2:48 Introduction & Guest Introductions

2:48 Hello, and welcome back to the Rawkode Academy. I'm your host, David Flanagan. Although you could find me across the Internet as Rawkode. Today, we're back for a new episode of Rawkode live where we take a look at the local development environment experience or at least develop it locally against a Kubernetes cluster for all of your Kubernetes cloud native software development needs. That is a perpetually difficult problem to solve. And today, we're taking a look at a new ish solution called Mutter d. To guide us on our journey to explore this technology, we have Avaram and I'll from the MetalBear Cool team.

3:24 Hi there. How are you doing? Great. Is it MetalBear Cool or just MetalBear? I never know whether to call you by, like, the Twitter handle or like where your company name. Metal bear was taken. So we had a A lot of people, a lot of different people. So good stuff. Nice. Well, before we dive into kinda what matter is, can you both just take a moment to introduce yourself, share a little bit more about you, and then we'll kick things off. Let's start with you in the middle, Aviram. Hi, everyone. I'm Aviram. I'm a middle of

3:57 the CEO and maintainer. My experience is mostly security level, but less experience was back in engineer. I met in last company and where we faced a lot of issues together in the back end side. And that's what led us to build mirrord and start. Yeah. And and I'm. I'm a director and CTO. I'm I live in Tel Aviv. I have a technical background that I won't bore you with. My dog here, but my feet is very uneducated, so please excuse any sharp yips. And happy to be here. Alright. Thank you both for joining us. Alright. So

4:47 The Problem mirrord Solves

4:49 we've gotten a few hellos in the chat and a comment about the audio. I'll look into that in a second. Don't worry. And we'll get it fixed in a moment. Maybe we can start off then by understanding what mirrord is and the problem that is trying to solve. Now I said this at the start. Right? And I feel that this is just one something that's always been difficult in Kubernetes. And I'm hoping what we're gonna look at today, you're just gonna give me like the golden path, the shining light that just makes all of this easier. So let's

5:18 cover what is mother d and the problem that addresses. Yeah. So in the easiest way to describe mirrordea is the way to execute your local process service in the cost context of the cloud environment. And what it means is that mirrordea plugs into your ID as an a plug in that you can just enable, disable, or comes a CLI, which you can use to execute your services. And once you enable mirrordea or execute the process with mirrordea, what it does, it brings you the environment level of your remote service. It lets you access the remote files without doing

5:22 What is mirrord? Key Features

5:57 any mounts, without copying, doing any changes of your local machine. Everything is done in the process level. It lets you access the remote services. So anything you have on the remote cluster that is accessible to it, Kafka, Redis, any any any network resource is available also to you, including DNS. And for the fourth thing that it does, it lets you get incoming traffic of the service. So that comes in three modes. The first one is enabling so yeah. Yeah. You asked me to say? Okay. So and and three modes of the incoming traffic is, a

6:35 a you can either mirror the incoming streams. So any streaming coming to your remote service is also duplicated to your local service, hence, mirrord. Secondly, you can steal traffic of a specific port to your local to your local service. Or the third option is that you can steal HTTP traffic based on headers or API tests and HTTP filters in general. And that's like the gist in a few words. Awesome. Alright. I'm just gonna mute you for a second to see if a bit of noise goes away. It did. So the noise come to me? Yeah. I think it's like

7:21 oh, I don't know. It's like when? I don't know. It's like a weird Is it windy where you are? Okay. I have air condition on. Maybe it's better now. I'm using the camera. Oh, yeah. Yeah. The microphone now. Yes. That that the the AC noise has now disappeared. That is amazing. Well done. Well, so so I was understood. Like, I I can repeat myself. I actually I jumped into directly what it does instead of talking about a problem, which is what I usually do because I'm Well, I think I could cover the the problem. Like,

7:43 Discussion: mirrord's Approach vs Others

7:57 I have explored a lot of tools. I've explored a lot of tools at the Kubernetes space, you know, especially in the development space. And a lot of them all take the same approach to this developer experience thing, right, which is to it's funny that the person that reported this audio thing and that has now just given us a thumbs up saying it's fixed. His name is wind. So yeah. Don't know why I found that funny. But they they all take the same approach to this problem of providing the developer experience. Right? And that seems to be we're either

8:29 going to do some weird fail system mount into a remote container, which we all know is slow. Right? This is even slow in Docker desktop for local development. Right? We can't even build a PHP app under interpreted language and sync the fails. That doesn't mean we have to wait five seconds to refresh on the web page. Right? And if we can't do that, we can't do it over our network. And the other approach, which we've seen through tools like scaffold as well, actually, let's just build a container image locally because, you know, that should be faster. But then we have

8:57 to sync the missing layers for that container image to the remote cluster and get it in some way. Like, they all make this a very failed system centric problem. And what I like about matter d is that there's no fail system problem. You've made a a networking problem and you tackle this by doing magic as far as I'm concerned with the way that the packets are sent between the cluster back to the user thing in a way that gives them not just a remote developer experience, but an integrated developer experience where it allows them to

9:26 communicate and consume work with cluster services and all of that. I know my knowledge here is very fuzzy, so I'm gonna need you to to jump in and talk a bit more about why you plan to own this approach and how this actually works from the the magic in network inside of things. Yeah. So I think it it's it starts from the experience that me and the other in the last company, and that's where the most valuable process step in the process we had is deploying to staging. So we had, like, a vast data for each customer.

9:42 Origin Story: Why mirrord was Built

10:03 Everything very complex, and each customer, it was a big enterprises. And each customer, they own features and data, and it involved AI and ML. So a lot of stuff needed to be set up just to test the most basic things. So when you write write it unit tests, integration tests, it never really covers what you would see in production, what you'd see in real life. And that's why staging was the most valuable environment because we had some of the traffic duplicated into it so we could have real data to interact with. And what happened is that

10:41 we set up the very, very, very cool stage environment where we can throw all the versions at, but then we had a queue where each engineer needed to see that there's no other engineers deploying the service. And each time the service spend there, you didn't want them to cross cross contaminate each other. And then you had the issue of that, okay. You had an issue. You need to hold for all back. So usually happens in companies is that they just say, okay. So staging needs to be stable. So we need to do as many tests

11:15 as possible. So they do TDD. There are tons of tests, and then they hit production and still it doesn't work. Why? Because Azure doesn't deploy the API version you expected. And that's that's really sorry. Like, I had a bug with Azure Azure Blob Storage. It was a specific version in our region wasn't deployed yet, but the SDK had it. And so so it worked locally because I used region, but then when I plugged it to real environment, it didn't work and it broke. Of course, that's an issue also from the vendor side. But, I mean, those those kind of mistakes

11:45 happen. And what and that led us to realize that we want to enable developers and engineers use staging as their development environment. And we started by just letting them get plugged into staging so they can walk continuously against it. And as we develop more features, we enable better concurrency walk in the staging without breaking shutter. So that's, like, the general flow of mind we had. Okay. What like, this is one of these weird subjects. Right? Like, would you just let it feels to me I could let people test and prod with this tool. Right? And

12:21 Discussion: Staging vs Production

12:30 at what point, like, is that a sign of maturity of your infrastructure if you could do this in prod, or would you just always say always do the staging? I I don't know. Like, staging to me always just feels like an a Yeah. I think question because, you know, that's that's sort of where we started. You know? Or things like, why not do it in prod? Which it became very clear very, very early that no one's gonna run it in prod anytime soon. Like, you need an established product, and and it's sort of a spectrum. You you got

13:03 prod, which is, of course, the best replication of production. But then you've got staging, which is, on one hand, a good replication, but you're not as scared of scared of trying tools on it, breaking it, etcetera. And so, you know, that's where we landed for the initial stage. We are seeing a, you know, some organizations that are less afraid of deploying things on production and so are trying to to do it without our encouragement. And, yeah, and and we we are thinking of it as a possible future for mirrordies, but we think that there is enough, you

13:45 know, meet in the staging for, you know, for for the time being. Yeah. I mean, I I don't wanna turn in the listen to a political discussion about, you know, testing and prod or whatnot. But I've I've yet to see a good staging environment that actually has, you know, they're always very good from an automation point of view and your production environment really does look like a staging environment. And this is just the people that I've seen. I'm not saying this is all super nice clusters in the world. But the path that always falls down is when it comes to

14:13 data, the actual usage patterns within that cluster. Now I have seen people that just take a seven day old snapshot of production and put it in station, and I think that's a terrible idea as well. But again, not not a topic of today's discussion. But I do love that we could use the traffic cloning stuff within mirrord to inject something into production, get real data without the blast radius of that interception being real data. We can get into that as we cover the usage and take look at it in more in more detail. I I I wanted

14:46 to add that in the first version of PRD, where it is, it was just a v s code extension very early, like, barely it was a barely walking MVP that we just wanted to see how we will react to it. And when we posted it to hacking news, we did a show h n. We we we also put it in the marketing in all the content that we said, mirror production data and traffic into your local machine. And all the people in hacking news were like, no. Don't do that. So yes. Wait. Because I didn't really know. The immediate typical

15:16 hacking news response that, oh, no. You you've insane. Don't don't do that. So yeah. Well, of course, you know, the risk appetite from organize to organization is always very different. And, you know, hacker news, I I don't think they're my people. There is. So I I am less risk averse. So we we have a couple of notes and a question I think in the comments just now from when so let's see. When they're saying that they have an environment for end to end testing, would this tool help developers to work when they run their tests?

15:39 Q&A: Traffic Splitting

15:47 They're looking at this from the SRE perspective where they don't have much dev and saves. Yeah. Yeah. I just dropped it to that side. So the answer is yes. We see people running. You can run test. You can run anything that you can run. And we also see companies integrating mirrordine to the CI. So now you have, like imagine you have your stable cluster, and let's say you have all the stable version of everything. So instead of doing a blue blue green kind of redeployment into the real environment, you just run the CI using mirrordeep inside the staging cluster, and then you

16:26 get partial traffic just for your test to test it. And once it's done, you can deploy it to the real environment. So that's, like, another use case we see. That's less than our focus right now, but, like, mirroring is a tool, so you can do whatever you want with it. So and we see that happening. Cool. Alright. So there was a diagram that we said we were gonna talk about how matter do you in fact, before we even get to that, am I pronouncing that right? I know that's, like, the tech question that everybody always

16:48 Technical Explanation: How mirrord Works

16:57 ask, but is it mirrord? Is it mirrord? Is it something peculiar? How do you see it? It is it is mirrordy. Tragically, a lot of people do think it's mirrord, but, yeah, it's the it's the tech pronunciation, building its pronunciation. Alright. And how would you spell that cube command? How do you pronounce that? The the tool that you're using here. Yeah. You mirrord. Oh, no. No. It's alright. I'm just I'm now just asking how you pronounce cube CTL. Is it cube control, cube huddle? Ah, cube CTL. Yeah. Cube CTL. Alright. Cool. I'll pick you in the SQL.

17:38 That's that's the real it it in discussion. Oh, I don't know if I'm on board with SQL, but, again, I don't wanna turn this into any sort of pronunciation war. Okay. So I'm gonna pull up the website, then let's dive into a little bit more about the technical understanding of how this all works. So here we have the mirrordea website if you wanna check this out. It's available at mirrordea.dev. And if we go back to the home page, there's a diagram at the bottom that tries to talk about how this works. Do you wanna go over this either of

18:15 you and talk about the networking stuff that's going on within the cluster? Yeah. Let's let's really quickly go over what mirrordea does. Right? So mirrordea has two components, the the layer or the client and the agent. And what happens when you run mirrordea is that the layer is injected into the process, and it overrides low level function calls. So, you know, file reads, traffic, outgoing traffic, etcetera. And then it proxies them essentially to to the cloud through the agent. Right? So the agent, when when you run mirrord is is is set up then. It's it's a temporary agent. It cleans itself up

18:58 when you finish the execution, and it runs adjacent to the pod that you wanna impersonate. And so the most basic flow to illustrate this is a file read. Right? So if you process, you're trying to read a file locally, mirrord would intercept that call and then pass that to the agent, and the agent would read the file from the pod instead. Right? But we do the same thing for traffic and for environment variables, and that's how we achieve sort of a hermetic wrapping of your local process to, you know, make it think that it's running remotely even

19:33 though the code is actually running on your local machine. Okay. So it's just like an LD preload syscall hijacking within the pods. Okay. So mean Not within the pods. Wait. The the the injection happens locally. On the remote side, we don't do we don't touch the real process. We just enter the Linux namespaces of it so we can access the same resources, but we don't touch the remote process unless you do a pause and then we pause the process. But it's more of a advanced feature. Okay. And I guess you aren't gonna do in fail syncing, but it's very selective based on

20:17 the read Cisco. Right? I mean Yeah. So so so the fail, it's still I mean, it's not syncing the whole fail system, but you are literally transporting the base off that fail. Right? Yeah. But, usually, what happens is that the file reads are usually for secrets, mounts, like, yeah, they're not usually, they don't really they don't really read the data unless there's, like, maybe some static database. But I I don't think we have seen that use case very often. And and and then another thing that's very cool is that everything is configurable. So you can say this regex

20:52 access it locally, this regex access it remotely, and then you can mix and match. So if there's a big file, you can just make it pretty locally so you wouldn't you wouldn't wouldn't have any latency there. Cool. I think it's time to jump into our live section. Actually, just to show this working so that the audience can get a feel for what the process looks like to actually build and develop using Mutter d as their tool. So to do that, I believe Avram is going to guide us through a demo. Yes. Absolutely. You're happy to do that now?

21:06 Setting up the Live Demo

21:28 Yeah. Happy to do it always. That's like a yeah. He's always joking that I'm like, oh, you want I'm always offering people to see a demo, and he's like, stop offering people demo. Alright. Well, if you're good at we're good we've got one more know it's appropriate. Right, Dale? Yeah. So just to put it in a context, so in our demo, we set up a very by the way, you can see my screen. Right? Yeah. But do you mind if I throw a couple of questions from the chat at you first before we dive into that? Sorry. Sure.

21:50 Demo Setup Explained (Architecture)

22:01 Alright. So we've got one back, and one was asking, is the partial traffic just splitting on entry to the pod or container? Yeah. So does that's configurable. So the default the default configuration would be mirroring. So it's not splitting. It's just you got the same stream as the remote part. But if you are hijacking the traffic, we call it stealing, that would yeah. We split it. And then based on the filters or based on just the the port being stolen as well, and we plan to have more capability on on top of it based on the requirements from the users.

22:40 Okay. And in true Russell fashion, who's the regular on this channel, there's always a funny comment followed by a real question. So apparently, SQL is pronounced squirrel. I haven't heard that before, but, you know, feel free. Now the question is, does mother do you work with multiple users at the same time? Does it separate the hijacking of two devs, a and b, use mother d with dev a hat mother with dev a hat dev b's service? Yeah. So so so it depends on the exact configuration. Like, if you do mirroring, then you both will get a mirror probably, and that would probably

23:20 work. But that's what we call mirrordial that's why we build what we call mirrordial teams, which is a control plane for mirrordial. And what it enables you to do is really work concurrently multiple users on the same service exactly. So if you and I work on the same cluster, but each of one of us works on a different service, then we wouldn't have conflicts. But if we want to work on the same service, then the mirrordial teams enables you to have multiple sessions on the same target at the same time by giving you synchronization primitives and also

23:55 making sure that you don't override each other. Alright. Awesome. Wendy also says thank you for that answer. So I won't interrupt you anymore. Please feel free to carry on with your demo. Yeah. Feel free to disrupt me. I like disruptions. So yeah. So and, by the way, if if we do help to clear this up, but this is our setup. It's it's supposed to be quite, like, cover very common use cases, but be very small. So bear with me. So the cloud in our case is me, the client. I can access IP visit counter, which

24:34 implements one API called count. And what count does, it takes my IP and then calls another service called IP info that provides information about that IP. It saves the IP to Redis in order to store the the amount of the the count of how many times I've seen this IP. And it also sends the IP to a Kafka topic, which an another service cons consumes and just prints the messages it gets from them. So that's the setup. Many questions, David? Does it make sense? Nope. Makes sense. Awesome. So, David, what do you prefer? IntelliJ or

25:19 Versus Code? I have a very strict rule, and I have no JVM installed on any of my machines. So, yeah, I guess, PS code wins. I thought you weren't doing politics. I I I mean, it's tech. Everything's politics. Right? But I I I mean, no. I can't do it. I can't run the GVM. Sorry. Yeah. I can blame you. Yeah. So we'll use this code for example. Let me find my window. We also accept NeoVem, Vem, or Helix. All acceptable answers. Yeah. Why do you do you use, Yael? I'm I'm Versus Code. I was just trying

25:46 Starting the Live Demo (VS Code Extension)

26:12 to rile rile up a conflict with Versus Code. I mean, I've gotta say, like Versus Code, language server supports. I mean, it's just a and it it's still quite fast even though it's an electron based application. I've gotta say, they got a lot of things right. It's a pleasant experience. Okay. So you can see on Intel. Sorry. Go ahead, everyone. Yeah. So you can see my screen now. Alright? We could see your Versus code. Yep. You got a terminal at the bottom. You got some code above it. Yes. Yeah. I zoomed in. I did you know? And,

26:46 like, if the zoom is okay, you see good enough? And one more with her. Yeah. Yeah. Yeah. I think that's good there. Awesome. So so this is our cluster. It has nothing that is not the service that we talked about. So we have the IP info service, IP info cons consumer, and a IP business counter. I need to restart the consumer because it dies. I didn't do any option there. That's like I'm not a very proficient goer. I just like that. We did a very fast Wow. A rule out restart instead of just deleting all the pods. That's classy.

27:23 Yeah. Yeah. So this is our cluster. So we have all the services here, and we'll start by just showing like this. The API, what it does. So this is on the remote. You can also like, other people on the stream watching us, you can also access it and see it for yourself. This is all new. And you can see the account increasing each time I have the request. Now I want to start working on it. So this is the service. This is the actual code. It's a very complex code that does this magic. And we'll start by putting a breakpoint on

28:06 domain just to show how it starts working. And when we install mirrord, that's what we get. We get a little I'm not sure how you call it. Like, label button I don't know. Menu menu, which you can click. And once I click it, it enables. So this haven't done anything. This just, like, toggle the usage of. And the next time I run my service, it would use mirroring. And this this one would use a configuration that I will show in one sec. So I can I can use it without any configuration? But just for the sake of this demonstration,

28:47 I would I would use this configuration. It's not supposed to be here. So what I put in the configuration is target. Maybe I'll remove that to show you how it works for, like, Moscow, more common scenario. And yeah. So this is configuration. We still and we'll send traffic only that has this header, and we'll re reload more files. We'll have outgoing traffic, and this is pretty much default. This is the only custom thing that was done in this configuration. Yeah. So now I can just go do my code, click debug. Oh, don't update now. Sorry.

29:28 We had a new version, and I haven't done it yet. So, hopefully, it won't break anything. We're back to testing them prod again. It's okay. Yeah. So can I just clarify a few things? This is a mirrordy Versus code extension. And just by being in this main dot goal for the IP visit counter, the majority extension has this JSON file loaded and knows how to replace that service or how to intercept the traffic for that service within the cluster. Yeah. So the the configuration file isn't required. Like, it what what we do is pretty much everything is very

30:06 Configuration File & Targeting Services

30:14 self configured and very opinionated. So you don't need to configure, like, what, like, what what I show right now. So I removed the target, so now it will let me choose. So now I run it, and now I can choose which target I want to mirror. So I'm running the service, so I will mirror that. And then it does this is when we spawn the agent, and now it's ready. And now we see the service running, and the breakpoint is hit. And you can notice that this so the the process, everything is running locally, the service itself.

30:51 So now we've hit the load config breakpoint. We'll step into that. And what we do is pretty much very common thing. We load settings from the environment So I can just go over that, and then let's inspect the config. We can see that we got some information from it. That's not for my environment. That's what's obtained from the remote service. And now what's a very common thing we do is we read file for secrets and stuff. So in this case, we have this path we want to read. This path doesn't exist on my machine. Either it's mounted, there is no remote. It's

31:05 Mirroring Environment Variables and Files

31:30 no. It's running locally. That's what part of the magical community. So we get here. And now we can see that it was loaded. And the loading happened from the remote part, so we actually got the remote file. If you have any secret, any anything that comes from the remote pod, you immediately add it because you have the and you have the. So now it goes through connecting to all sort of stuff, and we just skip that. And we have the service running now, and you can see it's running on port 80, which is the same port the real

32:05 service is running on. Now I can do curl, and you see that nothing happened. Why nothing happened is because I've put in my configuration file, not this configuration file. This configuration file, because I want to still traffic only with this header. So now I will place this header, and the breakpoint is hit. And you can see also the request is being installed. Why is it stopped? Because it's me holding the request, and I didn't need to respond. So I just let it go, and you can see the response coming in. Thanks. Yeah. Any questions so far?

32:46 Demo Check-in & Q&A

32:50 No. That makes a lot more sense just in that one little demo. You know, I was thinking about it completely the wrong way when I was talking about, you know, the rates, you know, during the interception and the part. But, of course, it's it's just all running locally, and it's to make sure that when I wanna consume Kubernetes secrets or even environment variables for several discovery, any of this stuff that it works even though we're running everything locally. But, yeah, just like a late bulb opens. Oh, yeah. Of course. That's of course, it makes total sense. I was just being a

33:17 bit bit a bit tough, but, you know, hopefully, I had two coffees to taste, so that's okay. Yeah. So that that really helped. That yeah. Good. Yeah. I think I think one of one of the things we we see come on with people is that when we experiment with mirrordea, like, verbally and also from documentation, they don't really get a grasp. Like, they imagine a lot of, like, people promise thirty seconds and very quick and magic, and, like, they don't expect that. Right? And and when they actually see a demo from Unity, they say, oh, this is actually different than

33:48 what we've seen in other in other things. So, yeah, I think a demo a demo also of of really heads. Yeah. So this is the more simple example. And now we can go into a bit more deeper example. So what we do in the request so I said it sends a request to the upstream service. And the upstream service, we propagate headers, which is very use common. You can also use observability headers that usually propagate to web, like, it's race saving. And you can use that also to steal traffic based on that. And then when we do that,

34:01 Advanced Demo: Upstream Services & Header Propagation

34:35 we go to the other service, which is the upstream service. And I will also steer on the based on the same header filter. So now let's go to the code ID info wait. It contains something I didn't want to show. One second. I don't see that. So this is my code, and now I will run it. And if you notice, the info which returned was. And now this version that I have locally is LovesAAA, which is you a A is an acronym for, I don't know, something. So DNAForAPV6. Right? Yeah. Yeah. So now I can

35:39 you can see that the real service is answering. And when I do the header, it propagates and then gets to me. So now I can still let service inside the cluster that isn't even in being ingressed and exposed externally. I mean, now we can see the response. It's also for my local service. Yeah. And that's, like, the very basic demo demo. Yeah. I think we can stop it here for now. Like, we go we can go, like, more interactive. But Yeah. So the so this call so this is working with it. If I tried to read from

36:03 Demo Complete & Q&A (Syscalls, Kube API)

36:19 the environment, it's intercepted. If I wanna read from a fail, it's intercepted. If I make a DNS resolution or network request, I'm assuming that gives intercepted and handled appropriately too. And, I mean, not really that relevant maybe to the audience, but I'm just curious because I work in a lot of Kubernetes, like, controllers and operators. If I wanna hook into the Kubernetes API, use the service account, get a lease and stuff like that, that would all just work. Yeah. So funny story. So we said we developed mirrordial teams. Mirrordial teams is an operator. So we dug for the lot. So

36:49 and and the operator wants to the cluster, and then the operator of mirrordial, the sponsor instance of mirrordial. We debug it using mirrordial. So, if this works and not releases and everything, we actually had a very, tough bug, where, I can't remember what exactly happened. What happened? Yeah. Okay. So funny story. So we I debugged the operator, and then I saw that it access it's accessing the external IP of the Kube API because it uses the Kube API. And I didn't understand why. And then what I found out is that the we use Kubernetes, which is great great for

37:41 developing Kubernetes APIs in Rust. And the the the first thing it does, it looks up for a cube config. And we exclude it by default stuffs that come from slash users because that's usually stuff you want to be obtained locally. We have a lot of defaults to make a very seamless experience. So it actually used my local cube config file instead of using the environment variables of the remote of the remote cluster. So I I was like it took me, like, two days to realize that was going on. It was tough. But yeah. And and now we are explicit.

38:22 Use only classic. So yeah. Nice. I think that's the first time I've mentioned Rust, which I'm actually surprised about because normally, like, that's the first thing I try and say in every stream. But it is all written in Rust. Right? Yeah. Everything that's not extensions, which we have to conform to the SDKs of the vendors. Yeah. Everything is rust. Yeah. I really like Kubernetes. It's a very cool project. Yeah. We do have some Unmaintained also. Sorry? Well maintained also. Like Oh, yeah. Yes. We we send a lot of stuff out to him, and he's very responsive and very friendly. Really

38:59 appreciate him. Yeah. Alright. We've got some questions. So let's let's start with the one from. If my local process runs on Port 80 and the service is on Port 88, can I matter eighty eighty to remote Port 8 locally? So do you have do you have any control over the the way the ports work? Yeah. So maybe I'll share my screen for that because think we're gonna one too. Yeah. So like we said, we we really like having like, we we desire the user experience to be that you can just plug it in and and it works for you. But as

39:35 you want the more advanced configuration, we have tons of configuration for you. So in this case, we're talking about the incoming traffic. So we have here port mapping. And port mapping, you can say exactly that. It's also auto completed to, yeah, the same map and mapping. So that this says that, okay. Locally, I listen on 80, but remotely, I want to steal or mirror eighty eighty. Okay. And does this just use whatever cube context I'm on? I'm assuming you're not having to provide any other information. I'm just making sure that your current session is using the

40:12 right or you can also point to a second. Okay. But it gives us the other local one. Yeah. We use the default API of QRS, which does you have a cube config end, which also cube context should set. So, basically, yes, it should work quite quite seamlessly with the Kubernetes experience of your local machine. And can I set the context if I have a KubeConfig with multiple context, or would I have to switch locally first? Yeah. You you need to switch it locally first. Yeah. I think that's probably expected, so no big deal. Alright. Russell asked,

40:50 sorry. I think I missed it. Are the files red just in time? So when a syscall is executed, or do you do any scanning parsing to pull them at the start of the session? You can answer it now. Yeah. Yeah. I think we've seen that through the the breakpoints. Yeah. So Yeah. I actually saw that Mugul from our team answered in the chat. But just to reiterate, the the read just in time. We hope the file reads. And so when I when your process tries to read the file, that's when we pass it to the agent. Agent reads the file,

41:25 pass it back to you. Okay. Alright. Went says awesome. We will test this in our environment. It's good to see. Russell has been in your documentation and sees that it had sent to the epsies who works with first spells tool. I mean, I'm assuming it worked with with most applications. Is that a fair assumption? Are there any gotchas that people should be aware of? Yeah. It works with most applications, like, applications that I would say love people. And, like, yeah, the exclusion would be Go on Linux that tries to go to direct Cisco, and then we directly

41:50 Application Compatibility & Gotchas

42:06 hook the Cisco calls of Go. So that's what Russell meant. Like, we put specific we we have a specific stream or customization to work with Go. Currently, we work with Go only on x 64, which is the common processor, and we need to add the same for ARM, but we haven't gone there yet. Usually, people just prefer to run it locally. So on macOS, they can't use a directical Cisco because Apple doesn't provide stable internal API. So that's nice. Thank you, Apple. Yeah. Working on a Mac just gets easier and easier. Right? Anyway, let's talk about, like,

42:50 Getting Started & Team Adoption

42:53 you know, let's say I I just I wanna make my life easier for developers and my team. I think matter is easy answer. No. Do I just start going to all of my projects, all of my repositories and adding the matter d dot JSON? Do I put make fail targets in where people can just run the matter d CLI? Like, how do people get started? What's the preferred way? What's the most what's the lowest friction way for teams to start adopting us across all of their services? So Let me prefix that. Right? Because there's a

43:26 bit of context in my head that I've not really verbalized. And what I was saying really is that that's better data JSON. Does it just work with the Versus code extension? Does it work with the CLI? What's the preferred approach for teams moving forward? Yeah. So, basically, what the extensions do is they use the CLI. So everything works with a config file. So everything that you can do in the extension, you can do in the CLI. The extensions are just, like, giving better use experience and better settings when it comes running from ID. In public, what we see people sometimes, they

43:58 execute via the CLI using make files, using trust files, using Bazel, and then they use the ID to yeah. They use it to we just had someone in the discordash in. I not the first one. It's, like, the third people a person that they asked about it. And then they launch it using immunity, and then they attach the debugger, for example, using the IDK. That's less of how we see it being used, but, of course, anyone can adopt it in any way they can they want. Yeah. So so when it comes to adoption, so I think one of the advantages, like,

44:35 compared to other alternatives, is that you don't have to install it for everyone. You can like, I'm I'd be around my IC, mirroring. I can just get started, and that's also what we see. We see people getting started. Initially, use it for the specific use case. Like, I would say, one of the first use cases they that comes to their mind is that they want to debug. Right? That's an ability we lost as back end engineers. Like, oh, we just add logs at the tracing and deploy. And, like, in the best case, you know, we can attach a debugger

45:02 to the remote environment, but, like, it it's not very comfortable. And, like, the first thing they use mirrordial is for actually debugging using the ID. And then as they use it more from and as they use mirroring more and they gain and they get more confident with it, they realize they can just use it for developing on a daily on a continuous basis. So now I can just each change of code I do can just run it in a few minutes in a remote environment, see that it works, and then write the test. So instead of, like, thinking about

45:36 all the scenarios I'm gonna meet, what kind of database, what data in the database, what what's the relation? Can just plug it in, see what happens. Okay. This works. Okay. Let's write a test that's covered. Cover more, let's say, mild mild cases, but not like the extreme edge cases to cover everything so it would work in any case. And, yeah, I would say that's, like, usually the road. Okay. Let's dive into this config a little bit deeper then. So right here, we have an HTTP filter. We're doing a header filter. We're looking for the PG tenant as other. Is there any

46:05 Discussion: Configuration Options & L7 Filters

46:15 interpolation on this file? Can I use an environment variable to put in my username just to pull out certain things? And I'm thinking this is on a get repository. It's shared with the entire team. Can we inject something in there? Yeah. Actually, that's a good idea. We haven't thought about it yet. But, yeah, in interpolating settings, like, the team is also on the chat, so that's great initiative. But so right now, it's static. Like, you can commit it, but you can it it's not something you can reinterpret or extrapolate for all of that matters, unfortunately.

46:56 But I I that's a good idea. Okay. And are there any other l seven aware failures beyond HTTP? Does it understand gRPC, Kafka? What else's options are? Yeah. So when we talk about like, we divide it into two categories, like, you have incoming and you have outgoing. So, you know, Kafka, you pull. We don't consider it incoming. We talk about the network stack. Like, is it an outgoing connection? Is it an incoming connection? So on the outgoing level, which applies to Kafka, we don't do anything special. We just let you connect to remote service. We do plan to have more, like,

47:10 L7 Filtering & TLS

47:34 filters and and smart application level protocol features. But right now, it's just, like, plain connection. So anything you can connect to, you can connect to from to the remote service. And in terms of the incoming, right now, we support h t p one, two, and that covers gRPC. So as far as we know, gRPC is over HTTP usually, HTTP two. And the headers of the metadata of a gRPC, the back of the thing goes into HTTP. So you can also use the HTTP primitives to filter and work with gRPC. So Are there any problems with TLS to interfere

48:19 with this, or does it just work out of the box? Yeah. So in let's say, the best practice when you use MTLS, in cluster TLS, usually have a sidecar. The application doesn't do TLS. I I hope for I mean, like, unless you do an operator. The t TLS is done on a sidecar. And, also, in the an operator, actually, you can do a cycle. But, usually, it's a site code. And then because MewD enters the Linux name of the real process, we just get the plain traffic. So once TLS termination happens at the same card, then the local traffic is unencrypted, then

48:57 it just it should just work that way. Yeah. But if you use TLS, you can't use the the HTTP filters. You can just steer the port, and then you terminate it locally. So that would work. Like, that's how we develop with the operators, for example. K. I think last question from me right now. So if anyone watching has anything they wanna ask before we finish up, please feel free to drop it into the comment section. But I looking oh, yeah. I was just doing basically I'm looking at your config, but it disappeared. But it doesn't matter. I was looking at

49:14 Targeting Deployments vs Pods

49:30 your conflict and you're targeting a deployment called IP info. Think it was. Does that inject the oh, does that work for all the pods and the deployment? Is it just a specific one? How I mean, it doesn't even matter. I'm not sure. Like, how does that work? Yeah. So in the open source version, what it does in the when you specify deployment, you just choose a random pod. Like, the first one it encounters, which means random. In the operator, it enables you to really work on deployment. So now instead of stealing from one pod, you can steal from the

50:02 all of replicas of the same deployment. Yes. So it's a good question. Okay. Awesome. Alright. I'm not sure if Dimitri is on your team or not. But Dimitri has commented saying that some things can be overwritten by environment variables, but not all. Is Dimitri on your team or just a random helper? Yeah. Yeah. Alright. Perfect. Alright. We got a question from why I'm all who messed up again. Shame. I guess you could always watch back. It's on YouTube. But the question was, can I matter to an app running on my host? Would be perfect for the build to pricing

50:10 More Q&A

50:42 cycle. Yes. Exactly. That that's what we really does. And we agree. It's perfect. Yeah. Good. Just jump back to the start. Check it out. The demo was cool. I hope it helps. Question from Russell. When you steal traffic, can you steal a subset traffic with a certain header set? I think that's what we showed. Right? Yeah. So we showed that. You can still base on header filtering. You can still base on path, and we're happy to add any more filtering conditions that users want. Okay? Just request it. Alright. Thank you from why I'm all I

51:19 guess we confirmed exactly what they needed to hear. Alright. Let's talk about the future then. I think we've covered the problem pretty well. I think we've seen there's a really good solution, the integration with Versus Code. Any of those intelligent people out there. I'm sure it's just as good, but we now have a tool chain that allows us to develop a a pretty strong developer experience. And what's coming in the future? You've met mentioned matter of data for Teams. Maybe you can talk about more of it there and maybe what else is what what's on your

51:22 Future & Roadmap (mirrord Teams)

51:48 road map or agenda for the open source plan as well? Yeah. So there is mostly to enhance the experience of mirrordial, like, cover more use cases and become, like so right now, start mirroring. And when we try to to start from the very primitive, like, we really like going very lean and see what users react to best. That's what we did from the start and what's we what we want to keep doing. We do have, like, a a more, like, broad road map, but, essentially, that's what we do. But in terms of of what we want to do, so so

52:25 so the longer term vision is that community starts with a very intuitive and naive way. So just steers traffic and just redirects traffic to the cluster. Seems easy, but it provides a better user experience than any other solution you would have. But as we develop it, we had HTTP header filter. We're gonna have application filters for the outgoing traffic. So now you can duplicate the Kafka messages. You can provide the best way to work on the remote environment without while controlling that your effect on it. So that is to make mirrord the tool you can use daily,

53:02 and enables you, let's say, the best way of isolating yourself while developing while not really spinning up the whole environment. So we get the best of both worlds. You get a real mature remote environment while, you're able to control and not contaminate it. K. Alright. Let's gonna ask the question that's been on my head for the last fifty three minutes now. Why is there a GitHub, like, behind you and not a mail there? I wanna see one of those lights in the mail there. Sorry. What's the question? I didn't get it. You've got a GitHub lamp behind you. Right?

53:43 The neon sign? I mean, I'm looking at the middle there. Neon sign. Yeah. He didn't get a free neon sign from metal there, only from GitHub. So Oh, you need to make that happen for the next time we have an episode. I'll take that. Yeah. LED sign. We'll go. We just have shots right now. Let's see it. One second. Yeah. There we go. The full thing. Nice. Very cool. Like it. Way, Al is the creative director of. All the ideas of design that's where it come from is steam in hell. I'm like, oh, no. It's just I

54:21 do outsource, so I know the audience. So Yeah. I look into brand enhancement, but it doesn't do actual design. It's it's better than, like, it's on my level. So Yeah. I mean, I do a lot of front end design, but I go I go as far as black text in my background. That's as good as I can get with CSS. Same. Alright. Where can people learn more? Do you have a Discord, a Slack community, a Discourse? How can people get involved? You know, do you have PRs? Welcome. Issues, easy, get started, all labels. Like, tell people how they can help you out

54:43 Community & Getting Involved

54:58 with with what you're doing at mirrordea. So we have a disco channel. We like to see it as a back end engineers community. So it's like you have mirroring channels and you have general channels. You can use any of those. Like, if you use mirroring, you can ask questions for support or maybe get mentored for a PR. And, yeah, we welcome PRs to all of our repositories. Like, there's big open issues. We try to level those. So if you want to hit an issue, let us know. Happy to jump on this call, explain it further,

55:30 help you get started, help you get into Rust, get into Kubernetes, this kind of stuff. I'm not sure if it's the first project to get into Rust, to be honest, because, like, we have maybe at some point that are simple. But, like, if you want to do advanced Rust, I would say that's a very good project to look at it. Yeah. So happy to see all of you in Discord, and feel free to reach out Discord, GitHub. I don't know. Any means of communication that is not, like, coming to my front door. Like, you can come in to my

56:08 front door, but, like, invite them. So Awesome. Well, I encourage people to join the Discord. Check out the project. If you enjoy it, you run into any problems, open issues, comment on this video, and we'll do your best to get you some help. We have one question as snuck in right at the end there. So we'll answer that, and then we'll wrap up for today. But YMO asks, there is Go code in the repository. Does that mean that you have an SDK and Go people can embed? So that's a great question, actually, because we don't

56:26 Final Q&A (Go SDK)

56:40 have any SDK. You just run your process using Unity. I didn't show that, but you can run curl using Unity. Like, we had a user saying that that used to upload configuration into the cluster. I assume that was, like, a XTP or something like that. And it just just kill to post that request into the XTP. So you can run everything on your machine. So go comparison to a binary, and then we run it using. So anything that is a binary, can use mirroring with. No SDK. No integration needed to do from your side. Just plug it into your

57:12 ID and start working on it. Awesome. Thank you for that. Alright. We'll finish with Russell's comment saying thank you for the demo. Matter of the looks like the future of developing in Kubernetes. I don't think I can see anything better than that. So we'll wrap up. And thank you both for joining me and for sharing your knowledge and everything that we've learned about Matter of the is there any final words before we finish up? Wait. We show pets? I I can I can bring Jimmy in? Yeah. Yeah. Yeah. Right. Jimmy. Jimmy. He was crying. So

57:18 Conclusion & Wrap-up

57:47 This is Jimmy. He's a little demon. He wants to Yeah. Anyone joining Middlebury gets a free yeah. A free dog? Free dog. Yeah. Did we not mention that? Alright, I'll send my CV right after this call. Yeah. Yeah. Alright. Any more pets to be shown? You got one there? Yeah. It's serious. It's haunted. And then all that. I don't I don't have mine in my office. My my pets are all at home, but next time, for sure, I'll bring some in for the day. Alright. Well, thank you again. It's been an absolute pleasure. And I really love what are

58:30 doing. I hope everyone else enjoys this demo, and we'll see you all soon. Have a good day. Awesome. Thank you. Bye, everyone.