#188 September 9, 2022

Security, Access and War, with Kateryna Ivashchenko

Hosts: Craig Box

Kateryna Ivashchenko is a Senior Demand Generation Manager at Teleport, an organizer of community events, and a supporter of the developer community in her home country of Ukraine.

Do you have something cool to share? Some questions? Let us know:

News of the week

CRAIG BOX: Hi, and welcome to the Kubernetes Podcast from Google. I'm your host, Craig Box.


CRAIG BOX: I've been on the road again. This week, I find myself in sunny Silicon Valley checking in with the Google team. And you know what? It's been weird. Not the people, of course. They're lovely. I had a great chat with Brian Grant. Caught up with Clayton Coleman and Dawn Chen at random while queuing for lunch. But, weird as in this was only the second time I'd spent a day in an office since 2019.

My manager works in Australia. The first day I spent in an office since 2019 was in London earlier this year to see him in person. Why did we have to be halfway around the world to meet each other? Synchronicity. It just happened that way. It used to happen a lot in developer relations actually.

Anyway, he and I had a meeting this week with us both in Google meeting rooms, me in California, him in Brazil. That was strange, too. For a moment, it was like the old days. Not too much of a moment, as everyone here is moved to a new building, which wasn't even open last time I was here. It's all hot disking now. People are only in the office a couple of days a week anyway. It makes it sound exotic, but boy, do you spend a lot of time commuting. I don't miss any of that.

It is nice to meet people you've only ever seen on video conference. That way, you can figure out how tall they are. New week, New Zealand. Until then, let's get to the news.


CRAIG BOX: The Istio project has introduced ambient mesh, a new data plane mode for running service mesh without sidecars. Ambient splits the mesh into two layers, with zero trust security implemented by an agent that runs on each node and Layer 7 functionality implemented by an Envoy proxy per service account, which runs in the Kubernetes cluster. You will no longer need to run a sidecar with your apps, which means a raft of benefits in terms of operations, not to mention a much reduced cost. The work is available in an experimental repository, and the authors from Google and Solo.io are now encouraging the community to get involved and to give feedback. Istio also recently released version 1.15 with added support for arm64.

Linkerd 2.12 was also recently released, with route based policies as the headline feature and the gateway API as the headline method of implementation. Linkerd's sponsor Buoyant has spelled out their support for the gateway API and their plan for building features using a local fork. Users will then do a search and replace migration to the final upstream API version when it is ready.

If you were looking at these simple and cheap end of the hosting spectrum, please welcome Symbiosis to the Kubernetes club, a provider offering a free control plane and nodes from as little as $6 per month. Terraform support and an SDK written in Go are available, and your tiny bill also includes free support and root cause analysis. Please try not to break anything too complicated, as the service is currently run by Stephen and Buster. They are currently operating out of Falkenstein in Germany with a US region next on the roadmap.

If you've gone off Go and long for the convention over configuration days, please meet Cuber, a new automation tool that can build and deploy your apps on Kubernetes. Cuber, with a C, is written in Ruby and promises a Heroku-like experience we'll never see in the YAML. It was built to automate and scale the push pad notification service, and it was created in Italy by Marco Colli.

VMware's annual conference — previously VMworld, and now VMware Explore — concluded last week. There were a raft of Tanzu announcements, including that Tanzu Application Platform will now be available on top of Red Hat OpenShift. New versions of Tanzu Kubernetes Grid and Tanzu Mission Control retain their names, while VMware Aria Operations for Applications is what used to be called Tanzu Observability and may have been called Wavefront before that.

I appreciate I am not the target market, but I would like to extend a sincere invitation to the Tanzu team to come on the show and explain the family tree to me.

There must be something to the service mesh thing, as Isovalent, founders of Cilium and claimers of the throne of maintaining eBPF have announced a $40 million series B finance round. They will use the money to grow their team and deepen their partnerships with vendors who use Cilium as their network layer.

Following up from the recent release of Kubernetes 1.25, and as promised in an interview with Cici Huang, deep dive posts have been published on the graduation of Pod Security Admission and the deprecation of Pod Security Policy, as well as CSI inline volumes and cgroups v2. All can be found on the Kubernetes blog.

Blog Post/Rant of the Week Award goes to Kurt Schelfthout, who makes the case that Kubernetes' bias towards services makes it harder than it should be to use it for batch jobs. He would like to see the platform state that it's not for batch jobs, so something else could take over the mantle. If you're listening, Kurt, check out our chat with Argo Workflows creator Jesse Suen in Episode 172.

Finally, congratulations to the GKE team, who last week marked seven years of general availability. Insert your own Borg joke here.

And that's the news.


CRAIG BOX: Kateryna Ivashchenko is a Senior Demand Generation Manager at Teleport, an organizer of Kubernetes community events, and a supporter of the developer community in her native Ukraine. Welcome to the show, Kateryna.

KATERYNA IVASHCHENKO: Thank you, Craig. Pleasure to be here.

CRAIG BOX: As I mentioned there, you are from Ukraine. You moved to the US when you were 16. Tell us about the circumstances behind that.

KATERYNA IVASHCHENKO: It's definitely not something I was preparing for my whole life. I was 16. Teenage years, having fun with friends in high school, and enjoying life, and then our parents are like, we're moving to the United States. Our whole family is moving.

And to me, that sounded like an exciting adventure, so I said fantastic, looking forward to it. It's going to be fun. Great opportunity. The American dream, you watch movies, lots of exciting stuff. My sister wasn't as excited about it. She had a boyfriend, she was four years older. She took it a bit harder, but ultimately it was something that we reminisce on as a decision every year as a family, and it was a great call to make.

But we moved to the Bay Area in July of 2011. It's been a roller coaster since. Went to high school here in the Bay Area. It was a bit harder to adjust, so the first year was kind of tough. I learned English in Ukraine. I went to private school there, so I was studying English starting in first grade. I was going to different competitions for English knowledge, so I was fairly comfortable with it.

But it was the British English that I learned from textbooks. So when I moved here, I knew enough to get by, but I wasn't comfortable enough showcasing my knowledge to native speakers here in the US. So it's definitely a tough adjustment for the first year. But after that, it was great.

CRAIG BOX: I will remind you that the Queen's English is the correct English, and you should never apologize for having learned it that way.


CRAIG BOX: What are some of the major things people say differently? Is it like saying, can I have that to take away versus asking for it to go?

KATERYNA IVASHCHENKO: I think the hardest part for me was trying really hard to grammatically structure all of the sentences in my brain before saying them out loud, and I realized that people don't really care about that as much here. And as long as they can understand what you're trying to say, sometimes the order of words doesn't matter as much. It definitely served a great purpose in my career, knowing some of those grammar rules and characteristics, but the less I cared about phrasing the sentences in my brain, the easier it was.

CRAIG BOX: After high school, you went to study international business and economics. Was that here in the Bay Area as well?

KATERYNA IVASHCHENKO: That was actually in San Diego. So I went to UC San Diego. I knew I wanted to stay in California, but I also knew I wanted to get as far away from the immediate circle of friends and family that I had and put myself out of my comfort zone, so I picked the college that was furthest away from home that I got into, and moved out and learned a lot. It definitely put me out of my comfort zone.

I started as an economics major. And then at that time, when I got into school, they didn't have a business major. So halfway through my college career, they introduced a business major, at which point I switched majors and, because it was international major and had a language requirement, my high school years and whole life in Ukraine and knowing of those languages took out some of the language requirements for me, which made it easier to graduate on time.

Yeah, I think I definitely enjoyed getting the degree and feel like international business fit right in my career path.

CRAIG BOX: Since then, you've worked in the Cloud Native and the tech industry. Was tech something that was interesting or relevant to you through your teenage years and schooling?

KATERYNA IVASHCHENKO: It was definitely something that I've been curious about, but not nearly as much compared to how I started looking into it as soon as I got into tech. So I was constantly surrounded by it on my phone, taking classes in college, dating boyfriends who were software engineers, being kind of surrounded in that mindset and space. But when I was graduating and thinking about where I'd want to work full time, moving back to the Bay Area to be closer to my family seemed like a natural choice.

Also, you get paid a lot more in the Bay Area than you do in San Diego, and there are more job opportunities. So a big part of it in the beginning was actually the career growth and earning potential of the career. I would not be able to have the career advancement as I had if I wasn't naturally curious about the technology that surrounds me.

CRAIG BOX: You started working at Portworx, with an X, out of college.


CRAIG BOX: What was it like to jump straight into the world of Cloud Native? How did you make sense of it?

KATERYNA IVASHCHENKO: It was a lot. I mean, even interviewing, it was flying in for interviews and reading on a website, trying to figure out the messaging and the challenges that folks were trying to solve. At the high level, it makes sense, but as you start getting into the use cases and the actual technology and the abstraction layers, it gets more nuanced.

So I didn't know how to pronounce Kubernetes when I joined.

CRAIG BOX: How did you pronounce it then?

KATERYNA IVASHCHENKO: I tried to avoid saying it altogether because I wasn't sure how to pronounce it, going back to me trying to minimize communication in English when I first moved from Ukraine.

CRAIG BOX: As a native Ukrainian speaker, if you were just to see that word on the page, how would you have pronounced it?

KATERYNA IVASHCHENKO: It's hard to pronounce it differently now that I know how to pronounce it, I guess. But I tried to avoid saying it altogether until somebody who I was having the conversation with would say it first, and then I would know how to say it,

CRAIG BOX: I try and avoid pronouncing the name of the tool that you use to deploy things on Kubernetes. Everyone has opinions on that.

KATERYNA IVASHCHENKO: [CHUCKLES] Yeah, it was a lot. When I joined, Kubernetes wasn't quite an industry standard just yet. It was a lot, and learning it was a lot, but I'd go into it head first and got involved in the community, speaking at meetups, meeting people, asking questions. I think asking questions was a big part of learning about the space and being open about what you don't know and being humble and just continuously being curious.

What I've learned about this community is if you're genuine and you don't know, nobody's going to gatekeep you from that information. And the community has been very welcoming and being patient in educating folks, and there are still some challenges that we don't know full answers to. And as the community evolves, it's very open in terms of teaching folks about all of the new concepts and being very understanding in that way.

CRAIG BOX: Portworx was then acquired by Pure Storage, and you were working for them together for three and a half years. What did you learn about the challenges of Cloud Native during that time?

KATERYNA IVASHCHENKO: A lot of the challenges both stayed the same and changed throughout this time. I obviously looked at it more from the Kubernetes storage and backup perspective, being that that's what the companies did, and I learned a lot about that.

But I think the biggest challenge then, and still remains now, is scale. Kubernetes is an orchestrator and enables that scale, but once you get to specific elements, and — whether it's storage or access or security — there's still a lot of complexity around that. And part of the complexity is because everybody's using different tools and they have different databases, so orchestrating all of those elements to get to your business goals was a challenge.

Portworx in Pure Storage that we're trying to solve is a challenge that we're trying to solve at Teleport. It is a challenge that a lot of other community members and folks in this space are trying to solve too.

CRAIG BOX: As you say, you're now at Teleport. You joined in April. How did the transition between roles come about?

KATERYNA IVASHCHENKO: It would have been easier if not for the events in February and the beginning of war, which is precisely when I was going through my interview process, and everyone's been extremely understanding about that. But the transition itself from different segments of Cloud Native has been rather seamless.

It's still different in some ways, and security and access are newer challenges for me, personally, to learn more about. Security has always been one of the top three challenges in any CSCF adoption report that you look at in the past couple of years. So I learned a lot in storage, now I'm on to Explore and more about access and security. So it's been a great experience so far.

CRAIG BOX: Tell us more about what Teleport does.

KATERYNA IVASHCHENKO: If you go into the website, the first thing you'd see would be Teleport is the easiest, most secure way to access infrastructure. That's helpful, but to add more context to that, Teleport makes it easy for engineers to access all of the things and resources they need to do their job. So whether it's their servers or databases, whichever ones they're using or however many different databases they're using, their Kubernetes clusters internal applications, like if they're using Grafana for monitoring their dashboards, any CI/CD tools.

So in a similar way to Okta, kind of providing access to all of your applications through a centralized way, you can use Teleport for all of your infrastructure, with some added security benefits and elements to that.

Currently, how you access your infrastructure is usually using some sort of combination of SSH keys, you may be using some admin credentials, VPNS, certificates, passwords, and that's not always the easiest and most secure way. It can sometimes be clunky if you're using spreadsheets or Google Sheets to manage your passwords, if you're trying to access different AWS availability zones, if you're, for example, in customer support team and you need to troubleshoot for a customer.

But ultimately, kind of long story short, Teleport replaces all of those elements with identity based and short lived certificates. At times, we've seen even certificates that expire in two minutes, and those are just more secure, easier to use, and provides security and compliance that you and your team need without getting in the way of developer productivity so they don't have to worry about managing passwords and things like that.

CRAIG BOX: Why is this such a hard problem to solve? Why is it that identity is disconnected and everyone seems to have a different way of handling it in such a way that tools like Teleport need to come along and bring them all back together?

KATERYNA IVASHCHENKO: There's a good parallel between what Google did with Kubernetes and what it did with access, and I'll explain how that relates to other solutions out there, but Google invented Borg because they had their massive scale of containers and they had to orchestrate their container environments, so they had to come up with a solution in-house for that.

They had a unique challenge and a problem that no one else was running into at that time because of their scale, so they had to create something new. And we all know that Borg later on became Kubernetes and got adopted by so many enterprises and became such an important part of the CNCF.

What Google also did, similar to how they invented Borg and Kubernetes, is also they invented technologies to provide identity-based access to infrastructure, and the concept was called BeyondCorp. And what Teleport is doing is kind of making it so that any company can access their infrastructure how Google does it.

And if you look up BeyondCorp, it'll pop up some things about zero trust and kind of starting that revolution perimeter security, concepts like that. But because Google was in a position of having those scale challenges earlier on, they were in position to introduce these concepts and challenges and solutions to these things early on.

So many companies are now having the problems with scale that Google did a decade ago, and we want to solve that. So that's why we're open source solutions and anyone can use it and solve these challenges in the way that Google did at the time.

CRAIG BOX: I happened to be sitting in the building where the people who built that are physically located today. But that said, they could be working from home. There's no reason that people need to be set in a particular building to make that happen.

I can tell you, obviously what I have, as a Googler, I have a little security key on my laptop, I have my access past and so on. With systems that have various different ways of controlling security, how do you tie these things together such that I only need to do one thing and then something else authenticates me?

KATERYNA IVASHCHENKO: How we're trying to address some of those challenges, and how we see others also going about it, is linking access to a physical identity. So it's no longer because you have x, y, and z domain email, you have access to all of the resources within that domain and that infrastructure. It's more about OK, great, you got into the system, now how do we authorize and authenticate you for the specific thing that you're trying to do?

So there are lots of folks out there who are using all of that combination of those items and credentials. But if you link it to physical identity and verify the specific individual is performing these actions, we're using things like Touch ID and Face ID more often now in our phones and our laptops to log into systems, and those are not credentials and secrets that are easily sold on the dark web or written on a post-it note that you can see in the back of somebody's Zoom call and things like that. So that just makes it harder to, how do I even put it?

CRAIG BOX: It's no longer good enough for me just to have Hunter2 as my password?

KATERYNA IVASHCHENKO: Well, now that you've mentioned it, definitely not. [CHUCKLES] The vision here is to move away from static credentials and move into a dynamic, short-lived certificate world in which you minimize the risk of human error, because that's how a lot of these cyber attacks are happening. It's a human error that gets exploited, and then it gets expanded into adjacent systems.

Lots of folks are still using passwords, and you may be using passwords in one part of your system infrastructure and not in the other, but the division is to move away from that and switch to linking it to a physical identity so that you minimize that human error and protect your infrastructure that way.

CRAIG BOX: Access control is one of the tenets of cybersecurity with defense, if you will. How do you relate what you do to cybersecurity, and especially to protecting the assets — the Kubernetes infrastructure, the Cloud resources, and so on — from attackers?

KATERYNA IVASHCHENKO: If we zoom out a little bit, majority of successful cyber attacks are tied in one way or another to exploiting a human error in whatever shape or form it exists. If it's a phishing attack, or password written on a post-it note, or —

CRAIG BOX: Someone announcing their password on a podcast.

KATERYNA IVASHCHENKO: [CHUCKLES] You should probably change that now. And later, using that to expand into adjacent systems. And a lot of the messaging that's out there in the security space is around fear, and how scary could be, and how much money you could lose, and reputation if there's a massive data breach. So it's definitely something that you see in headlines here and there, and it's scary.

And some people may say that the security space is a bit of a nutritional supplement market. There are a lot of half truths. You're like, OK, is Keto diet good for me? Do I really need high protein meals? So everybody has an opinion on what's good and what's bad and what works and what doesn't.

But we're seeing more and more that the '90s movie scene, or the "Mr Robot" TV show scene where somebody — a hacker, let's say, or hacker group — says we're in, and then proceeds to hack the rest of the infrastructure and do a heist and whatever they're trying to accomplish, is a bit of in the past now because of perimeter security.

Now, if people just log in with a credential that they either bought off of somebody on the dark web or that got leaked in some way, or somebody clicked a link in an email and leaked it to a hacker that way. Hackers don't quite brute force their way into systems anymore. They just log in. And that sounds scary, but everything revolves around private info that's not supposed to be public, yet it leaks somehow. But it's much harder to do that with your fingerprint or an eyeball scan, unless you're watching a movie where somebody gets their finger cut off and then somebody scans that.

That's why switching to physical identity and identity transfer concepts aims to address some of those challenges with cybersecurity and how we've been conditioned in some way by pop culture to think about it. But shifting more towards the Cloud Native space and how we're accessing infrastructure now. For example, you're trying to connect your Gmail to Okta, and there's a bunch of different protocols that you use to get that, whether it's Open IDC or something else. And ultimately Okta gives you a browser cookie and then Gmail asks your browser where it has the cookie from Okta or not.

It happens in the back end, but there's still a credential that's vulnerable happening there. And it's great from a usability perspective. It saves a lot of time. But if you lose your laptop, or you sell your cookie, or your employer's system is exposed, you're becoming vulnerable then too. And what we're seeing is just a lot more headlines about cyber attacks. And not to get scary and all, but that just goes to show that that's something that we should keep looking into and advancing our solutions, especially as we scale in trying to protect our data.

CRAIG BOX: There's the data in my email and my laptop, and then at the extreme end of the scale, there is what we hear about in the context of war, which is nation states and cyber attacks and so on. How does some of these concepts relate to the real world situation today?

KATERYNA IVASHCHENKO: Cyber warfare, I'd say, is becoming definitely more of a future way of — you know you hear information war and cyber warfare, and there are quite a few instances in the concept of what's happening in the world right now, and there is a lot happening in the world right now, so we're only going to talk about a small subset of it.

But there are attacks on the web servers trying to sabotage nationwide fundraising efforts or valuable information spreading that can be tracked. There are collectives like Anonymous that are breaking into the websites, leaking a lot of private information into these public databases or the dark web so it's accessible by everybody else. There are even websites right now where you can randomly send a text to a phone number that was leaked in a way of data breach like that. There was a Okta breach not too long ago, too, and some folks were affected, and it's just cyber espionage and exposing vulnerabilities and hacktivist groups.

There are so many fascinating articles and stories about it online, and there's actually a book that a friend recommended that I haven't read yet, but it's definitely at the top of my list now, that's called "Sandworm" that talks about just how advanced those nation state hackers are and how big of a role your infrastructure and your information plays in winning it or losing it, like exposing data on satellite images or geolocations. I'm not an expert on war, but it's becoming more prominent now than it has been at least in the past.

CRAIG BOX: It is unfortunate that people born in Ukraine are now having to become experts on war. You are not in the country, but I'm sure you have many family and friends who are. We're six months in now, how are you?

KATERYNA IVASHCHENKO: It's definitely better than it was. In the beginning, it was definitely tough, and I can definitely resonate with not being an expert on all things war but having to become one, or at least learn more about it.

The way that affected me is I've had to become expert of sorts on tactical medicine and learning what’s a cut tourniquet and what's a chest seal, how do you use those things, which drones are weapon grade and can be easily transported across the border and which are not, and different scopes and rifle mounts, and what type of layers of clothing you would need in hot weather or cold weather.

There's so much information out there that you don't really learn in school. And some of it I can ask my dad — he has military background — and I've been fortunate enough to have a lot of friends who are Marine Corps veterans that I've been getting advice from and asking them questions. Because, most of the time, I have no clue what I'm doing and googling doesn't always do the trick.

And that actually applies also to lots of community members. Everyone's been super helpful and going out of their way to offer that. There are lots of veterans in the Cloud Native community who have been reaching out nonstop since February, always asking, is there anything I can do to help? Please let me know. Folks have been buying t-shirts that my sister designed, and they've been fundraising and, to answer the question of how I am, better, but it's still tough. And it makes it tougher that people don't talk about it as much, even though I'm still surprised that it's still a prominent part of the news cycle and Twitter feeds and all of that.

CRAIG BOX: You have family still in Ukraine? Are they OK?

KATERYNA IVASHCHENKO: I do have family. I have three male cousins who weren't able to leave the country — not that I think that they would, but because of martial law, they wouldn't be able to personally take out their families across the border.

So I have three male cousins-- one of them is in the military, and two of them are running their businesses and supporting the economy and helping run the logistics, their wives and children. And then I have my grandma and aunt, who are also still in Ukraine and can't necessarily move or travel far because of age and health conditions, so it's definitely always in the back of our mind. We check in with them regularly.

Part of our family, we've been able to get here to the Bay Area to stay with us. My dad personally flew to Poland to pick up my grandma and fly back with my other aunt and one of my cousin's wife and baby. So we've been able to sort out logistics of crossing borders in the middle of the night and time differences.

So they are, I wouldn't say OK. They're OK-ish. What everybody wants to probably hear is everybody's safe and doing well, but the truth of it is that they're not because there are still active air raid alerts across the entire territory of the country, so you never know what's going to happen. But everybody's definitely trying to be hopeful and support each other. So we're doing the best we can.

CRAIG BOX: Tell me about the Cloud Native community in Ukraine before the war.

KATERYNA IVASHCHENKO: There are certainly a lot of individual developers who live in Ukraine and work remotely and contribute from there. I've been fortunate enough to work with quite a few companies who either had offices in lviv or Kiev, had their teams — whether it's a design team or customer support team — who were all located there. Certainly before war, a lot of them were actively involved and contributing to their company's goals. And chances are they still are, if not more actively doing so, but from different countries to which they've been able, hopefully, to relocate to.

It definitely limits the ability to do some open source code contributions because of time commitments. I have quite a few friends who live in Ukraine and they haven't been able to come to KubeCon and Valencia because of the martial law, so it definitely makes it harder for folks to be seen and to contribute on the same level and get that visibility.

Luckily, with the support of the rest of the international community, they still — I hope — feel supported. Again, I'd love to get their opinion on it too and start having those conversations as well. But ultimately, it's just important to acknowledge that their world has been turned upside down, and, I don't even know how to approach answering this. It's a tricky topic because it's important to acknowledge that everything has changed for them, but not in the way that they're not members of the community anymore. So it's just that fine line that I'm trying to thread here in the answer.

For example, if we take Ihor, the CNCF Developer Advocate, and he's been involved in the community for the longest time, he is now deployed, so clearly his ability to contribute, or be as involved or organize meetups, has been limited significantly, but he's protecting his country and his family. So it changed the value that we put on different parts of our life, I'd say. But again, I'm seeing this as somebody who lives in the United States and just has family and friends there.

CRAIG BOX: What do you think that your family in Ukraine would like our audience to know or to do?

KATERYNA IVASHCHENKO: What they've explicitly actually stated after seeing me show videos on Instagram, how much we've raised and what supplies we've bought and how they're being shipped, and even sending pictures of Ukrainian flags everywhere in the United States, or parades, anything that we see about that, what strikes the chord the most is the international community still talking about it. I'd say it was everybody's worry, and still is, that once it stops being sensational, folks will no longer talk about it.

But the one thing that they would probably be very grateful for is to continue the conversation, whether it's sharing posts on social media, emailing your representatives if that's your cup of tea, talking to your friends, supporting businesses. Ukraine's Independence Day was just not too long ago in late August, and Ukraine was celebrating 31 years of its independence. So listening to Ukrainian artists on Spotify so they get a royalty, or watching documentaries on Netflix, just keeping the conversation going.

The outpour of support within these last six months has been just so heartwarming and phenomenal that I don't think anybody expected that, at least not the folks — not my friends and family that I've spoke to. We've been able to raise a lot of money. I won't mention the amount here so that the government doesn't come after me. But we've been selling t-shirts, helping folks.

I've seen the Ukrainian flags at KubeCon booths. I've seen different vendors fundraise for these efforts at KubeCon as well. Seen corporate donations, KubeCon keynotes. I mean, setting up a legitimate non-profit and going to those lengths to just encourage more corporate donations and spending that much time on it. Relocating employees on company's dime. Just having meetups.

I believe DevOps Days Kiev happened right around the time of KubeCon and Valencia, and they've raised a phenomenal amount of money. The lineup of speakers for that event was just, I think so many folks spoke at it and found the time to support the efforts, and I think it's just seen so much community support has been phenomenal. And the only kind of worry is that it stops. So I would encourage folks to continue the conversation in whatever shape or form it is, small or big. That's probably what they would want.

Cherry on top is supporting the causes financially, but I wouldn't ask that of anyone.

CRAIG BOX: What should people do who are afraid that they're doing the wrong thing? I wasn't sure whether I was doing the right thing by talking to you about Ukraine. I don't want to put you on the spot to speak for all Ukrainians or the Cloud Native Ukrainian community, people on the ground. What do you do when you wonder if you're doing the right thing or not?

KATERYNA IVASHCHENKO: I'll definitely say that half of the time, I have no idea what I'm doing. In my opinion, it's better to do something than do nothing, but definitely on this podcast, as an individual and not representing all of people of Ukraine and all of the Cloud Native community or my company. But if you're not sure if you're doing a right or wrong thing, you can always ask and I'm more than happy to serve as liaisons, or my DMs are open on Twitter if you're ever wondering or reaching out to anybody in the community, Ukrainian or not, to get their opinion.

But the way I've gone about it is just assuming positive intentions and being very open about it. If somebody is being genuine about wanting to help, even if whatever they're trying to do somebody would consider wrong, that wouldn't affect that as much because they're trying to help ultimately. And it's also subjective, and everybody has their own definition of right or wrong.

I can see how that's a tricky subject to bring up, but because a lot of folks are worried that we stop talking about it, we wouldn't want to stop talking about it because folks are worried that they're saying or doing the wrong thing. So I would just encourage everyone to reach out, whether you think it's wrong or not, and have those conversations and just go about it that way. We're all human and nobody teaches you how to go through a war and support your loved ones. So it's important for the world to remember, and part of that is having those tough conversations in uncertainty.

CRAIG BOX: One way that we can all make our world smaller is through cultural exchange. And to wrap up, I want to ask you about the means of cultural exchange through snacks.

KATERYNA IVASHCHENKO: I definitely think that snacks are more approachable and, in fact, a delicious way to exchange cultures and just get immersed into the Cloud Native community, or any community in general. And that's how the International Snack Exchange came about. It's still very informal, in early stages. But back in 2019, when I was getting ready for KubeCon in Barcelona, I love food and I love snacks--

CRAIG BOX: Who doesn't?

KATERYNA IVASHCHENKO: [CHUCKLES] You'd be surprised. Some people are very particular about their snacks. But I started a thread on Twitter suggesting that folks will do a snack exchange, and offer snacks from their country or state or city in exchange for snacks from a different country. And when it was in Barcelona, I flew with just a separate suitcase of snacks because I got very excited about sharing all of the Hot Cheetos and salt and vinegar chips with the European community.

But I flew with the suitcase. I had a layover in Amsterdam. So I had a funny story of having my snacks stuck in a different terminal, and I almost missed my flight back to Barcelona because I had to do the passport control like three times. And the border patrol folks were very surprised because I tried to explain them that I have a bag of snacks that I urgently need to get to. But it got to a bigger scale in Valencia. So we got a lot of folks together and we got snacks exchanged from Brazil and Austria and Poland and Ukraine and so many other countries.

And I think the positive feedback around that, and part of why I love this community so much, is because you may be intimidated by all of this technology and all of these sandbox projects and vendors who are having booths and all of these talks, and it's a lot of information to take in, especially if it's your first KubeCon. So knowing a familiar face that you spoke to on Twitter that brought you a snack from across the world and meeting with them in person and just having that exchange just makes it so much more approachable. And it was a lot of fun to do, and I would expect to keep doing this every KubeCon from now on. So if you see anything about International Snacks on Twitter, please participate.

CRAIG BOX: Thank you very much for joining us today, Kateryna.

KATERYNA IVASHCHENKO: Thank you for having me, Craig. This was a lot of fun.

CRAIG BOX: You can find Kateryna and the upcoming snack exchanges on Twitter at @kivashch.


CRAIG BOX: And that brings us to the end of another episode. As always, if you've enjoyed the show, please help us spread the word and tell a friend. Tell a second friend if you have one available. If you have any feedback for us, you can find us on Twitter at @KubernetesPod, or reach us by email at KubernetesPodcast@google.com. You can also check out the website at KubernetesPodcast.com, where you will find transcripts and show notes, links to subscribe, and a plea to consider rating us in your podcast player so we can help more people find and enjoy the show. Thanks for listening, and we'll see you next week.