Extra Crunch Roundup: Cohort Analysis, YC Demo Day & Supply Chain

The Shifting Landscape of Fintech and Card Issuance

The current wave of innovation in financial technology, or fintech, is actively diminishing the advantages traditionally held by established financial institutions over emerging startups.

Many new companies are now directly challenging traditional retail banks by providing consumers with both credit and debit card options.

The accessibility of developer-focused APIs simplifies the card issuance process, and readily available solutions for crucial procedures like Know Your Customer (KYC) compliance further lower the hurdles to entry.

Insights from Industry Leaders

To gain a deeper understanding of these reduced barriers to entry, as well as the difficulties inherent in developing a distinctive card product, journalist Ryan Lawler conducted interviews with several key figures:

Michael Spelfogel, the founder of Cardless.
Anu Muralidharan, the Chief Operating Officer at Expensify.
Peter Hazlehurst, founder and CEO of Synctera.
Salman Syed, Senior Vice President and General Manager of North America at Marqeta.

These discussions provide valuable perspectives on the evolving dynamics of the fintech industry.

Access to full articles requires an Extra Crunch membership.

A 20% discount on one- or two-year subscriptions is available using the code ECFriday.

Upcoming Holiday Observance

Please note that new content publication will be paused on Monday, September 6, in observance of Labor Day in the United States.

Regular reporting will resume on Tuesday morning with fresh stories and a concise newsletter.

Thank you for your continued readership.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist

6 Strategies for Building a Global Supply Chain for Your Startup

extra crunch roundup: cohort analysis, yc demo day recaps, building your supply chain

Launching a hardware startup is now more accessible than ever. A successful crowdfunding effort often indicates the capability to locate overseas manufacturers capable of producing products to your specifications.

However, international supply networks are inherently vulnerable. The blockage of the Suez Canal by a single container ship for six days was an unforeseen disruption.

Currently, importers are experiencing significantly increased shipping costs, with containers from China costing around $18,000, compared to $3,300 just a year prior, largely due to the pandemic.

Jeff Morin, CEO of Liteboxer, has extensive experience establishing supply chains across three continents. He recently created a guide for Extra Crunch specifically aimed at hardware founders.

Morin emphasizes that a well-planned and rigorously executed approach can yield exceptional results, despite the inherent difficulties.

Key Considerations for Startup Supply Chains

Establishing a robust global supply chain requires careful planning and proactive risk management. It’s crucial to understand the potential pitfalls before committing to a particular strategy.

Here are six essential tips to guide you through the process:

Tip 1: Prioritize Supplier Selection. Thoroughly vet potential suppliers, focusing on their capabilities, quality control processes, and financial stability.
Tip 2: Diversify Your Sourcing. Avoid relying on a single supplier or geographic region. Multiple sources mitigate risk and provide flexibility.
Tip 3: Implement Robust Quality Control. Establish clear quality standards and implement rigorous inspection procedures throughout the production process.
Tip 4: Optimize Logistics and Transportation. Carefully plan shipping routes, consider different transportation modes, and negotiate favorable rates with carriers.
Tip 5: Build Strong Relationships. Foster open communication and collaboration with your suppliers. Strong relationships can lead to better pricing and faster response times.
Tip 6: Embrace Technology. Utilize supply chain management software to track inventory, manage orders, and improve visibility across your network.

These strategies are designed to help startups navigate the complexities of global sourcing and build resilient supply chains.

Successfully managing a global supply chain is no longer solely the domain of large corporations. With careful planning and execution, startups can effectively compete in the global marketplace.

Understanding Kubernetes Network Policies

Kubernetes Network Policies are a crucial component for securing your cluster. They define rules governing traffic flow between pods, enhancing the overall security posture of your applications.

Why are Network Policies Important?

By default, all pods within a Kubernetes cluster can communicate with each other freely. This permissive environment can be a security risk. Network Policies allow you to restrict this communication, implementing a more granular and secure network segmentation.

Without Network Policies, a compromised pod could potentially access sensitive data or disrupt other services. Implementing these policies minimizes the blast radius of potential security breaches.

How do Network Policies Work?

Network Policies operate at Layer 3 (IP addresses) and Layer 4 (ports) of the OSI model. They utilize selectors to identify the pods to which the rules apply. These selectors can target pods based on labels.

A Network Policy essentially defines ingress (incoming) and egress (outgoing) rules. Ingress rules control which traffic is allowed *to* the selected pods, while egress rules control which traffic is allowed *from* the selected pods.

Key Components of a Network Policy

Pod Selector: Identifies the pods to which the policy applies.
Ingress Rules: Define allowed incoming traffic.
Egress Rules: Define allowed outgoing traffic.
IP Block: Specifies a range of IP addresses to allow or deny.
Port: The port number to which the rule applies.

Creating a Basic Network Policy

Let's consider a scenario where you want to restrict access to a pod labeled app: my-app. You can create a Network Policy that only allows traffic from pods with the label role: frontend on port 80.

The policy would specify a pod selector matching app: my-app and an ingress rule allowing traffic from pods with role: frontend on port 80. All other incoming traffic would be denied.

Example Network Policy (YAML)

Here's a simplified example of a Network Policy defined in YAML:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
 name: allow-frontend-to-backend
spec:
 podSelector:
 matchLabels:
 app: my-app
 ingress:
 - from:
 - podSelector:
 matchLabels:
 role: frontend
 ports:
 - protocol: TCP
 port: 80

Network Policy Implementation Considerations

Implementing Network Policies requires a network plugin that supports them. Popular options include Calico, Cilium, and Weave Net. Ensure your chosen plugin is correctly configured to enforce the policies.

Testing is vital. Carefully validate your Network Policies to ensure they don't inadvertently block legitimate traffic. Start with permissive policies and gradually tighten them as you gain confidence.

Advanced Network Policy Features

Beyond basic ingress and egress rules, Network Policies support more advanced features, such as using IP blocks to allow traffic from specific CIDR ranges. You can also combine multiple selectors to create complex rules.

Furthermore, some network plugins offer features like network policy debugging and visualization tools, aiding in troubleshooting and understanding policy behavior.

Conclusion

Kubernetes Network Policies are an essential security mechanism for controlling traffic flow within your cluster. By carefully defining these policies, you can significantly reduce the risk of unauthorized access and improve the overall security of your applications.

Proper planning, testing, and the selection of a compatible network plugin are key to successful Network Policy implementation.

YC S21 Demo Day Standouts: A First Look at Top Startups

We regularly focus on the newest cohort of startups from Y Combinator as they present to the public for the first time.

The Y Combinator Summer 2021 Demo Day marked the accelerator’s fourth virtual event. A team comprised of Natasha Mascarenhas, Alex Wilhelm, Devin Coldewey, Lucas Matney, and Greg Kumparak identified 14 particularly promising companies from the initial day of this globally recognized pitch event.

Selection Process and Event Overview

The selection was made following careful review of the presentations delivered during the Demo Day.

This event represents a key milestone for these startups, offering a platform to showcase their innovations.

Key Highlights from the First Day

The chosen companies represent a diverse range of industries and innovative approaches.

The judging panel focused on factors such as market potential, team strength, and the uniqueness of the proposed solutions.

Looking Ahead

Further analysis and coverage of the YC S21 Demo Day will be provided in subsequent reports.

The accelerator program continues to be a significant incubator for groundbreaking technologies and business models.

Understanding Kubernetes Networking: A Deep Dive

Kubernetes networking is a complex subject, but fundamentally it’s about enabling communication between pods, services, and the outside world. It’s a crucial aspect of deploying and managing containerized applications at scale.

Core Concepts in Kubernetes Networking

Several key components work together to facilitate networking within a Kubernetes cluster. These include Pods, Services, and Network Policies.

Pods are the smallest deployable units in Kubernetes, representing a single instance of an application. Each pod is assigned a unique IP address within the cluster.

Services provide a stable network endpoint for accessing pods. They abstract away the underlying pod IPs, which can change dynamically. This ensures consistent access even as pods are created or destroyed.

Network Policies define rules for controlling traffic flow between pods. They allow you to restrict communication based on labels, namespaces, and IP addresses, enhancing security.

Kubernetes Networking Models

Kubernetes doesn’t dictate a specific networking implementation. Instead, it provides an API for networking, allowing various Container Network Interface (CNI) plugins to be used.

Common CNI plugins include:

Calico: Known for its robust network policy enforcement and scalability.
Flannel: A simple and easy-to-use CNI plugin, often used for basic networking.
Weave Net: Provides a network overlay with encryption capabilities.
Cilium: Leverages eBPF for advanced networking and security features.

The choice of CNI plugin depends on your specific requirements, such as network complexity, security needs, and performance expectations.

Service Discovery and Load Balancing

Kubernetes provides built-in service discovery and load balancing mechanisms. When a service is created, it receives a ClusterIP, which is a virtual IP address accessible within the cluster.

Kubernetes uses kube-proxy to manage network rules and forward traffic to the appropriate pods backing the service. This ensures that requests are distributed evenly across available pods.

There are different service types available:

ClusterIP: Exposes the service on a cluster-internal IP.
NodePort: Exposes the service on each Node's IP at a static port.
LoadBalancer: Provisions an external load balancer (if supported by your cloud provider) to expose the service externally.

Ingress Controllers for External Access

For more sophisticated external access management, Ingress Controllers are used. They act as reverse proxies, routing external traffic to the appropriate services based on hostnames or paths.

Ingress controllers allow you to consolidate multiple services behind a single external IP address, simplifying access and management. Popular Ingress controllers include Nginx Ingress Controller and Traefik.

DNS Resolution in Kubernetes

Kubernetes includes a cluster DNS service, typically implemented by CoreDNS. This service provides DNS resolution for services within the cluster.

When a pod needs to access a service, it can use the service's name as a hostname. The cluster DNS service resolves this name to the service's ClusterIP, enabling communication.

Network Policies: Securing Your Cluster

Network Policies are essential for securing your Kubernetes cluster. They allow you to define granular rules for controlling traffic flow between pods.

By default, all pods within a namespace can communicate with each other. Network Policies allow you to restrict this access, limiting communication to only authorized pods and services.

Network Policies are defined using YAML files and applied to namespaces or pods. They specify ingress and egress rules based on labels, IP addresses, and ports.

Troubleshooting Kubernetes Networking

Networking issues can be challenging to diagnose in Kubernetes. Common troubleshooting steps include:

Checking Pod IPs: Verify that pods have been assigned IP addresses.
Testing Service Reachability: Use kubectl exec to access a pod and test connectivity to services.
Inspecting Network Policies: Ensure that network policies are not blocking legitimate traffic.
Examining Kube-proxy Logs: Look for errors or warnings in the kube-proxy logs.

Tools like tcpdump and ping can also be helpful for diagnosing network connectivity issues.

Effective Kubernetes networking is vital for building scalable, resilient, and secure applications. Understanding the core concepts and available tools is crucial for successful deployment and management.

The Optimistic Outlook for Virtual Event Companies Post-Pandemic

Prior to the onset of the pandemic, virtual events were not a widely considered option. However, this event format rapidly addressed a distinct and crucial requirement for organizations of all sizes starting in early 2020.

The question now is: what role will virtual events play as the global community increasingly seeks a return to pre-pandemic routines?

To gain insight, we consulted with leading figures and investors within the virtual event industry to identify the key trends currently emerging. This followed up on an initial survey conducted in March 2020.

Our discussions included:

Xiaoyin Qu, the founder and CEO of Run The World.
Rosie Roca, who serves as the chief customer officer at Hopin.
Hemant Mohapatra, a partner at Lightspeed Venture Partners India.
Paul Murphy, previously an investor in Hopin at Northzone, and currently the co-founder of Katch.

Understanding Kubernetes Networking: A Deep Dive

Core Concepts in Kubernetes Networking

Several key components work together to facilitate networking within a Kubernetes cluster. These include Pods, Services, and Network Policies, each playing a distinct role.

Pods are the smallest deployable units in Kubernetes, representing a single instance of an application. Each pod is assigned a unique IP address within the cluster.

Network Policies define rules governing communication between pods. They allow you to control which pods can talk to each other, enhancing security and isolation.

How Kubernetes Networking Works

Kubernetes doesn't have its own networking implementation. Instead, it leverages the networking capabilities of the underlying infrastructure. This flexibility allows it to operate in various environments, including cloud providers and on-premises data centers.

A Container Network Interface (CNI) plugin is responsible for setting up the network for pods and ensuring they can communicate. Popular CNI plugins include Calico, Flannel, and Weave Net.

When a pod is created, the CNI plugin assigns it an IP address and configures the network interfaces. This allows the pod to communicate with other pods and services within the cluster.

Service Discovery and Load Balancing

Kubernetes provides built-in service discovery and load balancing mechanisms. When a client accesses a service, Kubernetes automatically routes the traffic to one of the healthy pods backing that service.

This is achieved through the kube-proxy component, which runs on each node in the cluster. Kube-proxy maintains network rules that redirect traffic to the appropriate pods.

Kubernetes supports different service types, including:

ClusterIP: Exposes the service on a cluster-internal IP.
NodePort: Exposes the service on each node's IP at a static port.
LoadBalancer: Provisions an external load balancer to expose the service.

Ingress Controllers for External Access

For exposing applications to the outside world, Ingress Controllers are commonly used. They act as a reverse proxy, routing external traffic to the appropriate services within the cluster.

Ingress resources define the rules for routing traffic based on hostnames and paths. This allows you to host multiple applications on a single IP address.

Popular Ingress Controllers include Nginx Ingress Controller and Traefik.

Network Policies for Enhanced Security

Network Policies are a powerful tool for securing your Kubernetes cluster. They allow you to define granular rules controlling network traffic between pods.

You can specify which pods are allowed to communicate with each other based on labels, namespaces, and IP addresses. This helps to prevent unauthorized access and limit the blast radius of security breaches.

Network Policies are implemented by the CNI plugin, which enforces the defined rules.

Troubleshooting Kubernetes Networking

Diagnosing networking issues in Kubernetes can be challenging. Common tools and techniques include:

kubectl exec: Allows you to execute commands inside a pod for network testing.
ping/traceroute: Used to verify network connectivity.
tcpdump: Captures network traffic for analysis.
CNI plugin logs: Provide insights into network configuration and errors.

Understanding the underlying network infrastructure and the CNI plugin in use is crucial for effective troubleshooting.

Careful planning and monitoring of your Kubernetes networking configuration are essential for ensuring the reliability and security of your applications.

Analyzing Startup Trends in the Recent Y Combinator Cohort

TechCrunch’s coverage of the Y Combinator Demo Day summer cohort was concluded by Alex Wilhelm and Anna Heim, who assessed the cohort’s performance against their initial predictions.

The analysts noted a higher-than-anticipated number of startups dedicated to no-code and low-code software solutions.

They also expressed satisfaction with the unexpectedly large number of new ventures concentrating on the space industry.

Certain startup categories aligned with expectations regarding their prevalence, such as those centered around delivery services, including dark stores and ghost kitchens.

Conversely, interest in crypto and insurtech startups appeared lower than projected.

A comprehensive list of the startups that garnered attention from The Exchange can be found in their detailed report.

Understanding Kubernetes Network Policies

Kubernetes Network Policies are a crucial component for securing your cluster. They define rules governing traffic flow between pods, offering granular control over communication within the Kubernetes environment.