually becomes feasible for them to make their security better.
00:14:57
Speaker
and sorry good finish it though no And I think that like in today's environment, making it easy is super important. Like, and the other thing that's like kind of funny and, you know, I'm sure we'll talk about this ah later, but like with ai and, and mythos and all these things, people are, know,
00:15:21
Speaker
I don't know what's going on, but we've gotten into a little bit of psychosis where we think that like an AI agent is not just an application. But it is. And the the gap for me that I think is really funny is people think, oh, well, AI agents have this like need for a completely different permissions model and a completely different way of like running them. But actually, fundamentally, the problem was that our other applications needed this too. We just didn't care.
00:15:54
Speaker
yeah Yeah, yeah. like and the that amount of race yeah it's okay i'll write with some perimeter security and and be be saved We had a developer to blame, right? if And now we don't. And that's that's the difference. And so for me, it is very important that we think of these things as on the same playing field.
00:16:16
Speaker
And because I think if ai agents are going to be real and last a long time, they have to be no different than anything else fundamentally from how we run them. And I don't think that's making the AI agent and as insecure as our normal applications. I think that's making everything more secure, right? And so that's that's my fundamental difference in thinking and thinking.
00:16:39
Speaker
they stay in age. Interesting. So like, okay, two people can onboard their existing clusters by by installing this or or onboarding this. um Are there AMIs available if you say we you have OSs that customers can use and update their machine configs and then just be up and running?
00:16:56
Speaker
Yes. We provide machine images so that people can consume Madera and effectively it's just an AMI swap and you're good to go. We also, for people who build their own AMIs, because there are a lot of people out there that still do that, yeah um you can just hook in our installer as ah as a phase in your Packer build. Actually, we build our AMIs using AWS's Packer builds and then we build on top of them. um And actually coming soon is support for Bottle the Rocket and things like that so you can utilize those technologies as well. And I think like making that easy and flexible is super critical because if I didn't do that, i am making the infrastructure of people's lives harder. Yeah. and
00:17:41
Speaker
To me, the thing is that you need to have this be an actual technology that people can consume. Like the problem with something like CATA is that it really is build it yourself.
00:17:54
Speaker
I can't tell you the number of companies I've talked to who have teams of people that do CATA. it's and they don't want to be. you know But that's that's what they have to do because the tools that they provide aren't and aren't good enough. And I really feel like we have to think about the way that we build tech in a way that is actually easy and flexible at the same time.
00:18:21
Speaker
Gotcha. And that's a great, like, I don't know, a thesis to have and obviously help customers adopt it easily and and and simply without a lot of friction. But if we if I ask you to go into the next level of detail, right? So I did look at your documentation. There are concepts called zones and and driver zones and then workloads. Can you try help us map this to things that...
00:18:44
Speaker
Kubernetes users might already be familiar with so that it's easy for them to like just make those connections. This is an audio format. more Majority of our ah audience listen it on as as the audio format, so it would be helpful. yeah Yeah, absolutely. i think i think there's a few interesting things that we did that are very different.
Adira's Unique Security Concepts
00:19:01
Speaker
One is that Adara as a platform isn't tied to Kubernetes itself. um We built our compute platform so that it is basically an API that then Kubernetes ah can build on top of. So um the reason why we have our own concepts is because we're applying this to places that other people don't even think of.
00:19:24
Speaker
For example, we have Qvert support coming where you can actually run um Qvert. You can use Qvert, but actually the entire backend is Adara. And so applying the the same technology to multiple different areas is really important. So um the key technologies that we built um are zones and workloads. So a zone is what you would usually call a virtual machine. And the reason why we call it a zone is that it is ah it's got additional things on top of it that integrate with our platform. So for example, memory management and CPU usage management. are more than just a typical VM. We have like full external control over how much memory something is using and we can preempt and move memory around.
00:20:14
Speaker
um And then ah networking as well, similar similar story there. And then we also provide a concept called workloads that run inside of zones. And these are just containers effectively. But there's also things where you could, for example, mount the virtual machine image as a workload and run a VM, but inside of another VM. So um we provide these concepts to make things flexible because some people also just want to use their API.
00:20:44
Speaker
But when it comes to Kubernetes, what does this map to? Well, you use the same Kubernetes pods and containers that you normally do. But what we do is we map a Kubernetes pod to a zone and we map a Kubernetes container to a workload.
00:21:00
Speaker
okay And so we dynamically reconfigure your resources into a Darius system and we do all the work to map everything. And ah this is really powerful because if you have those downstream concepts, let's say that you build a workload that actually knows it's running on Adara, you can consume additional features by running inside Adara. For example, we have private zone-to-zone communication, which is quite literally like the hypervisor can mediate data transfers between zones without the host ever seeing it.
00:21:34
Speaker
And those are some very powerful features, especially when we talk about privacy and security um that people can consume on the platform. And like these nuggets you're sharing, right? Like it's just, I don't know, blowing my mind in different ways. Because before, if i if I take your hypervisor-based communication and and controlling that communication, right?
00:21:54
Speaker
we had to go into the eBPF level and then control packet transfers through eBPF rules. But now you're saying we can do it at the hypervisor layer before even the host finds out about it. So that's just, wow. Yeah. So if two things shared the same machine and secretly, like also my goal is to build machine to machine communication because that's basically what IoT is. And so in my mind, just immediately goes to that. But ah the ah the and kind of By the way, some of our tech is heavily inspired by mainframes, which I think is a really funny fact for a lot of people, um particularly message passing and various things. But yeah, eBPF is effectively the only like internal thing that you have. And what we've thought about is if you build the hypervisor tech properly, you can do these really interesting things that, especially in the age of AI, are super powerful. Like, why does an AI agent need to pass data over the network? Why can't it just create shared memory between two zones and communicate data that way? And the truth of the matter of why can't it do that is it can, but no one does because it's hard.
00:23:10
Speaker
And so we did the hard work, right? And um we have a mechanism internally called inter-domain messaging. And it's basically an RPC system that allows you to communicate between different zones. And this this is how our internal tech when we map the Kubernetes actually works.
00:23:28
Speaker
um Anyway, and there's a lot of nerd stuff at that point, but you mentioned- One more thing, right? You said you're also adding KubeWord support because again, that was another thing that that just caught my eye because there are a lot of customers, even as part of my day job but that I talked to that are moving from VMware, where VM had its own set of resources and iso complete isolation to something like KubeWord and OpenShift virtualization.
00:23:53
Speaker
But now I'm making that connection that those are just pods. And if you don't treat those- Yeah, those security aspects, clearly, you might come in with the expectation that I'm running a VM, but at the end of the day, you're not. You're running it as a pod. So making that secure is, oh, wow. Okay. yup Yeah, so so this is the interesting thing about QBIR. And...
00:24:15
Speaker
the and Okay, so lots of things going through my head about QVERT, but the biggest important point is that QVERT is just libVERT. yeah And if you've ever used libVERT before, it's great. Like, i I love VERT Manager. If you love VMs, you probably have used it.
00:24:35
Speaker
But the problem is that libVERT is a seed daemon that runs QMU. Now, QMU is great, and lot QMU developers, but QMU very heavyweight.
00:24:49
Speaker
but cumul is very heavywe It is really, it is a workhorse, and that's part of the reason why it's heavyweight, but it also can do everything under the sun. And when it can when something can do everything under the sun, it usually means it's insecure in some way.
00:25:08
Speaker
And so there's there's a lot of foot guns and things in QMU, and those things lead themselves to libvert, and they lead themselves to cumvert. And so KubeVert recently introduced a new hypervisor interface. And so we're hooking into that to actually deploy um our our system into KubeVert. And I think that's super powerful because our one thing I did not mention yet is that everything in Adara is Rust, like literally everything. And and that's not just like rewrite it in Rust or whatever. this is This is like, we did this because this was the best option. um And we care about memory safety. and And to be honest, I think not enough in the lower levels of the infrastructure today are are written in Rust. So yeah.
00:25:59
Speaker
Yep. You know, that's that's an important thing. And, you know, we built this platform to be flexible for a reason. And um and the fact that we can do QVirt on our platform is a testament to like how we built this thing. And that really just comes from, I wanted to build like fundamental technology building blocks effectively and then build on top of that rather than a ah very thin opinionated layer.
00:26:28
Speaker
Yeah. And okay. So we spoke
Security Challenges with GPUs in Kubernetes
00:26:30
Speaker
about containers. We spoke about virtual machines with KubeWord. Obviously we have to talk about GPUs. Like GPUs are an expensive reap resource. It's difficult to get the latest and greatest unless you come into like a three year usage. yes Customers that actually get their hands-on GPUs to get the most utilization out of them. Right. We see even the NVIDIA GPU operator have things like multi-instance GPU and make and They allow different pods to share the same underlying physical resource. So how do we like think about, like obviously ah ah technical details on how GPUs have evolved from their early VDI days to gaming days to crypto and to AI and now how they're being used. But also how do we secure them, right? Like how do we secure the applications sharing the resource?
00:27:17
Speaker
Yes, this is one of my favorite topics because i as I mentioned with Minecraft, was a gamer. And so my frame of reference for GPUs before they got taken over for all the things that they do now ah was rendering. And i love rendering and i love gaming tech and game engines and stuff like that great.
00:27:43
Speaker
Like if you ever look at my GitHub, you'll see that I have a ah Minecraft clone called Voxelotl. And the goal was basically i want to make a metal renderer for Minecraft like systems.
00:27:57
Speaker
And ah so I care a lot about rendering. And the truth is that GPUs, the same ones they deploy to data centers today, are still rendering machines.
00:28:08
Speaker
They fundamentally are designed to do that. Like, if they don't care about tenancy, they don't care about multiple pods. They are just there to run a single instruction ah tens of thousands of times really quickly.
00:28:26
Speaker
um One of my favorite like things trying to explain GPUs to people who don't know the difference but between a CPU and a GPU is that there is no proper branching on the GPU, at least as of the latest um information i have gathered. I'm sure that people are trying to do all sorts of crazy stuff these days, but there really is no branching on GPUs. If you ah say you write an if statement and that if statement doesn't execute,
00:28:57
Speaker
um what happens on a GPU is it just runs a bunch of no-op ah things, and instead ah instructions, instead of ah actually executing the code. So these things are designed for parallel computation. And so they don't really care about processes. They don't have a kernel. i' I'll never, like, just fun fact for you. I have to work a lot in the business space, obviously, being a founder. And so...
00:29:25
Speaker
ah it's always fascinating to me when I talk about the kernel and how many people think I mean GPU kernels. When I'm like, no, no, no, the Linux kernel. yeah And so it's a little personally annoying if you're a GPU user out there. i would love if you would put the GPU in front of kernel when you talk to business people.
00:29:43
Speaker
That would help me a lot. ah But importantly, like the the kernels that run on there are just... basically just code and GPU is just basically receiving RPCs and executing code, right? It doesn't care about processes. So when you go and apply this to a container space, you have this natural problem of you either have to assign one container to the entire GPU, you have to do MIG, which gives you a slice of the GPU, which
00:30:13
Speaker
is basically completely fake. like All it is is basically you know you can consume up to this amount of memory, but it doesn't necessarily say like this amount of memory is only for you. yup and and and then same thing for time slicing, where it's slicing up the actual execution time.
00:30:33
Speaker
All of this stuff is a software abstraction on hardware that doesn't have any idea what's going on. X86 and ARM hardware, by the way, on CPUs do actually understand the concept of processes. They have page tables and they have all these different functionalities that actually understand and build on top of it. GPUs have none of that.
00:30:54
Speaker
And so the problem that you run into is that all this data is just shared. So if you share a single GPU between multiple containers, there are so many attacks that are possible. And I'm not even talking about data leaks. I mean denial is service attacks. And a great example is that it's very common that GPUs just crash. Right?
00:31:19
Speaker
Like, you can write a GPU kernel that literally just reboots the GPU. Every time. Every time, because fault isolation is not a thing on these things. And so the problem becomes, and actually, if you remember the early days of like WebGL, like if you were around for the early browser 2011, 2012 space, you may remember that like it was not uncommon for GPU processes on a browser to crash because that was effectively the first multi-tenant use of a GPU was bringing GPUs to the web. Because before that, it was literally, I'm just running my operating system or my game on the GPU. But now it's like, oh, I have multiple contacts and yeah now I have untrusted code running on it.
00:32:14
Speaker
Well, we're here we're here and we're, right now, we're we're hitting this point in the data center space. And it's much worse because, you know, the web browser space have the advantage of controlling the API. Right.
00:32:29
Speaker
But we don't control the API today. If you load a CUDA kernel, you have basically full execution on the GPU. And so fundamentally, this is just a completely flawed way of doing computing if you care about security. And so what does Adaira think about this and how are we trying to solve it? Well, we're solving it on two fronts. One is that basically nobody in production actually shares GPUs.
00:33:00
Speaker
Like if you go talk to um any of the like major GPU clouds, Nobody is doing like, ah I'm going to partition a GPU out, except for at their lowest band where they don't really care about yeah the security, if we're being honest. um and But the the big customers, they're getting whole GPUs. Now, part of that is that one GPU doesn't really produce all that many tokens. um And so, you know, people want the whole GPU realistically. um There's also the fact that models are getting bigger. I mean, have you seen the terabyte model that just got released? ah I think it's GLM.
00:33:42
Speaker
Okay. we'll say is let's call um I think it's actually like 600 gigabytes or something like that, but it's huge. yeah um And like, how do you deal with that, right? So these GPUs are being consumed in whole.
00:33:58
Speaker
So the problem is that when GPs become a cost constraint and people's a either have a lot of them to share, which is a bubble possibility, or they become so scarce, which they arguably are right now for a certain class of people, um that you need to actually partition them.
00:34:19
Speaker
You have to have a backup plan for that. So what we are doing is focusing on pass-through. So can we pass-through a GPU into an isolated environment so that at least you don't have all eight GPUs on your GPU server all on one Linux kernel? Because, by the way, one major problem is that you can, like, segfault effectively or really kernel panic the entire Linux system through a bad GPU kernel.
00:34:51
Speaker
because ah there's so many different possible ways to break the Linux kernel when it comes to the NVIDIA driver. Now, some of this is NVIDIA driver related. Some of this is just, this is how Linux is. um But you can't really trust untrusted devices, right? Like if if you are connecting a container to a device, that device is now untrusted. Linux has no concept of an untrusted device technically.
00:35:18
Speaker
So you have to have a zone in order to isolate that. And so that's one front that we've been focused on is just a simple use case of how can you create a VM with the GPU without it ever touching the host or having the ability to break the host. So I call that fault isolation.
00:35:37
Speaker
And then the second a category of how you would run a GPU is this idea of separating the GPU driver and all the device related stuff from the actual running of the application which needs the GPU. And that's, you mentioned driver zones earlier, and driver zones are what that is. It allows you to run a zone that runs the NVIDIA driver and is connected to the NVIDIA GPU, but provides the CUDA API outwards into another zone that is actually the one controlling it. And so you have a fault isolation in the sense that the GPU driver can't be exploited. The vast majority of all of the
00:36:23
Speaker
code that is risky is actually in the GPU driver zone and the application is separate from that. And it also means that you can mitigate things like overriding the firmware of the GPU, which by the way is a really terrifying thing that you can do.
00:36:38
Speaker
You can just like downgrade the firmware of the NVIDIA GPU if you have full access. Okay. but Alex, I do need your help, right? Because um im I'm not a Linux kernel expert, so I'm trying to just ask very basic questions. yeah or We spoke about MIG and how that's not true isolation because the GPU doesn't know that these are different tenants.
00:37:02
Speaker
putting your applications in zones, is Adira taking on the responsibility to carve out the GPU? And do I need, do I still need MIG or do I just use Adira and it knows, hey, this is section A of the GPU and this zone and the workload in it is only accessing this zone, ah this section?
00:37:20
Speaker
So the first example that I provided is about full pass-through. So that's where one application provides the entire, or gets access to full GPU. This is the vast majority of where the industry is when it comes to GPU security. And that's purely just because no one has built anything better.
00:37:39
Speaker
um And the second thing that we're building that is better is about driver zones, which is this idea of if you separate the driver aspect, then you can actually apportion the gp portiontion out the GPU ah to multiple different zones and communicate through a virtual layer. And by doing that, Adara is effectively taking on the responsibility of managing the differences between everything. Gotcha. Okay. That makes more sense now. Thank you for clarifying that. Yeah, yeah, of course. no problem.
00:38:10
Speaker
And then obviously recently we also see the Kubernetes community make progress on on things like DRA. Can you give us, I don't know, an overview of what DRA is? How does that help users as well improve their posture?
00:38:23
Speaker
Yeah, so DRA stands for Dynamic Resource Allocation.
Role of Dynamic Resource Allocation
00:38:27
Speaker
It's a feature in Kubernetes, which is really cool. um The primary driver of it is that Kubernetes doesn't really understand devices. um and Before this, the state-of-the-art was something called Device Plugin, which...
00:38:42
Speaker
and is bad. Let's just put it that way. But the simple idea is that you write an annotation for a device that you want to claim, and then some magical stuff in the background eventually tells the runtime that, hey, this device node, like literally dev NVIDIA 0, needs to be passed through into the container.
00:39:04
Speaker
The problem is that this basically doesn't work for any advanced runtimes like Adara. We have to do a lot of translation and a lot of work to make that work because it's very single kernel focused. ah Also, it doesn't really understand the GPU or the device. like The GPUs can't represent themselves in and a way that makes sense to Kubernetes using this model. um And actually even worse is things like TPUs, where you have these very complex topologies that can be considered.
00:39:38
Speaker
So DRA is about providing a new resourcing system to Kubernetes for telling Kubernetes how to schedule complex device topologies.
00:39:49
Speaker
So what on earth does that mean? Well, if you have a GPU, right, that GPU is physically connected, usually over PCIe.
00:40:01
Speaker
ah and if it's connected over PCIE, that usually is tied to the MMU, or the ah memory management unit of the seat of the machine.
00:40:13
Speaker
And I'm going deep because that's how you have to be with the hardware stuff, but the the memory management... I'll ask you for an explanation again, but go ahead. Yes, yes. Well, that's where I'm about to go, so I got you. sure. The memory management unit, though, is and CPUs are not really all in the same place. So, for example, you have these dual socket CPUs, which basically means you have two CPU cores that have each their own kind of memory that's close to them.
00:40:45
Speaker
yeah And for them to access memory that is far away from them, that takes more time. But some memory is closer to them and that takes less time. In the same way, some GPUs and the the actual PCIe device are closer to some CPUs and some are further away. And this is this complex topic called non-uniform memory access. Now, NUMA is a huge mess.
00:41:14
Speaker
And shout out to Steven on our team who just wrote a bunch of blog stuff about NUMA and how we think about it and how we work on it. Because it's it's stuff that like a lot of people just kind of goes in one ear out the other, but actually has a massive impact. um Just an interesting stat for you, if your application is using memory um that is from the opposite NUMA node, so for example, if you're on CPU one, but you're talking to a memory thing that's on memory two, that can result in a 30% reduction in performance. wow And so this can be very severe and people are like, i don't know what's going on.
00:41:56
Speaker
Well, in the same way, GPUs have the same problem, right? GPUs can be connected closer to one CPU or the other. Well, DRA has to deal with that. And so does Kubernetes because it needs to know what where p NUMA ah nodes are, basically NUMA distance as it's called, um between two things. So,
00:42:19
Speaker
Pneuma is effectively represented as a number, so it's very simple. Pneuma node 0 and Pneuma node 1 are one distance apart. If you have Pneuma node 5, that means it takes approximately five times longer to get from node 0 to node 5. Now,
00:42:39
Speaker
This is a simplification, but that's basically how it works. This stuff really matters and Kubernetes has no idea about any of it. So DRA is an attempt to get this stuff better and actually treat, have systems that actually understand these resources more effectively.
00:43:00
Speaker
And then TPUs, it's even more interesting because they have these things like you can get basically a a ah kind of like a um a matrix of ah a section of the TPU. And how on earth do you represent that in Kubernetes? Yeah. And that's effectively what DRA does. And so ah using DRA with a GPU system, either like Adara or not, enables you to get better locality and better understanding of the hardware so that things can be scheduled more efficiently.
00:43:37
Speaker
Okay. And then the same logic of the the previous two points that you mentioned on how DRA can help with GPUs applied to a DRA-enabled system as well. This just makes sure that you you don't take like a second...
00:43:49
Speaker
not not second, just a penalty hit if you yeah don't provision your workloads correctly. Because again, at the end of the day, Kubernetes users don't get to make that choice, the API server and yeah have the Kubernetes control plane does. So, okay, got it. Yeah, I think an important point there is that Kubernetes wants you to forget about all this stuff, but you really can't forget, right? And that's the that's the fundamental issue of Kubernetes is like when it was all just CPU and memory, that stuff is easy to ignore.
00:44:18
Speaker
But the rest of the system, like even coming from IoT, we have serial devices because things still talk nineteen eighty s protocols. yeah And so how do you do that with Kubernetes?
00:44:33
Speaker
Good luck. Like there really is no solution except to literally just pin something to a specific node. And then you just happen to know that this exact dev node is what you need to pass through. it And so Kubernetes is, DRA is about Kubernetes growing up and understanding the world is actually a little bit too complex.
00:44:55
Speaker
Gotcha. Okay. No, thank you for that. I don't know. Lesson. And I'll say if somebody would have explained me, Numa, the way you did, I would have gotten it like 10 years back. Yeah. because Yes. Thank you. I've been to one the conferences where they did dedicated sessions around memory management and NUMA when it comes to yeah specifically focused on VMs. I tried to attend one of those and it just like went over my head. I was like, I don't know how this helps me coming from a storage background. So I just walked out and nope now it makes sense. ah okay ill I'll just one point on that. Like I think we, so,
00:45:30
Speaker
I consider myself a systems programmer in the sense that what I enjoy about programming is like the operating system layer. it's It's the hardware layer. It's the, all of that. And we are awful at communicating concepts. And I have tried my best to be good at it, and I hope that I have made a dent. But, like, NUMA is not complex on this, but it is. Like, the implementation is complex, but the way that we should explain it as system engineers should not be. And, like, I think we're going to do more content on this because um it's it's a critical part of the system, you know? Yeah.
00:46:16
Speaker
For sure. Okay, now let's let's talk about Mythos and Fable and all of the new models and maybe whatever comes after those.
Impact of AI Models on Cybersecurity
00:46:24
Speaker
um yeah like We have all seen the timeline around Anthropic and how they ah made it, like announced Mythos, but didn't release it, worked with partners, announced Fable, pulled it back.
00:46:35
Speaker
how do How do you as ah as a founder of a security company keep up with this? And if you have like the customers that you work with, when they ask you questions, how do you answer those? What are the things that people should be looking out for, especially with with these models getting more smarter on the cybersecurity front?
00:46:53
Speaker
So ah I think this drives home everything that I care about in security. And, you know, the thing, i keep repeating this to people, but I think it's really an important point.
00:47:07
Speaker
Mythos and fear-mongering that people felt, um of course some of it is hype. like no Anyone who doubts that it's like there's no hype in it is is not being truthful. yeah But the fact is that I don't care.
00:47:26
Speaker
I don't care if it's hype or not because what will happen is psychologically people will care more. And the fact is that not enough people actually care about vulnerabilities. And so there's like, i will say, i am very deep in Linux kernel stuff. And every day I find something in the Linux kernel where I'm like, I cannot believe that this is how this works.
00:47:54
Speaker
And there have been multiple times we've, I think I have at this point, like three or four kernel CVEs that are like properly mapped to me. um I think there's probably more that haven't been.
00:48:09
Speaker
But like, what's interesting to me is like, we've forgotten how bad everything is. And so my argument for why people should care about mythos a is very simple.
00:48:21
Speaker
That even if it's hype, people are not going to treat it like it is. yeah And so that results in two things. One, vulnerability researchers who are humans are going to find more vulnerabilities and basically you just up the competition.
00:48:37
Speaker
And let me tell you, I know some vulnerability researchers, they need their $200,000 payments so they can go party next year, right? So they're going to go find more vulnerabilities, ai or not.
00:48:49
Speaker
And the other thing that's really critical is that if Mythos does find bugs, which I think nobody can sit here and tell me it hasn't found anything, um all of those bugs are very severe. And my analysis based on seeing Ariadne actually had access on our team to Mythos because of ah ah some very cool things with the Linux Foundation and some of the things it found are like, oh, okay, like this is a thing that no human would have really thought of.
00:49:24
Speaker
And the attack chains that it can come up with are complex. And i think I'm quoted and wired somewhere of something like, ah I said, like, if you have, Mythos is basically a thousand vulnerability researchers working 24 hours a day, but um but on one single system, yeah right?
00:49:47
Speaker
Like you multiply that by the number of projects involved in the average Linux distribution, and it's just insane. Right. So in my opinion, it's a very, very big deal.
00:50:00
Speaker
And it's not just because it makes the security stuff more important. It's because i really care about not getting hacked. yeah I don't want my bank to get hacked. And the fact is that if they don't take this seriously, they will. Right.
00:50:18
Speaker
So, and who knows when this is released, what will happen with Claude, because chaos is happening. But what I will say that's really interesting I...
00:50:32
Speaker
i i First off, I'm one of the signature signers, I guess, of ah Free Fable or whatever it is. um And I think it's it's either Free Fable Free Mythos. But um I firmly believe that the government action that was taken was the wrong move.
00:50:51
Speaker
ah And the fact is that pausing access to one model is not going to help When someone else goes and develops the same thing, because the truth of the matter is that there really isn't a really big moat around these models. So, you know, there's, I mean, i will say that Anthropic is by far the most interesting AI company out there right now, in my opinion. Yeah.
00:51:17
Speaker
But, you know, it's just a matter of time before, you know, I think actually two days before this, there was like a distillation um ah thing that happened where Alibaba distilled a part of clod. And so there's all these things that are happening and the the risk is high. So I consider the risk real. I think that what's happening regulation-wise with it is insane because Because don't think you solve anything by ah by restricting access to this stuff.
00:51:52
Speaker
But how do how do architects plan for it, right? Like if I'm an infrastructure admin, Kubernetes or not, right? Like how do we how do I plan for a world where all of all of the different layers in my stack will get exposed? How do I, like, I don't think about it Well, you can never move at the pace that it can find vulnerabilities. And that is to say, like, sure, you can get, you know, CV, low CV images. And you should do that, by the way. Like, I don't want you running a vulnerability in production, just because, you know, some distribution hasn't updated it.
00:52:31
Speaker
But you need to fundamentally build towards a world where everything can go wrong because it's always been able to go wrong. But the heightened ability for it to go wrong now is real.
00:52:45
Speaker
yeah And so that means architecting your systems as securely as you possibly can. um secure by design is more important than ever. And when I think, by the way, that secure by design has had a huge marketing problem because it wants you to do this like shift left thing and all of that, and which I think was probably a bit of a failure. And the thing is that putting the onus on developers or whatever doesn't help. What we should be doing, and and I get in trouble a lot for this because
00:53:19
Speaker
I realize sometimes that I'm talking to the developers, but I'm just as often talking about the systems engineers who I wish would do things differently. um And so when I say these things, I don't mean you as an application developer are the problem.
00:53:35
Speaker
um But I think we as software engineers have to think about how we build software differently. differently and build in a more secure way. And that means infrastructure doing things like what we do at Adara, where we think very low level and we reduce layers of the stack. Adding complexity and abstraction helps no one when it comes to security. if We have gotten to the point now where the average application developer has next to no idea about the actual low level parts of their system. And to some degree, I'm glad because that opens up the ability for more people to understand and build applications. But it also means that when you have seven layers of stack in between things, no one cares about the security And i gave a really interesting talk once about how layers of the stack lead up to good or bad security outcomes. If the Linux kernel is bad security-wise, it makes your application bad security-wise. um
00:54:39
Speaker
So to me, we have to start caring about all the things that can go wrong and find and build infrastructure to make it ah feasible to actually mitigate those things. Yeah. Because... we are la right like not just murphy's law this is like yes i know the yeah blood times too yes exactly like we have hit a point where you can't really wait on this stuff yeah and and by the way like i'll tell you one thing that draws me nuts about
00:55:10
Speaker
this is when people say proactive security every proactive security tool i have ever seen has always been actually reactive you and And I believe that Adara and tools in that space are the real proactive tools. and And although I might be biased, I strongly consider, I want people to actually consider it. Because like, if you build your system appropriately, it is proactive because the vulnerabilities have a reduced impact. But if you are just constantly reacting to every new vulnerability by patching it, you will never solve a single problem in your life.
00:55:55
Speaker
No, that that makes perfect sense. I don't know. that that's like i mean My next question is going to be, what's next for Adira?
Future of Adira's Security Technologies
00:56:02
Speaker
Or where where do you see this this growing? But I think that's a great place to, like i don't know, for me to bring up the last and the last question, unless you wanted to add something. i know we have all more time.
00:56:13
Speaker
No, I'll just give a very brief answer that what's next for Odara is we're going to continue building real real security technologies and infrastructure technologies. And um I will never ah give up on making sure that things are easy to use and consume because that is what I think is most critical for our product.
00:56:33
Speaker
Awesome. No, thank you so much, Alex. Where can people learn more about Adira and any links that you want to share the the Minecraft fork that you've created? Yes. So if you go to my GitHub, github.com forward slash azenla, you can find some of that stuff. ah you can also go to github.com forward slash adera-dev.
00:56:52
Speaker
Um, There's also, i'm on BlueSky as alex.zemla.io. That's probably the best place for you to keep up with my day-to-day if you're interested. um It's everything from like what movie I'm watching to to what crazy code thing am I doing. um And then in terms of Adara, the best place aside from our GitHub is adara.dev and our blog. um Our LinkedIn is also very, very packed full of like actually interesting stuff. We're not just like constantly advertising to you. Like we're actually talking about Numa and stuff like that. So yeah, definitely give that a look and give us a follow-up.
00:57:34
Speaker
Awesome. Thank you so much, Alex, for joining us today. i Would love to have you again at some point in the future for sure. Okay. That was a great interview. Hope you guys liked it as well. I liked how Alex broke down complex concepts around security, why we need to assume breach when thinking about newer models like Mythos and Fable. How do we prep for that? um And how can Adira help upgrade your security posture, especially um on on your existing Kubernetes clusters, right? So no need to like create new clusters and then migrate your workloads, but how you can upgrade your nodes, use the new AMIs, update your machine configs and and get it up and running for a better security solution for your existing production deployments.
00:58:16
Speaker
We do have similar episodes lined up with practitioners from our ever-evolving ecosystem. So I would really appreciate if you can like, share, and subscribe the podcast subscribe to the podcast on Apple Podcasts, Spotify, and even on our YouTube channel. um And with that pitch, it brings us to the end of another episode.
00:58:35
Speaker
I'm Pavan, and thank you for listening to the Kubernetes Bytes podcast.
00:58:42
Speaker
Thank you for listening to the Kubernetes Bytes podcast.