KubeCon 2023: Kubernetes Network Visibility

Speaker 1: This is Techstrong TV.

Mitch Ashley: Hi everybody. Welcome back to KubeCon 2023 here in Chicago. A lot of great announcements happening at the show, and I have the privilege of being joined by Avi Freedman. Avi is with Kentik. Welcome.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

Avi Freedman: Thank you very much. It’s great to be here again.

Mitch Ashley: Good to have you here. And some exciting … well, first of all, what do you do at Kentik? Tell us a little bit about your role.

Avi Freedman: I’m one of the co-founders and I run the company. So I am a nerd, but also nerd about business as well as technology now.

Mitch Ashley: Fantastic. I want to make sure we got that in. Yeah, so tell us a little bit about what kind of things you’re talking about, the show, maybe some announcements.

Avi Freedman: Sure. So Kentik is a network observability company. We have an observability based platform, but we’ve been replacing the appliances and Windows software that the IT industry and network industry has been using. And we’ve always taken a pretty broad approach of what is infrastructure, and that’s included cloud native.

So we’ve had some Kubernetes visibility, but here we’re launching Kentik Kube, which is even more visibility into the entire kubernetes state, east state, integrated with the visibility about how all the clusters connect to each other between clouds across the internet, through the hybrid infrastructure. So we’re pretty excited about that.

Mitch Ashley: The great mysteries of kubernetes.

Avi Freedman: [inaudible 00:01:20].

Mitch Ashley: The Raiders of the Last Ark of kubernetes here are digging into that.

Avi Freedman: Exactly. Well, there’s a myth that all this stuff talks to each other cloud native by extrasensory perception, but ultimately the network somewhere is connecting all this stuff together.

Mitch Ashley: What is it? The things we don’t understand is magic, right?

Avi Freedman: Exactly.

Mitch Ashley: Something about that.

Avi Freedman: Sufficiently advanced technology is indistinguishable from magic.

Mitch Ashley: Yes. That’s the quote I was thinking of that I couldn’t remember.

Avi Freedman: Yeah.

Mitch Ashley: So tell us, I mean, you’re originally coming from a network perspective on observability. As you embrace Kubernetes, is that still looking at it for a network or operations audience? Some people approach it as a developer kind of view into what’s happening or are there multiple personas that you take?

Avi Freedman: We’re generally going to be the place where the infrastructure network teams, whether it’s architecture, operations, infrastructure are going to be living. But often the security team developers, the cluster operations, they’ll come into Kentik to look at something that’s … again, especially if they need to look outside of the Kubernetes infrastructure and figure out where there’s an issue between, but understanding pods and namespaces and processes and all that. We’re bringing that all together, but tying it to the rest of the infrastructure.

So we are more infrastructure or network persona based, but we have users in many other groups inside the company. And we also have partnerships with New Relic, Sumo Logic, other observability companies where we’ll feed them data with our view. But like many people here, we have an eBPF agent taking an eBPF approach as a great way to get that kind of enriched telemetry from the Kubernetes infrastructure.

Mitch Ashley: eBPF being able to be processes inside the Linux kernel?

Avi Freedman: Right, eBPF being able to look at the traffic, where the kernel’s aware of it and bring in a lot of enrichment so that you can see not just something happened from this port to that, but what process, what application and what Kubernetes context in terms of pod to namespace and all that. It’s actually running it.

Mitch Ashley: Interesting. How is the infrastructure maybe kind of platform and network groups, how are they taking on Kubernetes? This is a lot to learn. I mean it’s complex to anybody, whether you’re an infrastructure, software infrastructure or app or cloud kind of person. Are there things you can do to help people kind of gain an understanding of how Kubernetes functions, what the purpose of a cluster and a pod and all this stuff, all those agents and things that are part of the architecture?

Avi Freedman: Yeah. Well, there’s a couple things we help them with. One is the state of the Kubernetes infrastructure. The other is what’s running on top of it and how it’s performing or not. Because running inside Kubernetes as opposed to on routers and switches, you can actually see performance. You can see application traffic. You can see again that Kubernetes context.

So we’re primarily trying to understand how are the applications inside Kubernetes running? But a byproduct of what we’re doing is that sometimes the network people that are trying to understand is the Kubernetes cluster itself having a problem. Kentik is helping with that.

And the first version of what we did only looked at traffic that was active at a given time. But because kubernetes is so dynamic, we needed a more complete vision. So what we’re launching with Kentik Kube is looking at the entire estate, the entire state, whether there’s actually traffic there or not, which helps, especially when there’s problems with load balancing, problems with orchestration, which are some of that kubernetes complexity that you mentioned.

Now our persona of the people that are primarily using Kentik are probably not the people that own that, but they do need to figure out meantime to innocence. Is this something that that team should be looking at? And so that’s where we’re helping them. And then if that team needs to see why does my network team, why does my cloud team think there’s a problem, then they’ll come into Kentik or we’ll be pushing data to look at that.

So primary user are the infrastructure focused, but going up the stack as people do the debugging, which is typically … we’re not trying to be the last line debugging monitoring platform for the Kubernetes infrastructure itself, but we do need visibility into the entire state of it.

Mitch Ashley: Yeah, it’s interesting because obviously getting a good visibility into the application, what are the environment that that’s operating on? How is it performing? You mentioned security. Why does security come into this?

Avi Freedman: Well, network has always been a key source of food for security people. Where Kentik started on the internet and cloud side, denial of service attacks have always been a very big thing. And coming at it from an observability perspective instead of an appliance perspective, we’ve always, since 2014 when we launched, stored everything. So we don’t do roll-ups. You can always ask any questions.

So we are a forensic platform. We’re just very focused on the operational use cases. But just as sometimes we have cluster operations team come in and use us, security teams when they find out that Kentik has all this data come and say, let’s use that. And we don’t charge per user. So we try to go adjacent and get those security teams using it.

But again, we’re not the complete platform for the SOC. But if they’re looking for that forensics capability to say what happened last week, last month, integrate threat feeds and understand maybe there’s traffic from a process to the outside world that there shouldn’t be. Kentik has the visibility on that and very forensically.

So it’s in that adjacent world where they’re trying to do things, they don’t really have a good platform for it. And Kentik can be that. Typically, again, it’s a partner organization inside that company that’s buying it, but then we’re enabling that security team to get that kind of functionality. So there we’re partnering with CrowdStrike, SentinelOne type companies to be part of that security ecosystem rather than trying to be that … we’re only a couple hundred people, so there’s a limit to how much we can do.

Mitch Ashley: There’s several big oceans to boil, right? You don’t want to take too much.

Avi Freedman: Different terminology. I mean, it’s all the same stuff underneath. Networking is just tunnels and routing tables and-

Mitch Ashley: Protocols.

Avi Freedman: But it’s got different names and bugs in every cloud and every on-prem. So there’s a limited world that any one company can play in until they get to a certain size.

Mitch Ashley: That’s one of the things that in my work, it’s trying to find common denominators is like in the security world we all know about … we talk about ports and protocols and the world … and APIs and things to protect that. And it’s very much what we think about in cloud native microservices.

Avi Freedman: And I think that the Kubernetes world has to bring to the security and the traditional operation worlds is going from ports and protocols to ports and protocols and processes, right? Because typically even in a world where you had a DPI solution and a security team, you didn’t really know what was happening inside the computer. And eBPF gives you a tremendous ability to get that instrumentation. Now it’s got some challenges because it only sees what terminates on the kernel.

So if you’ve programmed your kernel to ignore certain stuff, most eBPF solutions won’t actually see that traffic. We come at it from a little old person perspective, so we see all that, but even if you’re not running Kubernetes, we’ll see that there was traffic attempted dropped. So that makes it interesting to security teams also.

Mitch Ashley: Interesting. So Kentik Kube, is that available now? Are you kind of in preview or it’s fully built?

Avi Freedman: We previewed it all last year and it’s fully launched right now, for people to give it a shot.

Mitch Ashley: Very good. So is it hosted? I can download it, run in my data center. What’s the model?

Avi Freedman: Kentik is hosted where we run it as a cloud service. We do run private clusters for people that are of a certain size and won’t let their data out, but we’re not licensed software that someone installs and manages. We do have agents that are largely open source or at least source available that people can run to in the eBPF world, observe traffic or encrypt telemetry so that it’s not going unencrypted over the internet.

Mitch Ashley: Well, you also have the kind of privacy controls, regulatory environment in certain countries are all things you have to deal with.

Avi Freedman: Yeah, and we take traffic data from the largest enterprise and service providers in the world. So that’s something we had to deal with since when we started.

Mitch Ashley: Yeah, I would imagine you did pretty early on. And it’s evolving all the time too, hard to keep up with it. What was the kind of greatest thing that you learned from the time you started your beta preview to launch? What did you learn from your customers, user people working with it?

Avi Freedman: It was sort of non-obvious given our background, but the biggest thing that we had everyone saying was, I want to see the entirety of my Kubernetes estate even for things that are inactive right now. And the way that we first built Kentik Kube with eBPF was we were really taking an eBPF only view, but we needed to build metric scraping and understanding to go reach out and a API scrape to understand the entirety of the Kubernetes infrastructure even if there was no eBPF visibility for some of the debugging and meantime to innocence, things to make sense.

So that was what we built over the last six months, and that is part of what we launched. Coming at it from a traffic perspective, we figured, well, if there’s no traffic, it’s not a problem. But on both the operations and security sides, we saw people asking to see more. We figured that was more something they would get from Datadog or New Relic or one of the other companies that they might use as a larger observability application focused. But apparently there’s some gaps there too, and we’re happy to fill those.

Mitch Ashley: Is that because of the ephemeral nature of what’s here now is not what was there then, and I need that full context?

Avi Freedman: Exactly. To see something historically and be able to aggregate it, they really needed to see even the things that are ephemeral. But also most of our customers have some portions of Kubernetes where they’re not able to run eBPF traffic observation with us or competitors of larger observability players. And sometimes you see traffic going there, but to be able … so in Kentik we have a very broad ability to enrich traffic. So by taking data from the Kubernetes metadata, even if there’s no eBPF agent installed, even if you’re just looking at Netflow from a router on the other side, we can still know what pod and namespace it went to by updating on a second timeframe, all that ephemeral orchestration and taking all the rest of the network data and applying it.

Mitch Ashley: Interesting. That’s a sizable challenge. You don’t need me to tell you that.

Avi Freedman: But we started trying to understand the entire internet, all the users and DNS traffic across the entire internet. So this is large scale, but only the same kind of scale that we’ve been running at since we started.

Mitch Ashley: There are bigger problems. Right.

Avi Freedman: Yeah.

Mitch Ashley: I’m curious, one of the things we always have to deal with is variations, variants, different distributions of Kubernetes, service provider versions. What are the ones that you … I mean, do you work with pretty much everybody’s Kubernetes or you had to selectively be able to figure out which ones you’re going to be able to work with?

Avi Freedman: I mean, so far looking at the common APIs has been sufficient. We have a static binary, we haven’t any issues running it. We’ve probably run on six different Kubernetes, we can call them distributions as DaemonSets without an issue on the eBPF side. And then the API side has been pretty common. So I would say the clouds are much more of a pain in the ass to both build for because they’re all different and then they change pretty frequently and rapidly.

Mitch Ashley: I can imagine-

Avi Freedman: We’ve done the same thing already for VPC Flow Logs and OCI, Amazon, Google, Azure, trying to make sense of not just it as syslogged like you’d see in CloudWatch, but looking at the APIs building topology, it’s actually been much harder in the cloud than for Kubernetes.

Mitch Ashley: Why is that? You’re talking about VPCs, I mean, we think of VPNs being pretty standard from a protocol standpoint, but what is it that’s challenging about that?

Avi Freedman: Well, as I said, underneath the cloud providers like to pretend it’s not networking, but it is. It’s routing tables and filters, ACLs.

Mitch Ashley: At some level, yeah, it’s got to eventually, right?

Avi Freedman: But they all have their own weird names and primitives. In this cloud you can have one VM being multiple VPCs, one interface being multiple VPCs and that one you can’t. And then to figure out some of them in [inaudible 00:13:44], Google’s very good at both giving you performance data, but also they’ll put a lot of that metadata in the Flow Log. But Amazon and Azure, you need to go reach into their APIs and figure out what it is and join it.

Mitch Ashley: Oh, okay.

Avi Freedman: So they’re all different in terms of what they support. They use different nomenclature for the same things. They have different primitives. And so as a vendor we have to unify all that and in different ways, companies like Aviatrix or Alkira are trying to solve that problem from a networking substrate. From an observability perspective, we still need to form one model and unify it and it’s just been harder because there’s more work to do and more variance than the Kubernetes ecosystem.

Mitch Ashley: You mean they’re all standardizing on a set of MIBs and we’ll be able to-

Avi Freedman: No.

Mitch Ashley: Re-date, add a device.

Avi Freedman: You’ll talk to me at maybe by reinvent time, we’re doing some stuff to unify streaming telemetry, which is the hipster version of SNMP with SNMP. But I shouldn’t preview that release too much.

Mitch Ashley: I think you kind of did a little bit, but okay.

Avi Freedman: Well that’s okay. It’s out there.

Mitch Ashley: Okay, good. So if folks want to check out Kentik, sorry, kinetic, Kentik Kube, what can they do? How can they kick some tires?

Avi Freedman: We’re a dynamic company and kinetic in our own way.

Mitch Ashley: Kinetic. Yeah.

Avi Freedman: Well, we’re here-

Mitch Ashley: It’s nice and it’s a nice slip.

Avi Freedman: Yeah, we’re here at KubeCon, so we’ve got a booth. We’re here the whole time. You can go to kentik.com. K-E-N-T-I-K. I’m happy to hear from you. I’m avi@kentik.com or Avi Freedman on LinkedIn, Twitter, X, whatever.

Mitch Ashley: Well, it’s nice and I would imagine you’re kind of a solution. Usually you can point data to a cloud offering like that very easily and start to see what you could do with it.

Avi Freedman: Yeah, people can sign up, self-serve if you don’t want to deal with us, you can sign up sending us telemetry, start using it. We have a built-in self-driving demo so people can see it, what it looks like in the cloud offering even before they send traffic to it.

Mitch Ashley: Before it’s fully populated.

Avi Freedman: Yeah, exactly.

Mitch Ashley: Get to that point.

Avi Freedman: It’s synthesized traffic. It’s not a customer’s actual traffic, but yeah.

Mitch Ashley: It’s interesting. Yeah, I actually talked with a company for developer that they actually monitored their own development environment with their product.

Avi Freedman: Yeah, we do but we can’t share that.

Mitch Ashley: Yeah, there’s some of that. That might be a little bit of a security concern-

Avi Freedman: Because that would your customer IP addresses and stuff that are-

Mitch Ashley: That’s true. Yeah. A little bit of data leakage, different problem we want to solve.

Avi Freedman: Yeah. Since the core of what we do has always been traffic data and then we’ve branched out from there, our customers are very sensitive that it’s not our data. It’s their data.

Mitch Ashley: Very good point. I understand that. Well, good. Well, congratulations.

Avi Freedman: Thank you very much

Mitch Ashley: On the launch, and you were describing what you learned and what you had to go back and add to give that fuller picture. That’s not a small effort in the middle of a okay, we would like to go GA.

Avi Freedman: Absolutely.

Mitch Ashley: It’s just a little bit of tuning and bug fixes.

Avi Freedman: We have four other products too, so you know.

Mitch Ashley: Yes. Oh, by the way.

Avi Freedman: We have a great team and when customers are driving it, it’s very easy. If you have multiple customers saying, okay, but I need this and then it will be bigger, or I need this to buy it, then it’s much better than when you’re building on a thesis and we’re at the scale where we have that.

Mitch Ashley: Customer always wins. I mean, those arguments are usually better solved.

Avi Freedman: We do everything they want, but we try to be driven by what they want. Yeah.

Mitch Ashley: Well, thanks for talking with us.

Avi Freedman: Thank you very much. Thank you for having me.

Mitch Ashley: Spreading the great news about your progress, and we look forward to more great things from you.

Avi Freedman: Thank and as I said-

Mitch Ashley: And the streaming kind of announcement we sort of talked about. Not announcement-

Avi Freedman: The streaming telemetry, the metric side we’ll talk about more in a few months.

Mitch Ashley: Okay. As we’re going to talk about it at Reinvent or?

Avi Freedman: We might at Reinvent or maybe slightly after.

Mitch Ashley: Okay. All right. Well, we’ll be there.

Avi Freedman: Okay. Cool.

Mitch Ashley: All right. Avi, congrats.

Avi Freedman: Thank you very much.

Mitch Ashley: Good to chat. All right. Be sure and check out and Kentik and Kentik Kube, and the other products, services that are available. And it’s always fun talking with people who are creating kind of great new things and the amount of effort and care and passion it takes to do that. It’s always a lot easier when their customer’s right there asking you for it. So it’s good to hear that’s happened with Kentik. We’ll be back right back with our next interview. So stay tuned from here at KubeCon 2023 in Chicago.