0:25 Yeah. Welcome back. The screen is bright. Rawkode Academy shining light. Another Monday, live and loud. Joining the cloud native crowd. Got a new tool on the scene today. Up bright. So grab your coffee, settle down. Best tech stream in the whole town. Rawkode live is on the air with card knowledge we can share. Let's get it started. Feel the buzz. Yeah. Card and K, it's because. There's just because it speeds up the oh, here we go. Hello, and welcome back to the Rawkode Academy. This is Rawkode Live, and I am your host, David Flanagan, also known across the Internet

2:54 as Rawkode. And that was the most awkward two minutes and fifty seconds of my life because for some weird reason, I could not hear the music and just had to wait patiently for the stinger. Fortunately, I have two fantastic guests joining me today who kinda filled me in as we went. Rawkode Live is all about taking a look at cloud native technology to make your Kubernetes and cloud native lives a little bit easier. And today, we're taking a look at a project from the team called and guiding us on our journey today. Two fantastic guests. Hello, Martin, and hello,

3:28 How are you? Good. Very good. You know, just let's assume the audience hasn't met you before. Can you please take a minute? We'll start with you, Martin, and then move down away just to say hello and share anything else you wish to share before we kick off this great session. Sure. Big fan. I've watched quite a few of the episodes. Talk about that later. Martin Sadler, I do a lot of things with products now over at Morentis. Before that, I was at Weaveworks where we played with something called GitOps and then helped Stefan and team

4:07 get Flex up and running over ControlPlaying before hopping over here to Marentis. Awesome. Thank you. Yeah. Yeah. I've watched a lot of, Rawkode Academy stuff. I mean, I've known David for I think five years now since I joined the community. I was working at Harness be before that, data kiosk data on the Litmus Kiosk project, which hopefully graduates soon. But then post that last year, I joined Randy and the OSPO team at Mirantes, Martin, everyone. And right now, I'm closely working with the and communities. And, again, love what Rawkode has been doing for the community.

4:49 Yeah. Well, you're both far too kind, but I really appreciate that. Thank you so much. And I appreciate you both taking time out of your day to sit down and help show me and the audience some awesome technology. So we've now said Cordon three times, which means that in Candyman style, it should jump through the mirror and say hello to the audience. But before they do that, they should know what they're getting involved with today. Can one of you or both of you just take a minute to explain what the Cordon project is and the problem that it solves?

5:17 Sure. I'll take a stab at this one. What Cordon is, it is a thinking about cloud native over the last ten years where we've grown, complexity has continued to just get more and more complex. Right? We all know this. There's lots of tools. More tools are coming as CNCF grows at a steady state, And that's very good. The challenge comes in when you try to then glue those things together. So the concept of Cordant, it's a play on Hitchhiker's Guide to the Galaxy. So it started off as something called Project 2A. 2A is hexadecimal four forty two.

6:13 So people were having a a bit of a good time. But we were very serious about what it was that we wanted to do. How do we make Kubernetes flexible, simple, still able to do all the complexities that you wanna do. And that's what we're doing. Sure. That's usually with Kubernetes, it's name those three things and then pick half of one. Are you saying that's not the case today? I don't know. I I think there's a lot of lessons learned that we've been able to apply. I'm I'm pretty chuffed with where the project is right now. I'm I'm

6:49 pretty happy with doing it. I think we brought in a pretty pretty good team of you know, I've got all the the wars, the scars, more wounds from from Weaveworks with Weave GitOps Enterprise, with Weave Cloud, and we have the same thing for MKE, you know, the Marantis Kubernetes Engine, Harness, as you know. So lots of experience and and trying to think about if we had to do this over again, how would we do it? And this is our our view of what that looks like for Kubernetes. Okay. So, obviously, the name has that k zero,

7:32 Arden, and and there's another moment as open source project called k zeros. How do these two correlate, work together, compete against each other? How how what's the landscape look like from the moment as stack? Oh, yeah. Sure. So moment as, you know, initially started off with OpenStack. And then, you know, as we started getting into cloud native, we started creating products initially around MCC seven years ago, I believe, maybe eight at this point in time. You know, we did absorb some of Docker. So we we did that. So we we had, a platform based around Swarm. So that's MKE

8:18 three today. So it's we still provide it. It's still in demand. The next release of MKE is MKE four, and that one is is Kubernetes based. But it is it is a different product set trying to do different things. And then we also have, k z r s. I'll talk about that a little bit more in-depth because it is really a core component of Cordant. Our we have another product called MSR, and that's Harbor. And we we, you know, do a lot of upstream work there. So pretty broad, grouping of products. What Cordon is trying to do

9:05 is create a template by design. Right? So take everything that we do, and the inspiration is not something that we invented. Inspiration comes from really smart things everybody did before. So for example, Cluster API, foundational for us doing that. We looked at different projects around services and how do you capture Kubernetes state. And that's why we looked at Svelteus and said, This is a good way for us to start the project. And then with observability, it's really selecting some of the pieces that are working really well in the community. So Victoria Metrics, as an example.

9:51 Open cost is another one. And then being able to put this together into three components: Kubernetes Cluster Manager, Kubernetes State Management, and then Kubernetes Observability and FinOps. So those are the three pillars. And it's all template based. So instead of, for your cluster deployments, you would typically have, what, six, seven YAML files that you probably have to edit and work on. We take that, create a template of it, and now it's one YAML file. Well, it's it's one YAML file, but it is still compliant. It still, you know, follows the APIs, is well understood. There's not a new language to learn,

10:44 and and you can and you can go with it. I'll I'll show some diagrams here in a second. But we're trying to apply that theory across the board. And the foundation of that today is K0S, so our Kubernetes distribution, our open source distribution. It's formally just gone into the CNCF. We're really happy about that. And and then we've built on top of that. So Cosmetron being able to bootstrap and then build up from there. Alright. Yeah. A lot of moving parts, but hopefully a lot of complexity wrangled. I mean, you mentioned the your Mirantis engine

11:27 v three, which was Docker Swarm based. And Mhmm. I think back to you know, I don't even know when it was. Let's say ten years, nine years, something like that. Swarm was simple, and it worked. And I'm not saying Kubernetes is crap because, you know, it's been a big part of my career for the last ten years. But at the same time, it's a completely different path and not the one I wanted to take back when I started doing all this stuff. Now yous have both been in this space a long time too. Like, how how did we end up

11:55 here with this? Everything's configurable. Everything's you go template nested in a YAML. I don't wanna say a bad word. Right? But it's it's not easy. The complexity of cloud native is probably at the highest it's ever been. And you mentioned the landscape and you said it's growing at a steady rate. I mean Yeah. I think it's worth. I think it's exponential. I mean, every time you look at that landscape, it's, you know, it's just going bigger and bigger and bigger to the point where the jokes aren't even funny anymore because we can't print it out anymore

12:23 to make the joke. It's too big. So Yeah. Yeah. I I'm just curious. Like, it's always important to take a look at projects that are trying to manage the complexity and provide abstractions, opinions, and make it easier. Right? And I'm hoping that that's what we're gonna see today. But I'm just curious on, you know, two people that have been in this industry a while, especially in this space. Like, how did we get here versus what was the simple path? I sort of get it myself. I mean, I I think part of it is that Kubernetes is a project of projects

12:51 in a way, really, and it's a welcoming community too. We could have been very, very strict in one function is only handled by one of the projects, right? So you'd have Flux or Argo. You would have you know, it's the the the point is that we welcomed in so many, and we've created all this complexity because of it. Right? And I think that's that's the biggest challenge. I I would actually blame sidecars for a lot of this. But we make it incredibly easy for anybody to develop something and get it functioning and working in Kubernetes, and then

13:44 getting it into incubation, getting it sandboxed, all of that. So I think complexity is actually a benefit. It's diversity, but it's gotten very, very complex. You're right. I I think that was a great line. I'm gonna steal that one, actually. I'm I'll rephrase it slightly, but, you know, what was it you said? Complexity is is choice. You know, we have the freedom to swap out any single component of a Kubernetes cluster that we can. As you said, multiple get out providers, multiple service mesh providers, multiple logging and open telemetry back end, all this stuff. We have so much choice.

14:21 But sometimes when you're learning this stuff, you need someone's opinions to guide you. So with that, do you want to share some screens and examples of what we're gonna be looking at today with Cardan, or do you want me to dive straight into the documentation and talk about it as we go? What's your preference? No. Let me let me actually share Yeah. Of course, man. An overview. Nothing ready here. Where did I can find my slides. Think as Martin finds out his I mean, shares his screen and shares his slides, I would like to add something to

15:09 what we were discussing about the landscape and how complex it has become. I think, to be honest, the community or we as as a whole, as an entity is to be blamed to make the landscape more complex because, you know, a lot of things that Kubernetes helped resolve and provided in itself created those complexities. And I believe as a community, we were not able to resolve it or because we were so conflicted, we moved on to make so many more projects. And every aspect or every problem that Kubernetes threw to the community, it had to become a

15:48 separate project. That is how the whole landscape of the business has grown and everyone has come up with their own project. And as, you know, Martin spoke of that Flux and Orgo or maybe, you know, each and every project is I mean, there's different service meshes, policy, resilience, testing, incident management, storage, DNS. So I I still feel that a lot of it could have maybe become part of the Kubernetes community itself or could have been resolved with special interest groups. But then, again, people focused more on expanding the landscape. And although as as as I agree with

16:32 David where, you know, choice makes the community diverse or makes it, like, better, but I I I still feel that, you know, it it it'll keep growing because, you know, there are multiple projects coming in, people separating from communities and building their own projects, try basically trying to create problems for Kubernetes to, again, solve them. That's that's how things look right now. And that is where, you know, you'll you'll see more things getting conceptualized even what we are talking about, Codent as a tool. A lot of people are talking about platform engineering today, which I believe existed forever, but

17:14 now it has become a niche or in itself a concept. So, yeah, I I personally feel that it will keep growing and we'll see more sub projects becoming concepts and then maybe becoming one added conference or topic or colocated event for a KubeCon, you could say. Yeah. Yeah. With that, I'll I'll Yeah. You're % Correct. Right? I mean and this isn't even a new problem. How many distributions of Linux do we have? How many configuration management tools did we have in the early two thousands? Like, developers just like to hack on stuff, and then you've gotta find out which one's the

17:53 right one and which one's the wrong one. Did you find your slides? Yeah. I did. I'm trying to see if I can share the screen. Oh, fingers crossed. Yeah. I always be careful about sharing. See if that does that actually work? Yes. I see a card and architecture overview, not your bank details. So I'm gonna hop over. No. It yeah. It's not that. It's careful keeping your slide decks in the public folders of your company because people will modify them. So fortunately, I had an archive. So we're fine. I'm only gonna use this just for visual

18:37 cues. So that's what I like to do. You know, this is a tech talk, not a sales talk. But I think it's very good to sort of try and establish what is Cordant today. Cordant today, it's essentially three pillars: your cluster management, your service management, and your observability. And the way that you can think about it is very much, what is a cluster? That's what KCM solves, right? So it does the provisioning. It manages the lifecycle. We use CAPI because we're not reinventing anything new. We're sticking as close to open source as possible. It also does some of the initial integration

19:26 work. The second one is our state, so coordinate state management. And this is what runs on the cluster. So what's actually running inside of it? And we have a concept of something called VJET services. But essentially, is Kiverno running in it? Is NGINX Ingress in it? All of these different components, that's a responsibility for KSM. And then what are my clusters? How are they performing and how much is it costing me? That's the third pillar. And those three combined with the catalog, because everybody has a catalog these days, pretty useful, really forms what Cortant is for us.

20:19 And the way that we do this is we just focusing in on something like, the cluster management here, we've taken the cluster API, and we've created templates for as many of the common CAPI providers that we believe everybody wants to to have. Cordon, again, you know, it's less than a year old. We have AWS. We've got Azure. We've got quite a few. One of the things I worked on very, very quickly when I got here is to make sure that we had SSH or something, so we have that as well. But the goal here is

21:06 define everything in a YAML file, which you have here. I'm just looking at my screen over here. And you can see it is production cluster template. The environment is production. We version it so that it's immutable, this template, and then you would update the version to get to the next one. This one specifically is around AWS. So it's AWS credentials. You define all of the VPC, CNI, Selium, etcetera. And that really is I mean, what is that? Seven YAML files typically that you touch to be able to do this? So that's that's the the idea here in

21:55 that you can define these templates and then literally swap out AWS for Azure or for SSH or for wherever it is that you that you would like to use leverage. Fallback is SSH right now. We've had our first open source contribution for Hertzner, I think, for Hertzner. But, again, if you're gonna be on something like Scaleway, we don't have anything yet for it, but we do have the SSH provider to be able to to get you moving. Nice. Yeah. So that's that is what we've done. It's interesting that you mentioned Hetzner and. Don't wanna make any assumptions to see where

22:41 you're at in London, but let's assume you were. I was. A lot of the conversations that were happening that entire week were European people trying to get off of US hypervisors onto these smaller European clouds. Like, data sovereignty was a very, very big topic. I'm sure AWS and GCP are the one that's talking about this, but it it was. And a lot of people were like, I need, you know, scale. We have an ElasticMetal project. How do I use it with Kubernetes? And the answer right now is the hard way. And it's the same with Hertzner's bare

23:11 metal and OVH's bare metal and all these other things as well. So Exactly. There there's a big space right now for these companies to get involved with these open source projects that do support CAPI and make their clouds sustainable for people adopting Kubernetes without all of the crazy complexity. Yeah. I I could go off on a wild tangent on I I do sound I do sound American, but that's only because I lived there for twenty years. And I've been back fifteen years and I still haven't lost the accent. So I thought you started English. Was like completely

23:43 wrong. Oh yeah. No, I'm English. You're one of the first Anyway, no, data sovereignty is a big thing. I think that one of the challenges that, some of the cloud providers in Europe have is that maybe they lack the scale, perceived scale. I wouldn't say it's real. But there's a challenge in that, well, if I put everything in scale way, then how do I set something up in The UK, or how do I do something else? Important is because we do this templating, it is literally changing one YAML file and renaming that service template, the cluster template,

24:33 to reflect that infrastructure provider. Okay. Yep. We we've got a lot of interest. A lot of people are asking us about how to do this. So service templates, same sort of thing. Again, you know, the structure is starting to look familiar. Deployment methods, helm charts, raw Kubernetes manifests, and operator based deployments. So we support as many as possible. We also have a project called Recustomize so that if you have your clusters handcrafted because of your expertise or used something else, it will extract, it will re customize your cluster, provide that, and then you can then use

25:27 that to provision through KSM into your coordinate cluster. So there are ways to be able to do it. Again, immutable versions with your upgrade paths, and we'll talk a little bit about control and data access and things like that. Configuration management, templated values always, environmental overrides, and then drift detection, all of the benefits that you get from the Svelteos project, because when we started, we adopted Svelteus to help us manage state. That doesn't mean that you're locked in. And one of the reasons why Svelteus was very appealing, at least for me personally, was to ensure that we did not lock

26:22 ourselves into either flux or into Argo. Because depending on who you are, you might have a preference for one or the other. And this is sort of the one of the core fundamentals for Cordant is while Svelteos handles the management of templates at the at the platform engineering team level, one of the service templates is also Flex CD. Another of the service templates is Argo CD. So your development teams, your individual clusters can provide Flex or Argo, right? And we're trying to approach it across the board this way. So another example, Kiverno or OPA Gateway,

27:14 right? Gatekeeper, right? Yeah. Gatekeeper. Yeah. Would I say gateway? K. This is my first computer I ever had. Yeah. Gatekeeper. Those, you know, we give choice. Right? Yeah. I think that's a very balanced approach. I mean, my opinion is unless they're a bit spicier. I always say if if anyone's using Argo, they're using the wrong tool for the wrong reason. FluxCD just got so much right that I think people need to pay more attention to they go to Argo for the UI and then don't realize how it works under the hood is very different to FluxCD.

27:50 But that that's just my take. You know? You get what you want people, but, yeah, check your flux. I think think flux is I think flux is very, very good. I'm personally invested in that thing. So I I think I think we'll always have opinions in Kubernetes, and that's what makes Kubernetes interesting and actually fun to fun to be involved in. Right? Personal the personal opinion there. Yeah. I think I think your audience is starting to pick up the same thing again here, and that is, again, it's another template. It does you know, focuses in on on metrics

28:38 and logging. Cost is one of the more complex things, and we're working very hard. Right now, we're working with the open source you know, the open cost project and looking at how we actually invest a little bit in there as well to, help solve some of the some of the minutiae of of getting your billing data, into into the platform. I mean, you can upload as you know, you can upload these things with the c CSV file, but that means that your data needs to be correct. And what we'd like to do is be able to improve the already great

29:22 API support that everybody has out there, which make it all that much better. Alright. So you got the cluster manager, you've got the state management, and you have observability. And those are those are sort of the three the three tiers. Nice. So I'll try and recap that in one sentence to make sure I've not got anything completely wildly inaccurate. But the three components seem to be responsible for providing a wrapper around cluster API with some sort of opinions on how to get a cluster with less opinions on how to compose that together. So the opinions are, if you

30:02 need to deploy it to GCP or AWS, we've got a template for that, but you still get to pack each individual component. And then we have the service catalog, which allows us to understand what is running in each cluster. And then there's the observability part saying, okay. Are we doing this in a way that is efficient, and are we doing this in a way that isn't gonna bankrupt the business in six months' time? Because you're trying to tackle quite a lot of that life cycle of a Kubernetes cluster, which is a very ambitious task. Yeah. Is that close enough to correct? That's

30:30 yeah. That's that's spot on. And I I think already you're gonna have, you know, some of your audience already call out, then how do you actually control that environment? And coordinate coordinate is very much focused on very much focused on where'd he go? Very much focused on fleets. I hate the term fleet. I absolutely guessed it. But the thing is, if you have one Kubernetes cluster, two, three, four, you're fine. Once you start scaling beyond that, that's when you start having issues. I think that one of the reasons why we've overused namespaces is because it's been so difficult and challenging to actually

31:22 run clusters effectively, destroy them, bring them back up. So my preference is lots of small clusters, not one big cluster with a lot of namespaces in it. And Cordant helps you able to do that so you can do it very quickly. We've spent a lot of time building out our RBAC credentials. I mean, it's all there on GitHub for everyone to view. But what it allows us to do with these templates is then we can gate these things. So you have the concept of platform engineering, and you have the select few in platform engineering who

32:00 create these templates. They'll create the cluster template. They'll create the service template observability. And then your platform team would work with the development environment, developer team. And then you might only give that development team enough to change one or two of the variables in your template that they can change. And so what that means is that you have a way to actually establish control of your Kubernetes environment but still be able to empower development teams, DevOps teams to be able to, you know, toggle, you know, how many nodes are gonna be spun up or whatever the context is that you that you

32:51 want to be able to provide them. So I think that is also sort of a critical piece of Cordant that we took a lot of time thinking about. Alright. Yep. Sweet. I think we've got enough context there where we should get hands on, show people how to get started, and then take a look at some more concrete examples as we move forward. So I am going to share my screen now Okay. And go to the docs. Alright. And I'm gonna follow along. My docs here too. Alright. And there we go. Back over here. Let's get

33:36 my screen up there. Really need to find a way to make this less clicky and go. Alright. So I've got .io. That is k0rdnt. K 0 r d e n t I o. The links, of course, will be in the description after the fact. We're gonna click on documentation and quick starts, I'm assuming, or if I gotta do something Yep. First. Right. Let's go to let's go to quick starts. So we need to get an environment that allows us to use Cardan. We need a Kubernetes cluster for hosting Cardan itself and a cloud environment to deploy our

34:18 workload clusters. I'm just gonna use the CAPI terminology here. I don't know if Cardan has something of its own. No. We use CAPI. Absolutely right. And then use Cardan to get that managed cluster for us. So this is where I always regret my choice of Linux distribution, but hopefully, can get through this. Next. I see it. I've got a laptop with on it. I don't use it that much. So so the first step you have to do is you if you see where it says quick start, see first set up a management cluster. Yeah. So I could just use

34:56 kind for that. Right? That's what you're suggesting here too. Perfect. Alright. Let's do card then. How long? I'll run dev in it because, of course, I don't actually have any tools installed in this wacky box. But, hopefully, that won't take more than a few seconds. I mean, there's nothing in it. I don't know why it's taking so long. Come on. I should've ran this twenty minutes ago. Alright. There we go. And let's pop this open. So for anyone who's not familiar, dev env is just what is next massacre issues because we don't install stuff. I'm gonna remove all this stuff. We'll send

35:41 this in. That's too much. There we go. And I'll remove all this nonsense so that I'm not polluting your screens with things you don't need to pay attention to. So we do need some packages to have get. I also don't like that syntax. We want kubectl. We want kind. We probably need helm. I'm just gonna add a few things. I don't know if we need these, but put them down. Do I need anything else beyond that? Is there a coordinate CLI that I'm going to need? You you'll you'll do a curl and pull it down, and it'll it'll

36:21 it'll grab what you need. And just I I will check and see. I I'm assuming it's not here, but you know? Yeah. No. Okay. Maybe we'll we'll add that. Alright. So that gives me, hopefully, the tools that I need. Just this mean that I'm not switching between terminals too much. I can start to reload this. And I have KubeControl helm, and I should oh, what? I just off. I do this every single time. It's the wrong helm. Helm and and next is some weird tool. So I do that all the time, which means this has to be Kubernetes helm.

37:05 Like so. So if it reloads, it should get us the Kubernetes helm, which is probably the only thing I don't have cached. It's I don't ever use helm. I'm not a big fan. But, again, that's a space to take for another episode. It's funny. I I'm not quite a fan either. Kite cluster. Create oh, create cluster. Right? There we go. And, hopefully, that won't take too long. What we can do in the interim is pop back over here. My cluster is spinning up. We need k zeros. Why do I need k zeros? It's just to

37:52 install the the the management cluster. There are other ways to doing it of of using something else. Mhmm. You don't have to, but it's just this is the quick start. So that's why in the documentation, we have we have it like that. Woo hoo. We have a next package. Alright. So let's add k zero CTL. Reload. And that should give us what we need there. So we have a cluster. We've got k zeros. So I don't need to do this, but I am gonna have to run the k zeros install the controller. So I'm curious. Why

38:37 does my k zeros, which is gonna deploy something to my Kine cluster, require a pseudo at the start, or is that just over permissive dot? I think it you need I think it's just being slightly aggressive. Oh, wait. Is this the new oh, that's not an alternative to a cluster? No? Kind. Kind create cluster. Yeah. I'm confused. Because we have a get nodes. It's our kind cluster. I could use case to spin up another cluster. I'm gonna skip it just now. We can come back. Okay. Let's see. Let's just let's think. Let's see maybe the docs saying you

39:26 can do one or one or the other way because I don't wanna make too many assumptions. But, yeah, I'm gonna I'm gonna skip over it. We've got kube control. We have a kube config. If I need to, I can run get nodes. I'm happy. Alright. There's Helm. I've done it. I'm not happy, but I've done it. Now we want to install cord into the cluster. So Helm install, this is the KCM. So it's a cluster manager deploying from an OCI image into a namespace within kind. Easy. Yeah. Here we go. So this gives us a coordinate management

40:12 cluster where we can run and see the pods running in that namespace. So give that one more minute and then check that projects Feltos pods are running. Nice. So I can see here there's Cosmetron. It's a KCM cluster manager controller. We've got the CAPI stuff running on here. I'm not sure what CAPI is. CAPI. It's a it's a a VMware Kepc's VMware. Right? Not sure. And we have the flux source controllers. Alright. I need faster Internet. Come on. That's so sure. I don't run a Mac anymore. It's been a long time. But I was always impressed

41:07 when home Bruce switched over to use an OCI for all of their package deliveries. Like I said, that was a pretty slick move by the project. Oh, I think it's I think it's brilliant. We we we're all in on OCI. Alright. This looks much more manageable than the docs. You know, I'm I'm I don't have a CAPP or a CAPP, so I was curious to see that there. But I do see we've got Valero, so this is the backup stuff, the source controller and stuff. But yeah. That looks happy. It's running. There's no crashes. So

41:43 we want to check if we have projects Or no. Did I do something wrong? I'm catching up to you. I'm I'm doing the same thing. Alright. And Helm is taking forever. Did that work? Not skipped anything. I wonder if it's just a timing thing. You you wouldn't you wouldn't see it in you you likely will not see it in here. We have to deploy a child cluster for SvelteS to really kick in, and then it'll then it'll pull it. Alright. I'm just waiting. Maybe I was a bit too quick to skip the k zeros one.

42:55 Oh, yeah. No. Okay. So it's an alternative because under here, it says k zeros isn't supported on macOS. So you can use kind or you can use k zero. Okay. So I would try to skip that. We've got kib control. We did tell Carden. I do seem to have a management cluster. Okay. We've not deployed KSM yet. So we only deployed KCM, which tells me maybe this this Yeah. There's a step missing here from the documentation. So maybe we can just work that out. I yeah. I think you just continue on, and it'll pull it up.

43:39 Let's Oh, there we go. Okay. So it's working behind the scene. Right? It's just like, it's my slow Internet, but we do have a project Svelteos namespace, which has a whole bunch of con okay. I am just being far too impatient, and I should take a minute. Well, my my helm is taking I'm getting a special word then. You're hoping I could pay on helm from source. No. No. No. No. He's on the debug box, so it should be super quick. Alright. Alright. Let's just mains is running. I'm I'm gonna just keep popping down here. So

44:23 we should be able to run get management and the cluster management's namespace, and it'll tell us of our management plan is ready yet, which ours isn't, which is fair enough because things are still downloading behind the scenes. Yeah. The system data is okay. We can run, get provider templates to see the providers that we have, and then we can start to put together our first cluster template. So are those available? They are. Right. I don't need to wait for a healthy management cluster, which is nice. So we can deploy to AWS, Azure, Docker, GCP, Cosmetron,

45:01 OpenStack, vSphere, etcetera. Yeah. One thing to call out for everyone here, we we are renaming it, but the the Cosmetron is the SSH provider. Ah, right. Nice. Okay. So it's a little confusing. We're we're fixing that. Alright. Running running running running running running running running running. Capital was still alright. So it's just a couple of the provider controller managers running there. So we are getting closer. So why don't we start putting together a template? So we can also list list cluster templates. So this is beyond the providers. Okay. So there's AWS EKS, standalone and hosted, GCP, GKE hosted, and standalone.

45:53 What's the difference between GCP hosted and GCP standalone? Is that something I should be familiar with? Well, I mean, it's it's it's it depends on who's who's managing those nodes. Right? So you have the concept of both you know, for example, AWS, can run Kubernetes where you manage the cluster controller, the management of that cluster, what we call child clusters. Or you know? So if it's EKS, then the control plane is Amazon's EKS control plane versus if it's, you know, EC two, then it's our control plane. Right. Okay. Gotcha. Yeah. I didn't actually notice that. It's it's

46:45 hosted CP and standalone CP. Okay. Exactly. Alright. So now let's go for I mean, I'm I'm tempted to be really brave in doing your SSH one, but let's try not to break things any any more than I already have. Yeah. I I like the SSH one. I mean, it's tempting. I have a scale way ElasticMetal machine just sitting there running barely anything on it. It's nothing to do. Right? Yeah. Maybe that'll be something I do in my spare time. Let's focus on the GCP approach. I am logged in. I have a project. It's my production project, so hopefully nothing too

47:24 bad goes wrong. Do I need a service account? Then you go to where you are. Editor permissions. I mean, I could do that. Alright. Console. Cloud. We're just gonna land it on my cloud run services. I think what I'll do is just because it needs editor permission, let's say I'm gonna create a project with a service account to minimize the blast radius. Yeah. You can see I'm doing a lot of transcription stuff on these videos. In fact, here we go. This is actually Timoney with Stefan. I just landed on this one absolute randomly from the logs, but there you go.

48:24 Joining us in Spirits even if not person. So let's switch projects. Cardents. It also means a service account. I can just if I flash it, it's not a big deal, and I can kill the whole project. So I like that. I've I've already Yeah. I've already promised Stefan that we'll get to volume into. So Nice. Such a good project. And if Stefan watches this at any point, I still want that controller for Flux. Get on it, man. Come on. Mhmm. Okay. K. I am service accounts. There we go. Create new Header current role currently is basic header. And there we go.

49:18 Next. And done. Download keys. Where am I? And JSON. Alright. I have a key that should be on my desktop. Well no. So that's good. What do I need to do? I need to store this key inside of a secret object. So I'm assuming this is just oh, I'm putting this into my my local management cluster. Right. Okay. Got it. Got it. Got it. You're you're doing the my you're you're a live tester for the documentations. So we're gonna encode these. Oh, I'm in fish. Of course, I am. It's like I just try to make my

50:11 life harder every single day that I do these sessions. Sesh doesn't want that there. It should be okay. No. Can't do equals. You need to do set global best as equal to this. Alright. And then we are gonna I'm assuming this is supposed to gonna get you a load straight into the cluster. So yes. And no namespace. What is wrong? Alright. So let's see. I'm starting to troubleshoot my problem over here. I should be able to fix oh, no. Bash is not happy either. Alright. I'm gonna have to work out how do this in fish.

51:08 So cat EOF EOF. I mean, why does that not work in fish? What have I got wrong? The variable interpolation is wrong. Well, I mean, I just write a YAML file. I don't even need to use it to it this way. No. I think the problem is the space. Well, that shouldn't really matter either. Why am I so bad at this? Because it's live. That's fine. Alright. Vem, yaml. Yaml. So that's that's what we're doing today. And I will get the value myself. I'm gonna be horrible and see echo what was it called? GCP. We'll write it straight into yaml. Yaml. And,

52:05 again, this project will be deleted momentarily. So not that I think anyone would be able to see the whole file. And oh, don't do that. No. That's femme. Why am I? And now I've lost the buffer. Wonderful. There we go. Whoo. Alright. Let's apply the YAML dot YAML, and it's not happy. Resource name is empty. It's not. Hey. There's nothing wrong with that. Resource name may not be empty. Gordon in the chat saying, why does it exist? More context, please. I've been sorry. I've been typing so fast that I'm not sure if I've missed something there.

53:28 I wonder if this is Where do I see the oh, why does it exist? Could it be tabs? No. Oh, it's definitely spaces. Data credentials. I must be tripping. That looks fine to me. No, it's a different error. Unknown failed credentials. Well, mean, it's just data. I've gone into a secret. API v one, kind of secret, metadata, blah blah blah data. That hanging tape is annoying, so let's just drop that here. Could that I mean, it's just one lane. Right? Yeah. Because it was stripped down. That's component. Ah, okay. I think it was just the

54:39 indentation. What's that? I think it's just been the indentation. And even though I think I'm deleting spaces, I don't think I am. Yeah. It's making me go through all of these. There's just something in the docs that's made that a bit weird. So I'm assuming To get under that too. Yeah. I have no idea what I copied. Maybe I should have paid more attention or turned on my blank white space thingy in BIM, but we got it applied. I'm sure that was excruciating for people to watch. I'm sorry. But let's crack on. I'm I'm I'm actually having fun. I'm like,

55:14 I've actually got a real smile on my face. This is this is good fun. Alright. So now that we've got a secret created in our cluster, which is for the CAPI GCP provider to do the things that it has to do, We can now say that we want to create a credential within the system, which just tells it that this provider secret exists and it's got enough annotations here to say this is how you access it. Exactly. I'm so sorry for my name and people. That is horrendous. YAML two has now been applied to my

55:47 cluster. And that didn't have the weird spacing issue. So we're good. Now we've got a config map. This config map has go templates. I feel sad inside, but I'll get over it. Yeah. So this is is templates that's setting up some secrets for the providers. Okay. I'm just gonna trust it. And I should just have put all of this into one YAML with document separators, but now I'm going for YAML three. So config map. Go. Oh, that was the. This is why you don't use terrible naming. Okay. So now I can list regions. I know I'm gonna go for Europe West 2.

56:53 I'm gonna need a network. Well, it's a new project, so let's see what we've got. I've got mine configured for my old my my production one. So I just call it cordant, I think. Alright. Cordant is a harmony chord because you get harmony, and arthro dent. That's where cordant comes from. Alright. Yeah. I never thought about that aspect of it. But now that I've created a new project, I've got a project, but none of the API is disabled. However, I should have been able to enable that. Yeah. Permission to that. Right. Oh, yeah. Okay. Alright. Let's just do it from here.

57:56 APIs. This rate monitor now is frozen. And this is gonna go one of two ways because Linux sucks on the desktop. Because I'm gonna turn the monitor off and back on, and it's gonna freeze this one. Hey, Motel. Well Yeah. I'm gonna I should just buy a Mac, but I can't do it. Alright. No. I don't I can't. It was one of my the only sticking point I had. Right. I love that you can hear me, but no. Oh. I'm still here. I'm still here. Yeah. I thought my computer had just frozen, but I'm back. And the other monitor works again.

58:59 Such is life. But I'm glad that wasn't me having to reboot my machine to rejoin the stream. Alright. So APIs and services. And I should all just turn them on. No. Was compute. Because this isn't a JKE cluster, we're not gonna need the containers API or anything like that. So I wonder how far we can actually get with just the compute API itself. I I probably assume that's maybe all of it. There may be, like, the secrets API. I'm not sure if you're using KMS or secrets manager behind the scenes, but I'm gonna assume not.

59:44 No. Just because there's that as obviously, the KSM as well, which will handle some of this Alright. Let's try this again for list networks. Yes. It is. I need to put the ID then. Because there's already a card and project. So I'm actually that's why it was a permission denied. I'm trying to modify someone else's card and project. Oh. Alright. Enable the CLI. I'll just pull it till it's ready. So Alright. So that worked. We've got the default network. I'm happy to use the default network. And we can list machine types by region. We can just use an end to

1:00:40 end standard four. We already listed the templates. So now we get to the fun bit, which is creating our cluster deployment. So where is this code? So now I am gonna name things a little bit nicer so that we can follow along. So we'll call this Rawkode production. In this namespace, we'll go with the GCP standalone. I guess I should list it again to make sure these versions haven't changed. So let's just Let's see. I don't think they should I don't yeah. Go ahead. There's a provider template. There we go. And the other one was was it cluster templates?

1:01:40 Yeah. Cluster there's a cluster template and a service template. Alright. Okay. So the GCP standalone is zero two one, same as the docs. That's fine. I haven't changed the credential name, so that should be okay. We do need to paste in my project name, which is no longer in my history. Grab that one more time. Should've called it Rawkode Cordon just to make it easier. You're Europe West 2. Default network. Oh, and I need the full name for the image hardware list. So we will run that command then. Here. List. Oh, there's lots. Ubuntu 20 o four seems to be what the

1:02:47 docs suggest using. How permissive or restrictive as my Ubuntu version? You still with me? Oh, yeah. I'm I'm watching along. No. I was I was thinking about choice of operating systems when you run your Kubernetes clusters. I'm I'm curious what your views are around does it really matter? Would you care if someone gave you a choice or no you know, what is the I think I know what this I know I know the answer. It's gonna be you're always gonna want a choice. I mean, I know the best practice is I shouldn't care. The clusters are supposed to

1:03:43 be as ephemeral as possible. I should have lots of them be able to rotate them back up, restore. Yep. In reality, I think so many companies are so far away from that. I mean, even in my production, which is not that huge, sometimes you just need convenience and debug ability. Like, you know, I haven't adopted, you know, immutable. I haven't got in my production clusters, etcetera. I mean, I just run that on a desktop. So I always make compromises trying to protect the tomorrow's problems. Yeah. So, yeah, I'm not that opinionated, but I do need that break glass button

1:04:19 for when I need to get into and do stuff. So Just get it done. Yeah. Exactly. Yeah. So what are the yeah. I mean, we're we're sort of thinking about how how minimal could you make an OS. Right? And could you then use something like Distroless to provide your user space? And what does that look like? And, ultimately, do people care enough to actually have something like that important? I don't know the answer. Wrong namespace. There we go. Alright. So cluster's not ready. Expected. Services zero zero. Template correct. Infrastructure ready. Wow. I wonder. Do we have

1:05:08 some compute nodes then? Let's see. That'd be stupid. That's a lot faster to enable. Yes. That's for sure. Oh, cloud storage. No. Other one. Compute engine. Yeah. I mean, I don't want to just show me the thing. And so it's like the UI is caught up with the fact that that is turned on. No. Alright. Is there a refresh button? Total VMs is zero. I'm assuming it's maybe hopefully working on it. Yeah. I think it's working on it. It's probably it looks like you're you need to make your screen bigger. Alright. Alright. Yeah. No instances yet.

1:06:18 I guess while while that's happening, a couple of things that should be interesting for for people. We are, of course, going to be offering kubect, so that that's being actively worked on as well. So it'll just be another provider with kubect. And then, we'll also want to, introduce cloud hypervisor as well, so so people of choice. Taking a long time to list the machine types. Refresh. They always move this refresh button. I'm like, just stick it in one place on every screen, please. Sometimes it's over here. My biggest concern oh, okay. It's just slow. My biggest concern was maybe I picked a

1:07:23 machine type that wasn't available in the region. I did n two. I do see n fours. So let's and grep west two, but I also want to look for standard dashboards. I can always update this, I'm sure. So I don't know why that I mean, I'm sure it's fetching a decent amount of information, but not that much. I'm pretty sure I could also just pass dash dash region, which would probably restrict the amount of data that I need to fetch. But the docs told me to use grep, so I greped. This is this is the reason why I'm

1:08:08 a fan of SSH. Right? You know, just a little little faster on your providers doesn't really help. So let's see. And I'm in there. We we do have n two standards. So there we go. Look at that. We got a machine. Alright. So let's talk about what's actually happening behind the scenes here. Right? So Yep. We wrote a very small bit of YAML that just says we want a cluster with this name. We picked a template from the list of templates. I provided the credentials with some small amount of configuration, the project, the region, the network, and then the device

1:08:50 types to use across the control plane and the worker plane. Yep. Now I know this is just in behind the scenes. Mhmm. Which means what's happening here is on the kind cluster I have locally, it is generating all of the secrets for the control plane to successfully join with each other, constructing the user data, dropping that into Google's compute engine, and then the boxes come online and work. Yes. So in theory, this is just one big massive user data script, assuming it doesn't change anything that Capi is doing already. So Yeah. We very much follow I mean, we

1:09:36 I think once you've been burned by not doing something completely open source or diverging, you tend never to do it again. Right? And I think we've got enough experience. And what what's nice about this? Again, let's focus on the abstractions that you and your team I don't know how many people are working on this. Right? I'll assume there's a team of people. Yes. When you oh, there's a lot. There's a lot of in here. It's like if we focus on the problem domain and why I mean, CAPI is amazing, but it is laborious to actually get a

1:10:08 cluster at the other end of especially when you think about you have to configure that the CAPI doesn't do the CNI for a start. You that's the first thing you deploy to the cluster. Yep. But I'm assuming if I just pop in here as well as handling all the certs and stuff is that if we scroll down, we're going to see or maybe it's not in the user's area, maybe it happens in the control plane after because there is a copy concept for doing an apply after the control plane component. But I'm assuming the CNI stuff is maybe

1:10:35 in there. So we can just see this as just user data. Like Yeah. Alright. No. So it's using k zeros for all of the nodes and stuff like that. Alright. So let's just get the cluster, which means it's handing off to something else, which I guess is a KSM, potentially. That is the KSM. So this is yeah. And so, you know, it's template based. Now we can actually go and you know, we've got this cluster, so now we can actually look at what nodes look like and then actually deploy some beachhead services. Okay. So one thing I did notice is

1:11:18 that I didn't see how many control plane nodes I want. Is this part of this GCP standalone template? It is. Obviously, you can go in and and change it, or you can just add that to the YAML file and define it. Right? Alright. So if I say, get me cluster templates, I say GCP standalone and just grab this as YAML, We we can see here. I should've I don't how do you have I done it on back? Yeah. Let's raise it to fail. Dash or YAML. Just so I can get colors. I like colors. Oh, again terrible naming.

1:12:02 Alright. So where's the fun stuff? So we've got a control plane configuration. So this is all just vanilla cube admin config, configure insider box, labels, network tags, control plane number. So I could just put in control plane number under the right key and be able to say I just want a single control plane node, and that would just be overwritten or merged together at the application time. And in fact, we can already see the project and region are here too. So Yeah. We're already doing some of that. I don't know what the what the word

1:12:44 is, making some of those things explicit without defaulting. Is there a default operating system in here? No. No. There well, I mean, I think the default would just be Ubuntu right now. But if you if you go further down again Oh, sorry. Yeah. Yep. Just keep on going. See the worker the workers workers number is two right there. Oh, yeah. +1 95. Yeah. Yeah. Got it. So Alright. And that's that's what you can, you know, you can change. Anything that's in the YAML files that you would have to laboriously all edit, you can put back in here.

1:13:38 Right. So if there are specialized things that you want to do, you can. Have you experimented or plan on providing support for, like, queue to make some of this, like, you know, defined with a schema and and get autocomplete and IDs and stuff like that. I know that nobody's really using Q, but I'm always trying to promote people to use Q because I think it's such a great tool. Well, I I I came from Weaveworks, and, you know, everyone there was a massive fan of it. It's quite popular here at Marantus. We are talking about how do

1:14:12 make this even simpler, and Q would be a way to be able to do that. The once we we've talked about, you know, KSM, KCM, and coordinate observability, the the next piece that we're gonna start developing is the policy manager, so KPM, and that will really need something like Q to be able to do it well. Alright. Now I'm looking at the time. We can wait for this cluster to come up and carry on. However, I think this was a good amount of chunky work that maybe if you have something else, we could take a look at to see the two

1:14:58 additional components, the service layer and the observability layer. It would just save us. Because, I mean, this could take twenty to thirty minutes. Yeah. So I'm trying to see what I can do. How much time do we have? So it's in for another fifteen minutes, but if we go over, it's not a big deal. We do actually have three control plane nodes online and two worker nodes, but they're not, know, that's not finished the bootstrap process yet. So maybe it won't be long as I thought. Yeah. Because I would like to I would like to

1:15:43 just in the environment, be able to show NGINX and actually cover a a portion of KSM. Okay. So maybe where did you stop? Okay. So I think what we'd want to do is be able to look at the KSM on on your on your cluster. Alright. Well, my cluster state is flapping between unknown and false. I think the control plane machines are ready based on this logline. Yeah. So we might just be waiting on the worker notes. I'm assuming and the secrets on the management cluster. So this is my local kind cluster. In fact, I can see it already. In

1:17:14 the KCM system, we have a KubeConfig for the Rawkode production cluster. Yeah. So I can probably just do QC. Production. We want the cube config. Because you're gonna Yeah. You're gonna control all of this on that on that mothership. Now if the mothership does go we call it mothership, right, to Shikers Guide to the Galaxy. If the controller if if that mothership does go down, you you will con you know, all of the child clusters will continue to work. Right? And that's why we have Valero, and we have different ways of recovering. So it's it's one of the advantages we have

1:17:58 that, you know, you're able to do real you can rebuild your mothership and not impact or affect it. Alright. So where are you? Alright. So in the service template, which one are you in right now? Engine you have the engine, Nick. What are you doing? So pulling out the secret, getting it to JSON, hopefully, writing the value file, decoding it, and putting it into a config file. Otherwise, I realize it now says I don't have JQ. So I need to modify one thing before I run that, which is just to add JQ here. And then in my terminal here, just reload

1:18:43 so that JQ pops in the environment. It should be quick. I do use JQ often. Alright. Succeeded. Oh, okay. It didn't pop in the shell, but, I mean, it did when I refreshed it. Okay. So get not found. Get see oh, I've got two. That's why. No. I'll iterate over null. Okay. So I was a bit too galsh with my j q. We do have oh, we don't have items. What did I see here? Items. Oh, I'm not getting anything back. Oh, there there we go. So, oh, it's just alright. Okay. J q dot data dot value.

1:19:42 Base 64 dash d rate to q config. Oh, come on. Be nice to me. Oh, so this is just a gq thing where it's quoted. Nice. And then export kube config equals kube config. So now if I run get pods, this should be the workload cluster. We've got Calico, CoreDNS, the CSI stuff for Google Cloud, controller managers, proxies, metrics there. That is a working cluster. Yeah. And, you know, if you want, you can look at the you can look at the service templates. Alright. The kubectl get I'll do that from other shell, but I don't speak into the management plan.

1:20:42 Okay. I don't have any. I'll go on and and on this where are you now? Where'd you go? Oh, sorry. I'm I'm I'm I'm trying to debug one problem, and you're trying to help me. I'll slow down. I just wanted to make sure I was still speaking to them at the local kind cluster, which I am. So we don't have service templates, but maybe I've made a mistake. Yeah. So, I mean, if you if you look at, like, the KCM, like, KCM dash Valero, it's running. So on the child cluster, try the same thing again. Do the deep

1:21:22 Kube CTL, get service templates, crash n, and then, you know, the namespace, which you called it. Which is true. Oh, yeah. Now that No service templates. Of course. I'm doing it over here. So we do have service template type on the management cluster. Yeah. Do we need to deploy the service templates, or are those done for us? No. We're not we we're we we have to deploy it. Let me see if there's no. There should be one or two that are ready. It the reason why I don't know the answer right now is we're changing the code right

1:22:22 now. And so I have to make sure. Alright. So should I just copy this NGINX Ingress example then and apply that to my management cluster? I think it's a management cluster. Right? Yes. Alright. Okay. So service templates dot YAML. This is defining just I mean, it's just an ingress one. I'm gonna leave the namespace off. I'll do that on Kube control. And this service template just says we want to deploy a helm chart with version interval. First, it's just gonna how often to sync it with flux, fail those Argo. Yeah. This looks like a flux a flux one.

1:23:08 Yep. Which means, I guess, that I could also do values and then go nuts. You can go nuts. I mean, you can do, like, your resources. You can do things to, you know, set memory, set CPU. You you could do all of that. Yeah. I just wanna pick one value that exists. So then, you know, I always like to break stuff. So Well, controller up to two. Where's the values fail? Oh, this isn't the helm chart. Is that in hack? No. Okay. This is just not the helm chart. Alright. Oh, it was under charts. There we go.

1:23:53 So let's pick one value. There we go. Wow. Okay. This is the helm this is why I don't like helm. Every single lane gets templated and controllable. I'm just like, why? So I I can't remember. Should this be dot notation, or should I be doing nested YAML? Nested YAML. Nested YAML. Yeah. Okay. So we'll say Rawkode is here for my label. Let's see what happens. Apply this. That goes to values. Oh, alright. I made an assumption. So I'm gonna do a kubectl explain service shorthand, which was s e c t m p l spec helm.

1:25:03 Oh, I put it under chart specs. That's gonna be the maybe that's the the problem. Value files. Okay. So I can't do values. I have to do value files. Relative path of the sorcerer. Alright. Let's come back to that. Let's not break the demo because I was curious. Let's just get it applied. That's me. Told you I need to break stuff. Yeah. It's fun. 10 There we go. Alright. So we have a service template. Now the thing I don't know, and maybe I should go to the docs or maybe you could tell me, is now

1:25:56 that our management layer has the concept of this project and grows NGINX service template, how would I tell it to roll this out to my cluster, or does it do it automatically? It it depends on how you wanna set it up. It's all around, credentials that you would hand to people. So you can, as the, you know, super, super, super user decide to apply this at the cluster level at the at the mother ship level, which means you could just do it now. Or what you can do is you could make it available to the DevOps engineer,

1:26:40 the development engineer, so they can apply it. It's up to you. So let's assuming I'm the platform engineer here, and I am saying every cluster must have NGINX. So how do I do this at the mothership level? Wait. Let me I'm just going in my bash history right now. You're asking me a question that I should know off the top of my head. In the docs, I found a YAML interface for a multicluster service, which takes a cluster selector and a service spec, but I don't know if if that So you could do, like, a

1:27:21 well, did you do the you did the kubectl apply. Yeah. I believe we we have a we have a service template now. Yeah. Okay. So then I mean, kubectl apply dash f, the name of the thing. I should call it out globally. Right? I don't know. It does currently say invalid. Describe service template. I don't know why that's not all open for me. Wait. Does describe work as a no. It doesn't. Alright. I made a mistake. It's failing to download from the card and catalog. I'm going there. Was that something I can browse the Cortana

1:28:27 catalog? Browse it. So if you go to GitHub forward slash cordon. Alright. Let's see if it finds it like that. Catalog? Yep. Yep. I could have picked anything. Wow. There's lots in here. Okay. NGINX. Charts. What version did I use? 4113. Yeah. It's there. No. 4113 is there. Yeah. Alright. Oh, there's a web version too. Nice. Okay. Trying to see what could have possibly So you're gonna deploy the template with Helm as well. Yeah. And then we deploy a multi cluster service. Okay. Yeah. And you can do, like, what I've done because I just wanted to make

1:29:43 it easy. I wrapped it around the shell script to do it. Right? So I actually had to look at my shell script right now. Oh, that came back false too. The Is the catalog down? Is it broken? Shouldn't be. Try, you try what does it say? Oh, no. It's valid now. Okay. Alright. This worked. Maybe it's just taking too long. No? I don't know. But I'm I'm gonna go I'm just gonna YOLO that's more of a cluster service then and then let's see what happens. Again, having fun. So just going through it. But So when I Sorry. I'm

1:30:35 gonna say just touching on the because I said I'd say vibe coding one time. If you think about well, why not? If you think about what you've done now with creating templates for KCM, KSM, the observability as well, you have a platform that is a lot easier for models to learn and then actually be able to do things with it. Right? So that's one of the sort of the powerful things. We had one of the sales engineers who was frustrated because we don't have a UI for it yet because we're using the Kubernetes UI, who

1:31:28 created a UI in half a day. I told it what I wanted to do and then and then built it. So that's sort of the nice thing about this where you can, you know, abstract to the level of being able to pick, different things, different providers, different types of services, and actually have a model understand it quite easily. I'm not saying you should do that in production environments, but it opens up the idea of this is easier to comprehend than tripping up inside of you know, for the rest of this, tripping up inside of or

1:32:08 something else. Yeah. Definitely. I definitely vibe good a lot, especially, you know, ever since MCP got a lot of adoption, and there's MCP servers for for GitHub, for GitLab, for Kubernetes projects, for web APIs, for anything. Like, you just end up the whole agentic thing just does so much for you now. The things that would have taken me weeks to build you're doing in a day is just amazing. It is amazing. We we're we're trying to determine which of the MCP servers we're going to build on top of. What we don't wanna do is replicate. So the Chordant MCP

1:32:47 will leverage one of the I think the the K 0 8 you know, there's the MCP Kubernetes server, and then there's also MCP k zero eight. And I think that's the one we're using more than likely. So we'll have this here. Okay. So while we were chatting there, I very quickly did one thing, which was I noticed in the multi service cluster wanted some sort of label selector in the cluster. Now I could have defaulted that and assumed I assume it would do all, but I didn't wanna make any assumptions. So I modified our cluster deployment to add

1:33:26 the owner Rawkode label. And then Mhmm. And then updated our multicluster service with match labels owner of Rawkode. So this should, I believe, just deploy the thing that I want. Okay. Did you update the version? The version of what? Sorry. The version numb it go back into the yeah. Go back in there. I don't see a version. Maybe I'll just describe it again. It's in the it'd be in the cluster template. I have not modified the cluster template. Okay. Just okay. Alright. I modified the cluster deployment. It does does have my label. Yeah. I mean,

1:34:23 it can yell at me. Let's see what I've just done. Alright. I'll just scrape it. Ingress. Yeah. It's doing it. There we go. Well, it's also now applying provisioning our Helm chart on the target cluster. So when I ran that cluster deployment wide, it does say services zero zero. So that looks like it's released. Still getting zero there. However, if I pop over to my other cluster, to the workload cluster. Let's see. We do have an NGINX running. So I mean, that that's pretty sweet. Very cool. And we're now an hour over an hour and a half in, and we haven't even

1:35:23 touched on the observability stuff. Like, I mean, there's just so much for us to cover on this project. I mean, we'd you know, happy to come back, and and I can I can drive a little bit so you so you can kick back and relax? But it was a lot of fun seeing you dive in and getting this up and running super quickly. Right? So yeah. Alright. Let me pop us back over to Facebook. So we covered a lot. Important project is integrates with the whole ecosystem and the cloud providers to give you a Kubernetes cluster. It allows you to define

1:36:08 cluster templates, cluster deployments, service templates, multicluster services, web cluster selectors. And now it's just scratching what I feel is part of project. It's been just on what you've talked about and the documentation. So we know there's an observability bit built in with OpenCost as well for FinOps, but this is also a very young open source project. Mhmm. I mean, there's a road map. I'm assuming you've got a thousand ideas or maybe more. Can you just give us an idea about the status of the project right now and where you plan to take it over the

1:36:41 next three, six, or nine months there? Yeah. Yeah. You know, we are putting more effort into Coordinate. So we're we're adding more, you know, developer engineering. One of the big things we're doing right now is trying to promote this as an open source project as well because Cordant shouldn't be a momentous thing. It should be something that, you know, the community leverages and and does. Meanwhile, road map. I sort of talked through some of them. KubeVirt, cloud hypervisor for us are very, very important. We think that you should be able to treat those just like any other node.

1:37:35 So that that'll be coming out very, very soon. I did touch on the coordinate policy management, same sort of thing where you want to be able to abstract, policy and use the right languages, the right policy tools for things. Right? So it's not a converner versus OPA gatekeeper. It is some of your policy is one, some of your policy is another. We'll start with those two. And then as we build that out, then we'll look at things like Cube Warden. So that's a direction we're going in as well. We're looking at how do we invest on

1:38:19 the networking side too. If you start thinking about having Cordon able to, you know, provision anywhere, theoretically, you can start looking at, well, I could have a cluster manager a child cluster child control plane on AWS, but maybe I wanna spin the notes up on Hertzner because they're super cheap today. Right, and to be able to do some of that. So we're trying to put that together and figure out how do we do this so that it's seamless. And, of course, we're going to be rolling out a UI in the next two or three months.

1:39:05 Doing that, part of that is, to not develop a UI for the platform engineering teams but for their internal customers so that a development manager can go and build, you know, through through a UI, through UX, able to build another cluster for them to spin up for a CID CICD test of whatever the whatever it is they're doing. And because of the credentials, you can then provide one group access to certain clusters or resources and another group different ones. And I think that's where it's gonna get a lot of fun being able to show how

1:39:49 you're enabling different teams inside of your company to be able to or organization to be able to do things independently. Nice. Simplified it. Yep. Yeah. Alright. So I think we wrap with maybe a question from my end. You ran through Cordent. You spent, like, an hour with Cordent documentation and everything. If you had a feedback and if you had something to comment on Cordent's future or what would you like to see with Gordon? What would that be? Like, this is a question to you. Putting me on the spot, man. Come on. I think I mean, it's it's it's just one of

1:40:34 those spaces where Kubernetes needs more tools like this. Kubernetes does need to be easier. And, you know, at KubeCon London, again, a month ago ish, you know, I just spent the first day running around with my camera asking people how many Kubernetes clusters do you have? And, you know, the majority of them said one. And I said, because you want one or because you can only really run one. And a consensus, I still want more than one cluster, but they can't be gone in operational overhead to do that. Again, a lot of people, their maturity of Kubernetes

1:41:07 is still relatively early. So it's a big commitment to do that. And and some of the challenges are networking with multi cluster and routing and some of the challenges are speed on. Some of the challenges is just policy across multiple clusters. And then there's the whole RBAC and who can access which cluster and can they access names pages, like multitenancies and other big things. So all of this is hard, and what we need are projects that can come along and say, okay. Look. You need to be able to just describe your cluster at once. You spin it up. It works.

1:41:41 It ships Valero. It handles the disaster recovery aspect, and we start to remove a lot of the toil of day two. So there's a lot of room for improvement, and everyone is trying to do this today because it's still so early. Now that's not direct feedback, just that I think you're on the right path and the easier you can make this for teams to go from one huge cluster. It doesn't even need to be it could be four nodes. Right? Either way, one cluster. One. Yeah. Help people get to have maybe two or maybe three. Just allow them to bring them in

1:42:11 as they need and and spend them back down and move the workloads around and give them that true control over where things run, when they run, and for whatever. Like, that is the future, and it's how do we get there, and it's tools like this. So Thank you. That's good feedback. Yeah. I don't know if it was feedback or avoiding the question, but trying to No. I think your answer I mean, that's the that's the goal. Right? Is how do we make take this complexity, make it simpler. And you know? I think, you know and and

1:42:43 templates are really important. I mean, I hate that phrase. It's it's it's overused. Right? But it is really relevant in a lot of these projects. Is it we need to be able to give people opinions on how to do things. Everybody thinks the Kubernetes cluster is bespoke and artisanal and handcrafted and all this nonsense when really everyone just needs a CRI, a network and implementation, backups, and observability. Right? The ability to get metrics, logs, and traces from all the workloads into a single pane of glass. All of that stuff is the same for everyone, but the plumbing underneath it can be different

1:43:13 for everyone. GCP customers, it's the same. AWS customers, same hybrid architectures, multi cloud, all of this. And, like, as this matures and these tools, like and there's a couple of tools in this space. Right? But as they all work together, have standards, compete, progress, like the standard dev tech cycle of a project, This gets better for the end user, and I think that is really exciting. So, you know, keep up the great work. Keep pushing us forward and trying to make people's lives easier. I think that's a very noble mission, and you're off to a great start. So Well,

1:43:45 and we wouldn't be here if it wasn't for all the hard work in CAPI or or any of these other projects that we're, you know, taking advantage of. So yeah. Yeah. As we say, you know, open source stands on the shoulders of other open source giants. So it's all built on top of Linux. It's all built on top of c groups. It's then built on top of OCI now. And, yeah, let's just keep innovating and pushing things forward. That's all we can do. Alright. I'm lower than we expected, but I had a whole lot of fun. I really wanna

1:44:16 say thank you for joining me, for taking time out of your days to set and you know? This is the most hands on I've been in a while. I was set for building my own stuff, so it was a that was pure joy for me all the way through. And I'll give you a moment to say any last words for the audience before we we we close this up? Maybe I would just like project. Right? Yep. Go ahead. Yeah. Just like to share that. Take a look at the project, and we wanted to be on the Kubernetes Slack, but that's, like,

1:44:46 completely stacked. So the cordon channel is on the CNCF Slack for now because that's where we found the space. So that's still up to discussion whether the project gets donated or not, and we'll see where things go. But, yeah, the project is developing. We are hoping for more new releases, more contributions. So feel free to join the Cordon channel on the CNCS Slack, and, yeah, put in your feedback, your issues, or or anything you have as a community comment on this episode itself, the Rawkode Academy channel, and, yeah, keep supporting David's work as well. He's been doing a

1:45:28 phenomenal job. Alright. Awesome. I am gonna push the button to move us to the goodbye tune. I hope you all enjoy. I'm gonna go delete a service account before any of your roguelikes get onto that, and that we'll see you all next time. Thank you so much. Have a great day. Bye. Demo's done, the code is shown, seeds are corded, knowledge shown from Arendtas, clear and bright. Martin Stalla shared the line. Looking good. Rawkode love this Monday stream. Live the cloud native dream. Check the links, join the chat inside. Nowhere for questions left to hide.