0:00 Introduction to Kairos - The Immutable OS

0:00 Laura Santamaria: On today's episode we're talking about Kairos, which is Greek for weather or time, or honestly, nobody's quite sure, but it definitely has AI and OS in it, so we're going with it. David Flanagan: We got to chat with Mauro and Dimistris about their CNCF project that lets you turn any Linux distribution. Into an immutable operating system because why support one distro when you can support them all and never have any sleep ever again? Laura Santamaria: David asked what kind of masochist wakes up one morning and decides to support every Linux The answer was complicated.

0:36 David Flanagan: We learned that progression from pets to cattle. Wasn't and isn't enough. Now we need appliances. Apparently your server should aspire to be as unchangeable as a smart fridge. You know the thing that definitely never needs a firmware update at 2:00 AM we went deep into initramfs, AB partitions, and overlay mounts. The good news, your home directory survives reboots. The bad news. So does your shame when you realize you've been SSHing into nodes like it's 2015. I am glad David managed to mention Nvidia. Which now is the official code word for AI in any Cloud Native ecosystem.

1:15 We also discovered that home lab are apparently the secret power users here because nothing says I value my free time like running an immutable operating system cluster on a stack of Raspberry Pis. And the name Kairos. The team originally thought it meant time. But their Greek colleague who they didn't consult, informed them that it actually means weather, which works because when you're sailing Kubernetes, you want good weather with you. I think that metaphor. crashed some somewhere around the third nautical reference as did my sanity. Yeah. Laura Santamaria: There you go. Despite the lack of rust, enjoy this immutable episode.

1:54 Meet the Kairos Team

1:54 Mauro Morales: Hello everyone. My name is Maro. I am originally from Guatemala, but I'm living in Belgium and I am part of the maintainers of Kairos. Laura Santamaria: Welcome. David Flanagan: and Dimitris. Mauro Morales: Thank you. Dimitris Karakasilis: I'm Dimitri. I'm also working on the Kairos team. One of the maintainers, I'm located in Greece. David Flanagan: Well, we appreciate you both joining us today to sit down, and talk technology. And I'm very excited for this one because, we've had a couple of conversations now on Linux operating systems, immutability and I won't put words in Laura's mouth, but I think there's some of our best episodes we're gonna have

2:29 to continue that and carry the Linux mantle even higher in this episode. for anyone who's listening and is not Mauro Morales: That's cool. David Flanagan: With what Kairos is, can we give them the elevator pitch? Mauro Morales: It is, a tricky one. Laura Santamaria: Oh boy. Mauro Morales: putting the elevator pitches is not so easy, because Kairos does many things. But, to give you an idea, it's a tool or a framework to convert systems into immutable operating systems. Yeah, there's a lot more behind that, but maybe that's where we can reduce it the most. Laura Santamaria: you know that that's a pretty good elevator pitch.

2:37 Understanding Kairos - Elevator Pitch and Core Concepts

3:07 I think that kind of works. So basically it it's a tool chain, is what you're saying? It's a tool chain to do things or is it more than a tool chain? Mauro Morales: the thing is with operating systems, one thing that I've been noticing, since I've been working on this team is that there are many things that we give for granted on the operating system, right? For example, the way it normally, upgrades, You change the system where you are in, into the system that you want to be in the future. and that is normally done through some package manager, but when you

3:38 move into this concept of immutable systems, you start realizing that the package manager is actually kind of a problem for you because it can leave you in states that are. Somewhere in between and that you don't understand why it was left in that state. and if you have a fleet of machines, you don't know which of the many of them ended up in one of those states or many of those, right? so it changes completely the perspective because now you start thinking more of lifecycle. and that's where all the different other things, that I was mentioning of Kairos come.

4:12 David Flanagan: All right, so. We will start on the easy mode. Laura Santamaria: He's being nice right now. David Flanagan: but Kairos, no, no, no, no. It's just the, there's some, you know, low hanging fruit. It's just batter that out and then go straight into the fun stuff. It's the stuff that we'd like to talk about. But it is a CNCF project, right? that is in the Linux immutability space, is an operating system, potentially com and allows you to build operating systems. and there's a whole bunch of things we can get into in that, but feel the end

4:40 user are right for those people that are sitting here staring down in that CNCF landscape document going, what the fuck? Where I start? What is Kairos to them? When can they use it? What does it do for them? And then we'll get into all the nitty-gritty details. Mauro Morales: Lemme just, Dimitris Karakasilis: So the way I usually approach it is I'm trying to understand what we need, Is useful to you if you're managing infrastructure, if you have any number of machines that you manage than your desktop, like your workstation, which is a general purpose system.

4:53 Kairos in Practice - Use Cases and Benefits

5:07 But if you have infrastructure in the sense that, you're deploying workloads, you need, no matter what this workload is, Kairos is useful to you. So I've seen people finding Kairos very useful for use-cases I've never thought of. So we have people, using it to deploy machines in school labs, just because of the inability and the easy way to reset the system every time, down to customers using it out in the field on and such. So, if you are deploying workloads on any kind of, hardware, Kairos is probably useful to you. No, I want to say, just to clarify, it's not, our invention or something.

5:49 That's the way things actually work. all the cloud providers have something similar to Kairos to manage their infrastructures. everybody has come up with some version of it, but we think, I mean, there we can talk the differences later, I guess. Maybe, correct me if I'm wrong, but I think maybe the most unique, feature of Kairos is being distro distribution agnostic. it doesn't force you into using one specific distribution it allows you to convert any distribution, your favorite whether, vanilla version or your customized one into an operating system. Laura Santamaria: So basically what you're doing is not starting from just the iso,

6:34 you're starting from, here's my operating system that's currently running, and then building your immutable image from there. Dimitris Karakasilis: By running, you mean? working kind of running, Laura Santamaria: Well, so I've gone through and I've set up my operating system to work on one machine, and now you wanna take it and move basically from the pet's version to the cattle version. So Kairos takes the version that you have set up that you've kind of been able to get together however you want it, it smushes it into a package or, an image in this case, that you can then just plop onto multiple

7:08 machines, is what you're telling me, Dimitris Karakasilis: That would be, Laura Santamaria: misunderstanding? Dimitris Karakasilis: yeah, that would be a concept snapshotting. So it's a bit misleading. It's not exactly that. So it's more like you got your os working and preferably you got it through a docker file because that's our preferable way to build. So we start with the container to be clear, Kairos doesn't need a container runtime. We just use, the container image as a way to distribute artifacts. So let's say you build your operating system in a Docker file and you push your image to a registry, you can pass it through the Kairos tooling

7:43 and get an immutable OS out it. for example, you could have, a single board computer, like an Nvidia board where, usually it comes with an operating system that works with it. you don't want to switch from Ubuntu to open source. Try to make it work because Nvidia told you Ubuntu is working, right? So you got your golden image, the thing that works. by taking it through Kairos, you get a lot more than what you had originally. So you have a way to upgrade your Nvidia without even, so like over the updates, immutable OS with AB upgrades, right?

8:17 Even remote management, if you deploy Bernet. So. Mauro Morales: Yep. Kairos is, the declarative os So you, you don't start from a system that you SSH in and, and you configure in the way you want, but instead you have Docker files and, YAML that both of them, help you configure. The system either, before you even. Put it in the machine or, after, you know, like, like, the difference between a docker file and, and a cloud init, execution. So to some degree we could say it's like the recipe or the cookbook or whatever other, from the different configuration management systems.

8:25 Technical Deep Dive - Building and Managing Kairos

9:01 And, I like that you mentioned this idea of going from the pets to the cattle part. And what we like to say is like, okay, the pets to cattle part was. a great progress that we did in the industry, but unfortunately we never fixed the, proper issues that were behind there. That it's drift, right? Like if you have, drift and you have configuration management system, you might say, no problem. Because it will run every five minutes or every 10 minute and, and bring back to, to the, correct direction where this system was designed to be.

9:35 But the problem is that, There are many things that your system might have that were not in the recipe. So if someone hacked your system and put, root kit or whatever your recipe doesn't know, oh, I need to remove the root kit that someone else put in there, right? So. The problem of drift is not really solved. It's just kind of like patched to some degree. While with the approach of the immutable system, what we like to say is that we were, we are now going from cattle to appliances. The idea is, you want to have something like an Alexa like, you know, smart tv,

10:12 smart refrigerator, where people don't really, Have to even think of recipes and these kind of things, but only, okay, I'm gonna get the next upgrade. And, it's either happening or not happening. There's no in-between state, between these two. I don't have to, manage it, to the inhibit. Details. if something goes wrong, it will roll back to the previous version because you always wanna have an appliance running, right? So, um, that, that's, uh, how it, uh, relates I would say to this, uh, pets and cattle, um, analogy. David Flanagan: now. I don't want to simplify anything that's being done.

10:50 Right. But I'm trying to work out how this works. And I know there are other operating systems in this space that do immutability and AB upgrades, but they don't allow you to bring your own operating system. At least not that I've seen. Right. That's a pretty unique feature to what Kairos is offering. So I'm assuming because it's container image based, is you're, you're, you know, unrolling that OCI image to get a file system. You're sticking, read only flags across everything except slash var, and then you're setting up AB partitions on a disk and that's your job done.

11:21 I'm sure there's a lot more to it, right? But am I in a right kinda rough idea of what you're doing here? Mauro Morales: Yeah, I would say that's pretty good. we start from the container image, then with one line of Kairos, we initialize the system, we call it, which basically takes, um, uh. Make sure that all the packages that we are going to need are there, plus whatever other packages you, included in your system. from that we produce, a Kernel and an initramfs, which is that, that's an interesting distinction. to mention, because generally when you're installing most, general

11:57 purpose, linuxes out there, the initramfs is created at the moment that you are, installing the machine. But in this case, we already ship it. So that means that you can, in terms of security, you can already start signing. These artifacts, beforehand and sending them to your fleets. once you have that, you have, what we could call a system OCI image because it could be buildable at this point if you put it into the right artifact. there we create the ISOs net booting, raw images, cloud images, whatever you might need. and then. You spin up the machine and you have, like you were describing,

12:34 Kairos takes, the responsibility of making it immutable, which means yes, putting some areas of the system, as read only other areas are, overlaid. Because, for example, between the active and passive partition, you might wanna share, for example, your home directory, right? Like, if you upgraded your home directory, you don't want to touch. and normal read, write, areas like you were saying with var, To say something logs, right? You need your systems to write logs, and you don't want to mix the logs between the active and the passive. you want those to stay in the correct system.

13:09 Challenges and Unique Features of Kairos

13:09 David Flanagan: Are there any trade offs being made by building the initramfs so early in that pipeline, rather than knowing the device that you're gonna cater to, because I believe that you need, that's responsible for including any drivers that are specific to each individual device. So is that things that need to be known upfront? I assume there's some challenges there. Dimitris Karakasilis: Yeah, you need to think forward, Mauro Morales: good question. Dimitris Karakasilis: the good thing, like Mauro said, is that you can try that on the lab and really try that because nothing is happening in real time.

13:37 When you deploy or upgrade the image you're gonna test in your lab is gonna be the exact same image, to the last byte You're gonna try in production, so you're more confident. if you miss something right in your or whatever, this thing is not gonna build again. When you deploy, you may have a thousand nodes, a thousand machines to upgrade. Every machine will get the exact same image. there's no way that during the process of a package or building other thing would happen, in the standard case, gonna break. you're more confident because you've done that.

14:14 You've done everything beforehand. You've tested it out, so, you're just applying the image everywhere. Mauro Morales: yeah, you really need to plan ahead. that is kind of like a pro and con, depending on where you're seeing it, right? Like in terms of, if you're expecting a general purpose system, it feels like a con because, you want to be able to change it anytime if anything happens, But if you're planning ahead, it's definitely positive because you could also think, okay, but look at this particular system. We actually don't need all these extra firmware because it's very minimal.

14:49 It only has these two, three things. So, you can remove all of that and build your initramfs with a, smaller footprint, for example. David Flanagan: So with that being said then the fact that you support any operating system also leaves a few questions in my head, right? Because you mentioned that, it's a container image. I can stick whatever I want on there. I understand the package manager and all of that. But I mean, I'm assuming there's some Kairos bits that need to get into that image too. I'm assuming you do, that's just out the use of, you know, Red Hat packages,

15:21 Debian repositories, anything like that. I mean, what does it look like for you to. bless that image with the stuff that you need. I'm sure there's a better word. Prime it. Maybe prime the image with the tools that you need. How do you do that? Dimitris Karakasilis: So originally we based everything in Docker files. So for every different flavor we had a different docker file and we applied all, all the bits and pieces to Kairos-ify it, we realized it's, very complex the way we did it. So, we contained the complex in one tool called kairos-init.

15:52 So that's the only thing you need except from your upstream OS. you call kairos-init, encapsulates all the logic for every label we support. So it detects, for example, your Fedora, so it knows you have to have these packages, it installs them, like the provider, the agent, there I think three or four we put in the image, and the rest is just configuration supporting package. Mauro Morales: Yep. Dimitris Karakasilis: distribution. Mauro Morales: the thing is, even if, all distributions might ship, I don't know, grub, they might call it differently, right? So we need a. Single source of truth to know how it's called in different distributions.

16:38 and also, I don't know, there are basic packages that we're gonna need, for example, for partitioning your system, right? the funny part is that, a lot of these, packages, these programs, have So much functionality that we don't need in order to convert it, to a Kairos image. So one of our colleagues, Itxaka has been, in the task of saying, you know what? I'm gonna write our own version in go to do that. and that has been pretty cool because, I mean, you cannot compare it, right? Like, for example, gdisk does so much, gives you so many options

17:13 to partition, a system while ours only does that, which Kairos needs. but it's really cool because, you start realizing that everything is. contained within one single binary. what I'm trying to say is when we see it's feasible, we bring it, into the, kairos-init, so that we'd have, the least amount of dependencies so that we don't have to figure out, wait. What is that package in this distribution? And, or, or be stuck with. Wait, did they, actually remove that package? Did they renamed it here and there? that, those kind of problems David Flanagan: I'm gonna ask the hard question now.

17:47 So brace yourselves, but you know, now that you're at the point, right? I, kairos-ify or kairos-init, you know, some sort of binary that then has configuration that says, this is how I make this work for Fedora. This is how I make this work for Debian and this is how I make this work for, for Arch Linux. Right? Whatever you wanna support at that point. And then you get into, okay, well how do we slimify this image down to be smaller? At some point, the question in my head would be, well, why not just control it vertically, right?

18:13 Control the OS and just so you have to use Kairos OS, which is our predetermined, prebuilt, super slim operating system. Or you have to use Fedora. What was the idea in your head? What was the mentality? Why did you decide we should support whatever our customers want to bring? Like what was the, the driving factor there? Mauro Morales: there are different reasons, to be honest. it, it, the thing is, when you, see a enterprise, you will see that they have different needs, sometimes multiple needs within the same enterprise, for example, some, people are already paying for licenses and their

18:31 Why Kairos Supports Multiple Distributions

18:47 security department, requires them They continue paying for their, for example, Red Hat licenses. So in that case, if you needed a solution you find this, other, immutable system, very cool, and you would like to bring it and give it to your developers, but all of a sudden you cannot use it. in the case of Kairos, no problem. Let's just transform it into an immutable version of that original system, that you're already paying licenses for. Another case is what, Dimitri was mentioning, with, Nvidia boards. Nvidia basically tells you this is the OS that you are supposed to use and

19:24 if you do something different, your on your own is your problem, right? So, ideally you, just check what's inside that OS most of them are starting with, for example, Ubuntu 2204. You check which firmware they install, and then you can put that into your Nvidia boards Each, user has different needs. It might be size, it might be, your team already has certain know-how for one of the distributions. so on and so forth. Dimitris Karakasilis: I can think at least one more important reason if I can add to that. So, the way it's built right now, don't only think about different, distributions.

20:02 Think about. Not dealing with the base. We could as well just have Ubuntu But let's say you, you build a company, you invest a lot in Kairos. And all of a sudden, the catalyst, meaning tender scheme is too small for you because, CVEs come out too quickly and we are very, I don't know, very busy building features and all right. And you keep pinging us and say, Hey guys, you're not pushing the images fast enough for me, right? What do I do? You don't need the, Mauro Morales: Yeah. Dimitris Karakasilis: the Kairos team anymore. So we have, for example, a usable pipeline, a GitHub Action.

20:36 Where you just specify the options in your YAML, you can put it in any free GitHub repository, right? And get your own, Imma nightly every night. You can build an image, you don't even have to wait for us. by separating, how you build the base imas. You are completely free from that. You don't need the Kairos team to stay up to date or make modifications or anything. You don't need us, for example, to create a package, a new package, that is not there. You can build it yourself. Apply that before even kairos-ify the image when you're satisfied.

21:04 So when you create Kairos image very little. Uh, yeah. I may, may, I shouldn't promise so much, but there's not a lot of assumptions. Kairos makes. Right. For example it expects systemd or openrc to be there? Um, I don't know, maybe it expects, certain disk size things like that, requirements, but there is not a lot. So if you started from a popular distribution, it's very likely that you can make a Kairos, um, artifact out of it. David Flanagan: thank you for that. That was great context. And you know, as you were talking, I was thinking, you both look like nice people.

21:40 And I'm curious, you know, you're going like, where the hell is he going with this? And Laura's Mauro Morales: Thank you. David Flanagan: at me, Laura Santamaria: Geez, David. All right. David Flanagan: but I imagine that it takes them terrible people with too much spare time and an alcohol problem to wake up one morning and go, I'm gonna build a toolkit to make any Linux distribution immutable. Right? I mean, that's a certain kind of masochist. Laura Santamaria: I, I, I mean, I mean, hold on a second. There are more than one set of tool chains

22:03 Exploring the Motivation Behind Kairos

22:09 David Flanagan: Yeah, it probably all built by the same self-loathing, masochist. But I'm curious, like what was the motivation? What made you wake up one day and think, this is the problem that I wanna solve? I'm assuming it is to do with your roles maybe as Spectro, maybe it was a previous client, customer, whatever, like there, there must have been an origin story. What made you wanna solve this problem? Mauro Morales: Mm, that's a good one. I don't think we are the right people to answer it because Etorre, the main, creator of Kairos, yeah, but I can try to give a bit of

22:27 The Origin Story of Kairos

22:37 context there maybe, and save his reputation, as a masochist or not. We'll see. I think it comes from, K3s at some point had, uh, OS called K3OS I think at that point they moved to SUSE or something like that. And of course SUSE already has an OS so I think SUSE decided not to go with the K3OS version, but instead they have, something that is called MicrOS, I believe. sorry if this is not very big. this is the legend that I know. Yeah, Ettore thought it's actually a great idea and it would be great to

23:16 have it on different, systems, not just on the SUSE version of it, let's say. And that's how, he started, seeing if it could be implemented in different, operating systems. I think there's also something related about, another project from SUSE called Elemental Toolkit. and the two things together allowed him already to do. A lot of this, so it's not like he started from scratch, trying to solve the problem. There was a big portion already working. Laura Santamaria: So I guess my question is when I take a look at this, full disclosure, obviously I work somewhere, that has a similar thing

23:45 Comparing Immutable Operating Systems

23:55 that got donated recently to the CNCF. So there's the bootc project that's also in the CNCF. Mauro Morales: Yeah. Laura Santamaria: and there's, a number of other groups looking into the immutable operating system. We have the systemd one that is trying to do the immutable operating system or the artifact based system. David Flanagan: Yep. Laura Santamaria: System Systemd itself is actually working on a tool chain does some kind of update in place, layering of an operating system. Mauro Morales: got it. Yeah. System, uh, extensions. Laura Santamaria: like, something like that. I, I guess I'm just curious and there's like OS tree, which was the

24:28 precursor to bootc, things like that. I'm kind of curious how everybody kind of ended up at the same spot, which is interesting, but also how are various pieces different across all of these different. tool chains and different systems. don't know a ton about it, so as much as I might know a little bit, I know only a little bit, I know enough to be dangerous. How about that? But I'm, curious, how do you see yourself in the ecosystem? How is it different than some of these other things that are out there, knowing that there's also the ecosystem outside of the CNCF that is exploring the same

25:02 thing, and why do you think that now? Is when people are starting to look at this, caused this interest all of a sudden? Mauro Morales: I think for that we do need to touch a little bit on the story because, I think this has started, a while ago already. I don't think this is very new, to be honest. If I understand correctly, some of the first to try this out where, Google with, Google COS or COS, I don't know how they pronounce it, and, the same thing with, CoreOS. I believe. I don't know if they happened around the same time or not.

25:09 The Evolution of System Immutability

25:33 I think, CoreOS was aiming already at, container workloads and started seeing the need for immutability in that sense. And I think, on the other hand, Google cause was thinking. on their, laptops. What are they call, I, I forget, the Chromebooks, correct. So how, how to provide overthe air updates like you do on, on Android, but on a Linux system, right? And so I think. The problem has, existed for a while and we've seen that the immutable system is actually a good solution for it because if you see how people use Android, iOS and Chromebooks, it does work pretty well, right?

26:16 Like it depends on what you want to do with your machine. Of course, you might want to have more or less, control of it. I'm not suggesting that every system should be immutable, but it's very good solution for, certain scenarios. and then in terms of the different, Solutions, how to approach this? Good question. I don't know how different all of these systems are, to be honest. I focused mostly on the Kairos part and what I can tell you is that, We have based pretty much everything that Kairos is. the way Kairos is solving it is based pretty much on the vision from Systemd.

26:54 there's a blog post out there, I don't remember the title right now, but we're, Leonard, Pottering, describes how. the ideal, booting of a system should happen. and he's basically describing this, unified system images, approach and, Kairos, I would say basically just took that as a recipe and started tackling, and that's how we ended up with the system we have today. Dimitris Karakasilis: But, there is collaboration, right? So, there is a special interest group? we've been talking with the other projects, the open source ones at least. so we're exchanging information. It's not that you have to be different.

27:33 I mean, we don't necessarily need to have a different project, right? The moment they all start looking the same, we could as well just. Mix them, but they, they, they learn so much because every project is taking different decisions and, uh, architectural choices because of reasons. Like what kind of, use cases they target, that I think, I mean, you, you actually need to drive them out to understand more on how different they are. on paper, if you just list down the features, they look very similar. But, user experience when you use them is very different.

28:05 I think. Laura Santamaria: That's fair. Yeah. I guess I'm just curious because there are so many now choices and like almost getting back to David's, question about why would you do this to yourself? it's just interesting that so many people went down this path around the same time and started playing with it and started. I kind of wonder if it's a little bit also driven by the ecosystem of, hey, we've got these VMs. We've now done this whole thing with Kubernetes where we've moved on like you were mentioning earlier that kind of looking at the difference of here was

28:35 the first era of pets to cattle and it was like all the Kubernetes clusters. Now we're looking at VMs and going, what can we do with them? but also we're looking at bare metal, Mauro Morales: Yep. Laura Santamaria: it's almost like we're kind of at that inflection point. we've done this layer, now it's time to play with this layer, and suddenly everybody's coming outta the woodwork. It's just, it seems like that, and I'm curious if my impression is shared or if that's off base, Mauro Morales: No, I think you're absolutely right. I think we're starting also to see a lot more of these hybrid, clouds, right?

29:06 And, to some degree you might want to have the same experience on both. And how can you guarantee that, it's not so easy if you don't have control from the operating system, level and up, right? So I think there, there's some of that for sure. Laura Santamaria: We also have data sovereignty too, so there's a lot of different groups interested in David Flanagan: American companies. Laura Santamaria: your David Flanagan: talked to the Europeans just, I'd probably not out. Laura Santamaria: I mean public clouds in general. I think though it's not just American companies, but I mean, understandably

29:37 so, being the only, US based person on this call, I completely understand David Flanagan: Yeah. Laura Santamaria: saying. at the same time, I'm also just thinking that as you start to move down that stack, you know. I've got history back at Rackspace, so I understand that whole idea of hosting from the bare metal all the way up, suddenly everybody's having to explore that again, but they want the fun tooling that they have somewhere else. And so now they're exploring how can we build it? So, I don't know, maybe it's just me, maybe. Maybe I'm the only one who's kind of watching these trends and kind

30:09 of going back all the way back to when we all were hosting our David Flanagan: Yeah, Laura Santamaria: on bare David Flanagan: I don't think this is, Laura Santamaria: with it. Mauro Morales: Hmm. Laura Santamaria: it seems like we're trying to do the same thing David Flanagan: I don't think this is coincidence. I think you're right. I mean, there is a layered approach here and I think Mauro Morales: Yep. David Flanagan: To a certain degree like this Is, is not a coincidence that these things are happening right now, is that the cloud migration. Forced us all to take a different approach, right?

30:31 You know, pets go away, cattle comes in. Laura Santamaria: Mm-hmm. David Flanagan: then why are we doing upgrades in place, right? Why did we have Puppet and SaltStack and Ansible, and why did we do continuous reconciliation within a machine, which over time gets messy and noisy? And if you've been hacked, you're still hacked after the next upgrade and then the cloud VMs disappear. So then we said, okay, then Mauro Morales: Yep. David Flanagan: to become ephemeral. And then the next natural step is, okay, we have to actually just be immutable. Like let's just eradicate an entire class of security problems.

30:59 And not even just security, right? Misconfiguration people, ssh'ing in and you know, type in the bad words and stuff like that. Like all of these things disappear in our lives, get easier to get more sleep. And then it builds us for resilience and redundancy because if we have an immutable system, we can't use that as a temporary cache for temporary files and temporary credentials. And we, we force ourselves into better practices. And I feel now we're systematically getting down to like the operating system layer and then the next step towards some sort of unification of all of this.

31:29 And to an ideal delivery pipeline for not just applications, but kernels too. And I'm very excited for that future and I'm thrilled to see so many companies out there trying to solve this problem because I think it's gonna get all of this. And I'm trying not to say AI, right? But I'm going blame Mauro first. 'cause you mentioned Nvidia earlier, which is just like the alias for AI. Laura Santamaria: Is this the new Go or Rust in this conversation? David Flanagan: No. But with demands for, Laura Santamaria: suddenly now we'll just mention AI every single

31:58 David Flanagan: yeah, Laura Santamaria: a podcast. David Flanagan: demands for AI and compute and Dimitris Karakasilis: But, David Flanagan: these good practices have to come along. Dimitris Karakasilis: since you mentioned it, I can, I can throw, yeah, I can throw some more AI key words if you want, uh, the podcast. So it kind of reminds me of the AI because, I'm a backend developer, I would say. So, I, I didn't touch JavaScript no reason, but nowadays I like to, I like, no, not me really. But, I read lots of JavaScript. So AI, opened some doors for me.

32:26 And I think that kind of, was the case, for managing OSes. if you remember, I mean, I don't know how many years, like five years back, everybody was trying to find an easy way to deploy Kubernetes for example. Initially everybody was trying to convince people that Kubernetes is not hard to use. Then when we got past that point, everybody was trying to convince people that Kubernetes is not hard to even deploy, not just use. Right. So the moment people realize they can actually deploy their own Kubernetes, they had a new problem. Okay, what on earth?

32:58 Where do I deploy it on right? And I have a new problem. I have the OS problem. So every time a new door opens, you can do something new. You discover new problems you never had before. So maybe, maybe, I'm guessing it could be a reason of the hype with, OSes now and more projects, being created because people do have this problem now. Laura Santamaria: Hmm. Mauro Morales: Yep, that's a good point. I would also mention, that. I think all of this is probably driven by enterprise, but at the same time, when I see our community, the ones that are coming often, they are home labers.

33:26 The Role of Home Lab Enthusiasts

33:37 and we are now in a situation where it's a lot easier as a home laber to have a stack of machines, right? Like whether it is Raspberry PIs or used, mini computers or whatever. You can get your hands on, and you are doing your home lab stuff in your free time. You don't wanna waste five minutes, right? Like those five minutes are holy. and if you have a good way to administrate your fleet, I've seen people be very happy in their home labs using Kairos. Laura Santamaria: Yeah, that makes sense. I've been watching the, this is bootc related, but, the Bazzite community

34:12 take off with all of the various, People trying out Linux for the first time, but they're doing it for gaming purposes. They're trying it on their Mauro Morales: Right. Laura Santamaria: decks. They're doing this, that the other, I guess I'm seeing the same thing of it's the home lab is coming in and exploring it. It's the people who are exploring this for hobby purposes more often than not, and they're enjoying the sudden freedom of having it and also not really having to think as much about the security side of it because it is an immutable

34:39 system or it, is it the core of it. They can always have a safe rollback, is also what Core West did. Way back when, Mauro Morales: Right. Laura Santamaria: you know, I may or may not have run my own update server because I couldn't actually update, allow the updates coming in the way they were supposed to. but I mean, that was kind of the idea is here, no, you don't have to think about this part any longer. It's just gonna roll in. now we're seeing it again in various functions in various ways. It's interesting. That's an interesting idea.

35:10 Mauro Morales: Yeah, I think it's cool. I wouldn't recommend it for your, I don't know. I try, I've tried it on the desktop and I keep removing it and just bring it back, a traditional Linux, but on the servers is really nice. Laura Santamaria: Kind of depends on your personality, I guess, how much you wanna be able to play with your Linux distribution. David Flanagan: All right. Well, I've got some Mauro Morales: Yeah. David Flanagan: Laura, but we are over 40 minutes again, so, the streak continues, but it has been a fantastic. conversation. I think we should just finish with one or two simple questions and then

35:42 we'll let you get back to your day. let's assume people listen to this. there's a lot of buzz, a lot of interest in immutability and Linux open source, right? People want to contribute. how can they get involved in the Kairos project? Where do you hang out? what's coming next for Kairos, let's shed a bit more light and get people excited and hopefully involved as well. Laura Santamaria: Mm-hmm. Dimitris Karakasilis: I mean we're on at two chats. One is the, Cloud Native Slack the whole team is there. we also keep popping up in, in, in Matrix, so at least me, I'm in

35:44 Getting Involved with Kairos

36:19 Matrix we do our, planning meetings in public as well on Mondays. Uh, we used to do that in European afternoon. Then we didn't have so many people joining from, US time zones, so we switch back to a friendlier time. But, it is open and public so anybody can, jump in the call. and we try to accommodate for them so we don't, discuss all the, details of every ticket. We just give, some time to people to, express their needs and all so they can jump out to each other friendly, meeting. and yeah, we're trying to in as many places as possible, so communication

36:52 I don't think is a problem. Maybe contribution is a bit because it's such a deep stack. So the Kairos project is dealing from down to the Kernel, up to, I don't know, maybe even, web interfaces for the factory Depending on what you're feeling comfortable with, could as well be just documentation fixing, which is a very useful thing. It's massive, the documentation that obviously there's a lot of things, that are outta date. So we have people fixing it all the time. That's how documentation, keeps getting updated. So, yeah, there is something for everybody that, that's what I wanna say.

37:27 And we welcome everybody to fix the things themselves. We try to review PRS as fast as possible, Mauro Morales: Yep. Laura Santamaria: Yeah. Mauro Morales: And just to throw some links there, kairos.io, that's the website where you will find the links to, GitHub repositories and to the channels that, Dimitri was mentioning. Laura Santamaria: Yeah, just to spell that for folks, Mauro Morales: Yes. Laura Santamaria: I know me and things it, that's a K-A-I-R-O-S, and yes, there's an AI and OS in it as well. Dimitris Karakasilis: Good. Mauro Morales: Good one. I see what you did there.

38:08 The Meaning Behind the Name Kairos

38:08 David Flanagan: where does the name come from? what does the name mean? Mauro Morales: Yeah, that's a tricky one. David Flanagan: Alright. Mauro Morales: I think, we needed it to be. Greek because, you know, to be with the theme of, Kubernetes. but we didn't ask our Greek colleague to come up with it. yeah, exactly. Exactly. everyone thought it meant more like kind of time, but then Dimitris, maybe you can explain what it actually means time. Dimitris Karakasilis: Uh, when you say Kairos that's the Greek word. A Greek person, usually they think of the weather. It's the same word.

38:47 It means both time. so we kind of fixed it because I said, okay, Kairos is fine. There's a weather because, when you're sailing, you know, Kubernetes is sailing. The thing you wanna be with you is the weather. You good weather. So we fixed it like that. So it means weather. Laura Santamaria: That works. I like this. This is fine. to also weather all of the downtime that you would've had before and now you don't have as much. How about that? Mauro Morales: Indeed. David Flanagan: Perfect. Mauro Morales: a good one. Laura Santamaria: I don't know.

39:12 Dimitris Karakasilis: Fixing it even more. Thank you. Laura Santamaria: There you go. David Flanagan: Alright, well thank you both for your time, for joining us today for sharing all of your flavor, history, and context about the project. I hope people, you know, are very excited by it. I hope they get involved. Jump into the Slack channel, jump into GitHub. Have lots of fun. Laura Santamaria: Thanks for joining us. David Flanagan: If you want to keep up with us, consider us subscribing to the podcast on your favorite podcasting app, or even go to cloud native compass.

39:15 Final Thoughts and Farewell

39:38 Fm. Laura Santamaria: And if you want us to talk with someone specific or cover a specific topic, reach out to us on any social media platform David Flanagan: and tell next time when exploring the cloud native landscape on three Laura Santamaria: on three. David Flanagan: 1, 2, 3. Don't forget your compass. Don't forget Laura Santamaria: your compass.