#047 – Securing the Software Supply Chain and Kubernetes with Dustin Kirkland (Chainguard)

Itiel Shwartz: Hello everyone and welcome to another episodes of the Kubernetes for humans podcast. Today with me in the show we have Dustin. Dustin, can you please introduce yourself?

Dustin Kirkland: Hey Itiel.

Dustin Kirkland: yeah, my name is Dustin Kirkland. I’m the VP of engineering at Chainguard. we’re helping secure the software supply chain. we got started uh really building secure containers that mostly run in Kubernetes. I mean they can run it elsewhere too, but you know the overwhelming majority of our customers today are running our containers in production on Kubernetes. So delighted to speak with you today.

Itiel Shwartz: Ah that that sounds good. But before we’re going to talk about Chainguard and how you guys are helping to make Kubernetes a bit more secured, tell us a bit about yourself. Where did you come from? What’s your background? When did you first learn about Kubernetes?

Dustin Kirkland: sure. I’ve been in technology for uh 26 years now. came out of college as a computer engineer. loved open-source Linux in the late 90s when I was in college. uh took the first job I could get that would pay me to work on Linux and that was at IBM in the early 2000s. I spent uh eight great years at IBM uh including one of those years 2005 staffed on-site at Red Hat uh in Boston uh Massachusetts. I’m based in Austin, Texas. I was on site in in uh Boston uh working on IBM PowerPC systems. uh that draw to the Linux distro uh actually opened up an opportunity to join Canonical uh in 2008 as Canonical building Ubuntu server the first server distribution that Canonical produced. I did two stints at Canonical uh 2008 to 2011 I was an engineer and a manager in the on the server. then I was a CTO at a little startup called Gazzang that was acquired by Cloudera. uh we built an encrypted file system and encrypted key manager in the uh 11 12 13 time fraMaven. So a little bit before HashiCorp and vault and uh secrets management and that sort of thing. that became cloudera’s uh uh security platform. I went back to canonical and led product for another six years. So 2013 through 2018, how does that connect?

Itiel Shwartz: I have to I I’ll have to stop for a second because it’s like a super interesting story like programmer team manager makes sense. Founding your own startup, you know, I’ll be happy to hear about that a bit more but also makes sense but then going back to canonical for six years as product. So share a bit more about like this time just because you know it sounds interesting.

Itiel Shwartz: Yeah. yeah, I was the CTO. I was not the founder. I created the open-source project that this some entrepreneurs saw. if you’d ever used the one-click um encrypt your home directory in Ubuntu on the desktop you install. so was a feature that I kind of created off to the side. It wasn’t part of my my day job, but I contributed that as part of you know just being a contributor to Ubuntu. a couple of really interesting sales guys from Oracle saw that and said what if you could oneclick encrypt your MySQL database? and so they founded this company called Gazzang and then we encrypted MySQL and Postgres and then there was this explosion of Cassandra and Hadoop and we could encrypt any of that. So it was a lot of fun. What I found was as the CTO of this little startup, uh I was kind of doing a lot of product management, you know, kind of figuring out yeah the bits and pieces of how do we sell this? How do we monetize that? And what we found was all of the bits were GPL open-source software. We didn’t really we couldn’t really sell the encryption, but there was no key manager at that point. Everyone was using hardware security modules. So, we created a virtual a virtual hardware security module. Basically, I was doing product before I really knew what product was. I stayed in good contact with friends from Canonical and and uh the founder of Canonical, Mark Shuttleworth, and uh he recruited me back to lead product uh at at Canonical.

Itiel Shwartz: No, sounds super like a super interesting journey. So six years as product maybe share a bit more about that like how was the company like what was the company like product basically when you rejoined the company and like six years later what what changing canonical?

Dustin Kirkland: Yeah. well I mean Kubernetes was born right in that time frame you know rejoining in in 2013. the company had grown up quite a bit. Ubuntu was beloved by many many many people. but trying to charge money for something that’s always been free is really really really hard. and so what I had kind of and there’s no by the way there’s little to no education to be a product manager. You just kind of happen to do the job and have to figure it out along the way and uh you know I did a lot of networking. I read some books but you know there’s not a degree in product management. At least there wasn’t when I was in school. what I found with security there was a lot of things you could and this will actually bring bring us to Chainguard too. What I found was people will pay for security. They will pay for additional security. that’s not something that, you know, it’s nice when it’s free, but it’s not something that’s necessarily expected to be free. and so I created a couple of products at at Canonical around security. the kernel um updates without rebooting. We called it live patch. you know, sometimes customers would pay for uptiMaven. They don’t they can’t they won’t

Itiel Shwartz: Yeah, I agree. I agree. I agree. uh

Dustin Kirkland: updates after the end of life. extended security maintenance uh is what we call is another thing that you know developers who want free don’t really care about but enterprises who need to stay on a thing for years and years and years will pay a little bit extra to have you know extended end of life support. So um you know it was a couple of things like that uh that to me struck the right balance between uh there continues to be a free and open-source version of thing but there’s a thing that enterprises will pay a premium for.

Itiel Shwartz: Okay so you’ve been there six years like the company I think is going well right like canonical like I see like overall like the company grew and then what happened?

Dustin Kirkland: Yeah, I so Kubernetes happened for one thing. I got an incredible opportunity to join uh Google uh a company that I had um interviewed with several times, but being based in Austin, Texas, uh not California and not willing to relocate, uh every other opportunity when Google reached out, you know, a recruiter reached out, none of them went anywhere because I was unwilling to move and Google was unwilling to, you know, accommodate a remote employee. uh the Austin off Google office got bigger, work remote became a little bit more acceptable um and Kubernetes blew up and I just had a kind of a once in a-lifetime opportunity to uh to join Google as a a product manager working on GKE um Google Kubernetes Engine. my responsibility was sort of the OS under the uh the worker node the GKE node and helping bring that on-prem into into enterprises. So it was a it was a good group of u I had a great engineering team worked with a great engineering team my peer product managers uh I learned a lot from them and you know Google’s just one of those one of the great companies uh and so yeah I spent a couple years at at Google um working on literally on Kubernetes.

Itiel Shwartz: No, it’s like a really good time to work at Google for Kubernetes like back then the leading by far when it comes to you know like Kubernetes, Kubernetes adoption, Kubernetes in general. even I think even back then like AWS that were quite you know negative around Kubernetes in the beginning did had a lot of people using kops right and Rancher and whatever to try and spin spin like Kubernetes on top of AWS like was that the main competition like for you guys back then if you can you know if you can talk about it like what was Google?

Dustin Kirkland: Yeah, I mean broad strokes, Google Cloud uh you know so secret was a distant number three behind AWS and Azure. This is 201819. Kubernetes was one piece of Google cloud but certainly a piece where unusually we had a first mover advantage. We Google had first mover advantage. not the case for S3 and EC2 and you know all of these sorts of things. But Kubernetes was a thing where it’s like, look, if if we can’t win this race, uh maybe we shouldn’t be shouldn’t be competing.

Itiel Shwartz: Yeah, exactly.

Dustin Kirkland: but no, it was it was great. I mean, I’ve been to many many KubeCons headed to KubeCon next week in London. again, understand you’ll be there, too. So,

Itiel Shwartz: same saMaven. Yeah.

Dustin Kirkland: Yeah. It’ll be be fun to meet up with old friends and new. but yeah, um that was I’ll I’ll kind of bridge this to like the next part of my journey. I worked a lot with financial services both at Canonical and at Google.

Dustin Kirkland: the financial services industry I saw um rapidly adopting cloud technologies in an for an industry that had long been on-prem onrem on prem. Yeah.

Itiel Shwartz: And so I got another really interesting opportunity to join uh a clearing and custody brokerage firm. Really a technology firm that uh didn’t know it was a technology firm yet. uh in in terms of being able to create APIs for brokerage trading uh stocks and equities and other things as well and this is you know again 2019 so a little bit before co a little bit before that like explosion of of retail trading and was the chief product officer there’s one thing I was missing at Google I went from leading a team and running an or being an executive that reported to the CEO to being a individual contributor product manager in the middle of you know one of the world’s biggest companies. I miss the I miss the leadership uh side of things more than I thought I would. I’ve thought, hey, look, I’m going to clear my calendar and I’ll just be able to work on my one thing and won’t have uh all of these other responsibilities. but it’s I mean it gets in you and I really miss that. so I joined uh this chief product officer at a company called Apex, Apex Fintech Solutions and we provided clearing and custody services for uh most of the retail brokerage industry. One of our customers was actually Goldman Sachs. and I ended up, uh, eventually joining Goldman Sachs, uh, as head of product for the, uh, part of the retail business, the consumer, uh, platform, uh, business. join with, you know, every good intention.

Itiel Shwartz: does it make sense? Like, again, like your your story is like quite quite interesting when I think about like the different companies. IBM makes sense and canonical also makes sense CTO. Then back to Canonica, Google and like super like super versatile, one of the most like versatile gas. So what didn’t work out for you back then?

Dustin Kirkland: Well, I mean it whole world sort of changed, economy changed uh and you know Goldman shrank the retail uh consumer business a little bit. I took some time off after that uh and took a took basically a year off started a a startup advisory practice uh invested in a couple of startups and really for the

Itiel Shwartz: anyone anyone that they know or that our listener knows uh sure yeah sure uh Stacklet is another company that is very much involved in the Kubernetes space always at uh at KubeCon Kapil and Travis and and team a bunch of old friends running that company uh governance they they’re doing it quite a bit in the FinOps community. a company called Mesh, Mesh Connect. basically connecting, uh, crypto brokerage accounts, crypto accounts. BAM, phenomenal founder. uh, Novi Labs is a machine learning oil and gas big data platform. Helps oil and gas companies figure out

Itiel Shwartz: also super versatile. I will say like very like not, you know, like yeah,

Itiel Shwartz: like the saMaven. Okay. So, so Jake, you had your own business. you’re investing a bit of money and then what happens?

Dustin Kirkland: you know, I’ve known the the Chainguard founders, Dan, Kim, uh, for a very long tiMaven. We cross paths at Google. Dan and I were basically co-located, sat next to one another in Austin and hung out, uh, professionally and socially. We weren’t working on the same things exactly. um he was constantly pinging me and picking my brain about uh Linux distributions and security and he knows the security stuff inside and out. the distro was it was like a problem that I think he and and Kim and Matt and Vlate had suffered uh in as a receiver of distros for a long tiMaven. And so in part they created the Google distroless project in 2017. and then you know as that evolves distroless is a little tongue-in-cheek right um it’s it’s a little bit of a joke of course you’re distributing software uh what would it take to really do that and do that well uh and so I had a a series of long conversations with Dan usually on the weekends around uh around you know what it would take to really create a secure distro uh Dan’s the CEO and co-founder of of Chainguard. Kim’s the chief product officer, Matt’s the CTO, uh Vle is a distinguished engineer. and then it sort of all came together one Sunday afternoon as as you know, Dan said, “Look, we really need someone to help uh lead and grow our uh engineering team.” So I went actually back to engineering uh Itiel. I never

Itiel Shwartz: thought I would do that.

Dustin Kirkland: After, you know, 12 years in engineering, 12 years in product, year 25, I’m back in engineering again and having having a blast, having the time of my life.

Itiel Shwartz: No. So again like super super interesting but maybe like share a bit about Chainguard like I think most of our listeners are not necessarily like aware of the company. So even before you joined what was the vision what did they try to do why were they like you said a bit stuck maybe and try to to bring you as well or brought you as well right and like uh yeah share a bit about chin guard like that.

Dustin Kirkland: Yeah I would say not not so much stuck but like ready to take off. It was a rocket ship on the uh right on the cusp of completely taking off. so I joined a year and a half ago which was about two years into the Chainguard journey. founders were all four uh former Googlers uh had looked at the security space. They had in parts co-founded the Google distroless uh parts of the SLSA project securing the software life cycle uh and parts of uh Sigstore and Cosign which was about signing and attestations of software uh and they raised around the funding very easily. there was one part I kind of skipped which was in between uh leaving Goldman and uh and joining Chainguard. I was actually thinking about starting my own startup too and I’d met with Dan a couple of times and he told me just how easy it was to raise his first round and investors were throwing money at him and I was like man that is not my experience right now I’m struggling to raise money uh and so it’s at that point I should have just thrown in the towel and joined him but I you know went out

Itiel Shwartz: what was the like you know like there are four super talented people from Google okay I would invest money even without hearing idea, but what was the original pitch? Like what did they promise to the world for the visi? And did it change over the years? Like there are this original, you know,

Dustin Kirkland: I mean, so like clearly I wasn’t part of the original pitches, but you know, I’ve heard the stories and I’ve heard it investors as well. Chainguard’s never made a pitch deck. they’ve walked into every VC conversation and usually the VCs are asking the questions, what are you doing? What are you solving? you’re clearly four smart people. what are you working on? And it evolves from like an organic conversation. So, you know, we’ve raised a couple of rounds of funding uh all the way through a series C last year and it it it ironically sometimes the venture capital firms themselves create the pitch deck for you. which is is a little bit interesting uh in that they they see the value prop. the original value prop uh Itiel was really around uh Sigstore and in a product that was called Enforce. Enforce basically signed uh a sign software. it’s a little bit simpler. It’s kind of like if you were to take GPG, which is the way we sign software in the Debian Ubuntu uh if you were to take that and make it a little more like Let’s Encrypt uh and a little bit simpler to use that was you know basically uh Sigstore and then Enforce was a product wrapped around that. Jangard had a couple of customers of that, but then what as soon as you get a customer, they start telling you what their other problems are, what their what their real problems are. And that’s the real blessing of having and a customer that’s actually paying you some money and you know engaging with them and and proving yourself. And so we got this opportunity and customers started saying, you know what, our real problem is it’s our security scanners. It’s our CVEEs. It’s the number of unpatched vulnerabilities that are making our CISO, our board of directors, our investors, uh, our public investors sad is, you know, how vulnerable we are to software vulnerabil software vulnerabilities and exposures that have fixes available. And so, uh, Chainguard took its first crack at that problem in 2023 and created a a small number, a handful, it was 30 or 40, I think by the end of 2023. We’re over,200 images now of uh, container images where we have literally eliminated all CVEs, all known security vulnerabilities that a scanner might find that has a fix upstream. We’ve remediated that. And I can get into some of how that works. but that product was an immediate hit. And we went from two or three customers to 20 or 30 customers almost overnight. Found that product market fit. And that was basically right at the moment of when I joined was to help scale that out. The engineering team was uh less than two dozen people at that point. We’re well over 100 now. the company was 80 or 90 people. We’re um almost 400 now. we’ve since taken two rounds of investment and have you know really have the opportunity to grow that business. just yesterday in San Francisco we actually launched our next two products as well. and so yeah now we’re we’re really looking to to grow the business considerably.

Itiel Shwartz: Okay. again like a super origin like unique like startup story like the beginning makes sense but the fact that you found that switch uh through those two customers and then blew off again like kudos and just shows like what a green team in a really good environment can achieve right like Kubernetes is booming images in general are booming and security vulnerabilities are also booming so it’s like the perfect um the perfect storm I guess in away for you guys. So, so maybe you know like let’s I don’t want to be too techy here but let’s do be like a bit techy. So let’s say that I really want to use I don’t know Postgres or radius or whatever. H so instead of just downloading the radius version I download your versions like when I say download you know like pulling whatever so like that’s the that’s the pitch like share with me like the pitch. Why should I use you? I use Kubernetes right like internally commodore or like hardcore or Kubernetes features currently not using chain cloud. Why should we or should we?

Dustin Kirkland: Yeah. Yeah. So uh we do publish uh a bunch of our images to uh Docker registry. We run our own registry as well at cgr.dev. all of the images that you might want to see are available at images.chainguard.dev uh as well. We can send those links after the fact. Postgres is is a great example. so you need to run a database Postgres database you can docker run Postgres straight from from Docker Hub. if you scan that image with your scanner of choice uh could be you know Grype or Trivy or Wiz or Snyk uh Aqua

Itiel Shwartz: um on

Dustin Kirkland: on average we typically see dozens to hundreds of security vulnerabilities that are unpatched in that version. In the Chainguard version of Postgres, uh we keep that at zero CVEs and we keep that at zero CVE per an industry uh leading SLA service level agreement that’s designed to to exceed uh the US government’s FedRAMP requirement. So we use FedRAMP just as a uh as a a ballpark. FedRAMP says you’ve got to remediate critical CVS within 30 days, highs within 90, um, lows within or sorry, mediums within 180 days. So, you have basically six months uh, to remediate these. Our SLA says we’ll remediate them within seven and 14 days. 7 days for criticals, uh, 14 days for highs, mediums, and lows. And our customers tend to like that because if they’ve got obligations under Fed Ramp, we ensure that we can get that fixed soon and then they can spend the next three, four, five, six months or whatever they need retesting, re-qualifying, you know, rebuilding uh at rebuilding that. so that’s the that’s the key difference is like if you care about size, if you care about security, uh, Chainguard’s got a a fantastic catalog of of hardened images. Some of those are going to be more interesting in the uh the interf enterprise. we have a number of images that use certified FIPS cryp cryptography. you know so that’s that’s really what what where where we fit. If you’re if you or your users you know really truly care about security uh yeah I’d say take a look at Chainguard.

Itiel Shwartz: No that’s a great pitch. Let me ask you something. You know, I heard about like the chang pitch and my feeling was always that even if like the base image will be good, a lot of people will do a lot of, you know, steps to extend this image and then bring with them a lot of CVEs. Like do you guys help with that as well or only with the base image?

Dustin Kirkland: Yeah, that that’s uh actually a great leadin. We haven’t even talked about it yet. Perfect leadin to uh the second product that we’ve just launched. I said we announced it yesterday. so Chainguard Containers is our first product and that’s the hardened containers. our second product is something called Chainguard Libraries. so you’re right there is there are a lot of uh new vulnerabilities that are introduced by a um you know let’s say you’re an end user you start with our Java base image. you can get the latest and greatest uh open JDK image from Chainguard, open JDK 23 or whatever uh from Chainguard and we’ve eliminated all the vulnerabilities from that JDK image. And let’s say you’re a Java developer or or you’re a company that uses a whole lot of Java and you’re a Chainguard customer, you use that image and your starting point is zero. You start from a blank slate. Okay, now you write some Java code. Now that’s your proprietary code. Proprietary code is not going to have CVEs. but your proprietary code depends on a whole bunch of jars that you need to install from Maven.

Itiel Shwartz: Yeah, it does.

Dustin Kirkland: Add 162 jars. guess what? Those 162 jars are going to come with probably a whole bunch of other CVEs that didn’t come from Chainguard. Okay. Yeah.

Dustin Kirkland: however, just yesterday we announced a product called Chainguard Libraries uh where we’re actually taking all of uh the world’s upstream open-source Java archives, JAR files. We’ve started with the top 20,000 which covers about 99% of the jars that uh that people use based on, you know, the best analysis we could do on on dependency open-source dependency files. So 20,000 jars now rebuilt uh from source by Chainguard using our tool chain. and so that number one ensures reproducibility. We can actually reproduce those jars. but number two we can actually patch those against against CVE. so now a customer who’s a Java uh shop can use the chainard base image and then add uh the Java libraries product on top of that. we’re currently working on uh Java is is now announced. We’re currently working on Python uh next and we’ll probably tackle Node uh Node.js/npm uh after that. So basically you can continue using Maven and pip and npm except you point Maven and Node and and npm to the Chainguard artifact uh registry and and repository and you’re getting those secured archives straight from from Chainguard.

Itiel Shwartz: No that that sounds like uh like an amazing product but an engineering nightmare. So even I didn’t want to go too much into the details I must let’s take the old product just so it will be a bit simpler. Postgres now has a CV right like whatever something was just published. How are you guys able to solve and redistribute it so fast like I would imagine it’s it’s quite hard like like it’s quite hard even if you tell me only for postgress but how do you do it in scale?

Dustin Kirkland: Yeah, we’ll we’ll we’ll take that. That’s a great example. We’ll take that uh pretty quickly. so, first of all, as soon as that Postgres CVE is registered, it shows up in the National Vulnerability Database (NVD), which is run by uh NIST. our automation picks that up. We’re very automation driven company. I wouldn’t really call it AI necessarily, but it’s a it’s a heck of a lot of of automated, event driven, cloud-based process. Okay. So the moment that CVE shows up uh it it lights up on our dashboards and we’ve got you know engineers a sustaining and security engineering team uh that’s watching those. The first thing is to determine has upstream fixed this vulnerability uh yet. in the happy path the vulnerability is published and guess what Postgres is one of the you know it’s a well-maintained project it’s got an active community people care about security there meaning it all the things it’s not right it’s not end of life it’s not dead it’s not a

Itiel Shwartz: uh so it gets this um

Dustin Kirkland: it gets this vulnerability as an uh uh sorry it gets this the upstream maintainers create a fix and they commit that fix and they tag a new release I don’t know 9.125 or something like that. Okay. the good news for us is that if we see that our automation automatically rebuilds Postgres from source within minutes of upstream tagging a new release and that’s happening Itiel for

Itiel Shwartz: 10,000 open-source projects constantly all the tiMaven. We are constantly monitoring and rebuilding. There’s something rebuilding right now while we’re we’re talking. that automation applies our build rules, uh checks the check sums, bumps the version. If the build succeeds, then reruns all of our unit tests, which are the functional verification tests on that package itself. if that succeeds, then we determine all of the container images that actually include Postgres in it. We rebuild all of those container images and then guess what we have to do with those container images? retest those. In some cases, that might mean provisioning a whole new Kubernetes uh and linking up this one application with this Postgres database. That automation again, you know, runs when everything is green across the board and there’s dozens and dozens of of opportunities for it not to be green. uh if it is all green then it’s published to our registry and then all the customers who are who have bought a license to chainard’s Postgres uh image will also get uh that image pushed out to them and by the way I said Postgres it could be Postgres FIPS we have a FIPS image for Postgres uh as well the unhappy path is if any one of those steps along the way fails let’s go all the way back to the beginning if upstream hasn’t created a fix for for I want to be clear, we’re not creating the fix. So we’re not, you know, determining how to fix Postgres or 10,000 other open-source projects. We are totally dependent on the upstream maintainers to do that. But like a like a farmtotable farmers market, the moment that that upstream uh developer cuts that release, we are bringing that, you know, into our build system and and making that available to customers uh typically within minutes to hours. they really take is how long does it take to run the test? We can compile almost anything in under 30 minutes, but some of the tests take hours to run to completion.

Itiel Shwartz: So, we don’t we don’t create the the patch uh and contribute it upstream. But as soon as it’s available upstream, we rebuild it.

Itiel Shwartz: Okay? And then if anything breaks along the way again a Chainguard engineer will have to get involved and figure out hey why did this build you know oh we needed to bump this other version dependency we needed to you know last thing Itiel I’m going to tell you is uh the CVE usually and by usually I mean 75 80% of the time is not actually in Postgres or the end application you know where the CVE is. in a library. It’s in a dependency of that. It’s it’s you know if it’s go code it’s like go crypto or go xnet or it’s it’s some library uh affects not just one but hundreds of packages. And so this is where that automation system that we built at Chainguard that’s our that’s our strength. That’s our superpower is that it’s um it’s the machine is the we call it the factory. It’s the factory that’s building this constantly.

Itiel Shwartz: Okay. So like we like first of all sounds super interesting like super test at scale and automation and IT and security like sounds sound like very interesting and have proof for like the world but also like interest in like running it um you know as as an infra because we’re almost out of time maybe like a minute on where are we going as an industry like give your prediction and you know feel free to promote whatever you want afterwards.

Dustin Kirkland: Yeah. well, I’ll do a little bit of both. I think that we’re it’s just the tip of the iceberg for this like eliminate all security vulnerabilities movement. you know, the customers that that we’ve uh recruited onto that uh onto that mantra. love it. And then they’re typically asking us, you know, where so this is great for our Kubernetes. It’s great for our containers. Where else do we have vulnerabilities that Chainguard could help us eliminate? and that kind of brings us to the third product. we’re actually uh now offering and hardening uh virtual machines. So we build a hardened kernel uh where again we track the upstream uh CVE maintenance tree, the security tree uh that Greg Cohartman uh maintains. We rebuild that kernel and retest that kernel within minutes of an upstream release. Rebuild our kernels. and guess what is running at the bottom of practically every Kubernetes? whole bunch of worker nodes, a whole bunch of kubelet, you know, worker nodes running Docker D. so that’s our first target. So we’ve built a um we built a hardened uh Kubernetes worker node for Amazon EKS um that’s available uh as of uh immediately as of yesterday.

Itiel Shwartz: and so here if you’re running Chainguard containers on top of a a Chainguard uh VM, you really can get to zero CVS on you know that entire entire stack. I think that’s where we’re going. stretching that to the library. So now you wrote you wrote some code and you’re bringing in uh you know Python and Java and maybe it’s Rust or ornet or Ruby. You know that’s that’s sort of the next frontier uh and the next you know big things that we’re working on.

Itiel Shwartz: Okay. Super cool. Super super cool. Anything else you want to say before we finish?

Dustin Kirkland: No, but thank you. What a pleasure. very cool podcast. certainly enjoy it. yeah, thank you for having Maven.

Itiel Shwartz: Thank you for your like sharing about the journey on Chainguard and yeah, let’s meet up for coffee at KubeCon.

Dustin Kirkland: Thank you Itiel.

[Music] Kubernetes for Humans.

This is an AI generated transcript of the conversation