What does Jimi Hendrix have to do with Immutable Kubernetes? Meet Andrew Rynhard the CTO of Sidero Labs, Sidero delivers a better way to run Kubernetes. Sidero is An open source platform that delivers immutability, declarative configuration, and APIs, at every layer. In this interview sneak peek we learn more about Andrew's passion for Kernels, Immutable Kubernetes, Music, and Mixed Martial arts. Truly a unique and fascinating person!
What does Jimi Hendrix have to do with Immutable Kubernetes? Meet Andrew Rynhard the CTO of Sidero Labs, Sidero delivers a better way to run Kubernetes. Sidero is An open source platform that delivers immutability, declarative configuration, and APIs, at every layer.
In this interview sneak peek we learn more about Andrew's passion for Kernels, Immutable Kubernetes, Music, and Mixed Martial arts. Truly a unique and fascinating person!
Timeline Topics
00:00 - Opener/Sponsors
00:14 - Welcome Sidero Labs CTO Andrew Rynhard
00:57 - Andrew's Journey
05:02 - Discovering Mixed Martial Arts
08:54 - Getting into IT via Jimi Hendrix?
14:17 - From Music to hacking android phones
16:43 - Andrew's first REAL IT job
17:58 - The path less travelled... (Succeeding in IT in an unconventional way)
28:08 - Sidero Labs - What problem does it solve and why do people need it?
35:10 - Compare Talos OS vs other solutions
39:15 - What is Sidero Metal?
45:05 - Sidero Labs Open Source and Commercial Tools
46:47 - What draws Andrew to the Kubernetes community
48:51 - What work is Andrew most proud of?
Episode Links
https://www.siderolabs.com/platform/bare-metal-kubernetes-sidero/
https://www.siderolabs.com/kubespan/
https://thenewstack.io/a-guide-to-linux-operating-systems-for-kubernetes/
https://en.wikipedia.org/wiki/Cassette\_tape
https://en.wikipedia.org/wiki/Are\_You\_Experienced
Support the show by checking out our sponsors below!
***GITLAB***
GitLab is The DevOps Platform. Deliver software faster with better security and collaboration in a single platform. Try GitLab today. https://about.gitlab.com/free-trial/
***Sidero Labs***
Sidero Labs makes Talos Linux, the immutable, API managed, secure OS designed for Kubernetes. No SSH. No Systemd. Secure by design. Image based atomic upgrades. Talos Linux lets you forget about the operating system, and focus on Kubernetes and your applications.
They also make Sidero Metal, which transforms bare metal servers into your own private cloud you can create Kubernetes clusters on - even better than the public cloud providers, as it's designed for Kubernetes - declaratively managed through the whole machine life cycle..
Check them out at https://www.siderolabs.com/proof-of-concept/
***Shipa***
Do you want to give developers an internal platform to enable self-service and application observability, freeing you to focus on implementing application policies and scaling infrastructure?. That’s exactly what Shipa delivers. All you need to get started, land a win with your developers, and save you time is a namespace! Take an online tour here: https://onboarding.navattic.com/
***Teleport***
Teleport allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. You can download Teleport at https://goteleport.com/popcast
***COCKROACH LABS***
What if you could build like Big Tech? Use the same powerful infrastructure that they spent engineering centuries building...It’s actually possible now with CockroachDB.
The founders have spent the last eight years creating a cloud-native, distributed SQL database that provides the consistency, ultra-resilience, data locality, and massive scale for modern cloud applications - tech that was once only available to the likes of Google, Facebook and Netflix.
Check them out and get started for free at https://cockroachlabs.com/popcast
***SUSE Rancher Government Services***
SUSE Rancher Government Solutions (RGS) is a leader in Linux and Kubernetes management for federal and U.S. government entities. RGS leverages SUSE’s Linux expertise and Rancher’s Kubernetes excellence to provide secure open source solutions that adhere to federal compliance regulations supporting SAP HANA, HPC, cloud, edge computing and container management
***Cisco***
Check out Cisco's super informative blog https://ciscotechblog.com/
***CIVO***
Civo is an alternative to the big hyperscale cloud providers.
They've launched world's first managed Kubernetes service powered by K3s. With sub 90 second cluster launch times, a simplified Kubernetes experience,and predictable billing, Civo is on a mission to create a better developer experience.
Get $250 free credit to get started. Sign up today at https://civo.com/popcast
***Styra***
Learn how to operationalize Open Policy Agent at scale with Styra: https://hubs.ly/H0Pnkm20
POPCAST SHOW DETAILS (SUBSCRIBE!)
YouTube: https://bit.ly/3xgmmCj
Audio Podcast (Apple, Spotify, and others): http://bit.ly/35MXfte
Follow us on (Twitter): https://twitter.com/PopcastPop
Follow us on (Linkedin): https://www.linkedin.com/company/the-popcast-with-danpop
- [Narrator] This episode of the POPCAST is brought to you by these sponsors.
- Hello, everyone. And welcome to the POPCAST. This, this guy right here, him and I go back, like, literally, since I think that day one of the POPCAST you been like a fan, but also somebody I respect in the industry. This is Andrew Rynhard. He's the Founder and CTO of Sidero Labs or formerly Talos Systems. Welcome to the POPCAST, Andrew.
- Thank you. I've a long known about your podcast, and have always looked forward to talking on it, so I'm happy to finally be on it.
- Yeah, man, like I said, I want to get into like, you know, Sidero's, like, I love what you all do from jump. I think there's a niche share that you all fill that nobody does. We're going to get into it, kids. Don't worry. But I want to start with the journey 'cause you are a one interesting cat, dude. I want to know like, look, where'd you grow up and kinda like, tell me about like firsthand on keyboard all the way to where we are now.
- Yeah. Yeah, for sure. Let's see. Where do I start? I'm from the Bay Area. I was born and raised in San Jose, California. Lived most of my life there, to be honest. You know, this is kind of embarrassing to say as an adult, I've rarely even traveled outside of California. I think one of the few places I've been outside of California, actually is New York. I used to live in Brooklyn. Don't ask me the area. I never remember it, but I moved out there when I was about 15 with my mom. I didn't enjoy it. I think it's a great place to visit. And I absolutely love the food, especially if you're a foodie like me, but-
- Oh, that must've sucked. That must've sucked, like, no pizza and bagels. That was the one thing I'm sure you're like. Yeah. 'Cause it was like the New Yorkers we're like,
- Yeah. Man, I'd love to go back and get like a Mission burrito. That's my jam. Every time I go to San Francisco, I'm like, I'm getting a Mission burrito, dude.
- That's what I'm- that's- No, no, no, you're fine. Please do. That's what I missed about California a was the Mexican food. And then when I'm out here, like, I just remember living in Brooklyn. Like, I lived in this apartment where when the subway went by, the whole place would shake, 'cause it was a basement apartment. You'd step outside, and it was like totally different than California. You were able to just get anything that you wanted. There's a liquor store. There's a laundromat. There's pizza. There's Italian food. There's anything that you can imagine like 20 steps away from you. And one of the things I miss about it is that the accessibility, that's really nice. And the other thing is just, yeah, the pizza out there is phenomenal. You can't beat it. So, anyways. Yeah, I lived in New York. Don't get me wrong. I have nothing against New York. I'm just at my heart-
- No, it's where you grew up.
- Heart and soul. You know, like, it's like- You know what I mean? Like, I love San Francisco. I've been gone for 20 years. Like, you know would I, you know, I would be in the same way. I'd be like, "Yeah, maybe I can do this for some years." But like, it's the same thing. It's like, this is where your heart is. Like, you know, you know, so yeah.
- Yep. The big thing for me, you know, to be funny- The funny thing about it is that I actually just missed having like mountains around me. I'm from the Silicon Valley, so, you know, I was in a valley the whole time. I grew up with like mountains around me. And when you go back East, it's just all flat land, for the most part, right? And you're only kind of horizon scenery is, is city buildings and stuff like that. And I mean, that's cool. Like I said, it was really fun to visit and see, but to me, I like to be outside and, and like, see these, this beautiful scenery that is California. So, yeah. I lived in New York. I came back when I was, maybe let's see, I moved out there when I was 15. I came back when I was like 16. So I didn't spend a whole lot of time out there. Let's see fast forward, maybe a year. And I ended up having a kid, at 18 years old. So, I actually dropped out of high school. I got my GED. I think, I can't remember if it was a couple years after I dropped out, but I ended up having my son, Malakai, and I was living back in the Bay Area at this time by then. And I started working construction, 'cause that was just what I had to do, you know. I was doing drywall and steel-stud framings. So I really quickly realized, I do not want to do this. I don't want someone yelling at me all day, telling me what to do. You know, like, just lugging stuff around all day. I felt like, felt like it just wasn't, it wasn't for me. So, yeah. From there, I actually got into fighting, well, mixed martial arts, more specifically. Not just fighting anybody but mixed martial arts. And I was, like, maybe in my early 20s and I've always been a fan of like the UFC and the sport, in general. I remember being nine years old, watching people, just knock, just crazy stuff, stuff a nine year old, probably shouldn't be watching, the UFC. I just would totally loved it. I actually grew up right down the street from a gym called the American Kickboxing Academy, which is home to some of the greatest UFC champions ever. It was literally a mile away from me. So I ended up going to that gym and I got into Jiu-Jitsu. When I was much younger, I was actually into wrestling as well. I remember we had a wrestling program in middle school, and I excelled at it really well. I was just kind of a natural at it, but unfortunately they took the program away. And so, I kind of floated here and there with, when it came to wrestling.
- Where you a shooter?
- Like, I've always loved it.
- Or like a grappler? Like, what was your thing, man?
- Yeah. Well, I mean with wrestling, it was.
- I'm talking Greco Roman.
- It's definitely-
- Not, not the mixed martial art's.
- Yeah, yeah, yeah.
- Yeah, yeah. No, I was more of a free-style or a folk-style wrestler.
- Okay.
- I'm getting more into like the Greco Roman upper-body throws as I get older because my knees just can't take, you know, take the beating anymore. But yeah, they took the program away and I was pretty, I was pretty upset about that, but I always stayed within wrestling, for the most part, like, just in the mat, on the mats, in the room, and to in some way, shape or form. So yeah, when I was at AKA those skills really applied very, very quickly in Jiu-Jitsu. In Jiu-Jitsu, you have a lot of folks who come in there with zero wrestling background, and wrestling actually kind of gives you a great edge to kind of start with, 'cause you already are familiar with the concept of grappling, you know, positioning, controlling people, under-hooks and over-hooks, and stuff like that. And so, that translated very, very well. And I just ever since then, I've just been in love with Jiu-Jitsu. and now it's my therapy, man. It's the only thing that keeps me sain.
- That's the thing, like, I don't know if you know Tim Banks, right? Tim Banks has been on my show before. He's he's a big, you know, I mean, he's like, you know, does it, I think he's a purple belt or something like that. And he's all over it. He's been in nationals and stuff like that, but it's the same thing for him. It's completely therapeutic for him. You think about it. We deal with stress in our own ways, right? Some of us eat to deal with stress. Some of us go weight lift, right? Some of us like grapple and stuff like that. So that was the thing. Let me ask you this, in terms of the kickboxing school you went to, any other, like what big names came out? Did Ken Shamrock come out of there? I always forget. Wasn't it-
- Frank Shamrock was from out there, Ken's brother. Ken may have trained there at one point. I believe maybe even the Lion's Den, which is like an old school MMA team, may have been based out of there at some point. But you have folks like Jon Fitch and Josh Koscheck. I mean, I remember when I was there, I would see Lyoto Machida come in and you know, Jake Shields and, eventually they had Cain Velasquez, who was one of the greatest UFC Champions ever, Heavyweight Champions. And they continue that today. Khabib Nurmagomedov, Daniel Cormier, all those guys, just a really, really solid team. And, you know, I learned a lot from martial arts and from there, and it applies even to, you know, starting a company. It's just hard work. Put your head down and put your nose to the grind, and just do it. You know, you kind of get that from working at such a high-class place. It's, you know, you show up beat up, you show up hurt, and you still go in, and you still go do it. And that's kind of- I'm doing anyone a- I'm not doing anyone a favor who wants to start a company and in describing it like that, but it feels like that.
- But there's discipline to that. And we're going to get into that in a second. I want to understand, so we're at construction, we just had a kid, right? And we're like, I want to know like, "Hey, then we went to, you know, a couple of companies." Where did we get into the IT side of this? Because everybody is listening to this, is like, "This bad-ass guy over here" Like, you know what I'm saying? "How is he banging on keyboards too?" I want to hear more about that, so.
- Yeah, that's a good question. So, actually, all the while, I was always into music. I remember I was 11 years old. I always had a passion for music. I just love listening to music. And, in particular, I love Jimmy Hendrix. I remember in fourth grade I dressed up as Jimmy Hendrix's and gave an autobiography on him, or a biography. Don't ask me. I didn't pass English. But, anyways, I remember just listening to his tapes, and like, literally writing the lyrics down, and you know, Jimmy Hendrix, "The Experience," that album is, just absolutely loved it.
- I got to ask this, I'm sorry to interrupt you, but I got to ask this. So you're like, I'm assuming your mom, probably got you into this stuff. Like, we're talking about, you know, San Francisco, like, it's big. like is it your momma got you? Or you're, just like, "I love the guitar and I love Jimmy"? 'Cause I went through that same phase. I have a, you know what I'm saying? Like, I went to school for music as well. I was in a band. I played exactly like Jimmy does. I play a guitar upside down, left-handed.
- Oh, Wow! Nice.
- And, now, like, he died September 18, 1970. I was born September 18, 1976. And I like,
- Oh, wow.
- I love Jimmy. Like, I like literally like worshiped the band, like "Machine Gun," like, "Live at the Fillmore." One of my favorite albums of all time, right? So let's talk about this Jimmy thing. Like how did Jimmy come into your life? 'Cause I know how it came into mind. My brother was like, "Ah, yeah, you got to listen to this." Just like Metallic, he's like, "You gotta listen to this." It's like-
- Yeah.
- Yeah.
- So, that's a good question. We actually had a neighbor. My mom actually ran a daycare program, and one of the kids that, well, actually both of them, were part of the program, and I was friends with one of them. His name was Derek. He had an older brother named John. And I remember he got into the guitar. And I went over there and I would just listen to him play. And he's like, "Man, you got to really listen to Jimmy Hendrix." And I was like, "Jimmy Hendrix? All right, cool. Yeah." So, I went and listened to it, and I was just like, "Wow! This guy's, this guy's awesome." Just fell in love with it. So, yeah. That's kind of, you know, how I found Jimmy Hendrix.
- But Jimmy Hendrix got you into the music thing? So let's talk about like,
- Yeah.
- Okay.
- Yeah. We're going to get some IT stuff, guys and gals, everyone, folks.
- No, this is a nice change of pace for me. 'Cause I do IT all day long. It's nice to feel human again. So I appreciate that.
- That's what they do on the POPCAST. You connect to humans with the code, everybody. The humans, humans are more important than the code sometimes.
- Sometimes, yeah. So, you know, from there, I just, you know, I knew I loved music. And I tried the guitar. I wasn't very good at it. But, I also, you know, was into rap as well. And so, I remember I got this DR-202 by Roland, it's called the Dr. Groove. It's this little orange and black box. It has like 12 keys on it. And it's basically a drum machine. But you can throw it out some baselines and stuff like that. Well, my grandfather got me one 'cause I really wanted to get into music. Took me down to the place. "All right. Let's pick one." And, of course, I picked the one that's glowing orange and black. You know, as a kid it's, "Wow, this looks cool." But the thing was a little beast. I pushed that thing to the max. And so, I started making rap beats. I started listening to like 3-6 Mafia, and trying to duplicate some of the work that they did. And, just meeting friends at school, and they were rappers. And you know, this is, this all started, like, around 11 and on through middle school. And we tried to- I remember, like, we would record little, we would record songs where you, this was when tape was a thing, for the kids out there who don't know what that is. It's analog.
- We'll have a link in the notes of the episode, to what cassette tapes are.
- Yeah, exactly. So, I remember us recording over a cassette tape, and then we would actually flip the tape to the other side or sorry, we would put it in one player, play it back, and then dub our vocals onto another tape. So we were just- We were just making the best with the equipment that we had. And so, yeah. I started teaching myself how to play the keyboard from there. You know, moved on to working with an actual keyboard, a little workstation. And naturally things just progressed into like mixing and, you know, that's kind of where I'm at today. I don't play as much. I do have a keyboard here, in the background, but I really enjoy, just like listening to high quality audio and, actually mixing it, and potentially even mastering it. That's a hobby of mine on the side, that I really love.
- That's how I got into the computing thing, myself. 'Cause it's, you know, I was in a Mac lab, and we were like, I literally had to fix the Mac all the time, right? So, like, I got into that from that, 'cause it was a Pro Tools set up, and, you know, Digital Performer back in the day, which is like a mini synchronizer, and all of this. But, yep. So, so riddle me this. Like, did you, like, do this somewhat, professionally? Or it was mostly like, you know, in high school for shits and giggles?
- Not professionally, really. I tried, but I never really had the educational background to, like, go and get an actual job. I was good at it, but you know, people didn't want to hire you if you didn't have any kind of official studies in this. But, where I kind of was going with this, really is, like, in learning music, I also had to deal with technology. And so, I had to learn how to run Pro Tools. I had to learn a Mac. A Mac, that's kind of where I started learning, as well. And so, that's kind of like my introduction to technology and computers. But also, I had an Android phone. I didn't really have a Linux machine at the time. And I think the computers that I did have access to were actually just friends' computers. I couldn't afford a computer, but I did have an Android phone. And so, I started hacking that. I started rooting it, and that's actually how I got my introduction into Linux. I was like, "What? "What's Android? And what is a Kernel?" This is crazy. You mean, I could build this and run it on my phone. So I started building the Linux Kernel. I started building Android. I started modding it. I ended up writing Bash scripts. At a time, I didn't even know what Bash was. I just knew you could script it. And, you know, I started overclocking the CPU. I went through many phones because a lot of them burnt out, because I would overclock it and stuff like that. But that's kind of how music got me into technologies. Just, you know, being around a computer. And this, my curiosity, looked down at my phone, "Wow. this runs Linux. Let me see what I can do. I want to learn this." And so, actually, for years and years, that was my only access to being able to program. I would actually, like, literally write my Bash scripts on an Android phone and execute them. And that's how I learned Linux.
- That's it's insane, dude. Like, I'm just like, it's not it- And this is kind of a lesson that folks that are watching and listening to this. It's like, look, man, if you have the motivation, use whatever equipment. Think about your thing, right? Made beats, cassettes, reel-to-reel, because you want it to do this. Scrappy, man. That's scrappiness. And then, the next one, is, "Hey, look. I want to learn this. And you know, I'm using Android phones. I'm overclocking. I'm destroying them. But I'm learning the Kernel, and that's bringing me to the next step." So let's talk about like, talk about the official first job, I guess, that you had in IT, right? Like, we're hacking phones and people are like, "This kid is talented. Let's get him going."
- Yeah. So, this is- My first job in IT. So, all the while, I was, you know, I moved on from Android phones. That sounds funny. I moved on from Android phones to, you know, I actually ended up buying a server when I was in college, or what I like to call a server, It was really just a home workstation, but I threw a Linux on it, and I really got into it there. I ended up getting into UCSB for physics. That was a bad choice, by the way, I should have chosen a CS, but that's another story. I ended up getting the UCSB for physics. So I come out to Santa Barbara and I need a place to train. I need to do Jiu-Jitsu 'cause this is my therapy. I'm starting to go crazy. All I've been doing is, you know, I'm 20, let's see, I'm 26 at this time. I just got back into college after going back into, I transferred from a UC or sorry, from a community college. You know, again, I dropped out of high school. I had to work and take care of my son for some time. End up getting into the UC, came out here, and needed to do-
- I want to talk about that? I want to talk about that.
- Yeah.
- A lot of people in this field, and I've had a couple on, right? Talk about this gatekeeping function. It's like, "Oh, you need a college degree to get involved." I don't have my degree. Okay. I didn't get my high school degree. I got my GED. And I did exactly what you did. You go to community school. you go non-matric.
- Mm-mm.
- I got four rows there. And then I ended up at the school that had, you know, the music stuff, and then I ended up at NYU, after. This is what I tell people, if you have sacrificed, and you have done what we've had to do, you are so more of the grateful when you have those opportunities that you have. So, I tell folks out there. Look, if you're in, you know, a thing that you have, like you have a child, you have to take care of your child. That's way more important, right? And you know, at that time, but you also said, you know what F it. I'm going to go do my own thing too. Segue over. Go ahead.
- Yeah, no. That's a great point. I always try to, I know this is a little bit of tangent, but you touched on something real quick, I want to touch on. I always try to, like, speaking of my son and, like, going through those things and learning from them, and you're so much more grateful for them. I'm always thinking, how can I get my children to experience this? And I think, you know, I don't have the answer, but I do think, you said something very, very important. You do become much more grateful after you go to those struggles. So, you know, be happy that you're going through them because they just make you stronger and stronger. And when you get out of it at the other end, you're going to be, let's just say where I'm at today. I'm very, very happy. Even though it's not, you know, I'm not a millionaire, but I'm very, very happy with my life now, 'cause I can appreciate. You know, I was, at some point, I was living in my car, fighting. So, where I'm at today is awesome. So speaking of fighting. I was at UCSB and I ended up finding a gym out here it's called Paragon. It's a well-known gym in the Jiu-Jitsu community. I ended up going there. Long story short, I run into our CEO, Steve Francis. Steve Francis, at the time, I think he was a belt higher than me. He may even still be a belt higher than me. Sometimes, we compete against each other. Well, we always compete against each other. But, anyways. I tell him, "Hey, look. I'm actually going to be leaving soon. 'Cause I actually can't find work out here. It's really, really tough. I just dropped out of college because, you know, I just, I can't compete with these kids, in physics. I just don't- I can't." And so, he was like, "Hey, you know, I'm the Founder of a software company." "Well, okay. Cool." "Tell me about what you did?" And I started telling him all this stuff, and he's like, "Okay. Well, let me put you in touch with our operations team." And long story short, I actually ended up getting that job at Logic Monitor. And I wanna say, within nine months, I was already leading this effort to migrate their production stuff into Kubernetes. And I ended up doing it, too. So, you know, I moved really, really, really fast. I excelled really, really quick, because I was hungry and I really wanted to do this. I wanted an opportunity to show myself, because like you said, there's a lot of gatekeeping. And here's this opportunity finally, to show what I can do, even though I don't have a degree. And so, I took full advantage of that, and ended up moving over 80% of their traffic onto Kubernetes. And just leading that whole initiative. I ended up contributing to Kubernetes, contributing to Kubeadm and, just learned a ton. And that was my first IT job, ever.
- You have
- And that was, funny enough.
- two disciplines.
- That wasn't that long ago.
- You have two disciplines. I think that helped you here. And again, I'm armchair quarterbacking your life. This is your life, right? But think about it. It's like, you have the music. There's discipline there, right? And it's basically, like, there's repetition, right? There's, "Hey, I'm going to, you know, I gotta do this beat over and over. I got a Pro Tools. I gotta cut this. I wanna make sure this is perfect. And once you're dead, it's perfect." Then you got the Jiu-Jitsu. You got the wrestling. You got the grappling, right? It's like, man, you know, I have to understand my opponent. I have to understand all of these different nuance or whatever, to be able to good. Those are two things, again, from a discipline perspective that, you know, and also, the hungriness from like, like, basically, being like, you know, done with school, right? Now, you're like, "Okay. I got to excel at this." So you have three things that you think, probably with that, like, were things that, probably, were that you thought they were your detriment, were really things that inspired you, from this perspective.
- Oh, yeah. Absolutely. You got to make the best of, you know, everything's a learning opportunity. You can apply all of those things over, right? And even, you know, even in the reverse direction, as I'm learning these technical skills, it actually helps me become a better Jiu-Jitsu practitioner, a better musician, because now I'm starting to learn the value in, you know, testing things. And that sounds weird for Jiu-Jitsu but in Jiu-Jitsu, you can go in and you can say, "Okay, I have this new technique." It's about hitting that technique in a very scientific way. You can easily go onto the mat and be egotistical and say, "I'm going to smash this person," but you have zero technique. It's just a bunch of scrambling. And it doesn't look pretty. Sure, you may win, but in the technical world, you can't do that. You have to write good code. It abides by very specific laws. You know, you have If statements, and for loops, and there's syntax involved, and that very much translates over into Jiu-Jitsu. In Jiu-Jitsu, you have your fundamental positions. You have, from there, techniques and tactics that you can use, and it's about chaining them and putting them together. So, yeah, very much so. You know, everything kind of bleeds into the other, and you kind of have to mix it all up, and take the lessons learned from another and apply them to the other.
- Fantastic, man. Fantastic. And so, again, you met your CEO now, that's here, and you- So, this was at a Logic Monitor, you called it? The company was called?
- Yep. Logic Monitor.
- And from Logic Monitor, you know, you've moved, you know, you contributed Kubeadm, you did some other stuff and all that. And then, what did we do before we got to Sidero?
- Yeah. So from there, I, actually did end up moving on to Virtustream, which is the sort of the cloud-arm of Dell. I went over there to help build an internal platform as a service. I wasn't there too long, to be honest, but I did see common problems between what I was doing at Logic Monitor and what I was doing at Virtustream. And I, actually started Talos, even before I was at Virtustream, Talos Linux. And it was built to address the problems that I saw. And so, I moved over to Virtustream. And from there, I just said, "Look, I got this project." I don't know what- It wasn't called Talos at the time. I think it was called some horrible name. "I got this project. I got this code that I've been working on for some time. I think it's an interesting idea, but man, I've been working on it for the last two years. Let's see, what's going to happen with this." So, I remember, it was a Thursday night. I posted it on Reddit, and I believe it was like Valentine's day. So, yeah, that's, that's bad. Don't tell my wife that. Valentine's day, I'm sitting there thinking about my project. I post it. I go to bed thinking, I'm going to wake up and be disappointed because people are going to say, "You're, an idiot. This, you know, this is not a good idea." I ended up waking up, and it's on the front page of Hacker News. And I got all these people emailing me, and asking me about it. Even talk to a VC within that first week. And all of a sudden, I'm like, "Wow. Okay. I have an opportunity here." I have this opportunity. So, I just jumped on that immediately. I got in touch with Steve, and I was like, "Hey, what do you think of this?" He ended up putting me in touch with Saeed, Zuni. He's the CEO of an Encore. And we got a small round of funding ready to go. And within, I think maybe a month, I was a Founder. We started April, 2019.
- Incredible man.
- [Narrator] Do you want to give developers an internal platform to enable self-service and application observability, freeing you to focus on implementing application policies and scaling infrastructure? That's exactly what Shipa delivers. All you need to get started, land a win with your developers, and save your time is a namespace. Take an online tour at onboarding.novattic.com. That's O-N-B-O-A-R-D-I-N-G dot N-A-V-A-T-T-I-C dot com.
- [POP] Sidero Labs makes Talos Linux the immutable API managed secure OS designed for Kubernetes. No SSH, no system D, secure by design, image-based atomic upgrades. Talos Linux lets you forget about the operating system and focus on Kubernetes and your applications. They also makes a Sidero Metal, which transforms Bare Metal Servers into your own private cloud you can create Kubernetes clusters on. Even better than the public cloud providers, as it's designed for Kubernetes, declaratively managed through the whole machine lifecycle. Check them out at www.siderolabs.com/proofofconcept That's www dot S-I-D-E-R-O L-A-B-S dot COM slash P-R-O-O-F dash O-F dash C-O-N-C-E-P-T Check them out. GitLab is the DevOps platform. Deliver software faster with better security, and collaboration in a single platform. Try GitLab today. Go to H-T-T-P-S colon, forward slash, forward slash, about dot gitlab dot com slash free-trial. That's H-T-T-P-S colon, forward slash, forward slash, A-B-O-U-T dot G-I-T-L-A-B dot COM slash F-R-E-E dash T-R-I-A-L Check them out.
- And let's talk about you all. Let's talk about, like, Sidero Labs. What, you know, I know the problem, like, problem statement. I lived it. You know, I worked for Sistic, right? So like, you know, there's a lot of, I see a lot of insecure operating system, 9 times out of 10, if you look at this, it's like anything you're running Kubernetes on, there's no standard thing you're running Kubernetes on. You need an immutable OS, you need something that's not running system D, it's not running all of those things, right? You know, I preach that. When people are like, "Well, you know, look security isn't, just Runtime security, as much as I love my Runtime security, but it's, literally, like, it's the whole kitten caboodle, Kubernetes needs to be secure. The underlying nodes need to be secured. The OSs that are running Kubernetes need to be secure. So talk to me about, Sidero Labs. What problem does it solve, and why would somebody, who's watching or listening to this, need it?
- Yeah. So, really at the core of everything that we do at Sidero Labs is a project that we call, that I've been talking about, Talos Linux. It is Linux, basically, re-imagined for the world of Kubernetes. So, I guess if you could put it in a real simple form, it's asking the question of why do we even even need a node? Why do we even need the concept of everything that we have at the node layer, when we have Kubernetes itself? If you kind of look at it, if you look at it, Kubernetes can be seen as a computer, as a giant computer of sorts, right? The vision with Talos is that we can treat Kubernetes like that, without having to worry about the individual machines. The individual machines are just more CPU. They're just more Ram into this larger machine. And the choices that we've made at that level, at the operating system level, allow you to say, "Okay, I don't care about the node anymore." People can say that about a more standard Lenux distributions all that they want, but at the end of the day, they still have user management. They still have patch management. They still have hardening it. They still have all the ongoing maintenance burden that happens at that level. And sometimes, you have to do them just because a package, that's totally unrelated to your purposes or to your goals of running Kubernetes, needs to be updated. Why is this even a thing, nowadays? So Talos Linux was actually, it was designed from the ground up for the purposes of running Kubernetes to get rid of that problem of the node. We don't want user management. We don't want upgrade management. We don't want hardening. In fact, we want Kubernetes to kind of seamlessly go, to feel like it's just running on top of the Linux Kernel. If that's the- If we could, that's what we would want. Directly, Kubernetes on top of Linux. Just get rid of that layer entirely. But, unfortunately, we can't do that, right? And so, what we've done in Talos Linux is we've actually, we haven't gone from the direction of taking a distribution and trying to distill it down into what we need. We've actually gone from literally, a from-scratch container, because Talos is built from containers. I started with a from-scratch container, and built everything from the ground up, for the purposes of running Kubernetes. So, I started even with a minimal Linux Kernel. There's a way that you can, I don't even remember the name now, but you can do something like, make minimal configure, something to that effect. And it spits out a configuration file that builds the most minimal Kernel possible. So the Kernel, even that we have today, is through years of, just adding on what we need for Kubernetes and for our users. Even our root file system, our user space, we don't have system D. It's a completely immutable operating system. It's a 50 megabyte squash FS We have a custom PID 1, that is built for the purposes of these API-driven operating systems that we're trying to spearhead the idea in our industry with. And it's completely ephemeral. It runs completely in Ram. And so at the end of the day, if you have a node that's completely ephemeral, it's immutable. It has no Bash. It has no SSH. There's no package manager. You upgrade atomically. What is it that I possibly want to do at the node level? Well, not a whole lot, but you do want to debug. You do want to be able to get information off the system. I don't have Bash, I don't have SSH. So that's where we threw in the API idea. You can't really hop onto the box in the more traditional sense with, with Talos but you can query the API for what you need. And so, we have, you know, well-known data types and structures for getting things, like interfaces, and addresses, and discs, and CPU stats, and memory stats, everything that you typically do with this collection of Unix tooling, like Coreutils and all of that, you actually do that over the API. And so, come to find out when you have a operating system that actually has these well-known data types, you can start to build really, really complex things on top of that. And that's kind of where all of our other products go. But, that's kind of, that's kind of where we're at, right? We're an API driven operating system that is trying to make the management of Kubernetes dead-simple for people. If you no longer have to worry about the operating system, the operating system itself, actually bootstraps Kubernetes for you, and installs it according to best practices. It's secure. It's got the KSPP hardening on the Kernel. It's immutable, all these things that I just talked about. You now, only have to focus on your application. But you also, at the same time, get a degree of flexibility that you wouldn't have if you off-load this, to say, a cloud provider, right? A cloud provider is going to say, "Okay, we're going to give you Kubernetes, but you can't change these. You can't twist these knobs, and you're going to get, what you're going to get, including the CNI, in some cases." With Talos, that's not the case. We actually allow configuration, but we also have safety rails and stuff like that, in the APIs when you're trying to manipulate the system so that you don't ruin your cluster. And so, you get this managed-like experience without all the limitations of a managed solution. Does that make sense?
- Yeah, it makes complete sense. And for those listening, again, you know, the implications and you know, you all can go to Sidero Labs, and we'll have a link in the show notes of this, for you to kick the tires and kind of take a look at things that are going on. I think it's incredible. I mean, the implications too, if you think about like, you know, banks or like, you know, federal agencies, right? They want minimal, minimal, minimal, that's their whole kind of emo, right? It's basically, if you have, you know, you know, if you have like a government implementation or like they're trying to run something in a remote location, they need as little impact, as little as possible for them to run this, to me, it just seems like a freaking no brainer. But riddle me this. I mean, CoreOS had something very similar, right? You know, and you've heard of like UBI and all those types of things. How do you, you know, what are the things that like make Talos you know, Talos, like that, you know, that I would choose this over some of those other kind of more mainstream solutions?
- Yeah. I would say it's our API. And, really all the decisions that we've made that all these, well, for instance, CoreOS has made like immutability, but we've actually taken them to the next level. So CoreOS was immutable, for the most part, but there still were some writable places. It wasn't completely ephemeral; Talos is. The only thing that really writes to disc, then it needs to, because that's how it's designed. It's Kubernetes, and etcd and container D. Only slash vars writable within Talos. Well, at least it's persisted across reboots. Everything else is ephemeral or completely immutable. So you, actually can't change the system in any way. You get what you get. And you can you interact with the system, with the API. And what we'd like to say oftentimes, is that we're trying to bring the Kubernetes experience down to the node level. So actually in our PID 1, machine D, it very much acts like Kubernetes. It has controllers, and it has events, and all these things that we're building so that you can hook into that system. So as a client, I could actually then start to write operators that, not only act on Kubernetes events, but can also act on my operating systems events. And the things that you can put together, when you get to that level, are just not possible with other types of distributions, because they don't have well-known data types. You're going to be writing Ansible scripts. You're not going to be getting real-time GRPC events. You're not going to be- You know, there's just so much that you have to parse out when you have unstructured data. This is a structure around the operating system that allows you to do things that, simply weren't possible before, in a very dependable way, at least. And so, that's our big distinguisher is that we are an API-based operating system, You supply a configuration file. We have controllers that live within PID 1, very, very, you know, not different processes, but just controllers within, you know, almost like a controller manager in Kubernetes, that operates, say on the networking stack, or operate on the disc stack, or bootstrap Kubernetes. And these controllers are constantly trying to bring your operating system into the desired state. So it's completely declarative as well. So this is a big change from how we traditionally do things.
- Incredible . Civo is an alternative to the big, hyper-scale cloud providers. They've launched the world's first managed Kubernetes service powered exclusively by k3s, with sub 90-second, cluster launch times. A simplified Kubernetes experience and predictable billing, Civo's on a mission to create a better developer experience. Get $250 free credit to get started. Sign up today at civocloud.com/popcast. That's C-I-V-O dot C-O-M slash P-O-P-C-A-S-T Go check them out. What if you could build like big tech? Use the same powerful infrastructure that they spent engineering-centuries building. It's actually possible now with CockroachDB. The founders have spent the last eight years creating a cloud-native distributed sequel database that provides the consistency, ultra-resilience, data locality, and a massive scale for modern cloud applications. Tech that was once only available to the likes of Google, Facebook, and Netflix. Check them out, and get started for free at cockroachlabs.coms/popcast. That's C-O-C-K-R-O-A-C-H L-A-B-S dot C-O-M slash P-O-P-C-A-S-T. Check them out. I want to know what sit Sidero Metal is. So, you know, like I've looked at the website and, you know, I'm saying like, I get it, but I kind of want everybody else to kind of know what it is.
- Yeah. So, Sidero Metal is, basically, our Bare Metal management solution that's built on top of Cluster API, and it's built explicitly for Talos. And so again, because we have an operating system that is API-driven, we can then start to build better integrations on the tools that we then build on top of such a system. So we can, actually have, you know, Sidero be aware of Talos APIs to maybe, you know, remove an etcd member on an upgrade because we know that that machine's going to go away. Well, that's an API call. Imagine doing that with anything else. You're going to have to, you know, within the Cluster API world, you're going to have to have SSH keys. You're going to have to figure out, you know, do I need a bastion host to get there? Or, you know, I'm going to hop on in the machine, and what kind of operating system is it? Do I need to install things? What package manager is available for me? With Talos, that's not a problem. It's just a simple API call. You say, "I want this etcd member to be removed. And because maybe your larger goal is to upgrade that machine, which is another API call. And maybe if you forgot to remove an etcd member, and you lose quorum if you make this upgrade request. In the upgraded API, you'll get a failure when you submit that request, saying, "If you do this, you're going to lose that etcd quorum. We aren't going to allow this." And so, all these safety rails are kind of built into it. And Sidero is a way to, is a way to do that on Bare Metal, right? It's a way to manage your servers. You have, in fact, these are a custom resource definition within the Sidero distribution. You just could do something like, coop CTL get servers, and you can see, "Oh, I have these a hundred machines. And then you can classify them. You could say, "these Dell R630s with this type of CPU and this type of memory, I want to call those T-1 micros, or maybe these ones I want to call M-5 larges. And then you could tell us a Sidero, "Give me a Bare Metal cluster that is made up of a control plane that is from the T-2 micros. And I want five workers out of the M-5 largest." And this is all managed in a very Talos-specific way. We have APIs to bootstrap the system. We have APIs to do upgrades, so your entire infrastructure. So at this point, you no longer have to worry about, not only the operating system, you no longer have to worry about how you get the operating system installed and the management around it, thanks to Sidero Metal. And you, also don't even have to worry about Kubernetes, more or less, because that's what Talos takes care of. So your entire stack at that point is completely, like, like I keep saying, it's managed-like experience. So all you have to really focus on is what version of Kubernetes am I running? What version of Talos am I running, and is my application compatible with those APIs? And that's it. Versus the other direction, the operating system that I'm running on, is it compatible with Kubernetes? There's a lot to unpack there.
- And there's also a lot of security implications, right? Because again, not only, because we talked about earlier, it's like, if you were going to secure, if you want to have- Nothing is secure. People think, you know, Kubernetes is secure by default, and all of this. No, it's like, you have to secure the node. You've got the score of the operating system. You're handling like three-quarters of it, pretty much there, like, ya know. And riddle me this. So, in terms of this, does it also handle, like, upgrades and in-place upgrades, and all that? Or is it just, "Hey it's just the initial deployment?"
- Sidero Metal, specifically?
- Yes.
- Yeah. So you could do, it's a very Cluster API-way of doing things. We do have a way to do upgrades in-place, but you could also, in Cluster API, you could just change, like, your machine deployment definition. And if you have enough servers on hand, you can, actually then start to roll them out one-by-one, and they would be almost, almost like a deployment, within Kubernetes, being rolled out. That being said, we are working on, speaking of, you know, these operators that can live in Kubernetes and leverage the Talos APIs and all that. We are working on a controller that can actually, you know, you could say, "Take these, you know, five nodes and I want them to have this upgrade policy. I want them to only upgrade within this maintenance window. I want them on the latest version of Talos, that is stable, or the beta, or the alpha." It can do it in serial. It could do it parallel, whatever you want, but this controller will then manage and orchestrate how that upgrade should be performed. And the difference is that it's an in-place upgrade. And the important piece about that is that sometimes a switch and replace doesn't work, especially when you're running things like Rook, and you need data. It takes a lot of time to have all of that data be shared with a new member. So if you create a new node, all that data coming into quorum, it just takes you long; terabytes of data. So, yes. There is a way to do in-place upgrades as well, that we're working on, but the Cluster API way, also offers kind of like a AB switch type thing.
- Got it.
- [Narrator] Learn how to operationalize Open Policy Agent at scale with Styra. To get started, go to the link at H-T-T-P-S colon, slash, slash, H-U-B-S dot L-Y slash H zero P-N-K-M two, zero
- [POP] Teleport allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. You can download Teleport right now at goteleport.com. That's G-O T-E-L-E-P-O-R-T dot com. And so, riddle me this. So, I'm assuming there's an open-source aspect of this and then a commercial side. Can we talk about that? Or is it all like- I, just for the people listening and watching this.
- Up until maybe a couple of weeks ago, we were 100% open-source based. We have a new product that, well, a new feature, I should say, well, a product. don't know. I'm not the product guy. I'm just the CTO. But it's called Coop Span. And Coop Span is, basically, automated WireGuard. And again, because we have an API-driven operating system, we can orchestrate this in a very dependable way. And so, what Coop Span allows you to do, is to manage a WireGuard network in a very automated way. And part of that story, there's something called the Discovery Service, which we host as a public service, for free. If you start Coop Span the way you discover the other piers and you distribute all your public keys, is by using this public service and/or Kubernetes itself. But for the people that want to run this privately, that is a commercial offering. You just, basically, licensed that to you. And now you can run that Discovery Service, that's needed for Coop Span, on your infrastructure.
- Beautiful.
- And that's it. There you go. And everyone, again, we'll have links to all of this in the notes of the episode. Again, I think the- Andrew I've known for a long time and he's very immersed in the community, you know, and open-source and all of this, so like when, you know, he knows his stuff and also his team knows its stuff. So please, if you haven't already, you need to check them out. Like, now. All right. May I ask you this question? Is this. Like, what drew you to the Kubernetes community? Like what is, like- And I know you've been involved for years, just, you know, and stuff like that. And you've done so many great talks at Tubecon. We'll have some links to those as well. But, talk to me. Like, what what's draws you to the Kubernetes community?
- Yeah, actually that's what, the community. I guess, if I could put it in another way, it's the community that drew me to Kubernetes. I remember I was debating, do I want to use Docker Swarm or do I want to use Kubernetes? Or maybe I wasn't debating too much, but I had to do my due diligence and compare the two, when we made this decision at Logic Monitor. I ended up going with Kubernetes, primarily, because of the Kubernetes- Sorry. I ended up going with Kubernetes, primarily, because of the community. Just very open people. Everyone that I interacted with just wanted to help. I mean, I remember working with some of the Core maintainers, and they were just, you know, they're writing me on Slack, thanking me, you know, for, for my contribution. It was just like, "Wow. These people are really, really cool," which is something that we try to emulate within our community. You come into our community, we want to help you. We want to see you succeed. Even if that means, you know, we, hopefully our CEO isn't listening, even if we lose a little bit of money, right? Like, I'm spending time talking to these customers and users, because I genuinely want to see them be successful. I'm again, I'm a person coming from living in my car, to now I have people coming to me saying, they love my project and now they want to use it to run their multi-million dollar corporation. Of course, I want to talk to you. I mean, I'm going to talk to you. And this is the same thing that I got from Kubernetes, just a very warm and welcoming community, really.
- It's again, like you said, you emulate in your community. I did the same and I'm a contributor, right? To Kubernetes, right? And I, you know, it's the same thing I do with Falco. Right there. It's just like, I want everybody to come in and like, you know, I want people to use it, and I want people to be in, and be able to say, "You know what? This is really cool. This helps me do the thing I need to do during the day." So that's wonderful, man. Wonderful.
- I'm gonna ask you my last question here. And that's what work are you most proud of?
- Professional work or? I don't know. That's an interesting question because there's, it's hard. It's like asking me what my favorite food is because I love all food. You know, I'm proud of everything that I've done as far as, like, I'm proud of like going to school, and like, just going back to college, and being able to get into UCSB for physics. Like, yeah. I didn't get a degree from there because I couldn't hang, But, hey. I got in and, yeah. That was- I'm really proud of myself for that. I'm also proud of myself for, you know, coming all this way and starting a company, thanks to the help of a lot of people out there. And I'm also proud of myself for like, you know, my fighting stuff. That takes a lot. It's not easy walking into a cage knowing you're about to fight someone, and getting locked in there. And, you know, just, I'm proud of myself for different reasons, in all of those, really. I don't know some of those classify as work. But I guess the point of my story is, you know, you gotta be proud of yourself for all the little battles, all the little things that you win. And I don't really have a favorite because, collectively, they make up who I am.
- Well, man, we love who you are, dude. I mean, again, it's been an absolute pleasure having you on the show. And it was funny when we're out in Tubecon, and I'm like, "Dude" like, I was like, "We're going to do this, this." And he's like, "Yeah, let's do it." Like, it was like, it was so easy to plan this thing. But dude, like I said, such a pleasure to have you on the show. Thank you so much for being on the POPCAST.
- Yeah. Thank you. That was a blast.