>> Announcer: theCUBE presents Kubecon and Cloudnativecon Europe, 2022. Brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in Kubecon, Cloudnativecon Europe 2022. I'm Keith Townsend and alongside Enrico senior IT analyst for (indistinct). Welcome back to the show Enrico. >> Thank you again for having me here. >> First impressions of Kubecon. >> Well, great show. As I mentioned before, I think that we are really in this very positive mood of talking with each other and people wanting to see the projects, people that build the projects and it's amazing. A lot of interesting conversation in the show floor and in the various sessions, very positive mood. >> So this is going to be a fun one, we have some amazing builders on the show this week and none other than William Morgan, CEO of Buoyant. What's your role in the Linkerd project? >> So I was one of the original creators of Linkerd, but at this point I'm just the beautiful face of the project. (all laughing) >> Speaking of beautiful face of the project Linkerd just graduated from as a CNCF project. >> Yeah, that's right so last year we became the first service mesh to graduate in the CNCF, very proud of that and that's thanks largely to the incredible community around Linkerd that is just excited about the project and wants to talk about it and wants to be involved. >> So let's talk about the significance of that. Linkerd not the only service mesh project out there. Talk to me about the level effort to get it to the point that it's graduated. You don't see too many projects graduating CNCF in general so let's talk about kind of the work needed to get Linkerd to this point. >> Yeah so the bar is high and it's mostly a measure, not necessarily of like the project being technically good or bad or anything but it's really a measure of maturity of the community around it so is it being adopted by organizations that are really relying on it in a critical way? Is it being adopted across industries? Is it having kind of a significant impact on the Cloudnative community? And so for us there was the work involved in that was really not any different from the work involved in kind of maintaining Linkerd and growing the community in the first place, which is you try and make it really useful. You try and make it really easy to get started with, you try and be supportive and to have a friendly and welcoming community. And if you do those things and you kind of naturally get yourself to the point where it's a really strong community full of people who are excited about it. >> So from the point of view of users adopting this technology, so we are talking about everybody or do you see really large organization, large Kubernetes clusters infrastructure adopting it? >> Yeah, so the answer to that is changed a little bit over time but at this point we see Linkerd adoption across industries, across verticals, and we see it from very small companies to very large ones so one of the talks I'm really excited about at this conference is from the folks at Xbox cloud gaming who are going to talk about how they deployed Linkerd across 22,000 pods around the world to serve basically on demand video games. Never a use case I would ever have imagined for Linkerd and at the previous Kubecon virtually Kubecon EU, we had a whole keynote about how Linkerd was used to combat COVID 19. So all sorts of uses and it really doesn't, whether it's a small cluster or large cluster it's equally applicable. >> Wow so as we talk about Linkerd service mesh we obviously are going to talk about security, application control, etcetera. But in this climate software supply chain is critical and you think about open source software supply chain, talk to us about the recent security audit of Linkerd. >> Yeah so one of the things that we do as part of a CNCF project and also as part of, I think our relationship with our community is we have regular security audits where we engage security professionals who are very thorough and dig into all the details. Of course the source code is all out there, so anyone can read through the code but they'll build threat model analysis and things like that. And then we take their report and we publish it. We say, "Hey look, here's the situation." So we have earlier reports online and this newest one was done by a company called Trail of Bits and they built a whole threat model and looked through all the different ways that Linkerd could go wrong and they always find issues of course, it would be very scary, I think, to get a report that was like, no, we didn't find- >> Yeah everything's clean. >> Yeah everything's fine, should be okay, I don't know. But they did not find anything critical. They found some issues that we rapidly addressed and then everything gets written up in the report and then we publish it, as part of an open source artifact. >> How do you, let's say, do they give you and adds up something? So if something happens so that you can act on the code before somebody else discovers the- >> Yeah, they'll give you a preview of what they found and then often it's not like you're going before the judge and the judge makes a judgment and then like off to jail, it's a dialogue because they don't necessarily understand the project. Well, they definitely don't understand it as well as you do. So you are helping them understand which parts are interesting to look at from the security perspective, which parts are not that interesting. They do their own investigation of course but it's a dialogue the entire time. So you do have an opportunity to say, "Oh you told me that was a a minor issue. "I actually think that's larger or vice versa." You think that's a big problem actually, we thought about that and it's not a big problem because of whatever. So it's a collaborative process. >> So Linkerd been around, like when I first learned about service mesh Linkerd was the project that I learned about. It's been there for a long time, just mentioned 22,000 clusters. That's just mind boggling- >> Pods, 22,000 pods. >> That's pods. >> Clusters would be great. >> Yeah, clusters would be great too but it filled 22,000 pods. >> It's a big deployment. >> That's a big deployment of Linkerd, but all the way down to the smallest set of pods as well. What are some of the recent project updates some of the learnings you bought back from the community and updated the project as a result? >> Yeah so a big one for us, on the topic of security, Linkerd, a big driver of Linkerd adoption is security and less on the supply chain side and more on the traffic, like live traffic security. So things like mutual TLS, so you can encrypt the communication between pods and make sure it's authenticated. One of the recent feature additions is authorization policy so you can lock down connections between services and you can say Service A is only allowed to talk to Service B and I want to do that not based on network identity, not based on like IP addresses, 'cause those are spoofable and we've kind of like as an industry moved, we've gotten a little more advanced from that but actually based on the workload identity as captured by the mutual TLS certificate exchange. So we give you the ability now to restrict the types of communication that are allowed to happen on your cluster. >> So, okay this is what happened. What about the future? Can you give us into suggestion on what is going to happen in the medium and long term? >> I think we're done you know we graduated, so we're just going to stop. (all laughing) What else is there to do? There's no grad school. No, so for us, there's a clear roadmap ahead continuing down the security realm, for sure. We've given you kind of the very first building block which at the service level, but coming up in the 2.12 release we'll have route based policy as well, as you can say this service is only allowed to call these three routes on this end point. And we'll be working later to do things like mesh expansions so we can run the data plane outside of Kubernetes, so the control plane will stay in Kubernetes but the data plane will, you'll be able to run that on Vms and things like that. And then of course in the, we're also starting to look at things like, I like to make a fun of (indistinct) a lot but we are actually starting to look at (indistinct) in the ways that that might actually be useful for Linkerd users. >> So we talk a lot about the flexibility of a project like Linkerd you can do amazing things with it from a security perspective but we're talking still to a DevOps type cloud of developers who are spread thin across their skillset. How do you help balance the need for the flexibility which usually comes with more nerd knobs and servicing a crowd that wants even higher levels of abstraction and simplicity. >> Yeah, that's a great question and this is what makes Linkerd so unique in the service mesh spaces. We have a laser focus on simplicity and especially on operational simplicity so our audience, we can make it easy to install Linkerd but what we really care about is when you're running it and you're on call for it and it's sitting in this critical, vulnerable part of your infrastructure, do you feel confident in that? Do you feel like you understand it? Do you feel like you can observe it? Do you feel like you can predict what it's going to do? And so every aspect of Linkerd is designed to be as operationally simple as possible. So when we deliver features, that's always our primary consideration, is we have to reject the urge, we have an urge as engineers to like want to build everything, it's an ultimate platform to solve all problems and we have to really be disciplined and say we're not going to do that, we're going to look at solving the minimum possible problem with a minimum set are features because we need to keep things simple and then we need to look at the human aspect to that. And I think that's been a part of Linkerd's success. And then on the Buoyant side, of course, I don't just work on Linkerd, I also work on Buoyant which helps organizations adopt Linkerd and increasingly large organizations that are not service mesh experts don't want to be service mesh experts, they want to spend their time and energy developing their business, right? And building the business logic that powers their company. So for them we have actually recently introduced, fully managed Linkerd where we can take on, even though Linkerd has to run on your cluster, the sidecar proxies has to be alongside your application. We can actually take on the operational burden of upgrades and trust income rotation, and installation. And you could effectively treat it as a utility, and have a hosted-like experience even though the actual bits, at least most of them not all of them, most of 'em have to live on your cluster. >> I love the focus of most CNCF projects, it's peanut butter or jelly, not peanut butter trying to be become jelly. What's the peanut butter to Linkerd's jelly? Like where does Linkerd stop? And some of the things that customers should really consider when looking at service mesh? >> Yeah, now that's a great way of looking at it and I actually think that philosophy comes from Kubernetes. I think Kubernetes itself, one of the reasons it was so successful is because it had some clearly delineated boundaries. It said, "This is what we're going to do. "And this is what we're not going to do. "So we're going to do layer three, four networking, "but we're going to stop there, "we're not going to do anything with layer seven." And that allowed the service mesh. So I guess if I were to go down the bread of the sandwich is Kubernetes, and then Linkerd is the peanut butter, I guess. And then the jelly, so I think the jelly is every other aspect of of building a platform. So if you are the audience for Linkerd most of the time is a platform owners. They're building a platform an internal platform for their developers to write code and so, as part of that, of course you've got Kubernetes, you've got Linkerd, but you've also got a CICD system. You've also got a code repository that's GitLab or or GitHub or whatever, you've got other kind of tools that are enforcing various other constraints. All of that is the jelly in the, this is analogy it's getting complicated now, and like the platform sandwich that you're serving. >> So talk to us about trans and service mesh from the, as we think of the macro. >> Yeah, so it's been an interesting space because, we were talking a little bit about this before the show but, there was so much buzz and then what we saw was basically it took two years for that buzz to become actual adoption and now a lot of the buzz is off on other exciting things and the people who remain in the Linkerd space are very focused on, "Oh, I actually have a real problem "that I need to solve "and I need to solve it now." So that's been great. So in terms of broader trends, I think one thing we've seen for sure is the service mesh space is kind of notorious for complexity, and a lot of what we've been doing on the Linkerd side has been trying to reverse that idea, because it doesn't actually have to be complex. There's interesting stuff you can do, especially when you get into the way we handle the sidecar model. It's actually really, it's a wonderful model operationally. It's really, it feels weird at first and then you're like, "Oh, actually this makes my operations a lot easier." So a lot of the trends that I see at least for Linkerd is doubling down on the sidecar model trying to make side cars as small and as thin as possible and try and make them kind of transparent to the rest of the application. >> Well, William Morgan, one of the coolest Twitter handles I've seen at WM on Twitter, that's actually a really cool Twitter handle. >> William: Thank you. >> CEO of Buoyant. Thank you for joining theCube again, Cube alum. From Valencia Spain, I'm Keith Towns, along with Enrico's (indistinct) and you're watching theCube, the leader in high tech coverage. (upbeat music)

>>The cube presents, Coon and cloud native con Europe 22, brought to you by the cloud native computing foundation. >>Welcome to vincia Spain in Coon cloud native con Europe, 2022. I'm Keith towns alongside en Rico senior. Etti senior it analyst for giong welcome back to the show en >>Rico. Thank you again for having me here. >>First impressions of QAN. >>Well, great show. As, as I mentioned before, I think that we are really in this very positive mode of talking with each other and people wanting to see, you know, the projects, people that build the projects at it's amazing. I mean, a lot of interesting conversation in the show floor and in the various sessions, very positive move. >>So this is gonna be a fun one. We have some amazing builders on the show this week, and none other than William Morgan, CEO of buoyant. What's your role in the link D project? >>So I was one of the original creators of link D but at this point I'm just the, the beautiful face of the project. >>Speaking of beautiful face of the project, linker D just graduated from as a CNCF project. >>Yeah, that's right. So last year we, we became the first service mesh to graduate in the CNCF. Very proud of that. And that's thanks, you know, largely to the incredible community around Linky that is just excited about the project and, you know, wants to talk about it and wants to be involved. >>So let's talk about the significance of that link D not the only service mesh project out there. Talk to me about the level effort to get it to the point that it's graduated. That's you don't see too many projects graduating CNCF in general. So let's talk about kind of the work needed to get Nier D to this point. >>Yeah. So, you know, the, the, the bar is high and it's mostly a measure, not necessarily of like the, the project being technically good or bad or anything, but it's really a measure of maturity of the community around it. So is it being adopted by organizations that are really relying on it in a critical way? Is it, you know, being adopted across industries, you know, is it having kind of a significant impact on the cloud native community? And so for us, you know, there was the, the work involved in that was really not any different from the work involved in, in kind of maintaining ity and growing the community in the first place, which is you try and make it really useful. You try and make it really easy to get started with you, try and be supportive and to, you know, have a, a friendly and welcoming community. And if you do those things and, you know, you kind of naturally get yourself to the point where it's a, it's a really strong community full of people who are excited about it. >>So from the of view of, you know, users adopting the, this technology, so we are talking about everybody, or do you see really, you know, large organization, large Kubernetes yeah. Clusters infrastructure adopting it. >>Yeah. So that's the answer to that is changed a little bit over time. But at this point we see Linky adoption across industries, across verticals, and we see it from very small companies to very large ones. So, you know, one of the talks I'm really excited about at this conference is from the folks at Xbox cloud gaming, who talked about, who are gonna talk about how they deployed Linky across, you know, 22,000 pods around the world to serve, you know, basically on demand video games, never a use case I would ever have imagined for Linky. And at the previous Kuan, you know, virtually Kuan EU, we had a whole keynote about how Linky was used to combat COVID 19. So all sorts of uses. And it really doesn't, you know, whether, whether it's a small cluster or large cluster it's equally applicable. >>Wow. So as we talk about link D service match, we obviously are gonna talk about security application control, etcetera. But in this climate Software supply chain is critical, right. And as we think about open source software supply chain, talk to us about the recent security audit of link dealer. >>Yeah. So one of the things that we do as part of a CNCF project, and also as part of, I, I think our relationship with our community is we have regular security audits, you know, where we, we engage security professionals who are very thorough and, you know, dig into all the details. Of course the source code is all out there, you know, so anyone can read through the code, but they'll build threat model analyses and things like that. And then we take their, their report and we publish it. We say, Hey, look, here's, you know, here's the situation. So we have earlier reports online, and this newest one was done by a company called trail of bits. And they built a whole threat model and looked through all the different ways that Linky could go wrong. And they always find issues. Of course, you know, it's, it would be very scary, I think, to get a report that was like, no, we didn't find yeah. Earth clean, you know? Yeah. Everything's fine. You know, should be okay. I don't know. Right. But they, you know, they did not find anything critical. They found some issues that we rapidly addressed and then, you know, everything gets written up in the report and, and then we publish it, you know, as part of an open source artifact >>Are, you let's say, you know, do they give you and add something? So if something happens so that you can act on the code before, you know, somebody else discovers the >>Yeah, yeah. They'll give you a preview of what they found. And then often, you know, it's not like you're going before the judge and the judge makes a judgment and then like off the jail, right. It's, it's a dialogue because they don't necessarily understand the project. Well, they definitely don't understand it as well as you do. So you are helping them, you know, understand which parts and, and your, you know, are, are interesting to look at from the security perspective, which parts are not that interesting. They do their own investigation of course, but it's a dialogue the entire time. So you do have an opportunity to say, oh, you told me that was a, a, a minor issue. I actually think that's larger or, or vice versa. You know, you, you think that's a big problem. Actually, we thought about that, and it's not a big problem because of whatever. So it's a collaborative process. >>So link D been around, like, when I first learned about service me link D was the project that I learned about. Yeah. It's been there for a long time, but just mentioned 22,000 clusters. That's just mind boggling pod, 22,000 pods, the pods. Okay. >>Clusters would be >>Great. Yeah. Yeah. Clusters would be great too, but filled 22 thousands pods, big deployment. That's the big deployment of link D but all the way down to the small, smallest set of pods as well. What are some of the recent project updates from of the learnings you bought back from the community and updated the, the project as a result? >>Yeah. So a big one for us, you know, on the topic of security link, a big driver of link adoption is security and, and less on the supply chain side and more on the traffic, like live traffic security. So things like mutual TLS. So you can encrypt the communication between pods and make sure it's authenticated. One of the recent feature additions is authorization policy. So you can lock down connections between services and you can say service a is only allowed to talk to service B. And I wanna do that. Not based on network identity, you know, and not based on like IP addresses, cuz those are spoof. And you know, we've kind of like as an industry moved, moved, we've gotten a little more advanced from that, but actually based on the workload identity, you know, as captured by the mutual TLS certificate exchange. So we give you the ability now to, to, to restrict the types of communication that are allowed to happen on your cluster. >>So, okay. This is what happened. What about the future? Can you give us, you know, into suggestion of what is going to happen in the medium and long term? >>I think we're done, you know, we graduated, so we're just gonna >>Stop there's >>What else is there to do? There's no grad school, you know? No, no. So for us, there's a clear roadmap ahead, continuing down the, the security realm, for sure. We've given you kind of the very first building block, which at the service level, but coming up in, in the two point 12 release, we'll have route based policy as well, as you can say, this service is only allowed to call these three, you know, routes on this end point and we'll be working later to do things like mesh expansion so we can run the data plane outside of Kubernetes. You know, so the control plane will stay in in Kubernetes, but the data plane will, you'll be able to run that on VMs and, and, and things like that. And then of course in the, you know, we're also starting to look at things like I like to make a fun of WAM a lot, but we are actually starting to look at WAM in, in the ways that that might actually be useful for Linky users. >>So we talk a lot about the flexibility of a project, like link D you can do amazing things with it from a security perspective, but we're talking still to a DevOps type cloud of, of, of developers who are spread thin across their skillset. How do you help balance the need for the flexibility, which usually becomes more nerd knobs and servicing a crowd that wants even higher levels of abstraction and simplicity. >>Yeah. Yeah. That's a great question. And this is, this is what makes Linky so unique in the service mesh spaces. We have a laser focus on simplicity and especially on operational simplicity. So our audience, you know, we can make it easy to install Linky, but what we really care about is when you're running it and you're on call for it and it's sitting in this critical, vulnerable part of your infrastructure, do you feel confident in that? Do you feel like you understand it? Do you feel like you can observe it? Do you feel like you can predict what it's gonna do? And so every aspect of Linky is designed to be as operationally simple as possible. So when we deliver features, you know, that's always our, our primary consideration is, you know, we have to reject the urge. You know, we have an urge as, as engineers to like want to build everything, you know, it's an ultimate platform to solve all problems and we have to really be disciplined and say, we're not gonna do that. >>We're gonna look at solving the minimum possible problem with a minimum set of features because we need to keep things simple. And, and then we need to look at the human aspect to that. And I think that's been a part of, of Link's success. And then on the buoyant side, of course, you know, I don't just work on link day. I also work on, on buoyant, which helps organizations adopt Linky and, and increasingly large organizations that are not service mesh experts don't wanna be service mesh experts that, you know, they wanna spend their time and energy developing their business, right. And, and building the business logic that powers their company. So for them, we have actually re recently introduced, fully managed. Linky where we can take on, even though Linky has to run on your cluster, right? The, the, the, the sidecar proxies has to be alongside your application. We can actually take on the operational burden of, of upgrades and trust, anchor rotation, and installation. And you can effectively treat it as a utility, right. And, and, and have a, a hosted, like, experience, even though the, the actual bits, at least most of them, not all of them, most of 'em have to live on your cluster. >>I love the focus of most CNCF projects, you know, it's, it's peanut butter or jelly, not peanut butter. Yeah. Trying to be become jelly. Right. What's the, what's the, what's the peanut butter to link D's jelly. Like where does link D stop and some of the things that customers should really consider yeah. When looking at service mesh. >>Yeah. No, that's a great way of looking at it. And I, I actually think that that philosophy comes from Kubernetes. I think Kubernetes itself, one of the reasons it was so successful is because it had some clearly delineated, it said, this is what we're gonna do. Right. And this is what we're not gonna do. So we're gonna do layer three, four networking. Right. But we're gonna stop there. We're not gonna do anything with layer seven. And that allowed the service mesh. So I guess if I were to go down the, the bread, the bread of the sandwich has Kubernetes, and then Linky is the, is the peanut butter, I guess, and then the jelly, you know, so I think the jelly is every other aspect of, of building a platform. Right. So if you are the, the audience for Linky, most of the time, it's a platform owners, right. They're building a platform, an internal platform for their developers to write code. And so, as part of that, of course, you've got Kubernetes, you've got Linky, but you've also got a C I CD system. You've also got a, you know, a code repository, if it's GitLab or, or GitHub or wherever you've got, you know, other kind of tools that are enforcing various other constraints. All of that is the jelly, you know, in the, this is, analogy's getting complicated now. And like the, the platform sandwich that, you know, that you're serving. >>So talk to us about trans and service mesh from the, from the, as we think of the macro. >>Yeah. Yeah. So, you know, it's been an interesting space because we were talking a little bit about, you know, about this before the show, but the, there was so much buzz, you know, and then what we, what we saw was basically it took two years for that buzz to become actual adoption, you know, and now a lot of the buzz is off on other exciting things. And the people who remain in the Linky space are, are very focused on, oh, I actually have a, a real problem that I need to solve and I need to solve it now. So that's been great. So in terms of broader trends, you know, I think one thing we've seen for sure is the service mesh space is kind of notorious for complexity, you know, and a lot of what we've been doing on the Linky side has been trying to, to reverse that, that, that idea, you know, because it doesn't actually have to be complex. There's interesting stuff you can do, especially when you get into the way we handle the sidecar model. It's actually really, it's a wonderful model operationally. It's really, it feels weird at first. And then you're like, oh, actually this makes my operations a lot easier. So a lot of the trends that I see at least for Linky is doubling down on the sidecar model, trying to make side cards as small and as thin as possible and try and make them, you know, kind of transparent to the rest of the application. So >>Well, William Morgan, one of the coolest Twitter handles I've seen at WM on Twitter, that's actually a really cool Twitter handle. Thank you, CEO of buoyant. Thank you for joining the cube again. Cube alum from Valencia Spain. I'm Keith towns, along with en Rico, and you're watching the cube, the leader in high tech coverage.