Xander Grzywinski is a Senior Open Source Product Manager at Microsoft and the Kubernetes 1.27 release lead.
We interviewed Xander to explore some highlights from the release, and discuss a bit about what it’s like to work with the release team.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
News of the weekTraefik Labs Launches Traefik Hub
Software Supply Chain Security Assessment:
CNCF Spring 2023 Cloud Native Ambassadors
Updates to the Auto-refreshing Official CVE Feed
What’s New in Red Hat OpenShift Virtualization 4.12
Azure Kubernetes upgrades and Long Term Support
KubeCon SHANGHAI, CHINA is back on Sept 26-28, 2023
KubeCon NA takes place on Nov 6-9, 2023 in Chicago, Illinois
KubeCon EU 2024 takes place on Mar 19-22 in Paris, France
Introducing Sessionize: a new CFP platform for CNCF events
Manage Amazon EKS Clusters with New VMware Tanzu Mission Control Features
Google Cloud turned profit for the first time according to the earning call of Q1 2023
Links from the interviewXander Grzywinsk:
Freeze k8s.gcr.io image registry
Kubernetes Vertical Pod Autoscaler
Kubernetes Removals and Major Changes In v1.27
Kyverno — verify Kubernetes control plane images
Kubernetes 1.27: StatefulSet PVC Auto-Deletion (beta)
Kubernetes 1.27: Query Node Logs Using The Kubelet API
Kubernetes 1.27: Efficient SELinux volume relabeling (Beta)
Kubernetes 1.27: StatefulSet Start Ordinal Simplifies Migration
Kubernetes 1.27: Introducing An API For Volume Group Snapshots
Kubernetes 1.27: Quality-of-Service for Memory Resources (alpha)
Kubernetes 1.27: Vertical Pod Autoscaler supporting in-place updates
Kubernetes 1.27: Server Side Field Validation and OpenAPI V3 move to GA
Kubernetes 1.27: More fine-grained pod topology spread policies reached beta
Kubernetes 1.27: Single Pod Access Mode for PersistentVolumes Graduates to Beta
Kubernetes 1.27: HorizontalPodAutoscaler ContainerResource type metric moves to beta
Links from the post-interview chat
Paris Pittman is a Senior Program Manager at the Open Source Program office at Apple. A Prominent Kubernetes and CNCF member who served many roles with a focus on community and governance. Paris was on some key milestones for this show. First appearance was on Episode 1 and later on Episode 100. So we could not be happier to have Paris back in Episode 200. We discussed how Paris got started with community work and how the experience has been. Paris shared with us some words of wisdom on the power of working with others and the importance of moving on.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
News of the week
Kubecon EU 2023 “Security Village”
Podman desktop released version 0.14
Keycloak joined CNCF as an incubating project
Kubernetes v1.27 code name Chill Vibes was released
The CNCF “Cloud Native Explorers” - Amsterdam Edition
CNCF white paper on Platforms for Cloud Native Computing
GKE Autopilot is now the default mode of operations for new clusters
Links from the interview
Paris Pittman:
In this episode we bring you with us to Southern California Linux Expo, or SCaLE20x in Pasadena, California. We interviewed several attendees about their experience at the conference.
Featuring:
-
Robin Phantomhive, attendee at SCaLE and community member
-
Mofi Rahman, Developer Advocate at Google
-
Fatima Sarah Khalid, Dev Evangelist at GitLab
-
Bryan Behrenshausen, Open Source Program Manager at GitLab
-
Laura Santamaria, Geek with an achievement streak at Dell
-
Jeff Deifik, Cybersecurity at Aerospace Corp
-
Jill Bryant Ryniker of LWDW and the Destination Linux Podcast
-
Bill Schouten of Tux Digital and the Sudo Show Podcast
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
News of the week
-
Crossplane Security Audit
Links from the interview
David Flanagan is a developer, educator and technology enthusiast with a special interest for Kubernetes and Cloud Native technologies. David is the founder of Rawkode Academy, an online platform aiming at teaching kubernetes to developers.
One of the popular shows on RawKode is Klustered. Where david invites people to fix broken kubernetes clusters, learn a thing or two and have a laugh
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
News of the weekIstio Ambient Mesh merged into the main branch
Kubernetes 1.27 changes and removals
k8s.gcr.io to registry.k8s.io redirect
Preview support for pod sandbox on Azure Kubernetes Services
Docker apologies for handling Free Teams deprecation
Schedule for CNCF-hosted and colocated events is up
CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes
Links from the interviewDavid Flanagan
How Spotify Accidentally Deleted All its Kube Clusters with No User Impact - David Xia
You probably DON'T need a service mesh
Klustered episode with Abdel and Marek
Docker first release at PyCon 2013
Emily Fox is a security engineer @Apple Cloud Services, a CNCF Technical Oversight Committee member and co-chair for a bunch of CNCF events including recently the Cloud Native Security Conference in Seattle.
We had a chance to talk to Emily about the first edition of the CNSC 2023, her involvement with the CNCF community. Her role as a security engineer and some career discussions.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
News of the weekKubeEdge v1.13.0 released on January 18, 2023, achieves SLSA 3 compliance
KubeVela brings software delivery control plane capabilities to CNCF Incubator
GKE Updates:
AWS announced the availability of AKS anywhere on Snowball Edge Devices
Sysdig released their 6th annual Cloud Native Security and Usage Report.
Rebooting the Cloud Native Hamburg community group
Katacoda Kubernetes tutorials shutdown
Kubernetes Community Days (KCDs):
-
Upcoming CFP deadlines:
-
KCD Italy CFP closes February 20 2023 (in-person)
-
KCD Czech + Slovak CFP closes March 1, 2023 (in-person)
-
KCD Bangaluru CFP closes March 20, 2023 (in-person)
-
KCD Zurich CFP closes March 31, 2023 (in-person)
-
KCD Colombia CFP closes March 31, 2023 (in-person)
-
Check out upcoming KCDs that might be in your region:
-
Sponsorship opportunities are available
-
Donation Prospectus available for review
-
-
KCD Israel 2023, Mar 23, 2023
-
KCD LA, Mar 9, 2023
-
KCD Pakistan (Islamabad), February 20, 2023
-
KCD Netherlands (Amsterdam), February 23-24, 2023
-
KCD France (Paris), March 7, 2023
-
KCD Los Angeles, March 9-10, 2023
-
KCD Ukraine Virtual Fundraiser, March 16, 2023
Emily Fox:
Cloud Native Security Con Youtube Playlist
How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo
Software Supply Chain Security
Shift Left Security: Best Practices for Getting Started
Episode 196 with Benjamin Elder
CNSC 2023 seattle guests
Frederick Kautz on SPIFFE/SPIRE
Beyond Cluster-Admin: Getting Started with Kubernetes Users and Permissions - Tiffany Jernigan
Standardization & Security - A Perfect Match - Ravi Devineni & Vinny Carpenter, Northwestern Mutual
CSI Container: Can You DFIR It? - Alberto Pellitteri & Stefano Chierici, Sysdig
Links from the post-interview chat
Benjamin Elder is a Senior Software Engineer at Google, a Kubernetes SIG Testing Chair & Tech Lead, and a Kubernetes Steering Committee member. In this episode we got to chat with Benjamin about the new kubernetes registry migration from k8s.gcr.io to registry.k8s.io. We also had an opportunity to discuss the community, the various SIG's (Special Interest Groups) Benjamin is involved with the amount of work needed to drive the project forward.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
Chatter of the weekGoogle Developer Experts program.
OpenAI Case Study.
Kubernetes Jobs API.
Job Tracking, to Support Massively Parallel Batch Workloads, Is GA in kubernetes 1.26.
Stateful apps on Kubernetes.
Kelsey Hightower's take on Databases on Kubernetes twitter space.
News of the weekLinkerd published a 2022 recap
The CNCF Cloud Native Maturity Model
The CNCF Cloud Native Maturity Model website
Using Amazon EKS with Google Workspace identities
CNCF Ambassador 2.0 program
Cloud Native Security Con NA 2023 (website - recordings)
The CNCF important updates for KubeCon + CloudNativeCon 2023 and co-located events
Kubernetes 1.26 news:
-
Eviction policy for unhealthy pods guarded by PodDisruptionBudgets:https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/
-
Retroactive Default StorageClass: https://kubernetes.io/blog/2023/01/05/retroactive-default-storage-class/
-
Alpha support for cross-namespace storage data sources: https://kubernetes.io/blog/2023/01/02/cross-namespace-data-sources-alpha/
-
Advancements in Kubernetes Traffic Engineering: https://kubernetes.io/blog/2022/12/30/advancements-in-kubernetes-traffic-engineering/
-
Job Tracking, to Support Massively Parallel Batch Workloads, Is Generally Available: https://kubernetes.io/blog/2022/12/29/scalable-job-tracking-ga/
-
CPUManager goes GA: https://kubernetes.io/blog/2022/12/27/cpumanager-ga/
-
Pod Scheduling Readiness: https://kubernetes.io/blog/2022/12/26/pod-scheduling-readiness-alpha/
-
Support for Passing Pod fsGroup to CSI Drivers At Mount Time: https://kubernetes.io/blog/2022/12/23/kubernetes-12-06-fsgroup-on-mount/
-
GA Support for Kubelet Credential Providers: https://kubernetes.io/blog/2022/12/22/kubelet-credential-providers/
-
Introducing Validating Admission Policies: https://kubernetes.io/blog/2022/12/20/validating-admission-policies-alpha/
-
Device Manager graduates to GA: https://kubernetes.io/blog/2022/12/19/devicemanager-ga/
-
Non-Graceful Node Shutdown Moves to Beta: https://kubernetes.io/blog/2022/12/16/kubernetes-1-26-non-graceful-node-shutdown-beta/
-
Alpha API For Dynamic Resource Allocation: https://kubernetes.io/blog/2022/12/15/dynamic-resource-allocation/
-
Windows HostProcess Containers Are Generally Available: https://kubernetes.io/blog/2022/12/13/windows-host-process-containers-ga/
-
We're now signing our binary release artifacts!: https://kubernetes.io/blog/2022/12/12/kubernetes-release-artifact-signing/
Links from the interview
Benjamin Elder
Benjamin on the podcast episode 96
Kubernetes registry move from k8s.gcr.io to registry.k8s.io
-
Archeio is the tool used to redirect to GCR or S3 depending on the client.
-
The design of how requests are handled.
-
Doc detailing the background of this migration.
Leonard Pahlke is not only the Release Lead for Kubernetes v1.26, he's also a co-chair of the CNCF TAG for Environmental Sustainability and a student working toward a Master's Degree in Computer Science at the Hamburg University of Applied Sciences. In this episode, Leonard talks with us about Open Source contribution, environmental sustainability, and Kubernetes v1.26.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
Chatter of the week
The 1.23 Release team (where Kaslin was a comms shadow)
Shoutout to Kunal Kushwaha, another Kubernetes contributor who started out as a student, and who advocates for students in the community via his YouTube channel & more.
KubeCon EU 2023 (which will have a student track as part of the schedule)
KubeCon Diversity and Inclusion Scholarships
News of the week
Kubernetes Removals, Deprecations, and Major Changes in 1.26
Control Plane Logs added for GKE
Gateway Controller for Single Clusters reaches GA for GKE
Prometheus Documentary by HoneyPot
Links from the interview
Leonard Pahlke blog about contribution: Start Contributing to Open Source Projects
Leonard Pahlke CNCF WG Environmental Sustainablity Blog Post
TAG Environmental Sustainability GitHub
Specific 1.26 changes mentioned:
- Kubernetes 1.26: We're now signing our binary release artifacts!
- Kubernetes 1.26: Windows HostProcess Containers Are Generally Available
- CEL for Admission Control KEP
- In-tree Storage Plugin to CSI Migration - Azurefile
- In-tree Storage Plugin to CSI Migration - vSphere
- In-tree storage plugin removals for GlusterFS and OpenStack, and more, are outlined in the “Kubernetes Removals, Deprecations, and Major Changes in 1.26” blog
Kubernetes Enhancement Proposals (KEPs)
Kubernetes v1.26 Electrifying Release Blog
Links from the post-interview chat
Louis Bailleul is a Chief Enterprise Architect at PGS. After years of running highly-ranked super computers to process PGS’ seismic data, Louis’s team at PGS has lead a transition to Google Cloud. Listen in to learn about HPC in Google Cloud with GKE, and to explore using Kubernetes to do processing on vessels at sea!
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Docker + Wasm
- Istio control plane vulnerability CVE-2022-39278
- KubeFlow joins CNCF as an Incubating Project
- CNCF Backstage course
- CNCF Istio intro course
- PGS
- A picture of a PGS vessel
- PGS post from 2021 about their supercomputing rankings and transition to Google Cloud
- Top500 List
- Kubernetes Custom Resources (CRDs)
- Scaling Kubernetes to Thousands of CRDs
- Google Cloud Spot Instances
- Google Cloud Preemptible VM Instances
- Google Cloud - Manage capacity and quota
- KubeCon NA 2019: How the Department of Defense Moved to Kubernetes and Istio - Nicolas Chaillan
- Bare Metal K8s Clustering at Chick-fil-A Scale by Brian Chambers, Caleb Hurd, and Alex Crane
In this episode we bring you with us to KubeCon NA 2022 in Detroit, Michigan. We interviewed 15 attendees from various backgrounds and learned some cool insights.
Featuring:
- Mo Khan, Software Engineer, Microsoft.
- Katrina Verey, Senior Staff Production Engineer, Shopify.
- Aishwarya Harpale, Student, Rutgers University.
- Jeffery Sica, Principal Developer Experience Engineer, CNCF.
- Kirsten Schumy, Software Engineer, AWS.
- John-Paul Robinson, HPC Architect, University of Alabama at Birmingham.
- Madhav Jivrajani, Software Engineer, Vmware.
- Leigh Capili, Developer Advocate, Vmware Tanzu.
- Nim Jayawardena, Developer Programs Engineer, Google.
- Charlie Yu, Developer Programs Engineer, Google.
- Ahrar Monsur, Developer Programs Engineer, Google.
- Mickey Boxell, Product Manager, Oracle.
- Eddie Zaneski, Software Engineer, Chainuard.
- Andy Piggott, Chief Product Officer, Section.
- Logan Smith, Director of Business Development, GrafanaLabs.
- Brian Dorsey, Developer Advocate, Google - Shoutout for recommending the microphones for interviews.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- CrowdStrike cryptojacking finding
- Skaffold v2 Generally Available
- GKE Security Posture Dashboard
- Cdk8s+ from AWS
- CNCF Sandbox project application information
- Istio becomes a CNCF Incubating project
- Cert-manager becomes a CNCF Incubating project
- Cisco OpenClarity
- Kube-router bug
- Google Cloud Next Wrap-Up
- Microsoft Ignite highlights blog
- Cloud Native SecurityCon
- Linux Foundation partnership with Razom for Ukraine
- Kubernetes SIG Auth
- Kubernetes SIG API Machinery
- FluxCD
- Online Boutique Sample App
- Kubernetes SIG-CLI
- Cloud Native 101: Motor City Edition by Bob Killen and Jeffrey Sica
- Consumers to Contributors by Brendan O’Leary
- Kubernet-Bees: How Bees Solve the Problems of Distributed Systems
- SchedMD Slurm
- Kube-bind
- Contribute to etcd!
- Cloud Native WASM Day
- Cloud Native SecurityCon
- Backstage (Incubating CNCF Project)
- eBPF
- Cilium (Incubating CNCF Project)
- Acorn Labs
- Vulcan Mind-Meld (Star Trek)
- Kids’ Day at KubeCon NA 2022
After four and a half years hosting this podcast (and almost 9 years at Google) Craig Box is moving on from the latter, which unfortunately means leaving the former. But the show must go on. In this episode Craig introduces new hosts Abdel Sghiouar and Kaslin Fields. We take a small look forward, and then a big look back.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam’s last episode
- Abdelfettah Sghiouar
- Kaslin Fields
- First-gen stickers
- Second-gen stickers
- Episode 60, with Mark Shuttleworth
- Episode 15, with Dan Ciruli and Jasmine Jaksic
- Episode 30, with Joe Zou
- Music and musicians
- Double guest trivia:
- Episodes 1 and 100 with Paris Pittman
- Episodes 62 and 180 with Ricardo Rocha (on a technicality)
- The Adam face
- Corey Quinn: separated at birth?
- One of many booth meetups
- Follow Craig Box on Twitter
- Follow Adam Glick on LinkedIn
Dan Stein is an engineering manager at General Bioinformatics. Dan Stein is also DJ Fresh, a multi-million selling artist with two UK number one records. Learn about the surprising overlap between these two careers.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod and @craigbox
- Google Cloud adds GPU support to Autopilot
- CVE-2021-36782 in Rancher
- State of DevOps Report for 2022
- Congratulations to the 27 Summer LFX Program CNCF interns
- Reviewing the 2019 Kubernetes security audit
- DJ Fresh
- Atari 800 and Atari ST
- Commodore Amiga
- Fatboy Slim and the Atari ST
- Dogs on Acid music forum
- Taylor Hawkins Tribute Concerts
- Abolishing the high tax rate in the UK, or not
- Breakbeat Kaos
- Hold Your Colour by Pendulum
- Kryptonite by DJ Fresh
- Gold Dust
- Subsequent hits:
- Kyma (sound design language) and Max/MSP
- We Got Coders
- General Bioinformatics
- Hasura
- GraphQL Playground
- NCBI - National Center for Biotechnology Information
- Max Martin
- How Music Works by John Powell
- Learning:
- DJ Fresh’s new single, Higher
- DJ Fresh on Facebook
- Dan Stein on Twitter
Betty Junod, VP of Product Marketing at VMware Tanzu, kindly took up Craig’s challenge to explain the various parts of the Tanzu ecosystem, and how the traditional IT buyer and the modern cloud native really aren’t that different.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod and @craigbox
- Istio sails into the CNCF
- SPIFFE and SPIRE graduate
- Brigade archived
- Sysdig 2022 Cloud Native threat report
- Chainguard introduces Wolfi
- workerd, from Cloudflare
- Introducing Palaemon
- Custom org policy for GKE in preview
- Leveraging Kubernetes for an elastic platform at Blablacar by Sebastien Doido
- VMware
- Docker
- Solo.io
- VMware Tanzu introduction blog
- Tanzu Mission Control
- Tanzu for Kubernetes Operations
- Tanzu Application Platform
- Tanzu Kubernetes Grid
- Project Pacific introduction
- VMware Aria Operations for Applications
- Tanzu Application Service
- Open source projects:
- Michigan cider
- Detroit-style pizza
- Betty Junod on Twitter
When you think of a service mesh, you probably think of “sidecar containers running with each pod”. The Istio team has come up with a new approach, introduced recently as an experimental preview. Google Cloud software engineers Justin Pettit and Ethan Jackson join Craig to explore ambient mesh.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Listening immediately and listening on a 1 year delay
- Death and state funeral of Queen Elizabeth II
- The Queue
- Cloud Custodian becomes an incubating project
- Anthos VM support
- GKE control plane metrics
- CVE-2022-3172: Aggregated API server can cause clients to be redirected
- CVE-2021-25749: runAsNonRoot logic bypass for Windows containers
- Akuity Platform
- Weave GitOps 2022.09
- Coroot Community Edition
- Constellation, by Edgeless Systems
- Register for Google Cloud Next
- Dell and Red Hat expand strategic collaboration
- Nicira
- Open vSwitch
- Introucing Ambient Mesh
- First mention of Ambient in 2018
- No first class support for sidecars in Kubernetes
- Istio working group meeting, August 2021
- HBONE: HTTP/2-based overlay network environment
- mTLS
- HTTP Connect
- GIF
- MASQUE and QUIC
- Get started with Ambient Mesh
- Ambient Mesh Security Deep Dive
- Justin Pettit and Ethan Jackson on Twitter
Kateryna Ivashchenko is a Senior Demand Generation Manager at Teleport, an organizer of community events, and a supporter of the developer community in her home country of Ukraine.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Introducing Ambient Mesh in Istio
- Istio 1.15
- Linkerd 2.12
- Symbiosis
- Cuber nay-tace
- VMware Tanzu announcments from VMware Explore
- Isovalent raises $40m Series B
- Kubernetes Blog:
- Kubernetes was never designed for batch jobs by Kurt Schelfthout
- 7 years of GKE General Availability
- Portworx
- Teleport
- 24 February 2022: Russia invades Ukraine
- BeyondCorp
- Teleport open source
- hunter2
- Okta breach
- Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg
- War in Ukraine
- Kateryna’s sister’s T-shirt
- Independence Day
- Chris Lentricchia and Operation Dvoretskyi
- CNCF crowdfunding
- DevOpsDays Kyiv
- International Snack Exchange
- Kateryna Ivashchenko on Twitter
It’s release day! We discuss today’s Kubernetes 1.25 with release team lead Cici Huang, Software Engineer at Google Cloud. What’s in, what’s out, and what is it like to lead a release you are also promoting a feature in?
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Nelson underwater
- England underwater
- A picture of a sheep
- Follow Craig on Twitter for more like that
- Kubernetes 1.25 release
- Introducing Acorn
- GKE updates:
- KubeCon schedule published
- Scaling Kubernetes to thousands of CRDs by Nic Cope
- IBM Watson
- Kubernetes Community Awards
- SIG API Machinery
- Kubernetes 1.25 release team
- Release blog
- Highlights:
- Kubernetes 1.24 delay
- Theme and logo
- Envelopes:
- 1.24 lead: Episode 178, with James Laverack
- 1.26 lead: Leonard Pahlke
- Cici Huang on GitHub
Three years after they were first proposed, the new Kubernetes Gateway APIs - the evolution of the Ingress API - are in Beta. Rob Scott is a software engineer at Google and a lead on the SIG Network Gateway API project.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Argo security audit:
- Kubernetes Cluster API integrates continuous fuzzing
- Cilium 1.12
- GKE Cluster Autoscaler location policy
- The quest for neutrinos
- Gateway API
- Spire Labs
- Fairwinds
- Episode 104, with Bowei Du
- Ingress
- Gateway API concepts and role-orientation
- GatewayClass
- GKE implementation of GatewayClass
- Conformance tests
- Policy attachment
- Gateway
- Routes
- Gateway API goes to Beta
- GRPCRoute
- Gateway Enhancement Proposal (GEP)
- Istio APIs that influenced the Gateway API
- GAMMA Initiative
- Gateway API on GitHub
- Santa Cruz Moutains
- Rob Scott on Twitter and LinkedIn
Ian Miell is a partner at consultancy Container Solutions, and an author of books on Bash, Git, Terraform and Docker. He explains to Craig how writing - whether runbooks, blog posts, training courses, or “real” books, can help you learn and make your team more effective.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Gateway API goes to Beta
- Kyverno and Keptn move to incubation
- Tau T2A Arm VMs now on Google Compute Engine
- Kubeshop acquires BotKube
- Exploiting Authentication in AWS IAM Authenticator for Kubernetes by Gafnit Amiga
- CNCF sponsors audit of KubeEdge
- Red Hat announces new CEO
- Google Cloud announces new Distinguished Engineer
- Zwischenzugs
- Business Value, Soccer Canteens, Engineer Retention, and the Bricklayer Fallacy
- Zwischenzug and zugzwang in chess
- Ian’s books:
- Tcl
- Why are enterprises so slow?
- Erlang
- Episode 164, with Daniel Walsh
- ‘AWS vs K8s’ is the new ‘Windows vs Linux’
- The Runbooks Project
- ITIL
- Consultancy:
- Finance topologies:
- Team Topologies by Manuel Pais and Matthew Skelton
- If You Want To Transform IT, Start With Finance
- Conway’s Law
- Ian Miell on Twitter
Why does a car manufacturer own an IT company? How did that IT company end up running 900 Kubernetes clusters, starting at version 0.9? Craig asks these questions and more of Sabine Wolz, Product Manager at Mercedes-Benz Tech Innovation.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Live UK political coverage on the day of recording. As predicted, news happened slightly faster than publication, and at the time of release, Boris Johnson is expected to resign as Conservative Party leader today.
- Shibboleth
- Lord of the Rings TV show moved to UK
- GKE Cost Allocation
- CubeFS accepted as CNCF incubating project
- Bare metal deployments for EKS Anywhere
- OpenShift Service Mesh 2.2
- Tanzu Mission Control adds FluxCD
- Pixie plugins
- What GKE users need to know about Kubernetes’ new service account tokens, by Taahir Ahmed
- Kubernetes is a red flag signalling premature optimisation, by Jeremy Brown
- eBPF Summit 2022
- Mercedes-Benz Tech Innovation
- Mercedes-Benz and Daimler Truck
- How should electric vehicles sound?
- Ulm and its church
- Sabine’s KubeCon keynote
- How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime: Tobias Giese & Sean Schneeweiss
- Game theory
- FOSS Manifesto
- Inner source
- CNCF End User Community
- The promise of flying cars
- Sabine Wolz on LinkedIn
Gone are the days of working at the same company for 50 years. Consultants and contractors bring specialised experience to many companies in short bursts. Steve Wade is an independent Kubernetes consultant and trainer, and he tells us how that became the life for him.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Queen
- Bourton-on-the-Water, fire in the sky
- Model village
- Model village inception
- New GKE features:
- Paralus (by Rafay)
- Furiko (by Shopee)
- New CNCF Sandbox projects:
- Traefik Hub
- Cyble’s exposed Kubernetes clusters
- Bitnami index FAQ
As we move further up the stack, we rely on many foundations – including storage. Alex Chircop is co-chair of the CNCF Storage Technical Advisory Group (TAG), as well as founder and CEO of Ondat (formerly StorageOS). Join us to learn why no app is truly stateless, and how data is the new storage.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Crowded House snippets:
- Distant Sun
- Sister Madly
- Don’t Dream It’s Over (you know this one)
- Weather With You
- Something So Strong
- How Will You Go
- Kubernetes 2021 annual report and blog post discussing it
- SUSECon news
- The State of CD 2022 report
- Introducing OpenCost
- OSTIF and ADA Logics posts discussing the CRI-O project audit
- Bitnami Helm chart pruning and Reddit discussion
- Upcoming Code of Conduct changes at the CNCF
What is configuration as data, how is different from infrastructure as code, and why can’t anything just be itself anymore? We posed these questions and more to long-time Kubernetes contributor Justin Santa Barbara at KubeCon EU, and this episode is the result. Justin created the kOps project and now leads the team at Google that makes Kubernetes easier to consume.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Cloud Native at Microsoft Build
- Docker acquires Tilt
- Broadcom acquires VMware
- Istio 1.14
- GKE Cost Estimator
- Goodbye to Katacoda
- Take the DORA survey or read the 2021 report
- FathomDB
- OpenStack
- kOps
- Configuration management tools
- Infrastructure as Code
- JSON, YAML, Proto and INI
- Helm
- Kubernetes Resource Model (KRM)
- kustonize
- kpt
- Package management
- Configuration as Data announcement blog
- Porch
- kpt functions
- Backstage
- Config Sync and Config Connector
- Kubernetes component configuration
- Cluster API
- Justin Santa Barbara on Twitter
Live from Valencia, it’s KubeCon EU! Craig talks to conference co-chair and CERN computer scientist Ricardo Rocha about the event, and what it’s like to be in a room full of people again.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- CNCF news from KubeCon EU:
- Google Cloud improves GitOps usability with Config Sync and Porch
- Tetragon from Isovalent
- Envoy Gateway
- Infra
- Cloud Foundry launches Korifi
- SUSE NeuVector is open source
- CloudNativePG from EnterpriseDB
- Assured Open Source Software from Google Cloud
- Recent Guest news:
- Armory announced public early access to their new Continuous Deployment-as-a-Service product
- Aserto announces its ”better together” approach to authorization by bringing together OPA, OCI, and Sigstore
- Bunnyshell Introduces support for multi-repository Terraform with full-stack drift management and GitOps
- Calyptia announces the General Availability of Calyptia for Fluent Bit,
- CAST AI introduces advanced Autoscaler for AKS
- Clastix launches Kamaji, a new open source tool for Managed Kubernetes Service
- CloudCasa by Catalogic expands to support Microosft AKS
- Codenotary combines Community Attestation Service with background vulnerability scanning
- CodeZero Launches Surf, a new developer tool for observability in pre-production Kubernetes environments
- CrateDB introduces Logical Replication
- D2iQ Partners with GitLab
- DataCore Bolt container-native storage software now GA; built on their acquisition of Mayadata
- Datadog launches Application Security Monitoring and support for OpenTelemetry Protocol in the Datadog Agent,
- Deepfactor partners with Synopsys to help developers resolve cloud native supply chain security risks
- env0 enables full-stack IaC deployment and management with native Kubernetes support
- Era Software introduces EraStreams
- Fairwinds Insights unifies DevSecOps with additional shift-left enhancements
- GitLab free tier adds pull-based Kubernetes deployments
- Google announced a new low-cost, high-usage pricing tier for Google Cloud Managed Service for Prometheus
- HCL Technologies launches Kubernetes migration platform
- Kasten by Veeam launches K10 v5.0 released
- Runecast adds CI/CD integration and image scanning
- Lacework introduces new Kubernetes Audit Logs monitoring
- Loft Labs announces a Cluster API provider for vcluster
- NetFoundry embeds zero trust into Prometheus
- New Relic introduces low-overhead Kubernetes monitoring and Pixie plug-in framework
- Pure Storage’s new Database as a Service platform is GA
- Replicated introduces community licensing and pre-flight checks
- SphereEx releases DB-Plus Suite
- Snapt announces security package to run Kubernetes in public cloud
- SPIRE now runs on Windows
- Sysdig launches new Advisor and Sysdig Open Source leverages Falco plugins
- SysEleven unveils MetaKube Operator
- Timescale announces OpenTelemetry Tracing support for Promscale
- Vultr Kubernetes Engine now Generally Available
- Zesty Disk for Kubernetes introduced
- Episode 62
- CERN
- Kubeflow
- Data on Kubernetes Community
- CNCF Research User Group
- CNCF TOC
- Volcano moves to incubation
- KubeCon EU 2022
- Episode 165, with Jasmine James
- Selection process report for KubeCon EU
- KubeCon China 2021
- Research track
- Puppies at KubeCon NA 2019
- Code, mountains and flying
- Kubernetes on an F/16
- Ricardo Rocha on Twitter and on the web
Docker CEO Scott Johnston joins us to talk about the announcements from this week’s DockerCon, the transition from an enterprise to a developer tools company, and the Internet’s favourite whale.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Podes and antipodes
- Side note: Kubernetes needs the concept of an Antipod. BRB, writing a KEP
- Google Cloud Podcasts
- DockerCon 2022
- Docker Extensions
- Docker Desktop for Linux
- Late breaking news: Docker acquires Nestybox
- Spot VMs now on GCE and GKE; spot pods now on GKE Autopilot
- Fully managed Linkerd with Buoyant Cloud
- Sign up for CDcon and save 40% by using the code CdCon22AMEET40
- AWS adds Kubernetes resource view
- Deploying Kubernetes clusters in absurd languages by Lee Briggs
- Docker
- DockerCon ‘22
- DockerCon ‘14, the announcement of Kubernetes
- Return or Revenge?
- Scott’s history
- Four degrees from Stanford, including an MSMSE
- Sun and Netscape
- Loudcloud/Opsware and a16z
- Puppet
- Scott joins Docker in 2014
- The monorepo
- The Soul of a New Machine
- Docker Swarm
- Messages from the future and the Google crystal ball
- Open Cotainers Initiative
- Docker Desktop for Apple Silicon Macs
- virtiofs for Mac
- $2.1 billion valuation
- Moby Project
- The Dockershim saga, as reported throughout the episodes:
- The puns and joke section
- Docker is krilled to see you
- Billy T James
- Beached Az. Can’t eat chups!
- Docker Extensions
- Docker Desktop for Linux
- Multi-arch on Docker Hub
- Docker roadmap
- Scott Johnston on Twitter
Gaze into the stars with Kubernetes 1.24 release team lead, James Laverack. James is a software engineer turned solutions engineer at Jetstack, and explains the difference between the two roles, as well as how he found his home in SIG Release and what to expect in 1.24.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- IMDB and MusicBrainz
- SheetOps
- xlskubectl by Daniele Polencic
- Kubernetes 1.24
- Metaflow on Kubernetes
- KubeVela 1.3
- SocketCAN X Kubernetes
- ARMO raises $30m
- Aqua’s 2022 Cloud Native Threat Report
- CVE-2021-25746 in ingress-nginx
- Plain Kubernetes Secrets are fine, by Mac Chaffee
- Bristol
- Box
- Life as a Solutions Engineer at Jetstack
- Minecraft operator
- Improbable’s etcd operator
- Intro to the Kubernetes 1.24 release process
- Kubernetes 1.24
- Release theme and logo
- 1.25 release team
- Go 1.18 error delays 1.24 release
- James Laverack on Twitter
Big week for Istio! Craig talks to Mitch Connors, Istio user experience working group lead and IstioCon program committee co-chair, about the project and the conference. Mitch talks to Craig about the news that Istio has been proposed to the CNCF.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- 40th anniversary of the ZX Spectrum
- Some soothing YouTube channels:
- Some conference talks about the Commodore 64:
- DevOps for the ZX Spectrum
- Manic Miner
- Istio has applied to join the CNCF
- Istio mode in Tanzu Service Mesh
- KubeVirt moves to Incubation phase in CNCF
- New sandbox projects:
- OpenFunction, from Kubesphere
- Teller, from Spectral Ops
- Sealer, from Alibaba
- Chainguard Enforce
- EKS Blueprints
- Unit 42 finds serious vulnerabilities in AWS log4shell hotfix
- Tanzu State of Kubernetes report
- Go article in the Communications of the ACM
- Please support DevOpsDays Kyiv
Divya Mohan is a Technical Writer with SUSE, a CNCF Ambassador, co-chair of Kubernetes SIG Docs, and a mentor to new contributors. Learn how her love of language and learning led her from production support to the core of the community.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Volcano moves to incubation stage in CNCF
- Nephio
- Improving secure software supply chain by Asra Ali and Laurent Simon, Google Open Source Security Team
- Docker SBOM
- Talos Linux 1.0
- Grafana raises Series D
- Tanzu Application Platform v1.1
- Kubernetes 1.24 delayed
- Ever Forward also delayed
- From zero to WIP: How I transitioned from being a sys admin working on legacy middleware to sailing the cloud native seas
- Hindi, Marathi, Malayalam; just 3 of the 22 scheduled languages of India
- IGATE
- HSBC
- Middleware
- SIG Docs
- LitmusChaos, founded by Uma Mukkara and Karthik Satchitanand
- Divya joins SUSE
- The Friday Four
- Divya’s writing on WebAssembly
- Divya Mohan on Twitter
Bruno Andrade is founder and CEO of Shipa, delivering applications and policy “as code” to Kubernetes with a SaaS model. We discuss founding companies in Canada vs the USA, abstractions for deploying apps, and whether Kubernetes will really ever disappear.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Grafana Mimir
- Can Grafana run Doom?
- Open source StackRox is now available
- Dagger
- Fermyon introduces Spin
- Google Distributed Cloud Edge
- IstioCon 2022 program announced
- PlatformCon 2022
- Chainguard: It’s all about that base image by John Speed Meyers and Zack Newman
- Docker raises $105m Series C
- Garden.io raises $16m Series A
- The Ever Forward container ship is still not going forward
When is it safe to run software? When is it safe to drink orange juice? Are we a better judge of one or the other? Santiago Torres-Arias is an Assistant Professor at Purdue University, the team lead of the in-toto project, and a contributor to The Update Framework. He joins Craig to talk security in both physical and software supply chains.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Don’t Forget The Lyrics
- Gettin’ Jiggy Wit It
- Explained on Genius
- Will Smith on Top Gear
- The Oscars thing (CW: violence, cuss words that Will Smith didn’t used to have to rap to sell records)
- He’s The Greatest Dancer by Sister Sledge; written by Bernard Edwards and Nile Rodgers of Chic
- New Cisco Intersight Kubernetes features
- Red Hat OpenShift v4.10
- ChaosNative acquired by Harness
- Azure PlayFab launches Thundernetes
- Weave GitOps v2022-03
- Qumulo for Kubernetes
- SpectroCloud raises $40m
- Pinterest: 99% to 99.9% SLO, high performance control plane
- Uber: Avoiding CPU throttling in a containerized environment
- in-toto
- The Update Framework
- Purdue University
- NYU
- PolyPasswordHasher
- Episode 155, with Priya Wadhwa
- apt-secure for Debian packages
- A keysigning and a signed PGP key
- Farm to table attestation
- Potato tracking
- An example of E. coli in lettuce
- in-toto record
- Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack by Trevor Rosen, Solarwinds
- Reflections on Trusting Trust by Ken Thompson
- Secure Publication of Datadog Agent Integrations with TUF and in-toto
- US Executive Order on Improving the Nation’s Cybersecurity
- Readout of White House Meeting on Software Security
- sigstore
- SPIFFE
- SLSA
- in-toto moves to incubation in the CNCF
- CFSSL
- Math rock
- Bird of the Year
- Santiago Torres-Arias on Twitter and at badhomb.re
ThreatMapper is an open source tool that hunts for vulnerabilities in your production Kubernetes environment, and ranks them based on their risk of exploit. It is built by Deepfence, who also sell a commercial product based on it called ThreatStryker. Co-founder/CEO Sandeep Lahane and head of products/community Owen Garrett join Craig to discuss how to decide what to open and what to keep closed, and just how deep his fence needs to be.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Go 1.18 released
- Continuous fuzzing in etcd
- Veritas says Kubernetes is an Achilles Heel in defense against ransomware attacks
- ARMO’s changelog for the NSA/CISA hardening guide
- Cloud Native Developer Bootcamp
- Use the code K8SPC30 for 30% off, if it’s before April 19, 2022 when you read this
- Plural launches with $6m seed round
- Speed boost on Docker Desktop for Mac
- Track the Ever Forward
- Deepfence
- ThreatMapper: the open source project
- ThreatStryker: the commercial product
- A failed startup story
- NGINX (the company)
- eBPF
- Forward secrecy
- Deepfence’s Series A announcement
- Shifting left
- Behind 2 proxies
- MITRE ATT&CK matrix
- Cyber Kill Chain
- ThreatMapper on GitHub
- What’s new in ThreatMapper 1.3.0?
- Sandeep Lahare and Owen Garrett on Twitter
The Argo project is a set of four tools to help “get stuff done” with Kubernetes: Workflows, CD, Rollouts and Events. Jesse Suen is a creator of the Argo project and co-founder and CTO of Akuity, a company set up to provide commercial support for it.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Backstage and in-toto join the CNCF
- Gloo Mesh 2.0 announced at SoloCon
- Linkerd failover operator
- cr8escape vulnerability in CRI-O
- GKE Autopilot vulnerabilities disclosed by Palo Alto Networks
- Updated Kubernetes hardening guide (PDF)
- KubeCon EU 2022 schedule
- CNCF Observability micro-survey
- run:AI raises $75m
- Argo Project
- Argo (film)
- Jason and the Argonauts
- Applatix
- Argo Workflows
- Applatix acquired by Intuit; Intuit acquired Applatix
- Alex Matyushentsev
- The archived Argo CI
- Argo CD
- Argo Rollouts
- GitOps Engine:
- Remote vs Core
- Argo Events
- Argo in the CNCF
- Akuity
- App of Apps
- ApplicationSets
- Join the CNCF Slack
- Argo Workflows and CD community meetings
- Jesse Suen on Twitter
The fourth horseman of the apocalypse observability, according to Frederic Branczyk, is continuous profiling. Frederic is founder and CEO of Polar Signals and creator of the Parca open source project. He and Craig talk all things Cloud Native observability.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Bad news from Australia:
- Strange news
- Knative accepted as a CNCF incubating project
- Google Cloud Managed Service for Prometheus is GA
- k8ssandra 2.0: operator boogaloo
- Merbridge: eBPF for Istio by DaoCloud
- New Kubernetes experience in New Relic
- CVE-2022-0492 coverage:
- Frederic Branczyk
- Over-engineering coffee:
- Prometheus
- Observing the Kubernetes stack:
- Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers
- Shades of blue are no joke when they make you $200m
- KubeCon EU 2019 Keynote: …What Does the Future Hold for Observability? - Tom Wilkie & Frederic Branczyk
- Polar Signals
- Parca
- Episode 163, with Thomas Dullien
- Flame graphs and icicle graphs
- PARCA: Program for Arctic Regional Climate Assessment
- Pyrra by Matthias Loibl
- Frederic Branczyk on Twitter
Six years after its creation, Kubernetes is the subject of its very own documentary film. Job platform Honeypot has released. Josiah McGarvie was Honeypot’s head of video, and the lead filmmaker for Kubernetes: The Documentary. Join us for the director’s commentary.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Podman 4.0.0
- Signadot announces public beta
- Okteto raises $15m Series A
- Platform9’s Enterprise Trends in Cloud Native report.
- Robin.io acquired by Rakuten Symphony
- Kubernetes: The Documentary Part 1 and Part 2
- Honeypot
- Honeypot documentaries
- Chad Torbin at Speakeasy Strategies
- Guillermo López
- Explaining Kubernetes to a child
- Bohemian Rhapsody (film)
- Docker’s 1-year anniversary
- Netflix Kanye West documentary
- Aspect ratios
- Some PHP source code
- Tim Hockin’s t-shirts
- A wild Kubernetes Podcast sticker
- Recommended on LinkedIn
- The Simpsons go to Australia
- Brisbane Documentary Company
- Josiah McGarvie on Twitter
Anna Belak learned about containers and security as a Gartner industry analyst. She is now the Director of Thought Leadership at Sysdig, who have just published their latest annual Cloud Native Security and Usage Report. Anna joins Craig to dicuss the report’s findings.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Chaos Mesh moves to Incubation in CNCF
- Google raises payouts for Kubernetes vulnerabilities
- Sysdig teams up with Snyk, Snyk teams up with Sysdig
- $25m investment in KubeCost
- Sysdig Cloud Native Security and Usage Report 2022
- The last time we had a materials engineer on the show
- Tricking a rock into thinking
- Why Software is Eating The World
- Can analysis be worthwhile? Is the theater really dead?
- Industry analysts
- Anna Belak at Gartner
- Doge. Much wow
- Sysdig
- Tectonic Summit, 2015
- Loris Degioanni
- Episode 137, with Michael Gerstenhaber
- Sysdig’s changing reports:
- GKE Autopilot
- Are we human, or are we dancer?
- Anna Belak on Twitter
We’re back for 2022 with a look at Rancher Desktop, which recently hit 1.0. Its creator, Matt Farina, is today’s guest. Matt is a Distinguished Engineer at SUSE, was a founding chair of Kubernetes SIG Apps, and was recently appointed to the CNCF TOC.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes: The Documentary
- Sysdig Cloud Native Security and Usage Report
- Rancher Desktop 1.0
- Microshift from Red Hat
- Docker’s second fiscal year
- Solo announces Bumblebee
- Istio 1.13
- IstioCon announcement
- Google Cloud Deploy GA
- GKE Cost Optimization Insights GA
- Anthos Service Mesh on GKE Autopilot cluster
- OpenMetrics moves to Incubation phase
- CNCF archives the OpenTracing project
- Kubernetes policy management paper
- CNCF 2021 survey results
- Matt Farina
- General Dynamics Land Systems
- Drupal
- Palintir (not that one)
- HP donates patents to support Linux
- HP acquires Stackato Cloud Foundry distribution
- CNCF Landscape
- Helm
- SIG Apps
- Artifact Hub)
- Rancher Labs acquired by SUSE
- Episode 57, with Darren Shepherd
- Open source from SUSE/Rancher
- Rancher Desktop
- Slashes
- kube-solo
- nerdctl
- k3s and k3d
- Matt Farina joins the CNCF TOC
- Cloud Native Podcast
- Matt Farina on Twitter
Learn all about what’s new in today’s Kubernetes 1.23 with its release team lead, Rey Lejano. Rey is a Field Engineer at SUSE/Rancher Labs, and a contributor to the Docs, Release and Security SIGs. Long time listener Adam also drops by to ask Craig what’s been happening with the hiatus.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- African clawed frog
- ITIL
- RX-M
- 1.18 release team
- 1.23 release team
- Kubernetes 1.23: The Next Frontier
- Enhancements:
- Dual stack IPv4/IPv6 - Stable
- Pod security admission - Beta
- TTL After Finished Controller - Stable
- Auto delete PVCs created by StatefulSets - Alpha
- Skip Volume Ownership Change - Stable
- Generic Ephemeral Inline Volumes
- CronJobs
- Deprecation of FlexVolumes
- Deprecation of klog flags
- HorizontalPodAutoscaler v2 API - Stable
- Ephemeral containers - Beta
- kubectl events improvements - Alpha
- Kubelet CRI support - Beta
- 1.22 interview with Savitha Raghunathan
- 1.24 lead: James Laverack
- Kubernetes Contributor Celebration
- Rey Lejano on Twitter
We celebrate the launch of Knative 1.0 with Ville Aikas, who has been with the project since the beginning. He was also with the Kubernetes team at the beginning, and thus we cannot resist a Pete Best comparison. We also celebrate Jimmy’s last show as our guest host with a rapid-fire Kubernetes quiz.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Jimmy graduates!
- Important programmers from Finland
- Paddington Bear
- University of Washington
- Google Voice
- Google Cloud Storage
- The Fifth Beatle
- Knative
- Serving
- Eventing
- Build, which became Tekton Pipelines
- Did we market Knative wrong? by Ahmet Alp Balkan
- Duck typing
- Rubber duck debugging
- Extending Knative for Fun and Profit, by Matt Moore & Ville Aikas
- Subresources
- Proposal for custom subresources for CRDs
- Google Cloud Run
- IBM Cloud Code Engine
- Knative steering committee and technical oversight committee
- Great artists steal
- Chainguard
- Ville to present at Knative community meetup on November 17
- Seattle Kraken
- Ville Aikas on Twitter
Jasmine James is an Engineering Manager within the Engineering Effectiveness organization at Twitter, focused on their internal developer experience. She is also the latest co-chair of KubeCon + CloudNativeCon, starting with the North America event last week. Jasmine joins us to talk about being in the same room as other people - up to 3,000 of them - for the first time in a long while.
The cover art for this show is courtesy of the CNCF and licensed under CC-BY.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- KubeCon NA 2021
- Google Cloud Next ‘21
- SREcon21
- William Shatner’s words after touching the edge of the final frontier
- Adele to release a new album
- Common People
- Shatner’s new album “Bill”
- Google Cloud Next:
- VMworld
- KubeCon + CloudNativeCon
- Kubernetes documentary trailer
- Atlanta
- AT&T
- Delta Air Lines
- Avoiding the weeds in the Cloud Native Landscape at KubeCon NA 2018
- Q&A with Jasmine James, newest KubeCon co-chair
- The selection process for KubeCon NA 2021
- Upcoming CNCF events
- Co-co-chairs:
- Keynotes of note:
- Three Developer Experience keynotes from Constance, Jasmine, and Robert Duffy
- A Vulnerable Tale about Burnout by Julia Simon
- The Road to Multicluster by Kaslin Fields
- Episode 62, with Ricardo Rocha, Lukas Heinrch and Clemens Lange
- Interaction wristbands
- Horseback riding and fishing
- Jasmine James on Twitter
Red Hat maintains a full set of container tools and libraries, bringing their pedigree in security and operating system engineering. The most notable of those tools, Podman, has had a surge in popularity this month, after Docker announced changes in their subscription model. Daniel Walsh leads the Red Hat containers team, and Brent Baude is the architect and primary maintainer of Podman.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Announcing Google Cloud Deploy
- DORA Accelerate State of DevOps 2021 report
- Mirantis Flow “reinvents the datacenter”
- Deis Labs introduces Hippo
- Accelerating new features in Docker Desktop
- Distroless builds are now SLSA 2
- CNCF DevSecOps radar
- Dan Walsh
- Brent Baude
- SELinux
- Project Atomic
- Red Hat patches for container registry rejected by Docker
- Docker client/server model
- Red Hat’s container suite:
- Open Container Initiative (OCI)
- Podman features:
- Podman in Podman
- Podman in Kubernetes
- Builder in a Boston accent
- containerd, CRI-O and Docker in Kubernetes
- “Podman Desktop”
- Daniel Walsh on Twitter
- Brent Baude on Twitter
Prodfiler is a new tool that provides fleet-wide full-system continuous profiling. It is in some ways the second act of its co-creator Thomas Dullien, who is an internationally-renowned reverse engineer and vulnerability researcher under the name Halvar Flake. Thomas joins us to discuss his career, what you should profile in a distributed system, and why you can’t sell something with a negative cost.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Crossplane moves to incubation in CNCF:
- Backup for GKE
- Google Cloud Next session catalog is live
- Kubernetes multi-cluster panel on October 6
- GKE updates: publishing with Private Service Connect, CSI driver for Filestore GA, SSL policies & HTTPS redirects for multi-cluster Ingress
- Azurescape: attack on Azure Container Instances by Unit 42 at Palo Alto Networks
- CVE-2021-25741 for subpath mount symlink attack (High)
- CVE-2020-8561 for webhook response logging (Medium)
- NCC Group weighs in on NSA guidance
- Snyk raises $530m
- Sqlcommenter merges with OpenTelemetry
- Kubermatic 2.18 and KubeOne 1.3
- Tanzu Kubernetes Grid 1.4
- 5 years of Envoy OSS
- Thomas Dullien/Halvar Flake
- Mathematik, with a K
- Stages of life vs. maths ability required, by Pearls of Raw Nerdism
- Vicky the Viking TV show
- Assembly Language Masterclass
- GEOS copy protection by Michael Stiel
- Time travel debugging
- “German hacker denied entrance into US for Black Hat training”
- Zynamics acquired by Google
- Project Zero
- “For whom?”, asked R Morris Sr.
- optimyze.cloud’s original business model
- Introducing Prodfiler
- Profiling
- The Datacenter As A Computer: An Introduction to the Design of Warehouse-Scale Machines
- Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers
- The mystery of Kubelet eating CPU and IOPS
- Fortran Web Framework: it’s not irrelevant, really!
- Halvar Flake on Twitter
The most popular Ingress controller for Kubernetes is ingress-nginx, created in 2015 by Alejandro de Brito Fontes. Alejandro stepped down earlier this year, and the project is now maintained by a team including Ricardo Katz. Learn the history and what’s in the new 1.0 release from a pair of South American self-proclaimed sysadmins.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Amazon EKS Anywhere is GA and EKS Connector is in preview
- CNI 1.0.1
- Red Kubes makes Otomi self-service features free of charge
- Scale down mode and custom policy for Microsoft AKS
- k8ssandra moves from Helm to operator
- API server tracing in Kubernetes 1.22 by David Ashpole
- How Docker Broke In Half, by Scott Carey]
- ingress-nginx
- Early computing
- History of Ingress
- ingress-nginx:
- Alejandro’s proposal for ingress-nginx
- Original PR
- Alejandro’s bare metal cluster - then and now
- Ricardo’s early contributions
- Note that NGINX Inc. have their own Ingress controller, for the open source or commercial versions of NGINX
- Supporting open source:
- The future:
- Alejandro de Brito Fontes on Twitter
- Ricardo Katz on Twitter
Adevinta is an online classified ads company, operating many local brands. Daniel Megyesi is a DevOps engineer at Adevinta and maintainer of their central big data and Machine Learning platform, Unicron. Learn why they wanted to replace Mesos, how they aligned their engineering efforts to do so, and the choices that had to be made to provide an easy experience for their data engineers.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Docker updates subscription plan
- Google commits $10 billion to advance cybersecurity
- ingress-nginx 1.0.0
- OpenTelemetry moves to Incubation phase
- IBM open sources Tornjak
- SUSE Rancher 2.6
- VMware announces Tanzu Application Platform
- Rafay Systems raises $25 million
- Grafana Labs raises $220 million
- April Fools Proxy
- Adevinta, the world’s largest online classifieds group after acquiring eBay’s classifieds division
- Spark, Mesos, Chronos, AWS EMR
- Introducing Unicron, our big data and Machine Learning platform by Daniel Megyesi
- Gardener
- GKE Autopilot
- Argo CD and Argo Workfloads
- Spark Operator and Luigi
- 1:8 scale model DeLorean
- Infrastructure Adventures, Daniel’s blog
- Daniel Megyesi on LinkedIn
KEDA, the Kubernetes Event-Driven Autoscaler, is a project that adds superpowers to the Kubernetes horizontal pod autoscaler, including zero-to-one scaling. Celebrate KEDA reaching Incubation in the CNCF by listening to an interview with maintainer Tom Kerkhove from Codit. But first, learn about Craig’s worst concert experience.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Correction to Episode 158: Mike Richards is no longer host of Jeopardy!
- The Judds
- Charlie Watts: Rolling Stones drummer dies at 80
- KEDA moves to CNCF Incubation
- Kubescape from ARMO Security
- GKE adds OIDC identity provider and gVNIC support
- Gloo Mesh 1.1
- Cron jobs and timezones in Kubernetes
- KEDA: Kubernetes Event-Driven Autoscaling
- Bruges
- Codit
- Azure Service Fabric
- Azure Cloud Services
- Horizontal pod autoscaler
- Custom metrics in HPA (added in Kubernetes 1.6)
- Promitor: bridge between Azure Monitor and Prometheus
- KEDA announcement from Microsoft
- Scaling a deployment
- Scalers
- Microsoft moves KEDA to the CNCF Sandbox
- External scalers
- KEP for adding scale-to-zero to HPA
- Knative scale to zero
- CNCF Sandbox announcement
- Versions 1.0 and 2.0
- Users
- KEDA on GitHub
- Tom Kerkhove on Twitter and his blog
Kubernetes lets us manage our infrastructure declaratively, so why do we still manage the underlying OS with a myriad of different text files? And why allow shell and SSH access to a machine that should be immutable? So asked Andrew Rynhard before creating Talos, a Linux distribution built for Kubernetes. He’s now CTO of Talos Systems, a company founded to take it to market.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- 40 years of the IBM PC
- DONKEY.BAS
- Commodore 64
- Wheel of Fortune
- Little Computer People
- C64 vs IBM advertising
- 6502 and derivative CPUs: the C64 used a 6510
- Bender
- Litmus 2.0.0
- SPIRE security audit
- Bovine by Nick Gerace
- Verify GKE services are up with dedicated uptime checks
- LFX projects open for (Northern) Fall term
- Talos (the OS)
- Linux from Scratch
- Talos (the robot)
- COSI
- Comparing k3s to vanilla Kubernetes on Talos
- Talos announcement on Reddit and Hacker News
- Talos Systems
- Brazilian jiu-jitsu
- COSI announcement from KubeCon EU 2021
- Andrew Rynhard on Twitter
What is a telecommunications provider, if not a very distributed system? Kubernetes is becoming an important engine for the world’s telcos, especially as they roll out 5G. Vuk Gojnic leads the team rolling out Kubernetes across Deutsche Telekom (the parent company of T-Mobile), and he tells us how the worlds of telco and cloud have converged.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- eBPF Foundation announcement
- Istio 1.11
- NSA & CISA release Kubernetes hardening guidance
- Google Cloud Service Discovery adds GKE auto-discovery
- Troubleshoot GKE faster with monitoring data in your logs
- Sysdig announces new Prometheus integrations
- Nirmata takes $4m in funding
- CNCF Survey, part 2
- History of Montenegro
- Postal, telegraph and telephone services
- Cafe del Montenegro “archeological remains” (archeological remains of original Cafe del Montenegro)
- Crnogorski Telekom
- Deutsche Telekom
- Crossbar switches
- O-RAN Software Community and source code
- Network function virtualization
- Natural selection
- Mobile base station
- DSLAM
- 5G
- Das blinkenlights
- Das Schiff
- OpenStack Ironic
- mIRC
- Vuk Gojnic on Twitter
It’s Kubernetes release day! The team that launched v1.22 of everyone’s favourite cluster management software was led by Savitha Raghunathan, Senior Platform Engineer at MathWorks. Savitha joins host Craig Box to talk contribution, containers and cricket.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Life before smartphones
- Dark Sky, hyperlocal weather app
- Karl the Fog
- Universal Studios
- Kubeyland 2021
- The Simpsons Ride
- Kubernetes 1.22 announcement
- Linkerd graduates* in the CNCF
- Cosign 1.0
- Cloud Native Rejekts CFP
- Introducing Koncrete by the Kalm team
- Nestybox adds Kubernetes support
- Curiefense adds NGINX support
- Replicated announces $50M Series C
- Kubernetes platform updates:
- Carvel Package Manager for Kubernetes
- Porter and seed funding announcement
- Chennai Super Kings
- Stephen Fleming; coach, A/C salesman and Yellow Wiggle
- Royal Challengers Bangalore
- MathWorks
- MATLAB
- Math vs maths? (Doesn’t actually matter; MATLAB is short for Matrix Laboratory)
- Savitha’s first contribution
- Kubernetes GitHub workflow and pull request guide
- Kubernetes 1.22 release announcement
- Loki and WandaVision
- Enhancements of note:
- 1.21 release interview with Nabarun Pal
- Release lead for 1.23: Rey Lejano
- In memoriam: Peeyush Gupta
- Coffee art
- Amigurumi
- Savitha Raghunathan on Twitter
Sebastien Pahl is a pioneer of container technology, building the predecessor to Docker as a co-founder of Dotcloud. After working at some big tech companies, he’s back to the startup life as co-founder of Opstrace, a fully open source observability distribution, built on top of the tools you know and love.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Pictograms
- Korea on Italy
- Pita Taufatofua, the oily Tongan
- Olympic drones
- Inclement weather:
- Kubernetes 1.22 release candidates is out
- Cloud Foundry Foundation releases v5
- Connaisseur 2.0.0
- Chaos Mesh 2.0.0
- Spectro Cloud raises $20m Series A
- Nominate yourself for the 1.23 Release Team
- EPITECH
- Solomon Hykes
- Dotcloud
- Y Combinator
- $10m funding round
- Cloudflare
- Mesosphere
- Operator Framework/Operator SDK
- Opstrace
- Grafana relicensing
- OpenMetrics and OpenTelemetry
- Matter, for smart home devices
- Opstrace on GitHub
- Sebastien Pahl on Twitter
The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Google Cloud Container Security webinar
- Register for Google Cloud Next 2021
- Google Cloud IDS
- Windows Server support for Anthos on-prem
- Multi-Cluster Ingress for GKE
- CVE-2021-22555: Kernel code execution through Netfilter bug
- CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
- CVE-2021-32690: Helm repository credentials passed to alternate domain
- Attacks on Argo Workflows discovered by Intezer
- Sysdig acquires Apolicy; Apolicy acquired by Sysdig
- CockroachDB Operator for Kubernetes
- Automatic remediation of Kubernetes nodes at Cloudflare
- CNCF App Delivery TAG publishes operator whitepaper
- Software supply chain
- Reproducible builds
- SolarWinds hack
- US Executive Order on Improving the Nation’s Cybersecurity
- Binary Authorization
- Provenance, in art and software
- in-toto
- sigstore
- Tekton
- Tekton Chains
- Announcement blog, by Priya & Dan
- SBOM (Software Bill of Materials)
- Open Source Insights
- SLSA
- SupplyChainSecurityCon
- sigstore Slack channel
- Priya Wadhwa on Twitter
Gatekeeper is an open source project which lets you enforce policy in a Kubernetes cluster. It’s also the basis for Policy Controller, a hosted and managed version now available for all GKE users. Max Smythe, a senior SWE at Google, is a maintainer of Gatekeeper and the TL of Policy Controller. He joins us to talk constraints, config and Cruise.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- England loses Euro 2020 final
- It’s Coming Ohm: prediction on power usage
- Half time power spike
- Top 20 spikes
- The Superbowl Flush - debunked!
- Tokyo Olympic Games Opening Ceremonies
- Hedbanz
- APIs being removed in Kubernetes 1.22
- ContainIQ launches
- Postgres Operator 5.0
- NetworkServiceMesh 1.0.0
- Google Cloud Certificate Authority Service GA and cert-manager integration
- Platform9 Managed KubeVirt
- InsightCloudSec from Rapid7
- Sophos acquires Capsul8
- Spring 2021 graduating class from CNCF-sponsored LFX Mentorship program
- Brian May
- Edge of Tomorrow
- Chubby
- Riak
- Gatekeeper
- Anthos Config Management
- Episode 101, with Tim Hinrichs and Torin Sandall
- PodSecurityPolicy is not going GA
- OPA Constraint framework
- Policy Controller:
- Structural schemas
- Design Patterns for Extendable, Scalable K8s Extensions by Rita Zhang and Max Smythe
- Max Smythe on Twitter
Debugging Kubernetes often involves correlating what happened just before something went bad. Itiel Shwartz is a co-founder of Komodor, a startup who builds a platform to help with exactly that. We talk Hebrew names, Hungarian dogs and German car crashes.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Jimmy Moore steps out from behind the scenes
- Conan O’Brien Needs A Friend
- Revisionist History
- Letterman reads out Johnny’s jokes
- Mythic Quest
- Joint US/UK cybersecurity advisory saying Russia is using Kubernetes
- CNCF and FinOps Foundation survey
- Canonical Kubernetes usage survey
- CNCF End User Radar for multi-cluster tools
- runc 1.0.0
- Buoyant Cloud Public Beta
- Sloth, by Xabier Larrakoetxea
- Komodor
- “Itiel” and “ETL”
- Rookout
- Forter
- Ben Ofiri
- Komodor team photo
- The Komondor (and image search)
- Man Who Looks Like His Dog
- Jack Tramiel, co-founder of Commodore International
- Man Who Looks Like His Dog
- Single bit-flip renders certificate transparency log invalid
- $25 million funding with angel investors
- Itiel Shwartz and Komodor on Twitter
Steve McGhee worked as an SRE at Google for almost 10 years, then took a job outside the company. He was tasked with recreating “Google Production” and SRE practice from first principals, but with three books, modern cloud providers, and the entire Kubernetes ecosystem to help. How did he do? Learn about that which you can and can’t replace.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Dan’s recent work has come up in episodes 136, 142, and 151, to name but a few
- Tekton CD
- Sigstore
- Dan’s Peter Jackson look
- Sigstore Root Key Ceremony
- IANA Key Signing Ceremonies and changes in the time of COVID
- GKE news:
- New Tau VMs on Google Cloud and GKE
- Committed use discounts for GKE Autopilot
- Cloud Onboard training for GKE with Kaslin Fields, on June 22
- Stackrox/Red Hat State of Kubernetes Security blog post and report
- etcd 3.5
- SLSA: Supply chain Levels for Software Artifacts
- Ensemble, by Tesera
- Harbor operator 1.0
- Weave GitOps Core
- WSO2 launches Choreo and acquires Platformer
- KubeCon EU 2021 transparency report
- COVID vaccine required to attend fall 2021 Linux Foundation events
- Opinions on Knative positioning by Ahmet Alp Balkan
- LG Chocolate Phone and the Crazy Frog
- Good SRE is the inverse of the XKCD comic on Standards
- “Breaking Prod: More than once, I personally made it impossible to use google search from a phone (for a little bit). Like, for everyone on the planet.”
- San Luis Obispo, California (SLO)
- GIFEE, coined at CoreOS
- Rebuilding SRE, from Memory
- Homer Simpson’s Car
- Postcards from the future and the crystal ball
- Prometheus
- Canary releases
- SLO Math, by Steve McGhee (SLOconf 2021)
- The SRE I Aspire To Be, by Yaniv Aknin (SREcon 2019)
- RAID. a Redundant Array of Inexpensive/Independent Disks
- Deployment Archetypes for Cloud Applications, by Brad Calder and Anna Berenberg
- Steve McGhee on Twitter
NVIDIA and Google have teamed up to bring the new Multi-Instance GPU feature, launched with the NVIDIA A100, to GKE. We speak to Kevin Klues from NVIDIA and Pradeep Venkatachalam from Google Cloud on how and why people use GPUs, optimising instance shapes for machine learning, and why less is often more.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Azure App Services now available for Azure Arc
- ECS Anywhere made GA by press release
- AWS App Runner
- Integrating Google Cloud DNS with GKE
- Istio 1.10
- Terraform 1.0
- Grafana 8.0 and Tempo 1.0
- Argo Rollouts 1.0
- Kubesphere 3.1.0
- Cilium 1.10
- OpenSLO spec launched at SLOConf
- Envoy GA on Windows
- Chaos Experimentation Framework for Envoy
- El Carro operator for Oracle Database from Google Cloud
- Moco operator for MySQL from Kintone
- PlanetScale GA
- FoundationDB paper from ACM SIG MOD
- DockerCon announcements
- Coverage of Development Environments from The Register
- Deps: Open Source Insights project from Google
- Verifiable Supply Chain Metadata with Tekton Chains
- Kubernetes CVEs:
- runc CVE-2021-30465
- VS Code Plugin for Kubernetes CVE-2021-31938
- Steve Smith says “GitOps is a placebo” in a blog post and Twitter thread
- Styra raises $40m Series B round
- Cloud Native community goes live with 10 shows on something called Twitch
- YouTube playlist for KubeCon EU 2021
- Episode 92, with Pramod Ramarao
- Dogecoin
- Training and inference
- 12 things that prove Doom will run on literally anything
- “It runs Doom” subreddit
- CUDA
- vGPUs
- Multi-Instance GPUs
- GKE now supports multi-instance GPUs
- 7 core MacBook Air GPUs
- A100 GPU
- 16 A100 GPUs on a Google Cloud VM
- Running GPUs on GKE
- NVIDIA Container Toolkit
- GCP NVIDIA GPU device plugin
- Kubernetes NVIDIA device plugin
- GTC 2021 talks:
- A Deep Dive on Supporting Multi-Instance GPUs in Containers and Kubernetes by Kevin and Pradeep
- Gain Competitive Advantage using ML Ops: Kubeflow and NVIDIA Merlin and Google Cloud by Andrew Stein and Maulin Patel (Google) and Davide Onofrio (NVIDIA)
- Kevin’s KubeCon talk and slides
- Kevin Klues on Twitter
Pixie Labs built an observabiity platform for Kubernetes, which uses eBPF to get telemetry without user intervention. They were recently acquired by New Relic, who open sourced the Pixie software. Co-founders Zain Asgar and Ishan Mukherjee join Craig Box to tell the story and talk about what’s next. Guest host Alex Ellis tends his garden.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Episode 116, with Alex Ellis
- GrowLab
- OpenFaaS in the RISC-V keynote
- New Kubernetes on Edge training course
- eBPF for Windows
- GKE Dataplane V2 is GA
- Confluent for Kubernetes GA
- VMware Tanzu SQL, with MySQL, for Kubernetes, 1.0
- VMware Modern Apps Connectivity Solution
- Do the State of DevOps survey!
- Pixie Labs
- What is Pixie overview slides presented to CNCF
- Public beta launch and announcement of Series A funding
- Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs
- A day in the life of a Kiva robot
- Recognition for Google Lens clothing recognition
- Dog or blueberry muffin?
- Episode 125, with Ramiro Berrelleza
- How Pixie Works
- New Relic goes all-in on OpenTelemetry and Open Source
- Pixie on GitHub
- Pixienauts community
- New Relic upgrades to Platinum member at CNCF
- Zain Asgar and Ishan Mukherjee on Twitter
A small army of community volunteers is necessary to host a KubeCon, but behind them is a professional events team. Colleen Mickey is Director of Event Services at the Linux Foundation and is responsible for KubeCon + CloudNativeCon, as well as other events like Hyperledger Global Forum and cdCon. She talks to us about hosting, feeding and watering 10,000 people, as well as the change to virtual events.
We also bring the round-up of the KubeCon news, including our famous Lightning Round.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- New Relic and Pixie Labs blogs on Pixie being open sourced
- Red Hat launches the Stackrox community at stackrox.io
- Snyk’s State of Cloud Native Application Security report announcement and results
- OCI Distribution Specification reaches 1.0
- Prometheus to launch conformance program
- New CNCF sandbox projects:
- Vineyard, an in-memory immutable data manager
- WasmEdge Runtime, a WebAssembly Virtual Machine for cloud, AI, and blockchain applications
- ChaosBlade, an open-source version of Alibaba’s chaos tools
- Fluid, a data and storage abstraction for AI and cloud-native applications
- Submariner, a cross-cluster overlay of overlay networks
- Antrea, a Kubernetes CNI plugin
- CNCF Edge survey results and free Kubernetes on Edge Training
- Inclusive Naming Initiative receives Honorable Mention at Fast Company’s 2021 World Changing Ideas Awards
- ‘Master,’ ‘Slave’ and the Fight Over Offensive Terms in Computing by Kate Conger of the New York Times
- Episode 130, with Stephen Augustus
- Spotify wins CNCF Top End User Award
- Accuknox secured $4.6m in seed funding
- Accurics announced Terrascan integrates with Argo CD
- Ambassador introduced a Developer Control Plane
- Armory introduced mini-Spinnaker installation Minnaker, built on k3s
- Arrikto announced MiniKF 1.3 and Eenterprise Kubeflow for Azure
- Avesha launched Smart Application Cloud Framework
- Bridgecrew published security trends from analyzing Helm charts
- CAST AI announced Amazon EKS cost optimizer
- Civo launched K3s-as-a service to early adopters
- Cloudical introduced version 1.8 of VanillaStack
- DataStax announced that k8ssandra supports all distributions
- Dynatrace added the ability to ingest OpenTelemetry traces
- HAProxy launched version 1.6 Kubernetes ingress controller
- Kasten added ransomware protection with v4.0 of K10
- Kubermatic Kubernetes Platform 2.17
- Kubernative says that KubeOps is now a full-fledged Managed Kubernetes Framework
- Netdata has added Kubernetes monitoring features to their Cloud service
- Nirmata announced Nirmata Policy Manager, based on Kyverno
- OpenNebula released a new K3s Virtual Appliance for running Edge Clouds
- Portainer raised $6M in a Series A round to Accelerate their global expansion
- Portworx pre-announced PX-Backup 2.0 with support for external auth services
- Rancher launched a new Rancher Desktop tool in Alpha for Windows and Mac
- Rafay launched new features to its Kubernetes Management Cloud
- Splunk announced their Observability Cloud is Generally Available
- StackPulse announced a Kubernetes-centric operations center
- StorageOS version 2.4 brings encryption at rest and rapid application recovery
- StormForge introduced automatic scanning of in-cluster resources
- StreamNative open sourced Function Mesh for running Apache Pulsar functions
- Sysdig added runtime detection and response for AWS Fargate
- Tigera released Calico Enterprise 3.5 with Dynamic Service Graph and eBPF data plane
- Timescale raised $40m Series B for Postgres-based TSDB and Prometheus cloud
- Trilio announced Kubernetes Backup Monitoring for Velero users
- Vitess launched version 10, with support for the Ruby on Rails framework
- Wanclouds launched multi-cloud Disaster Recovery as a Service
- Weaveworks launched Weave Kubernetes Platform 2.5 with multi cluster observability platform
- Zebrium now automatically perform Root Cause Analysis with integration into Opsgenie
- The first KubeCon in 2015
- KubeCon donated to the CNCF
- CNCF presents CloudNativeCon and hosts future KubeCon events (2016)
- Dreamforce brings in cruise ships
- KubeCon NA 2017 in Austin, TX
- Linux Foundation Climate Finance Foundation
- Diamond sponsor lottery
- Diversity and inclusion at KubeCon EU
- Sponsorship open for KubeCon NA 2021
- Event platforms:
- KubeCon + CloudNativeCon Europe 2021
- KubeCon + CloudNativeCon North America 2021
- GopherCon EU 2018 in Iceland
- Colleen Mickey on LinkedIn
Liqo is short for Liquid Computing. It’s a tool for extending Kubernetes onto others clusters, developed at the Polytechnic University of Turin. Research assistant and Liqo co-creator Alex Palesandro is our guest this week.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Episode 64 with Sarah D’Angelo and Patrick Flynn
- Three years ago today
- James Strachan, James Rawlings and Dan Lorenc
- Jib
- reCAPTCHA
- Microsoft to acquire Kinvolk, Kinvolk to be acquired by Microsoft
- Red Hat Virtual Summit announcements
- Rackspace and Platform9 announce partnership
- Lens 5 Beta
- HYCU joins the Kubernetes backup party
- Sysdig joins the cloud security unicorns
- GKE adds multi-instance GPUs and a new Gateway controller
- Kubernetes moves to three releases per year
- Alex Palesandro
- Politecnico di Torino
- Alex’s thesis
- Episode 141, with Daniel Mangum
- Episode 142, with Gianluca Arbezzano
- Fiat and Stellantis
- DAUIN, Department of Control and Computer Engineering
- Crown Labs
- Liqo
- Vint Cerf at 6UK launch in 2010
- kubefed
- Liqo roadmap
- Liqo on GitHub
- Alex Palesandro on Twitter
Brian Singer co-founded Orbitera, which was acquired by Google in 2016. During that process he met Kit Merker, who was a PM on GKE and the GCP Marketplace, and the two are now working togther on relability engineering startup Nobl9. We talk about migrating Orbitera to GKE and Google’s SRE platform, and how many 9s are too many.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Episode 94, with Richard Belleville
- The G in gRPC stands for:
- Not grey, just backlit! Much improved here
- Grafana relicensing to AGPLv3
- Amazon introduces OpenSerarch
- Pulumi v3.0
- k8ssandra v1.1
- Docker Desktop for Apple Silicon Macs is GA
- Zerto for Kubernetes
- Three different multi-tenancy models
- Loft Labs open sources Vcluster
- CVE-2021-20291 in CRI-O and Podman
- Kubernetes blog updates:
Celebrate the release of Kubernetes 1.21 with release team lead Nabarun Pal from VMware. Nabarun talks about choosing between “hardware” and software, additions and removals from Kubernetes 1.21, and how the Kubernetes project has become more welcoming to people outside the USA.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Moscone Center vaccination site
- Monday morning weather in London
- Before and after haircut
- World record barbering
- Kubernetes 1.21
- kube-state-metrics v2.0
- emissary-ingress joins the CNCF
- Shell Operator v1 for Kubernetes operators
- kubesploit, from CyberArk
- CVE-2021-25735: Validating Admission Webhook does not observe some previous fields on Node objects
- Kubegres
- Minio adds Kubernetes operator and console
- Scaling Kubernetes with assurance at Pinterest by Anson Qian
- SUSE sponsors 300 scholarships in cloud native education
- A reprieve for Apache Mesos
- Nabarun Pal
- IIT Roorkee
- Logo
- ABU Robocon
- Models and Robotics Section, IIT Roorkee
- Rorodata/Algoshelf
- PyCon India
- Building microservices with Firefly at PyCon India 2017
- Conference talks
- Linux Users’ Group of Durgapur (DGPLUG) and FOSS training
- Kubernetes Bangalore meetup
- Nabarun’s journey in the Kubernetes release team
- Applications for Kubernetes 1.21 release team are open
- Episode 130 with Stephen Augustus
- Kubernetes 1.21 release blog
- Kubernetes Enhancement Proposals (KEPs)
- 1.21 release page
- PodSecurityPolicy deprecation and KEP
- Making sure features don’t languish in Beta
- Volume health monitoring
- Command metadata in kubectl headers
- Tweet from @dims bribing people to test Release Candidate builds
- Savitha Raghunathan is release lead for 1.21
- Lewis Hamilton tied with Michael Schumacher
- Mick Schumacher joins F1
- Nabarun Pal on Twitter
We conclude our two-part conversation with Weaveworks co-founder Alexis Richardson, picking up when the company received Series A investment in December 2014. Since then, they built projects like Scope, Cortex and Flux as well as SaaS offerings based on them. We also look at Alexis’s role in the founding of the CNCF.
Please be sure to listen to the first part before this one!
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Educational YouTubers:
- Infrastructure for Entertainment by Justin Garrison at KubeCon NA 2020
- Episode 20, with Justin Garrison
- Kubernetes 1.21
- PodSecurityPolicy deprecation
- KubeVela 1.0
- Argo Workflows 3.0 and Argo CD 2.0
- Cilium launches NetworkPolicy site
- IBM Cloud Code Engine is GA
- Tanzu Cloud Native Runtimes public beta
- New security offerings from Tanzu
- Cisco Intersight Kubernetes Service is GA
- Tetrate Service Bridge is also GA
- Updates to Azure Arc enabled Kubernetes and OpenServiceMesh add-on for Azure in Preview
- etcd project journey report published
- Single sign-on guide for Kubernetes by Ben Dixon
- Apache Mesos moving to the Attic
- Last week’s episode
- Weaveworks
- Weaveworks takes a $5m Series A round
- Weave Scope and its annoucement
- Cortex
- Flux CD and its announcement as a service routing layer
- Weave Cloud
- Docker Swarm Mode
- kubernetes-anywhere
- kubeadm
- Launching eksctl
- The August 2017 post introducing GitOps
- Kelsey Hightower talk at GitOpsDays
- Guide to GitOps
- Steam engine centrifugal governor
- Flux joins the CNCF
- Flagger
- Announcement about Argo and Flux joining forces
- Weaveworks is a founding member of the CNCF
- Alexis elected as TOC chair
- Battlestar Galactica
- Weave Kubernetes Platform
- Series C funding
- Alexis Richardson on Twitter
We’re trying something new!
In Part 1 of a two-part conversation with Weaveworks co-founder Alexis Richardson, we have a wide ranging conversation about career choices, finance, founding and selling tech companies, and the dangers of being pigeon-holed based on the first project your company releases.
Next week we’ll finish the conversation by talking about Weave projects like Flux and Cortex, as well as their SaaS offerings, the founding of the CNCF, and whether Weave built the platform they set out to build when they started 7 years ago.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Evergiven Everywhere
- “Reply all” at the State Department
- Evergreen truck blocks Chineses highway
- Little ship stuck in Littlehampton harbour
- Vote for the name of the Seattle Tunnel Boring Machine
- Outdated; a new open source project from Replicated
- Kubestr by Kasten by Veeam, by golly
- The Aerospike Kubernetes Operator
- Tanzu Kubernetes Grid v1.3
- Red Hat OpenShift on AWS is GA
- Quay.io is changing login methods
- Container vulnerability scanning from Sophos
- Kubecost raises $5.5m in funding
- Security Updates in Docker by Itamar Turner-Trauring
Grant Miller is the co-founder and CEO of Replicated, which helps operationalize and scale the delivery of Kubernetes-based apps into the enterprise. We look at what it means to be enterprise software in a SaaS world, and we also get some 2021 predictions from guest host Liz Rice.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Episode 19, with Liz Rice
- Episode 133, with Thomas Graf
- Cilium talk at DockerCon 2017
- Liz’s 2021 predictions from KubeCon NA (Virtual) 2020
- Cheese exports are down
- Autonomous driving levels
- Prince Harry joins a startup
- Nick Clegg joins Facebook
- SoloCon announcements
- Mesh7 to be acquired by VMware
- GKE adds runtime configuration of pod subnets and larger Internal Load Balancer support
- Amazon reduces EKS cluster create time from “glacial” to “slow”
- NetApp launches Spot Wave
- CircleCI Server 3.0
- Diamanti Spektra 3.2
- Sonatype launches Nexus Container
- Davanum Srinivas elected to the CNCF TOC
- “Unironically Using Kubernetes for my Personal Blog”
If you’d like something more tangible than a virtual cloud instance, there’s always (still!) bare metal. Tinkerbell is a project from Equinix Metal to manage bare metal servers at scale, and Gianluca Arbezzano is one of its maintainers. We talk stacks, racks and MACs.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Episode 11, with Vic Iglesias
- Vic lives here, but not here
- Pokémon Go social distancing
- Flux moves to incubation in the CNCF
- NetApp Astra goes GA; more information
- Fairwinds introduces Saffire
- Cosign, by Dan Lorenc
- Komodor beta and swag offer
- Announcing Private Clusters on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE)
- Linkerd 2.10
- The Money Section, with thanks to David Pait, guest of Episode 127
- Docker takes $23m in Series “B” funding to get ship done
- Aqua Security takes $135m in Series E at $1b valuation
- Snyk raises $300m in Series E valuing company at $4.7 billion
- Tetrate raises $40m Series B
- Is Crossplane the Infrastructure LLVM? by Daniel Mangum
- PHP. and PHP in 2020
- Turin
- InfluxData
- Episode 91, with Leonardo Di Donato
- Dropbox’s exodus from Amazon
- Equinix Metal
- Tinkerbell
- OpenCompute and Open19
- Server terminology:
- DIY Board management control for an Intel NUC: power control
- Tinkerbell services:
- OVH fire
- How Tinkerbell Got Its Wings, including joining the CNCF
- Tinkerbell community
- Episode 136: Backstage, with Lee Mills and Matt Clarke
- Gianluca Arbezzano on Twitter and on the web
- Tinkerbell on Twitter
Crossplane lets you automate creation of infrastructure using Kubernetes APIs. Daniel Mangum is a Crossplane maintainer working at its creator Upbound, a TL of Kubernetes SIG Release, and a YouTube streaming star. He chats about tech with host Craig Box, who is helped this week by returning guest Ken Massada from GKE’s Support team.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Episode 18, with Ken Massada
- Things We Don’t Say podcast
- Glow in the dark sharks
- Earthquakes and tsunamis
- Microsoft Ignite news:
- Helm second security audit
- Meet Brigade v2
- Harbor 2.2 and roadmap
- Google Summer of Code 2021
- KubeCon EU 2021 schedule launched and the selection process explained
- Issue #100000 on kubernetes/kubernetes
- Visual Basic for Applications
- NYT article on retro computing
- Compiler Explorer
- Rich Code for Tiny Computers by Jason Turner
- Upbound
- Crossplane
- Kubernetes SIG Release
- doc.crds.dev
- Upcoming KubeCon talk: FPGK8s: Consumer-Grade FPGAs on Kubernetes
- Daniel’s current hirsuteness
- The Binding Status
- Flake-Finder Fridays
- Daniel Mangum on Twitter and on the web
Kamil Potrec is a Senior Security Engineer at Snyk, working on security around Kubernetes and cloud platforms. He joins the show to discuss how to think about securing your infrastructure, the different arts (and colors) of offensive and defensive security, and what not to lose sleep over.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Red Hat OpenShift 4.7 is GA
- Fairwinds Insights 3.0
- Envoy zero-day patched
- Sysdig contributes Falco modules to the CNCF
- StorageOS raises $10m in Series B
- Platform9 raises $12.5m in Series D
- CNCF relaunches Kubernetes Community Day with KCD Africa and Bengaluru
- Offensive unit in American Football
- Hand-egg
- Red and blue teams
- Unreal Tournament
- Capture the flag
- Kubernetes secrets
- Antivirus software
- Tracer-tee
- SolarWinds attack
- Reflections on Trusting Trust by Ken Thompson
- left-pad deleted from NPM
- Snyk Open Source
- Snyk vulnerability database
- MITRE CVE database
- Kubernetes security at Snyk
- Deploy only trusted containers to GKE
- Application threat modeling
- Kubernetes security best practices, including security context, AppArmor, gVisor etc
- CVE-2020-8554: man-in-the-middle attack using ExternalIP services
- CVE-2020-14386: packet socket vulnerability with user namespaces enabled
- Earlier related work: CVE-2017-7308 and CVE-2016-8655
- Project Zero writeup
- Rewrite it in Rust!
- Kamil Potrec on LinkedIn
Today Google Cloud introduced GKE Autopilot, a new mode of operation where you no longer manage or configure nodes, and you pay per-pod, per-second. Craig talks Autopilot with GKE product manager Yochay Kiriaty.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
This week we talk multi-cluster services with Jeremy Olmsted-Thompson, co-chair of the Kubernetes Multicluster SIG, and tech lead on the Google Kubernetes Engine platform team. Guest host Tim Hockin shows us the way.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Istio 1.9
- IstioCon 2021 - February 22-26
- Mayadata spins out Chaos Native
- Cilium Network Policy editor
- Kubernetes network policy explained by Dominik Tornow
- Trend Micro write-up on container-escaping malware
- Dynatrace Cloud Automation and native log support
- Shipa 1.2
- New GKE, EKS and AKS releases
- Tanzu Build Service 1.1
- Kubernetes 101 Retrospective by Jeff Geerling
- CFP for the eight KubeCon EU pre-days
- Designing for SaaS on Kubernetes at Teleport by Virag Mody
- Comparing OPA/Gatekeeper and Kyverno by Chip Zoller
- Anthos on VMware
- SIG Multicluster
- Multi-Cluster Services KEP
- Namespace sameness
- Gateway API (formerly known as Service APIs)
- Istio RFC
- Introducing GKE multi-cluster services
- Cluster API
- Cluster ID KEP
- Jeremy Olmsted-Thompson on Twitter and GitHub
Michael Gerstenhaber is a Director of Product Management at Datadog, and the curator of their annual Container Report. He joins Craig to discuss why they release it, some recent trends, and how it helps people validate their assumptions about technology.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- OPA graduates in the CNCF
- Docker Distribution donated to the CNCF
- Red Hat Quay 3.4 released
- Hildegard malware writeup from Unit42
- The original TeamTNT
- Attacking Kubernetes clusters using the Kubelet API by Eduardo Baitello
- Jetstack Secure
- Traefik
- Kong Konnect is GA
- Get your KubeCon EU tickets early
- Buildpacks vs Dockerfiles by Genevieve L’Esperance
- Why Helm never felt like it belonged by Luka Skugor
- iOS and iOS
- The Happy Cloud
- Happy Cloud Taps the Cloud to Speed Up Video Game Downloads by Ryan Kim at GigaOM
- Datadog
- Golden signals
- Work metrics and resource metrics
- Datadog reports:
- KubeCon EU 2019 talk: 10 Ways to Shoot Yourself in the Foot with Kubernetes, #9 Will Surprise You by Laurent Bernaille & Robert Boll
- Autopilot: Workload Autoscaling at Google Scale
- Snow in NYC
- #17 on the all-time list by inches of snowfall
- Michael Gerstenhaber on Twitter
Backstage is a platform for building developer portals, powered by a centralized service catalog. It was built at Spotify and both open sourced and donated to the CNCF in 2020. A Kubernetes plugin was recently added. We talk to maintainers Lee Mills and Matt Clarke from Spotify.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Longhorn 1.1
- Vitess 9
- Sonobuoy adds reliability scanning
- Rapid7 acquires Alcide; Techcrunch reporting
- Armo comes out of stealth; VentureBeat reporting
- Scaling Kubernetes to 7,500 nodes at OpenAI
- Announcing the Linkerd steering committee
- The State of Cloud Native Release Orchestration; a report from Vamp
- Hunting for malware with Falco
- Upgrading from Kubernetes 1.11 to 1.18 in a month by Jeff Wolski at WeTransfer
- Debugging CrashLoopBackOff by David Giffin from Release
- Jeff Brewer has passed
Josh Bernstein has worked at a number of infrastructure roles before recently landing at Google. He talks about migrating Siri from AWS (pre-acqusition) to VMware to Mesos, and Dell EMC’s work building what would become the Container Storage Interface. Guest host Jasmine Jaksic talks with Craig about snowcreatures.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Multi-dimensional pod autoscaling in this week’s GKE release
- Hitachi: vacuum cleaners in the 1990s and Kubernetes today
- Garnet.ai
- kind 0.10
- New Google Cloud Run networking features
- Production Kubernetes from VMware Tanzu.
- Serverless for Everyone Else from Alex Ellis
- Chris Aniszczyk’s 2021 predictions
- Priyanka Sharma’s 2021 predictions
- 14 LFX interns graduate
- Kubernetes honey tokens by Brad Geesaman
- Bad pods: privilege escalation by Seth Art
- The US Air Force are feeling supersonic
- Apple acquires Siri
- Xserve
- Siri public introduction
- Apple rebuilds Siri backend with Apache Mesos using the J.A.R.V.I.S. framework
- Dell EMC
- {code} community
- REX-Ray: announcement and docs
- CNCF Governing Board
- CI/CD startups to watch:
- Josh Bernstein on Twitter
After building the Eclipse IDE and Twitter’s Open Source office, Chris Aniszcyzk bootstrapped the CNCF, joining its parent the Linux Foundation in 2015. He’s now a VP of DevRel there, as well as CTO at the CNCF and Executive Director of the Open Container Initiative. Chris joins us to share his technology journey and Cloud Native predictions for 2021.
And all that is now
And all that is gone
And all that’s to come
And everything under the sun is in tune
But the sun is eclipsed by the moon
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Otomi from RedKubes
- Nutanix now supports Anthos
- Tanzu Advanced is GA
- Pivotal Labs is Tanzu Labs
- VMware needs a new CEO
- New CSI driver for Google Kubernetes Engine
- Slim.ai announces seed funding
- Grafana Cloud introduces free tier
- Sysdig container security usage report (PDF)
- 63 node Kubernetes cluster using Firecracker by Álvaro Hernández
- The definitive guide to Vertical Pod Autoscaling by Povilas Versockas
-
- Object Technology International
- Erich Gamma
- code9, Chris’s startup
-
Twitter OSS
-
Linux Foundation, and its sub-projects CNCF and OCI
-
Chris’s Cloud Native predictions for 2021
- Developer experience: Gitpod, GitHub Codespaces or Google Cloud Shell
- Wasm in Envoy
- Wasi, the WebAssembly Systems Interface
Thomas Graf is the inventor of Cilium and the co-founder of Isovalent. Cilium is a container networking plugin built on top of eBPF, bringing modern SDN technologies to accelerate your pods. Adam and Craig also discuss the many uses of Christmas trees.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Christmas trees:
- Keep clear (mostly)
- Culinary uses
- Discussed in episodes 104 and 111
- Google grants $3m to the CNCF to run the Kubernetes infrastructure
- AWS Managed Grafana and Prometheus
- Red Hat acquires Stackrox
- CNCF Annual Report
- KubeCon NA 2020 Transparency Report
- Rancher announces Harvester
- Kubernetes 1.20 feature deep-dives:
- Sonobuoy goes beyond conformance
- Project Contour security audit
- Pulse: stats from Envoy Mobile
- Crossplane 1.0
- Project Karavi from Dell Technologies
- Cluster API provider for Microsoft Azure
- Vitess project journey report
- Tanzu Gemfire
- Kubernetes Security Essentials from the CNCF
Akri is a recent open source project launched by Microsoft to manage edge devices. Kate Goldenring is a software engineer in Microsoft’s Edge OS team and an Akri maintainer. She joins our final show of 2020 to talk about how to use Kubernetes to manage devices that can’t run Kubernetes.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs
- Docker Enterprise is now Mirantis Kubernetes Engine
- Mirantis OpenStack for Kubernetes
- Lens 4.0 released
- CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs
- Volume Snapshot moves to GA in Kubernetes 1.20
- Weaveworks takes $36.65M in Series C
- Trilio takes $15M
- Anthos for Telecom puts Google partners apps on the edge
- CircleCI Server 3.0
- State of Software Delivery report
- New Microsoft AKS features
- Flink 1.12
- Cross-region replication in AWS ECR
The final — and raddest — Kubernetes release of 2020 is 1.20. This week, Craig and Adam talk to its release team lead, Jeremy Rickard from VMware. Jeremy talks about migrating to newer Kubernetes versions, sooner or later; what was added, what was deprecated, and what that really means; and what happens when you Google your own nane.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes 1.20:
- etcd graduates in the CNCF
- CNCF launchese Cloud Native Security Whitepaper
- Istio 1.8
- Kuma 1.0
- Linkerd doesn’t use Envoy
- AWS re:Invent:
- Anthos on bare metal is now GA
- IBM acquires Instana
- Opstrace public launch
- Weaveworks Kubernetes Platform (WKP) 2.4
- Spectro Cloud anywhere
- Improving the Kubernetes API docs by Phillipe Martin
- Participate in the Chinese Cloud Native survey
- How David Anderson would reboot Kubernetes
- Episode 61, with Jeremy Rickard and Ralph Squillace
- Porter
- Jeremy’s beard
- Release team for 1.20
- Enhancements sub-project
- The Raddest Release
- Enhancements sheet
- #1769: NUMA memory manager
- Up or out: the deprecation clock starts for Alpha/Beta features
- #1985: Dockershim deprecation KEP
- Sitting this release out: Sidecar containers
- Not in 1.20: Distroless images
- 1.21 lead: Nabarun Pal
- Kubernetes on an F-16 jet
- Other Rickards:
- Matt Rickard (our guest on episode 6)
- Jeremy Rickard the mathematician
- Jeremy Rickard on Twitter
Join us for all the news from KubeCon NA 2020, and a conversation with conference co-chair Stephen Augustus. Stephen is a Senior Open Source Engineer on the VMware Tanzu team, a chair of Kubernetes’ SIG Release, and a leader in many other parts of the project, past and present.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- The kākāpō wins Bird of the Year
- We’re off for 2 weeks. See you on December 8!
- Cisco acquires Banzai Cloud
- CNCF announces Cloud Native Survey 2020 results
- Red Hat: New edge features, industrial AI/ML blueprint and AWS launch
- CNCF End User Tech Radar for storage
- New End User benefits
- Envoy Mobile joins the CNCF
- New sandbox projects
- k8ssandra from Datastax
- k0s from Mirantis
- Solo.io announces Gloo Mesh Enterprise and rebrands products
- Pinniped
- Shipa launches Ketch
- Kinvolk launches Headlamp
- The SPIFFE book “Solving The Bottom Turtle”
- Anthos Developer Sandbox
- GKE ingress features
- Ambassador Labs takes in $18m and launches v1.9
- Tanzu SQL: Postgres on Kubernetes
- Lightning round:
- Accurics extends Terrascan
- AWS adds containers to Lightsail
- Arrikto takes $10m in funding
- Brobridge releases Gravity
- CircleCI runner is GA
- Cloud66 for agencies and multiple database support
- Cloudflare Origin CA cert-manager plugin
- Cloudical Vanillastack
- Cloudify version 5.1
- Codefresh launches GitOps 2.0 features
- Commvault backup-as-a-service
- Diamanti Spektra 3.1 and customer portal
- Dynatrace PurePath 4
- Elastisys Compliant Kubernetes
- The Fairwinds Kubernetes Maturity Model
- Garden takes “seed” funding
- Gremlin adds soundproofing
- Humio Operator
- Instana adds observability tools on Kubernetes
- Intuit runs TurboTax on Kubernetes
- Kioxia announces a new storage offering
- Kubecost adds features for monitoring outside a cluster
- KubeMQ adds automatic network creation
- Kubermatic updates KubeOne to v1.1
- Kubernative SINA
- Kublr 1.19
- Lablup announced Backend.ai 20.09 RC
- Magalix launches KubeAdvisor 2.0
- Mayadata launches Kubera Propel and Kubera Chaos
- Mirantis adds extensions to Lens
- Puppet Labs adds Relay to Puppet Enterprise
- Reblaze announces Curiefense to add WAF to Envoy
- Replicates wants to help you Troubleshoot
- Styra adds new editions to DAS
- Sysdig introduces Kubernetes-native network security (ZTNSK) and partners with IBM Cloud
- TrilioVault for Kubernetes v2.0
- Zerto for Kubernetes
- Google Open Source Live Kubernetes
- KubeCon NA 2020
- Episode 117, with Constance Caramanolis
- CNCF Twitch
- SIG Friday: ping Stephen for the current link
- Slack
- CoreOS
- SIG Release
- SIG PM (retired)
- Kubernetes Enhancement Process
- Release managers
- Black Lives Matter announcement banner
- Kubernetes Naming working group
- Inclusive Naming project
- Dan Kohn memorial
- Stephen Augustus on Twitter and on the web
Thomas Rampelberg is a software engineer with Buoyant, creators of Linkerd, and a core maintainer of that project. He is also a co-author of the Service Mesh Interface and co-creator of DC/OS. He joins Craig and Adam to talk about the two former, and pour one out for the latter.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- The BBC on Sean Connery
- Noreen Malone on Alex Trebek
- Celebrity Jeopardy! highlights from Saturday Night Live
- Doomscrolling
- Potion Explosion: analog, or digital (Steam, Android, iOS)
- KerPlunk!: analog only
- Linkerd 2.9
- AWS’s response to Dockerhub: a new service
- IBM adds Code Risk Analysis to Cloud CD
- Helm chart deprecation
- CyberArk looks at threats to Kubernetes
- D2iQ retires DC/OS
- The monolith
- Buoyant
- Linkerd
- Finagle
- kube-proxy before iptables
- Conduit: a new mesh without the JVM, which became Linkerd 2
- Linkerd 2-proxy:
- Under the hood of the Linkerd proxy
- Rust
- tokio runtnime and hyper HTTP libraries
- Heartbleed
- CNCF audit
- Architecting for Multicluster Kubernetes blog post
- Linkerd 2.9
- Service Mesh Interface (SMI)
- Istio WebAssembly support
- Kubernetes is a domain-specific database
- Tilt and Okteto
- Burning Man
- Thomas Rampelberg on Twitter
For pods to talk to each other in Kubernetes, you need a virtual network. Antonin Bas is a staff engineer at VMware and a maintainer of Project Antrea; a CNI plugin which provides such a network. He talks to Adam and Craig about encapsulation, virtualisation, and 10,000 year old Finnish artifacts.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Over the top Halloween light show
- Bird of the Year
- Click here to take the Audience Survey: thank you for helping us make a better show for you!
- An update on D2IQ’s support of Mesos
- Docker’s plan for Year 2
- Google Cloud mitigates the impact of Docker’s Year 1 changes
- KubeLinter from StackRox
- Hashicorp Nomad 1.0 Beta
- Vitess 8 GA
- gRPC in the real world: Container Runtime Interface by Bob Reselman
- RIP Dan Kohn
- Visual Basic
- Professor Nick McKeown, co-founder of Nicira
- Barefoot Networks
- P4, in the Open Networking Foundation
- Software-defined networking
- Virtual networking
- The Kubernetes network model
- Network plugins:
- Antrea
- Container Network Interface (CNI)
- veth pairs
- Open vSwitch (OVS)
- NodeIPAM Controller
- CNI plugin chaining
- Installing Antrea with other CNI plugins
- Antrea features:
- Antrea on GitHub
- Antonin Bas on Twitter and GitHub
David Pait was a touring musician in pop punk band Sparks The Rescue. Now, he’s an SRE working on Kubernetes at an ad-tech company. How did he get there? And if you’re looking to change careers, how might you? Craig and Adam dig in.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Steam Digital Tabletop Fest
- Microsoft Surface (since renamed PixelSense)
- Similo
- Guess Who?
- Click here to take the Audience Survey: thank you for helping us make a better show for you!
- Cloud Foundry Doubles Down on Kubernetes
- Akri, from Microsoft
- kube-secret-syncer from Contentful
- Grafana Tempo
- OpenTelemetry Tracing Spec RC by Morgan McLean
- AWS Distro for OpenTelemetry
- AWS Load Balancer Controller
- Nydus container image service
- Robin.io Express, free for life
- Verizon Business adds Kubernetes which is powered by Rafay
- Netsertive
- Sparks the Rescue
- Munki for Mac software deployment
- A considered purchase
- Google’s SRE books
- eksctl
- Velero, fka Heptio Ark
- Fixing reuse-values in Helm
- Go listen to Hot Mulligan
- Or Taylor Swift, totally up to you
- David Pait on Twitter
Bob Killen is co-chair of Kubernetes’ SIG Contributor Experience and was last week elected to the project’s Steering Committee. He worked in academia for 15 years, latterly working on research projects using Kubernetes, with a focus on computer security. He’s now made the leap to working on Cloud Native full time at Google. Bob joins us to explain why Kubernetes twitter is occasionally full of cartoon geese.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Relive New Zealand’s General Election coverage - 57% of the electorate voted early!
- Ballot box in Washington State
- Click here to take the Audience Survey: thank you for helping us make a better show for you!
- VMware Tanzu Kubernetes Grid 1.2 is GA
- Red Hat integrates Ansible and OpenShift
- Changes to the KubeCon EU
- Cloud Native in China survey results
- Introducing HA MicroK8s
- Helm turns 5
- Google Cloud Code adds support for 400+ CRDs
- A holiday gift from AKS
- University of Michigan
- Little Bobby Tables
- 2600
- Jeff Sica
- ARC-TS: Advanced Research Computing — Technology Services
- kube-batch
- Volcano
- Orchestructure meet-up and Mario Loria
- SIG Contributor Experience
- Kubernetes Steering Committee
- HONK
- Untitled Goose Game
- /honk
- Ian Coldwater’s goose-themed talk from KubeCon NA 2019
- honk.ci
- KubeCon NA events:
- SIG Honk AMA: Ian Coldwater, Duffie Cooley, Brad Geesaman, Rory McCune
- Having Cloud Native Fun with HonkCTL: Jeff Sica
- SIG Beard: see episode 46, with Aaron Crickenberger
- Bob Killen on Twitter
Ramiro Berrelleza is CEO and co-founder of Okteto, a company making developer tools which simplify development on Kubernetes. He joins Adam and Craig to discuss how the open source project and company came about, going through Y Combinator, and the best filling for a Mission burrito.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Click here to take the Audience Survey. Thank you for helping us make a better show for you!
- Rook graduates
- Wasm is upstreamed in Envoy
- Helm moves to Artifact Hub
- DigitalOcean introduces DOAP and Apurva Joshi describes its stack
- IBM breaks itself in two
- Kubernetes Steering Committee election results
- OpenTelemetry Governance Committee election starting
- Introducing PipeCD by Le Van Nghia
- Anchore DevSecOps toolkit
- Rancher 2.5
- Red Hat slashes OpenShift prices
- Kubernetes tested on U2 Dragon Lady aircraft
- Minecraft as a Kubernetes tool by Eric Jadi
- Okteto
- Excitebike
- Elasticbox, acquired by CenturyLink
- Y Combinator
- Okteto on GitHub
- The name:
- El Farolito: cow tongue and Carne Asada
- Ramiro Berrelleza on Twitter
- Okteto on Twitter
When your infrastructure is effectively infinite, you may have to keep an eye on your credit card. Webb Brown started a project that does exactly that - Kubecost, which aims to reduce spend and prevent resource-based outages. He talks to Craig and Adam about the project and the company behind it.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- VMworld announcements
- Pixie Labs
- Cicada, by Jeremy Herzog
- Announcing Java support for cdk8s
- Good: Envoy on Windows
- Not so good: Envoy CVE-2020-25017
- Kubenav 3.0.0 announced
- Cisco acquires Portshift
- Veeam acquires Kasten
- Solo.io acquires $23m
- Kubecost
- Spot instances (AWS) and preemptible VMs (Google Cloud)
- DeepMind AI Reduces Google Data Centre Cooling Bill by 40%
- Managing your costs on Kubernetes by Karl Stoney at Autotrader
- FinOps and the FinOps Foundation
- Shifting left
- Stackwatch
- Glacier National Park and Going-to-the-Sun Road
- Webb Brown on Twitter
Kubernetes makes it easy to run distributed workloads, but how do you make sure that replicas don’t conflict with one another? You elect one as the leader. Mike Danese, chair and TL of Kubernetes SIG Auth, joins a vegan and a carnivore to explain how Kubernetes implements leader election.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- What is a staycation?
- What is steak?
- Beefsteak, vegetarian/vegan restaurant
- Nachos
- Chaos Mesh 1.0
- Azure news:
- Istio Steering Committee election results
- OpenServiceMesh joins the CNCF Sandbox
- Odo 2.0.0 GA
- Determined AI on Kubernetes
- Cloud Run for Anthos adds events
- KubeAcademy Pro from VMware
- KubeCon EU 2020 transparency report
- Scholarships for KubeCon NA 2020 are open for application
- Wet labs and dry labs
- Threads
- Mutex or lock
- Critical section
- Compare-and-swap
- Gas station bathroom keys
- Futex
- Lock server:
- Optimistic concurrency
- Resource versions
- Regional clusters in GKE
- Leader election
- Leader election client in Kubernetes’ client-go
- An example of using it by Carlos Becker
- The new Lease API
- Paxos and Raft
- Deadlock
- Split brain
- Mike Danese on Twitter and GitHub
Torkel Ödegaard is the creator and project lead of Grafana, and co-founder of Grafana Labs. Learn how Torkel went from modding video games to building a data visualization platform, and co-founding a company that is now offering a complete monitoring service built on Prometheus.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- CVE-2020-14386
- gVisor: Containing a real vulnerability by Fabricio Voznika
- Announcing IBM Cloud Code Engine
- Docker Enterprise Container Cloud
- Mirantis rethinks Docker Swarm vs Kubernetes by Beth Pariseau
- Episode 110, with Adrian Ionel
- KubeEdge approved as CNCF incubating project
- kubeapply and Kubernetes configuration at Segment
- Introducing Grafana Metrics Enterprise
- Pure Storage to acquire Portworx
- Ionir exits stealth and promises instant data mobility
- NetApp Cloud Volumes Service powered by GKE
- AKS adds CSI driver for Files and Disks
- Red Hat OpenShift Container Storage 4.5
- VMware Tanzu:
- SentinelOne announce automated applicaiton control for containers
- 16 CNCF interns graduate from Google Summer of Code
- Building operators for cluster add-ons by Somtochi Onyekwere
- CFPs open for ServiceMeshCon and Cloud Native Security Day North America
- A Year of Kubernetes at GitLab
- The 2001 dot-com crash
- Rocket Arena mod for Quake 3
- Extreme ironing
- Tradera
- Graphite
- Kibana
- Grafana
- Grafana Labs
- Kausal
- Cortex
- Loki
- Crystal Reports
- Interesting use cases:
- A $50m Series B funding round
- Grafana Metrics Enterprise
- Recommended reading: Chasm City by Alastair Reynolds
- Torkel Ödegaard on Twitter
Ed Huang is co-founder and CTO of PingCAP, creators of the TiDB distributed database and the TiKV key value store. Ed worked on clustering Redis while at Wandou Labs, creating and open-sourcing a tool called Codis. Deciding to focus on this space, he created TiDB and then TiKV, and founded PingCAP. He shares the story behind the projects, bridging the gap between China and the West with open source, and his Desert Island Disc.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Lens 3.6.0
- Security groups for Pods on AWS EKS
- CNCF End User Technology Radar for Observability
- Kotary by CA-GIP
- OnePanel and its docs
- WebAssembly OCI spec
- Red Hat Marketplace by IBM
- Stackrox lands $25m in funding
- Introducing Nutanix Platform Services by Amit Jain
- Confidential Computing on GCP and GKE
- New Serverless training course by Alex Ellis
- Jetstack CNI migration notes by Josh Van Leeuwen
- Wandou Labs
- Codis clustering for Redis
- Spanner and F1 papers from Google Research
- TiDB
- TiKV
- PingCAP
- Local Persistent Volumes in Kubernetes and beta launch blog explaining it
- TiKV’s CNCF journey:
- Chaos Mesh
- Wasm and Wasmer
- Dark Side of the Moon
- Ed Huang on Twitter
Melanie Cebula is a staff engineer at Airbnb, where she has built a scalable modern architecture on top of cloud native technologies. She regularly shares her knowledge in presentations focusing on cloud efficiency and usability, and today shares the story of Airbnb’s Kubernetes migration with hosts Adam and Craig.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Five days of Kubernetes 1.19:
- TiKV graduates from CNCF incubation
- cert-manager 1.0
- Episode 75, with James Munnelly
- Tanzu Build Service is GA
- State of Spring report
- AWS Bottlerocket is GA on EKS
- Kalm (keep Kalm and karry on)
- CRAFT from Salesforce (and its GitHub repo)
- Introducing Kubernetes CSI sidecar containers from HPE by long-time listener Michael “Data” Mattsson
- KubeCon EU Virtual YouTube playlist
- CNCF to provide another round of CommunityBridge mentorships
- Faster services: no CPU limits by Eric Khun
- How GoJek upgrades Kubernetes on GKE by Tasdik Rahman
Keptn, a control plane for continuous delivery, came out of the need to install Dynatrace’s software at their customer’s environments. Alois Reitbauer is Chief Technical Strategist at Dynatrace, reponsible for open source, and a co-chair of the CNCF App Delivery SIG. He talks to your hosts about Keptn, observability after deployment, and how owning a 40 year old sports car is more “curation” than “operation”.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Loved: Thinking, Fast and Slow
- Unloved: a pile of Sex and the City
- Anthos Attached Clusters
- New Anthos pricing
- GKE on The Keyword
- Cloudian introduces operator
- Canonical introduces Kubernetes 1.19
- Portainer CE 2.0
- Kuberntes client comparison by Yolan Vloeberghs and Pieter Vincken
- Distributed tracing overview by Jonathan Gold
- Dynatrace
- OpenTelemetry
- OpenMetrics
- Keptn
- Blogs by Alois:
- Micro operations — A new operations model for the micro services age
- How your delivery pipeline will become your next big legacy-code challenge
- Related CI/CD tools:
- CD Foundation SIG Interoperability
- CNCF SIG App Delivery
- Alois’s car marque of choice
- Alois Reitbauer on Twitter
Taylor Dolezal is a senior Developer Advocate at Hashicorp and the Kubernetes 1.19 release lead. His desire to give talks and join the CNCF Ambassadors led him to the release team and to his new job. He talks to Adam and Craig about how a TI-83 calculator started him on the path.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes 1.19 release - deferred 24 hours
- Istio 1.7 release!
- New Istio Steering Committee charter
- k3s to join the CNCF Sandbox
- New networking features in GKE
- Anthos announcements from Google Cloud Next
- Google Cloud Code updates
- Serverless Framework Knative component
- VMware vRealize Operations 8.2
- Moving forward from Beta in Kubernetes
- Palinurus, from Mailchannels
- What’s new in Falco 0.25
- AWS Controllers for Kubernetes
- Carvel
- Operator SDK reaches 1.0
- Thanos and Cortex are both incubating in the CNCF
- The Kubernetes Handbook by Farhan Hasin Chowdhury
- TI-83 Plus Silver Edition
- Walt Disney Studios
- “Deployed my blog on Kubernetes”
- Hashicorp
- CNCF Ambassador
- 1.14 release team
- 1.18 release team
- 1.19 enhancement sheet
- Lauri Apple, PgM for SIG Release
- Sidecar containers.. still
- Jeremy Rickard is 1.20 release team lead
- Nomad, from Hashicorp
- Hashicorp joins the CNCF
- CNCF Cape, as modeled by Lachie Evenson
- Reading list:
- Working in Public: The Making and Maintenance of Open Source Software by Nadia Eghbal
- An Elegant Puzzle: Systems of Engineering Management by Will Larsen
- The Art of Doing Science and Engineering by Richard Hamming
- Defending Jacob
- Taylor Dolezal on Twitter
Constance Caramanolis is the co-chair of this week’s virtual KubeCon EU, and a principal software engineer at Splunk. Her introduction to Cloud Native came as an Envoy maintainer working at Lyft; she talks to Craig and Adam about communication: techmical, programmatic, in-person and online. We also summarise all the news from KubeCon.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Red Hat OpenShift Virtualization is GA
- 5 years of Google Kubernetes Engine
- GKE Dataplane v2
- Docker changes registry pricing and retention
- IBM introduced POWER10
- Introducing hierarchical namespaces by Adrian Ludwin
- OpenEBS 2.0.0
- containerd 1.4.0
- VMware Tanzu Mission Control integrates VMware Tanzu Observability by Wavefront
- Mirantis acquires Lens
- Pulumi adds new Kubernetes features
- Envoy
- Omnition, acquired by Splunk
- Splunk acquires Omnition
- OpenTelemetry
- Constance’s talks:
- KubeCon NA 2018: Envoy Intro (with Matt Klein)
- Velocity 2018: Leveraging Envoy when responding to high-severity incidents
- SYN-ACK
- Constance’s KubeCon EU keynote
- The Five Whys
- KubeCon EU agenda
- KubeCon NA 2019 puppies
- Corgis
- Invite a llama
- Episode 80, with Vicki Cheung
- Greek food:
- Stroopwafels
- Poutine
- Constance Caramanolis on Twitter
Alex Ellis created serverless framework OpenFaaS while working a day job. It’s used by some big companies, but he’s resisted the temptation to join one. Instead, he’s offering consulting and seeking sponsorships, building a business from the ground up. He explains the pros and cons of independence to Craig and Adam.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Microsoft launches OpenServiceMesh
- Kong releases Kong Mesh
- Tanzu Application Service 2.10, formerly known as Pivotal Cloud Foundry
- KubeCarrier
- Nestybox releaases Sysbox (GitHub)
- Palo Alto Networks discloses and fixes fault in KataContainers
- JenkinsX plugin for Octant
- Backyards gets FIPS compliant
- StarlingX 4.0
- New AKS features
- etcd security audit
- New Code of Conduct Committee Members
- Alex Ellis
- ADP Payroll
- Docker Captains program
- Lord Birt
- DockerCon 2016
- Ben Firshman
- funker
- funker-dispatch by Alex Ellis
- FaaS
- OpenFaaS
- Moby’s Cool Hacks - closing keynote
- Joining VMware to work on OpenFaaS
- Leaving VMware and Alex going out on his own
- OpenFaaS Ltd
- Inlets
- k3sup
- Arkade
- 5 years of Raspberry Pi and robots
- Insiders Subscription
- Treasure Trove archive
- The Five Pressures of Leadership in OSS
- A bit of Istio before tea-time
- Cards Against Containers for Black Girls Code
- Alex Ellis on Twitter
Since we last spoke about Minikube 18 months ago, the project has gone 1.0, and made large performance and usability improvements. Thomas Strömberg is the manager of the Container DevEx team at Google and a maintainer of Minikube. He talks to Craig and Adam about why system administrators are the best code reviewers, the importance of surveying users, and building bikes made of bamboo.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Baking hot
- Baking:
- Washington State Voters Guide
- Lord Buckethead
- Monty Python’s Election Night Special
- OpenSSF launched
- Nova from Fairwinds: monitor Helm charts for new releases
- Lifebelt by Gustav Westling
- Chaos Mesh joins the CNCF Sandbox
- As does the Serverless Workflow spec
- Announcing Vitess 7
- Spinnaker Operator is GA
- AKS 2020-07-27 release
- GKE r25
- Server side encryption for ECR
- Project report: Jaeger
- How Dropbox migrated from NGINX to Envoy by Alexey Ivanov and Oleg Guba
- Thomas Strömberg
- Minikube
- Episode 39, with Dan Lorenc
- DiRT: Disaster Recovery Testing
- Timex Sinclair ZX81
- Bringing Minikube to the next Billion Users: Thomas’s talk at KubeCon China 2019
- The mini Minikube Survey
- Other similar tools:
- Knoppix
- Pausing Minikube
- Running multiple nodes
- Triage Party
- Slow Jam
- Bamboo bicycles
- Thomas Strömberg on Twitter
We finally scheduled some time to talk to David Oppenheimer. David, a software engininer at Google, has been working on scheduling there since 2007, including on both Borg and Omega. That experience naturally led to him working on the Kubernetes scheduler, as well as starting SIG Scheduling.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Last week’s discussion about ice cream pies
- Vegemite ice cream, and a friendly reminder that New Zealand is not Australia
- Mutton ice cream is not a thing
- A bear in the kiddie pool
- Google Traffic Director supports proxyless gRPC
- New Relic open sources its agents
- Lyft drops the Clutch
- Conftest joins the Open Policy Agent project
- Emissary, from GitHub
- VS Code Docker extension can now run containers in Azure Container Instances
- Debugging Incidents in Google’s Distributed Systems by Beth Cooper and Charisma Chan
- Hashicorp Consul Service on Azure is GA
- Gloo Federation for gloo’ing your Gloos together with gloo
- The AWS EKS CIS ben chm ark
- Changes to Aqua Wave and Aqua Enterprise
- Snyk’s developer-first prioritization capabilities
- Carbonetes launch PR
- Prevasio launch PR
- DOMA: domain-oriented microservices architecture at Uber by Adam Gluck
- Papers co-written by David:
- SIG Scheduling
- WG Multi-Tenancy
- App Engine
- Interviews with David’s colleagues on Borg and Omega:
- Omega features:
- Scheduler features
- Two level scheduling
- Kubernetes scheduler in Bash
- Firmament and integration in Kubernetes via Poseidon
- Configuration tools
- David Oppenheimer on Twitter
Released on the same day as Kubernetes, cadvisor is a container monitoring daemon that collects metrics and serves them to monitoring tools. It’s built into the Kubelet, and underpins many components in Kubernetes, such as eviction and autoscaling. David Ashpole of Google Cloud is TL of Kubernetes SIG Instrumentation, and the maintainer of cadvisor; he joins Adam and Craig this week to explain where instrumentation fits in the stack, and what you should do as a Kubernetes maintainer vs. a cluster administrator.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- In Craig’s neighbourhood:
- Masks
- National Ice Cream Day
- GKE Ingress features:
- Exposing services on GKE
- OpenShift 4.5
- Spring Cloud Data Flow for Kubernetes from VMware; part of the Spring Runtime package
- k8spin.cloud is closing and making their code open source
- Custom Pod Autoscaler (and docs) by Jamie Thompson
- Envoy 1.15 round-up from Tetrate; release notes from the team
- Fluent Bit 1.5 summary at the CNCF
- k3d v3.0 and new web site
- Best practices for creating a highly available GKE cluster
- Recommended alerts for AKS
- Ingress support added to AWS App Mesh
- Platform9 adds new apps to their Managed Kubernetes Service
- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts
- CVE-2020-8559: Privilege escalation from compromised node to cluster
- Threat Alert: Attacker Building Malicious Images Directly on Your Host from Aqua Security
- Certified Kubernetes Security Specialist (CKS) coming in November
- Sign up for a free pass to Virtual KubeCon EU keynotes
- Diving Into Istio 1.6 Certificate Rotation by Christian Posta
- SIG Instrumentation
- inodes
- cgroups
- cadvisor
- Monitoring metrics with Prometheus
- Victor Marmol and Vish Kannan
- Episode 22, with Dawn Chen
- CRI
- Resource metrics pipeline
- Heapster
- Metrics Server
- kube-state-metrics
- Managing Your Costs on Kubernetes by Karl Stoney from Autotrader
- Episode 52, with Russell Warman and Karl Stoney
- Metrics Stability Framework
- Structured logging
- Distributed tracing in Kubernetes
- Node out of memory eviction
- Pod priority
- David Ashpole on Twitter
An open source license grants rights on copyright and patents, but not trademarks. Chris DiBona has some ideas on how to address that. He has spent his career in open source, including over 15 years running Google’s Open Source Programs Office, and is one of the directors of the new Open Usage Commons. It launched last week with three projects - Angular, Gerrit and Istio - transferring their trademarks. Chris joins Adam and Craig to talk about Google’s work in open source, and why a new organisation is needed.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- SUSE to acquire Rancher
- Open Usage Commons:
- Operator Framework and Contour accepted into the CNCF
- BigQuery Omni
- Kubernetes has caught up with YARN according to Datamechanics
- Kubernetes networking: why is this so dang hard? by Tim Hockin
- Announcing Kustomize support for Pulumi
- Cinderella clusters from Soluble
- Google’s Anthos comes to HPE Greenlake
- AWS:
- AKS adds console RBAC and policy integration
- Kublr adds in-place upgrades and external clusters
- D2iQ want to teach you
- Chris DiBona
- VA Linux
- San Mehat
- Google Search Appliance
- Maintainer of Git
- Author of Git
- Ping pong balls on a bus
- AMP joined OpenJS Foundation and has now graduated
- WASM became a W3C standard
- Google Summer of Code
- Open Usage Commons
- Debian Free Software Guidelines
- Google Contributor License Agreement
- Istio governance: Steering Committee and TOC
- Silicon Valley
- Chris DiBona on Twitter
- Open Source at Google
Before Kubernetes was launched, it could have at most 25 nodes in a cluster. At 1.0, the target was 100. Meanwhile, Borg, Omega and Mesos were all running away at 10,000. What did it take to get Kubernetes to this number, and above? SIG Scalability and GKE Tech Lead Wojciech Tyczynski tells us.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Follow-up:
- Chairs, from Episode 107
- Christmas trees, from Episode 104
- Kids music
- KubeCon US goes virtual
- PromCon schedule
- AWS App2Container
- GKE brings Node Local DNS cache to GA
- Update kernel and Kubelet config on GKE nodes
- AKS brings 1.17 to GA; adds containerd and priority placement group support
- Diamanti Spektra 3.0
- Kubernetes WG Naming
- Introducing Cloud Native Community Groups
- Updated CNCF Storage whitepaper
- Presslabs moves to Kubernetes
- Omega
- Defining scalability
- Original SLOs
- API-responsiveness: 99% of all our API calls return in less than 1 second
- Pod startup time: 99% of pods (with pre-pulled images) start within 5 seconds
- Target SLO doc - 25 nodes
- Borg - ~10,000 nodes
- Sep 2015, Kubernetes 1.0 - 100 nodes
- “Kubernetes Has A Ways To Go To Scale Like Google, Mesos” by Timothy Prickett Morgan
- March 2016, Kubernetes 1.2 - 1,000 nodes
- July 2016, Kubernetes 1.3 - 2,000 nodes
- Work by Clayton Coleman, guest of Episode 85
- March 2017, Kubernetes 1.6 - 5000 nodes
- etcd v3 improvements for web scale
- Scalability Envelope
- Today’s scalability numbers
- EndpointSlices
- JD.com’s 10,000 node clusters
- Alibaba’s 10,000 node clusters
- Google’s 15,000 node GKE clusters
- Twitter session at the upcoming Google Cloud Next by Reza Motamedi and Maciek Różacki
- Poseidon and Firmament
- Wojciech Tyczynski:
Over the past 20 years, Mirantis has grown from an outsourcing company for semiconductor engineers to a product company that is the new home of Docker Enterprise. Past and present CEO and “co-founder” Adrian Ionel oversaw Mirantis’s adoption of OpenStack and purchase of Docker’s enterprise business, and he joins the show to discuss them both.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- New CNCF projects:
- jFrog ChartCenter
- KubeCon “EU” schedule
- Gloo 1.4
- Frigate by Jacob Tomlinson
- Checkov by Bridgecrew
- Contour 1.6
- ACI and Docker integration now public
- gRPC-Web for .NET now GA
- HP Ezmeral
- Codefresh raises $27m
- Mirantis
- OpenStack
- At Mirantis
- Built by NASA and Rackspace
- Fuel from Mirantis
- Adrian leaves Mirantis in 2015
- Did anyone call John Sculley?
- Adrian returns in 2018
- Infrastructure as Code
- Mirantis Bring-your-own Kubernetes and Kubernetes as a Service
- Mirantis acquires Docker Enterprise
- Kontena closes and the team joins Mirantis
- Mirantis joins Airship project
- First release of Docker Enterprise from the merged team
- The Mirantis Bear
- Adrian Ionel on Twitter
Last week Loodse, the makers of the Kubermatic Kubernetes Platform, made that platform open source, and rebranded their company to match. Co-founder Sebastian Scheele joins us to explain how the company and platform came about, why they’ve made their changes, and what exactly a Loodse was anyway.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubermatic 2.14 now Open Source
- HashiCorp Cloud Platform and new versions of Nomad, Terraform and Consul
- Flagger 1.0
- OpenMatch 1.0
- Harbor graduates at the CNCF
- SPIFFE and SPIRE move to incubation level
- GKE goes to 15,000 nodes with Bayer Crop Science
- Tsunami: extensible network scanning from Google
- AWS App Mesh controller for Kubernetes is GA
- Dell announces PowerScale storage
- Gocker: a mini Docker written in Go by Shuveb Hussain
- The Kubernetes Goat by Madhu Akula
- Storpool and Sardina launching Kubernetes-as-a-Service
- Kubernetes website adopts Docsy
- Getting started with Oracle 18c on Kubernetes by Ron Ekins
Two years ago, Sarah Wells from the Financial Times gave a KubeCon EU keynote about how the company moved from monolith to microservices, and how her Content and Metadata platform team moved to Kubernetes specifically. She joins hosts Adam and Craig to recap that migration, and what life has been like since. As Sarah has moved to a broader role in charge of all observability for The FT, she also invited Dimitar Terziev, the current platform lead for the CM team, to the conversation.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- kube2hadoop from LinkedIn
- Kubera from Mayadata
- Linkerd 2.8
- Consul 1.8
- Intro to Istio Ingress from Banzai Cloud
- Cloudflow 2.0.0
- Google internships go virtual to help Open Source
- Introducing the CNCF Technology Radar
- CNCF SIG Observability
- Loft (and Reddit thread)
- Jib 2.4 announcement and Jib extensions
- Zerto for Kubernetes
- AKS 2020-06-08 adds node image upgrade and application gateway ingress controller
- Cloudera Data Platform for Private Clouds
- Cloudbees introduces DoD compliant CI, now with a CtF to deploy into an environment with an ATO, which meets DISA STIG and NIST RMF security guidelines
- Microsoft discovers cryptojacking in Kubeflow clusters on Azure
- Gokul Chandra writes up Anthos
- Financial Times
- Coronavirus coverage
- FT Crossword
- KubeCon EU 2018 keynote: “Switching Horses Midstream: The Challenges of Migrating 150+ Microservices to Kubernetes” by Sarah Wells
- Monzo microservices graph
- CoreOS Fleet
- Innovation tokens: Choose Boring Technology by Dan McKinley
- Dashing from Shopify
- Sarah and Dimitar on Twitter
After 5 years at the helm of the CNCF, executive director Dan Kohn is stepping down to launch a new Public Health initiative. The new General Manager of the CNCF is Priyanka Sharma, who joins our show today. Priyanka tells Craig and Adam what to expect, talks about virtual events, and gives some hints on how to rename projects.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Frog Leap Studios
- Tubthumping (originally by Chumbawamba)
- Hello (originally by Adele)
- Rancher Longhorn is GA
- Fairwinds Polaris is GA
- AKS does new networking things
- Kubecost’s cluster-turndown saves you money
- Solo Developer Portal for Istio
- CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
- CVE-2020-8555: Half-Blind SSRF in kube-controller-manager
- Write-up from “Reeverzax” and “Hach”
- Ambassador 1.5 released
- Microk8s for Windows and Mac
- Finding your GKE logs by Rami Shalom and Charles Baer
- Business continuity with Anthos
- CNCF Cloud Engineer Bootcamp
- CKA program changes
- Lessons learned by Noah Kantrowitz of Ridecell
- Lightstep
- OpenTracing
- GitLab
- CNCF
- Events:
- CNCF Technical Oversight Committee
- CNCF Projects
- Other projects: Ollie
- Priyanka Sharma on Twitter
In a world where pods (and IP addresses) come and go, DNS is a critical component. John Belamaric is a Senior SWE at Google, a co-chair of Kubernetes SIG Architecture, a Core Maintainer of the CoreDNS project and author of the O’Reilly Media book Learning CoreDNS: Configuring DNS for Cloud Native Environments. He joins Craig and Adam to discuss CoreDNS, the evolution of DNS in Kubernetes, and how name resolution has been made more reliable in recent releases.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Death of George Floyd
- SpaceX Crew Demo 2 launch
- Sunniest Spring on record in the UK
- A small test rocket launch in Scotland
- UK spaceport (proposed)
- New Zealand spaceport (active)
- Priyanka Sharma replaces Dan Kohn at the CNCF
- Starboard, by Aqua Security
- Docker Enterprise 3.1 from Mirantis
- Docker and Microsoft; Microsoft and Docker
- Velero v1.4
- Agones v1.6
- Chef adds Windows container migration for GKE
- Red Hat adds Quarkus to Red Hat Runtimes
- AWS encrypts Fargate ephemeral disks in v1.4
- PlanetScale open sources a Vitess operator
- Kubernetes provider for Hashicorp Terraform
- Google Vulnerability Reporting Program adds GKE
- Tools for debugging apps on Google Kubernetes Engine by Charles Baer and Xiang Shen
- How Migrate for Anthos helps modernize Java apps
- Helm project journey report
- Episode 102, with Matt Butcher
- Helm 3: the Good, the Bad and the Ugly by Sandor Guba of BanzaiCloud
- NIST deployment guidelines for proxy-based Service Mesh by Ramaswamy Chandramouli of NIST and Zack Butcher of Tetrate
- The World of kubectl Plugins: a YouTube series by Ahmet Alp Balkan
- Domain Name System
- Infoblox
- Kubernetes Service
- CoreDNS; the default DNS server for Kubernetes since 1.11
- SkyDNS
- Miek Gieben; author of CoreDNS and SkyDNS version 2
- Caddy: the HTTP server upon which CoreDNS is based
- Dnsmasq
- CoreDNS plugins
- Node Local DNS cache and KEP
- BIND
- Unbound DNS resolver
- Explanatory blog posts:
- Learning CoreDNS: Configuring DNS for Cloud Native Environments by John Belamaric and Cricket Liu
- Policy integration
- SIG Architecture
- A DNS haiku
- John Belamaric on Twitter
Over the last 10 years, Cloud Foundry has grown from “open Heroku clone” to “software used at your bank”. The Cloud Foundry Foundation and the CNCF launched within a few months of each other in 2015, and the two worlds are now colliding as Cloud Foundry replatforms on top of Kubernetes. Our guest this week is the Executive Director of the Cloud Foundry Foundation, Chip Childers. He talks to Adam and Craig about foundations, the boredom of infrastructure, and the cost of every line of code you write.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Memorial Day
- Spring Bank Holiday
- Sundar Day
- Cracking the Cryptic: Sudoku solving and more
- 4 million views
- Craig’s favourite: watch Simon’s excitement
- Guardian article
- cheat3: Lego puzzle boxes
- Istio 1.6 released
- Azure Arc for Kubernetes now in preview
- New AKS features
- GKE introduces Container Threat Detection in Beta
- TriggerMesh makes EveryBridge available to EveryOne in Preview
- Introducing KES from MinIO
- Updates to StackRox Kubernetes security platform
- OPA survey results
- Styra DAS adds microservices authorization
- Rancher Academy
- Understanding Anthos on Bare Metal from Google Cloud
- Snyk partners with Docker and Docker partners with Snyk
- Kubernetes Apply vs. Replace vs. Patch by David Dooling from Atomist
- DMTF and DTMF
- Apache CloudStack
- Apache Software Foundation
- Cloud Foundry
- Boeing B-29 plane
- Pivotal Software
- Linux Foundation Collaborative Projects
- Open Container Initiative
- April 2020: Chip Childers, CFF CTO, becomes Executive Director
- Episode 98, with Sam Ramji (the founding CEO/Executive Director of the CFF)
- Project Eirini: announced by IBM in April 2019
- Old architecture: Diego and Garden
- KubeCF
- cf-for-k8s
- Chip Childers on Twitter
SIG Network is completely rethinking the way you define groupings of applications (Service) and get traffic sent to them (Ingress) by building the Service APIs, a new set of primitives which are better suited to how different groups of users interact with them. Bowei Du is a Tech Lead on GKE and a member of SIG Network who is leading the design and implementation of these new APIs, as well as working on getting Ingress to GA in Kubernetes 1.19.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Google Cloud Next On Air
- Harbor 2.0
- Azure introduces 10c/hr uptime SLA and Kubernetes 1.18 in preview
- Red Hat announces Amazon Red Hat OpenShift
- Linode Kubernetes Engine is Generally Available
- VMware to acquire Octarine
- Venafi to acquire Jetstack
- Maesh 1.2
- Grafana 7.0
- AWS CDK for Kubernetes (cdk8s)
- Call to participate in CNCF survey
- Load balancing algorithms in Envoy by Tony Allen
- Bowei’s PhD:
- CAP theorem
- TIER project: Technologies and Infrastructure for Emerging Regions
- Delay-tolerant networking (DTN)
- Service
- EndpointSlices
- Health checks:
- Ingress
- cert-manager
- ingress-nginx
- TLS is only on port 443
- 2018 Ingress survey
- Conformance profile
- Episode 41, with Tim Hockin
- Ingress moving to GA in 1.19
- Service APIs
- Evolving the Kubernetes Ingress API to GA and beyond by Bowei and Christopher Luciano from IBM
- A sketch of the API
- GatewayClass and StorageClass
- KEP for adding L4
- Multi-Cluster Services API proposal
- Bowei Du on Twitter
More gripping than a crime scene in Las Vegas, the Container Storage Interface (CSI) lets vendors interface with Kubernetes. Saad Ali from Google led development of Kubernetes storage, including the CSI and volume subsystem. He joins hosts Adam and Craig for an in-depth look at how storage works in Kubernetes.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam’s puzzle
- How they made The Mandalorian
- Fraggle Rock: Rock On!
- Lockdown music videos:
- IBM Cloud Satellite
- Google Cloud Buildpacks
- Anthos for app modernisation via CI/CD and transforming legacy Java applications
- Azure Container Registry adds dedicated data endpoints
- Amazon ECR: multi-architecture containers
- Amazon Cloudwatch adds Prometheus metrics
- run:AI creates fractional GPU sharing for Kubernetes
- The State of Cloud Native Development: CNCF survey (PDF)
- VMware’s State of Kubernetes 2020 (PDF)
- Gatekeeper Policy Management from SIGHUP
- Datastax Astra on GCP and Sam Ramji’s blog
- Introducing PodTopologySpread by Aldo Culquicondor and Wei Huang
- Pod Security Policies at Square by Jason Price
- Introduction to OpenTelemetry by Ran Ribenzaft
- Kubernetes and Istio on the F-16 jet: CNCF case study
- GKE logging introduction by Charles Baer and Xiang Shen
- Helm and Kustomize, better together
- SIG Storage
- KubeCon keynote: Debunking the Myth: Kubernetes Storage is Hard
- Episode 41 with Tim Hockin
- Docker: Volumes
- Volumes
- Persistent Volumes
- In-tree volume plugins (deprecated)
- FlexVolume
- Container Storage Interface
- Kubernetes CSI docs
- CSI GA announcement
- CSI sidecar containers
- Ephemeral CSI volumes (Beta)
- Secrets Store CSI driver
- Local persistent volumes
- Data populators KEP
- CSI topology
- Topology-aware volume provisioning
- CSI for Persistent Memory
- GKE on AWS
- CSI TV theme songs
- The Who: Substitute
- Saad Ali on Twitter
In celebration of Helm graduating to a top-level CNCF project, Adam and Craig. talk to its creator and primary architect, Matt Butcher of the Deis Labs team at Microsoft Azure.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam talks about these baby wipes
- Craig talks about these baby wipes
- Red Hat Virtual Summit news:
- Azure Kubernetes Service: Windows Server Containers, Private Clusters and Managed Identities now GA
- Windows Server Containers are GA on GKE too
- Episode 70, with Patrick Lang
- Ingress for Anthos
- Explore Anthos with a sample deployment
- Celebrating Helm’s graduation
- The Safety Boat: Kubernetes and Rust by Taylor Thomas from Deis Labs
- Announcing Vitess 6
- Couchbase Autonomous Operator 2.0
- Kong for Kubernetes 0.8
- Tern 2.0
- KubeCon + CloudNativeCon Europe 2020
- Alcide look at Kubernetes as a Service
- Anthos Service Mesh deep-dive
- GigaOm Radars, by Enrico Signoretti
- Matt Butcher
- Celebrating Helm’s graduation
- Helm
- History of Helm
- Deis
- The Illustrated Childrens Guide to Kubernetes
- k8splace
- Deployment Manager for Kubernetes
- Skippbox
- Bitnami
- Helm 3 transition by Matt Fisher
- Upgrading from Windows 1.0 to 8.0
- Helm charts and Helm Hub
- TUF and in-toto
- Is there a Helm and Operators showdown?
- First Helm Summit
- Episode 43, with Brian Grant
- Swag
- Deis acquired by Microsoft, 3 years ago
- CNAB, Brigade and Krustlet
- Techne and Sophia
- Matt Butcher on Twitter
Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- The cupboard was bare
- Marmite is not a satisfactory substitute for baking yeast
- 4D jigsaw puzzles (or a picture, if not for sale in your location)
- Anthos for AWS is now Generally Available
- Eurosys ‘20:
- Cloud Foundry becomes more Kubernetes-native with cf-for-k8s
- Paketo Buildpacks
- Changes to Kubernetes release cycles for 2020
- Aqua Security announces Dynamic Threat Analysis
- RHEL 8.2 adds new container tools
- Red Hat product life cycle changes
- Flatcar Linux now supported on VSphere
- sKan from Alcide
- kubeletctl from CyberArk
- xls-kubectl by Daniele Polencic of Learnk8s
- Microsoft’s new reverse proxy
- Running decades-old games in containers by Misha Brukman
- TorchServe and TorchElastic for Kubernetes by Facebook and AWS
- Project Astra from NetApp
- Styra adds mutating webhooks to Declarative Authorization Service
- Simulating clock skew by PingCAP
- Open Policy Agent
- Styra
- Episode 42 with John Murray
- Plate smashing
- OASIS XACML
- The origin of Open Policy Agent and Rego
- Founded in 2015: first commit
- Donated to the CNCF Sandbox in 2018 and moved to incubation in 2019
- Rego configuration language
- Running as a Go API
- Bundles
- Admission controllers in Kubernetes
- Existing Kubernetes policies
- OPA Gatekeeper: Policy and Governance for Kubernetes
- OPA and WebAssembly
- Hooli examples
- Tim Hinrichs and Torin Sandall on Twitter
To celebrate our 100th episode we welcome back our first ever guest, Paris Pittman, open source program manager at Google Cloud and member of the Kubernetes steering committee - among many other roles. Along with hosts Adam and Craig, Paris looks at how the community has changed and how it has stayed the same, and how other projects are able to adopt learnings from Kubernetes.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- 100 episodes!
- New Tanzu announcements
- Surge upgrades for GKE
- Spot and system/user node pools on Azure Kubernetes Service
- Portworx Essentials
- OpenShift Container Storage 4.3
- Magicpak by Hiromi Ogawa
- Pluto from Fairwinds
- Trow featured in the New Stack
- Using Apache SkyWalking to fix the blind spot of distributed tracing
- Lyft takes Envoy Mobile to production
- gRPC and Kotlin
- Gloo 1.3
- Envoy Wasm filters at Banzai Cloud
- faasd by Alex Ellis
- Kubernetes Fury Distribution 1.1
- NeuVector adds Vulnerability and Compliance Explorer
- Infra.app adds Linux support
- Node Local DNS cache by Povilas Versockas
- Cheeky Monkey by Rich Stokes
- Anthos: Under The Hood by the Google Cloud Developer Advocacy team
- Kubernetes Operators by Jason Dobies and Joshua Wood of Red Hat
- Cloud Foundry Platform Certification includes Kubernetes
- Announcing the Kubernetes Contributor Communications team
- Lachlan Evenson joins the Kubernetes steering committee
- CFP opens for KubeCon US
- Fluentd project journey report
- Seven CNCF interns graduate the CommunityBridge program with more to come
- Episode 1, also with Paris Pittman!
- Kubernetes Slack
- SIGs and Working Groups
- Code of Conduct Committee
- Product Security Committee
- SIG Working Group Lifecycle doc
- SIG PM retirement
- Chairs and TL roles
- Not much love to go round?
- Subprojects - they rule everything around Paris
- CNCF Contributor Strategy SIG
- CNCF Observability SIG
- Kubernetes Community communication guidelines
- Zoom guidelines
- Kubernetes upstream marketing - Contributor Communications team
- YouTube PE
- Charter: Ethos and guidelines
- API conventions doc
- The Art of Community by Jono Bacon
- O’Reilly Linux Pocket Guide by Daniel Barrett
- Oh, The Places You’ll Go! by Dr Seuss
- Episode 74, with Jorge Castro
- Animal Crossing: New Horizons
- Paris Pittman on Twitter
kpt (“kept”) is a new open-source tool for Kubernetes packaging built by Google Cloud. Morten Torkildsen is an engineer at Google, focusing on configuration management and the workloads APIs, and he worked on Kpt. He explains it to Adam, while Craig fills his mind with penguins.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- The Easter Bunny is an Essential Worker in New Zealand
- From the archives: Dragon research (discussed in Episode 53)
- Keepers are letting the penguins run loose at Oregon Zoo
- CNCF projects:
- Volcano joins the Sandbox
- Dragonfly moves to incubation
- Argo moves to incubation
- Argo CVEs by Matt Hamilton of Soluble
- Docker announces Compose specification
- Nautilus: a tool for visualising Docker Compose files
- Deis Labs introduces Krustlet:
- Tekton now in Beta
- Microsoft publishes attack matrix for Kubernetes
- Huawei announces Mindspore deep learning framework
- Service Mesh Hub from Solo
- Mixerless Telemetry in Istio by Zsolt Varga of Banzai Cloud
- Amazon launches Fargate platform v1.4.0
- Rook 1.3
- Red Hat:
- Canonical launches managed apps
- When to use Helm and when to use Operators by Matt Butcher
- Controlling outbound traffic from Kubernetes by Jack Kleeman and Chongyang Shi at Monzo
- API Priority and Fairness Alpha by Min Kim, Mike Spreitzer and Daniel Smith
- Hubspot moves Zookeeper to Kubernetes
- Graceful shutdown in Kubernetes is not always trivial by Ilya Andreev from Flant
- Open Container Initiative icons
- Kubernetes Workshop in a Box by Pascal Widdershoven
- kpt
- Kubernetes Resource Model
- helm template command
- kpt apply vs kubectl apply
- Configuration as Code
- kpt Setters
- Domain-specific languages
- Examples and Kubernetes examples you can use with kpt
- kpt functions
- Installing kpt
- kpt on GitHub
- Morten Torkildsen on Twitter
Apache Cassandra, a scale-out datastore, is becoming more Kubernetes-native. Sam Ramji is Chief Strategy Officer at DataStax, a company that builds Cassandra-based products. He explains how DataStax has pivoted back towards supporting upstream Cassandra, and how they’re making it easier to manage on Kubernetes. As always, we also cover the news of the week, and we look at what is and is not a dinosaur.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- kpt:
- Announcement
- Site
- Contributors:
- Episode 7, with Phillip Wittrock
- Episode 11, with Vic Iglesias
- Episode 29, with Janet Kuo
- Episode 43, with Brian Grant
- Possible meanings, thanks to Daniel Roth and Blender Fox
- What does it really stand for? Please tweet us at @kubernetespod. Wrong answers only!
- Kubernetes 1.18 deep-dives:
- New GitLab features
- Rancher 2.4
- Sidekick, from Minio
- Cortex 1.0
- Kubernetes CVE-2019-11254
- Kubernetes Kapsule: managed clusters from Scaleway
- Build your own Kubernetes controller by Nicolas Fränkel
- Kubie, by Simon Bernier St-Pierre
- Serving repository move from Google to community control
- mkit from Darkbit
- oneinfra by Rafael Fernández López
- Cost savings with Kubernetes by Henning Jacobs
- Planetscale goes multi-cloud
- 30 days of free training from Google Cloud
- Critical vulnerabilty in HAProxy
- Well-being tips from the CNCF
- Chief Strategy Officer
- Sam at Microsoft
- Apache Cassandra
- CAP theorem - Cassandra is AP, eventually consistent
- ACID and BASE
- NewSQL
- The road to Cassandra 4.0 by Patrick McFadin
- DataStax
- 501c3 and 501c6 US organizations
- Cloud Foundry Foundation
- Cassandra Enhancement Proposals (CEP)
- Pluggable storage engines
- Instagram’s “Rocksandra” Cassandra fork and Amazon’s Rocksandra fork
- Sam Ramji on Twitter
Jaeger is a distributed tracing platform built at Uber, and open-sourced in 2016. It traces its evolution from a Google paper on distributed tracing, the OpenZipkin project, and the OpenTracing libraries. Yuri Shkuro, creator of Jaeger and author of Mastering Distributed Tracing, joins Craig and Adam to tell the story, and explain the hows and whys of distributed tracing.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Music from Home:
- You Don’t Know Jack
- Galaxy Trucker
- Free books from the Sesame Workshop
- The Monster At The End Of This Book
- Update on the update on the update on KubeCon EU: now 13 to 16 August, and possibly online.
- Virtual Rejekts on 1 April
- Datastax Cassandra Operator and Management API
- PromCat: Prometheus Catalog from Sysdig
- Evaluating Predictive Autoscaling in Kubernetes by Jamie Thompson
- Provision a certificate and key for an application without Istio sidecars by Lei Wang
- How to Secure Your Kubernetes Cluster on GKE by Lewis Marshall
- Upcoming changes to IP assignment for EKS Managed Node Groups and De-mystifying EKS networking by Nathan Taber
- Ops tips by Ciro S. Costa: Quality of Service and OOM, and Kubernetes Secrets
- Google upgrades to Platinum membership of Cloud Foundry Foundation
- CNCF Case Study: Vodafone
- Yuri Shkuro
- Open Source at Uber
- Episode 84: Monitoring, Metrics and M3, with Martin Mao and Rob Skillington - another open source project from Uber
- Mastering Distributed Tracing - Yuri’s book
- Service-Oriented Architecture: Scaling the Uber Engineering Codebase As We Grow by Einas Haddad
- What is Distributed Tracing?
- Evolving Distributed Tracing at Uber Engineering - Yuri’s blog post
- OpenZipkin
- TChannel
- OpenTracing
- Towards Turnkey Distributed Tracing by Ben Sigelman
- Jaeger
- Jaeger in Istio and trace context propagation
- OpenTelemetry: merging OpenTracing and OpenCensus
- A Brief History of Tracing (So Far) by Ben Sigelman and Morgan McLean
- Jaeger and OpenTelemetry
- Now officially in Beta!
- Google Dapper paper
- OpenTracing joined CNCF in 2016
- What is a jaeger?
- Red Hat Hawkular
- Jaeger joins the CNCF in 2017 and graduates in 2019
- Jaeger Analytics
- Yuri Shkuro on Twitter
Kubernetes 1.18 is out - almost! A bug has pushed it back a day. While you’re waiting, release team lead Jorge Alarcon will tell you all about the fit and finish you can expect in the release when it’s out tomorrow. Adam and Craig bring you the other community news of the week, as well as some podcast follow-up.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes 1.18 is out!
- Well, not quite yet: this regression is being fixed
- Enhancement tracker
- Windows features:
- Ingress API
- kubectl diff and APIServer dry-run
- kubectl debug
- CNCF SIG Contributor Strategy
- Kong ingress controller and Istio service mesh by Kevin Chen
- KubeCF becomes a Cloud Foundry Foundation incubation project
- Platform9 adds two new tiers
- Backyards 1.2
- Red Hat adds support for installing OpenShift on top of RHV
- Google Cloud Game Servers
- Kubei, a new open source runtime vulnerabilty scanner by Portshift
- Azure Container Registry adds customer managed keys
- AKS adds Ubuntu 18.04
- Kubernetes security announcements
- Using Inspektor Gadget to add network policies
- okteto push
- D2iQ changes CEOs
- Spectro Cloud comes out of stealth
- Kubernetes 1.18 release blog
- Computational biology and folding proteins
- Data for Democracy
- Kubernetes Up and Running by Joe Beda, Kelsey Hightower, and “the other guy”
- The Kubernetes Slack
- Searchable.ai
- Episode 72, with Lachlan Evenson
- Sidecar containers
- 1.19 release lead: Taylor Dolezal
- Jorge on Twitter and alejandrox1 on the Kubernetes Slack
If you’re running Kubernetes, you’re running etcd. The distributed key-value store was started as an intern project at CoreOS by Xiang Li, who is still maintaining it but now working on infrastructure at Alibaba. Xiang joins your hosts to discuss.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Getting toilet paper be like
- So, stay at home and play with free synth apps!
- Korg Kaossilator: download for Android or iOS
- MiniMoog Model D: download for iOS
- iSongs on YouTube
- vSphere 7 and VMware Tanzu announcements
- Docker announces new strategy and roadmap
- Hitachi Vantara acquires Containership’s assets
- Lens, now from Lakend Labs
- KEDA and SMI join the CNCF Sandbox
- AWS Bottlerocket blog post and GitHub repo
- Enable encryption on App Mesh with custom or ACM certs
- EKS supports Kubernetes 1.15
- Firecracker thread by Micah Hausler
- gVisor thread by Ian Lewis
- Kublr adds rolling upgrades
- Google Cloud moves to its own ACME certificate provider
- GKE Workload Identity is GA
- Analysis of Redis operators by Flant
- Bank Vaults 1.0 and HSM support by Banzai Cloud
- CNCF joins Google Summer of Code
- Lifemiles case study
- Rancher Labs raises $40m
- etcd
- How Kubernetes uses etcd
- The history of etcd, including the famous garage
- Built to handle upgrading CoreOS Container Linux nodes
- Prior art:
- Paxos
- Multi-Paxos
- raft
- Announcing etcd
- etcd3 moved from a tree keyspace to flat keyspace
- etcd and Kubernetes at Alibaba:
- The first etcd operator created by Xiang
- Jepsen tests of 0.4.1 and 3.4.3
- CNCF to host etcd in December 2018
- etcd roadmap
- Xiang Li on GitHub
- Xiang Li on Twitter
Richard Belleville works at Google on gRPC, a high-performance, universal RPC framework. Richard used gRPC before joining Google to work on it; he talks to the hosts about its history and derivation from Google’s internal Stubby, how it works, and how it differs from other RPC and messaging systems.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Castlevania series 3 on Netflix
- Bad video game adaptations
- Hitchhiker’s Guide to the Galaxy - 42nd anniversary
- Istio 1.5:
- Google Cloud’s new strategy for the telecommunications industry
- Managed Kubernetes pricing comparison
- HPE Container Platform is Generally Available
- Contour 1.2 and Velero 1.3
- Case studies:
- A survey of Istio’s network security features by Jack Leadford at NCC Group
- TIKV security audit
- Adrian Colyer looks at the Firecracker paper
- EKS adds AWS Encryption Provider
- 2019 CNCF Survey results
- Sidecar containers not in 1.19 after all
- KubeCon EU not on in Mar/Apr after all
- gRPC
- What is gRPC?
- gRPC Basics meetup video: a recent presentation by Richard at the Orchestructure meetup
- RPC vs messaging
- What does the G stand for?
- NASA Robotic Mining Challenge
- Protocol Buffers
- Stubby became gRPC
- Abseil: an open source collection of C++ libraries drawn from the most fundamental pieces of Google’s internal codebase
- Chubby lock services (the inspiration for etcd)
- Bidirectional streaming
- Polling engines
- Swagger/OpenAPI
- gRPC + JSON by Carl Mastrangelo
- HTTP/2
- Supported languages
- gRPC Core
- gRPC-web
- Users
- Graduating the CNCF
- Richard Belleville on Twitter
Kubeflow, the Machine Learning toolkit for Kubernetes, has hit 1.0. Google software engineer Jeremy Lewi is a core contributor to Kubeflow and was a founder of the project. He joins the show to discuss what Kubeflow does, and what it means to have hit 1.0.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Over the Road
- Over The Top and its amazing poster
- 13 Minutes to the Moon
- With soundtrack by Hans Zimmer
- We love our theme music, but its composer has fewer Academy Awards.
- KubeCon Novel Coronavirus update
- Kubeflow 1.0 is out
- Kubernetes 1.18-beta.1
- Screwdriver joins CD Foundation
- Introducing Arkade by Alistair Hey
- Install Kubernetes to your Raspberry Pi in 15 minutes by Alex Ellis
- Weathervane 2.0 from VMware
- AKS: Spot node pools and container scanning
- Vulnerable Containers API by Jerry Gamblin
- Advanced Persistence Threats: The Future of Kubernetes Attacks by Ian Coldwater and Brad Geesaman
- Everyone might be Cluster Admin in your Kubernetes cluster by Jeff Geerling
- Mirantis acquires Kontena
- CSI driver for Google Cloud Storage by Ofek Lev
- Bring your ideas to the world with kubectl plugins by Cornelius Weig
- Optimizing I/O intensive containers by Jay Huang
GPUs do more than move shapes on a gamer’s screen - they increasingly move self-driving cars and 5G packets, running on Kubernetes. Pramod Ramarao is a Product Manager at NVIDIA, and joins your hosts to talk about accelerators, containers, drivers, machine learning and more.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Printer networking
- Adam wants software-defined faucets
- Glowing LED faucet - where does the electricity come from?
- Faucet, a SDN controller
- Google Cloud launches Application Manager for GKE in Beta
- GKE Surge Upgrades GA
- GKE Node Locations GA
- Anthos Ready Storage qualification
- Kafka disaster recovery with Supertubes from Banzai Cloud
- StackRox’s State of Container and Kubernetes Security report
- Cilium 1.7
- Convox launches multi-cloud
- Pangolin, an experimental Kubernetes autoscaler by Damian Peckett
- Dell/EMC rack-in-a-box
- Platform9 now distributed by Promark
- GKE security updates & defense-in-depth strategies
- Best practices for enterprise multi-tenancy with GKE
- Andrew Allbright contributes to Minikube
- Kubernetes Contributor Summit schedule announced
- That discount code again again again: KCEUGKP15
- NVIDIA
- Graphics Processing Unit (GPU)
- Differences between CPU and GPU
- The math co-processor
- General-purpose computing on GPUs (commonly known as GPGPU)
- CUDA, with a C
- OpenGL and Vulkan, with a K
- Kubernetes on NVIDIA GPUs
- Device plugins for Kubernetes and scheduling GPUs
- NDC Hub for drivers and containers
- NVIDIA EGX for Edge computing with Kubernetes
- Deep Learning Training vs Inferencing
- NVIDIA GPU operator
- Pramod Ramarao
We dive into the Linux kernel this week with guest Leonardo Di Donato, Open Source engineer at Sysdig. Leonardo works full-time on the Falco project, a runtime security engine that listens to the Linux kernel using eBPF - the extended Berkeley Packet Filter. Leonardo tells the hosts about the architecture of eBPF, how he has used it before and now, and what’s coming up for Falco.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Apache Flink v1.10
- Linkerd v2.7
- Azure Container Registry to require TLS 1.2
- CPU limits and aggressive throttling in Kubernetes - Omio Engineering by Fayiz Musthafa from Omio
- Kiosk
- Docker donates the cnab-to-oci library to cnab.io
- How-to Guide: Debugging a Kubernetes Application
- Nutanix Karbon 2.0
- Childcare and COVID-19 at KubeCon EU
- That discount code again again: KCEUGKP15
- Red Hat OpenShift is now available for IBM Z and LinuxONE
- Why Kubernetes on VMs? by Chip Zoller
- Securely Access AWS Services from Google Kubernetes Engine (GKE)
- Carbon Relay raises $63 million
- Traditional Linux tracing tools: perf and strace
- BPF and eBPF
- bpftrace
- InfluxDB Cloud
- kubectl-trace
- The IO Visor project
- Sysdig
- Loris Degioanni, co-founder, CTO, and author of Wireshark
- Falco
- Upcoming KubeCon EU talks by Leonardo:
- Falco community:
- Leonardo Di Donato on Twitter
Peter Mattis is a creator of the CockroachDB open source database and co-founder and CTO of Cockroach Labs. His history in open source goes back to the creation of the GIMP image editor and UI toolkit Gtk at university in 1995, and his history at Google saw him work on storage and build systems. Hosts Craig and Adam ask him about all of the above.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Storm Ciara:
- Docker Index
- Apache Aurora:
- containerd Project Journey Report
- CoreOS End-of-Life
- Developing in Production by Will Sargent at Terse Systems
- Thanos Operator from BanzaiCloud
- Clear Linux OS now Certified Kubernetes
- Helm 3 in Real Life by Dawid Ziolkowski
- Kubernetes storage patterns by Nitish Tiwari
- Integrate Cloud Foundry with Kubernetes using the cf-operator and kubecf
- Deploying External OpenStack Cloud Provider with Kubeadm
- Frame.io Falco case study
- Supporting developers as they scale: a free Kubernetes eBook from DigitalOcean
- Register Now: KubeCon + CloudNativeCon EU Day Zero Events
- That discount code again again: KCEUGKP15
- GIMP, the GNU Image Manipulation Program
- Pre-history
- GTK, the GIMP Toolkit
- Inktomi
- Colossus
- Bazel
- Square Acquires Ex-Googler Team Behind Viewfinder To Help Grow Its NYC Presence
- CockroachDB article
- Spanner and F1 papers
- CAP theorem
- Google Cloud Spanner
- Ticktock Networks and the HUYGENS paper
- Cockroach Labs
- Orchestration with Kubernetes
- Relicensing CockroachDB
- Geospatial indexing
- CockroachDB on GitHub
- Peter Mattis on Twitter
GitLab is a single application DevOps platform, including source code management and CI/CD tools for targets including Kubernetes. The application itself runs on Kubernetes, including in its largest installation, the SaaS version at gitlab.com. Marin Jankovski is an Engineering Manager at GitLab, where he was Employee #1. He joins Craig and Adam to talk about migrating to Kubernetes, remaining a monolith, and the company value of radical transparency.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- CNCF TOC election results
- HPE acquires Scytale
- CNCF announces KubeCon EU schedule
- The actual schedule
- That discount code again: KCEUGKP15
- Run Windows Server Containers on GKE
- Cisco Hyper-Accelerates Applications in a Hybrid Multicloud Hyper-World
- AKS 2020-01-27 release
- AWS Container Security Survey by Michael Hausenblas
- Infra.app
- A bit of Istio before tea-time by Alex Ellis
- etcd blog on being tested by Jepsen
- How Fluentd collects Kubernetes metadata by Brady Zuo
- Troubleshooting Kubernetes OOM by Carlos Arilla
- DNS Lookups in Kubernetes by Karan Sharma
- Community collaboration on Notary v2 by Justin Cormack
- CNCF Speaker’s Bureau: a great resource
- MayaData raises $26m
Madhura Maskasky is co-founder and VP of Product at Platform9, a company who manage both OpenStack and Kubernetes. She talks to Adam and Craig about the transition from VMs to containers, why OpenStack is still relevant, and what they have to do to be able to offer a 99.9% SLA on cloud-native applications.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Bad news from both Australia Day and Chinese New Year
- Schitt’s Creek
- VMware: Introducing Project Nautilus
- Google Cloud Config Connector
- Octarine open-sources the Kubernetes Common Configuration Scoring System (KCCSS) and kube-scan
- KubeNav, by Rico Berger
- Permission Manager by SIGHUP
- KubeInvaders: gamified chaos engineering
- CSI inline ephemeral volumes
- Reviewing 2019 in Kubernetes docs
- CSI driver support for Dell/EMC Isilon
- CNCF annual report
- Sign up for KubeCon EU and get 15% off with discount code KCEUGKP15
- TriggerMesh receives $3m seed funding
- AWS lowers EKS price
- Platform9
- kubevirt
- Webinar recording: KubeVirt – Beyond Containers: Coming full circle back to VMs!
- OpenStack Ironic
- Cluster API
- Thick Edge and thin Edge
- Managed Apps with 99.9% SLA
- Kubernetes in Production: Operating etcd with etcdadm
- 6 Enterprise Kubernetes Takeaways from KubeCon 2019, San Diego, and 5 from Barcelona before it
- Platform 9 and 3/4
- Platform9 on Twitter
- Madhura Maskasky on Twitter
Self-driving cars need self-driving backend infrastructure. Karl Isenberg is the tech lead & manager of the platform team at Cruise, a self-driving car company backed by GM and Honda. He joins hosts Craig and Adam to discuss two years of running multitenant Kubernetes.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers
- Support for Windows 7 has ended: don’t use it for internet banking
- Stefanie Stuber’s uncommon The Voice performance
- Kubernetes bug bounty announcement, funded by the CNCF
- GKE CIS Benchmarks deliver security best practices
- Octopus: how Kyma does integration testing in Kubernetes
- Elastic Cloud on Kubernetes (ECK) now GA
- Red Hat OpenShift v4.3 now almost GA
- Fedora CoreOS now GA
- Istio as an Example of When Not to Do Microservices by Christian Posta
- Backyards 1.1 from Banzai Cloud
- k3c from Darren Shepherd at Rancher Labs
- Continuous GitOps by Arun Ramakani
- Werf 1.0 by Flant
- New Anthos training from Google Cloud
- Dauntless case study
- KubeDR by Catalogic
- Kubernetes on MIPS by Inspur
- Cruise
- We Need To Move Beyond The Car, by CEO Dan Ammann
- Lombard St
- Karl’s KubeCon talk
- Managing Kubernetes RBAC Groups by Stephen Day
- Open-Sourcing Isopod: An Expressive DSL Framework for Kubernetes Configuration by Charles Xu and Dmitry Ilyevskiy
- Building a container platform at Cruise:
- Part 1: Overview by Karl
- Part 2: Security by Karl and Mike Ruth
- Part 3: Networking by Karl and Buck Wallander
- Cruise’s blog
- Karl Isenberg on Twitter
What do you do next when you have over 150 patents to your name? Write a book, of course! Lin Sun is a Senior Technical Staff Member and Master Inventor at IBM, where she has spent the past 14 years doing software engineering in areas including cloud and open technologies. She has worked on the Istio service mesh since 2017, and is on the Istio steering and technical oversight committees. Lin joins Adam and Craig to discuss invention, making Istio easier to use, and how being a mother has impacted both.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Tanka, from Grafana
- Configula, from Brendan Burns
- Falco moves to the CNCF incubator
- CKAD is now valid for 3 years
- Contour 1.1.0
- Getting serious about open-source security by Dan Lorenc
- Designing and Building HA Kubernetes on Bare-Metal
- AKS Latency and performance/availability issues due to IO saturation and throttling under load
- Kubernetes Networking Demystified by Karen Bruner at StackRox
- How to Give Developers Access to Kubernetes During Development by Daniel Thiry
- Key metrics for monitoring Istio from Datadog
- Deploying multiple Istio Ingress Gateways by Peter Jausovec
- Big Prometheus by Clay Smith from Monitoring Monitoring
- Breaking Changes in Helm 3 (and How to Fix Them) by Jack Morris
- Security advantages of pull-based CD pipelines by Alex Kaskasoli
- Zero touch authentication on Kubernetes by Peter Wilcsinszky at BanzaiCloud
- Vault replication across multiple datacenters on Kubernetes by Nandor Kracser
- OpenStack’s Complicated Kubernetes Relationship by Mike Vizard of ContainerJournal
- Kubernetes 1.15 security changes in GKE
- KubeCon + CloudNativeCon NA 2019 Transparency Report
- Zendesk case study
- IBM Master Inventor
- Lin’s patents
- Her favorites:
- Istio announcement blog and GlueCon talk from 2017
- Lin at the IBM Cloud CTO Office
- IBM Research
- IBM Cloud, formerly known as Bluemix
- Bluemix Service Proxy
- Amalgam8
- Envoy
- Istio 1.1, the “9 months” release
- The Sidecar resource, which lets you scope which services are known by a given sidecar to reduce resource usage
- Release cadence
- Istio 1.4
- Mutual TLS
- New 1.4 features:
- Auto-mutual TLS
- client-go library
- istioctl analyze
- Requirement to declare containerPort removed in 1.3, automatic protocol selection added
- User Experience working group
- Steering committee
- Technical oversight committee
- istiod
- Istio as an Example of When Not to Do Microservices by Christian Posta
- Minion cluster mode
- Istio Explained, by Lin and Dan Berg
- kui and iter8
- Lin Sun on Twitter
Five years ago, Clayton Coleman took a bet on a new open source project that Google was about to announce. He became the first external contributor to Kubernetes, and the architect of Red Hat’s reinvention of OpenShift from PaaS to “enterprise Kubernetes”. Hosts Adam Glick and Craig Box return for 2020 with the story of OpenShift, and their picks for Game of the Holidays.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Google describe its BeyondProd cloud native security paradigm:
- VMware completes acquisition of Pivotal
- Chaos Mesh from PingCap
- Global access for internal load balancers now available on GKE
- Calico 3.11
- CrunchyData Postgres Operator 4.2
- kubectl tree
- kubelive
- Consistent OIDC authentication across multiple EKS clusters
- Operating your BBQ meat smoker or your Christmas tree with Kubernetes
- Vendors make a splash in 2019 service mesh implementation rush
- 2019 Kubernetes certificate outage by Victor Adossi
- The poor state of Kubernetes horizontal pod autoscaling according to Wander Hillen
- Predictions and looks-back:
- opensource.com: 5 predictions for Kubernetes in 2020
- SDXCentral: Kubernetes Opportunities, Challenges Escalated in 2019
- DataCenterKnowledge: A Hyperconvergence Progress Report: Has Kubernetes Stolen the Show?
- IDG Connect: Kubernetes: the tech to take centre stage in 2020
- SiliconAngle: Predictions 2020: Cloud, Kubernetes and cybersecurity will rule
- Forbes contributor: What Do Customers Want From The Kubernetes Ecosystem In 2020
- The Enterprisers’ Project: 5 Kubernetes trends to watch in 2020
- TechRepublic: Cloud computing in 2020: Predictions about security, AI, Kubernetes, more
- Christopher Tozzi: 4 ways Kubernetes could be improved
- Farewell from Kontena
- Red Hat OpenShift
- Health checks
- OpenShift differences from Kubernetes:
- Don’t turn off SELinux!
- CoreOS
- What’s new in OpenShift v4
- Operator Framework and operator-lifecycle-manager
- Red Hat acquired by IBM
- Linux at IBM in the 90s
- PodDisruptionBudget
- Clayton Coleman on Twitter
Martin Mao and Rob Skillington are co-founders of Chronosphere; CEO and CTO respectively. They both worked on the monitoring team at Uber, where they created M3: a metrics platform with an open source time-series database built for scale. They join Craig and Adam to talk about monitoring, metrics and M3 on the last episode of 2019.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- CSI migration and CSI volume snapshots
- AKS Private Clusters in preview
- GKE maintenance Windows and exclusions is GA
- Google Cloud E2 VMs: introduction and understanding dynamic resource management
- New features in Cloud Run for Anthos
- Best practices for performing forensics on containers
- Infrastructure at Cliqz, and introducing Hydra
- Envoy CVEs
- The Top 3 Service Mesh Developments in 2019 by Zack Jory
- Istio Service Mesh Explained in 5 Minutes by Ram Vennam
- Ambassador Edge Stack
- Solo.io WebAssembly Hub
- Kafka Envoy Protocol Filter
- Talos 0.3 beta
- AutoTiKV tuning
- OpenPolicyAgent’s KubeCon recap
- A first look at Antrea from Alex Brand
- TODO: read this article by Patrick DeVivo
- Does Testing Kubernetes Conformance Leave You in the Dark? Get Progress Updates as Tests Run by John Schnake
- Demystifying Kubernetes as a Service – How Alibaba Cloud Manages 10,000s of Kubernetes Clusters
- How Jaeger Helped Grafana Labs Improve Query Performance and Root Out Tough Bugs
- Adopting Kubernetes at Quora by Taylor Barrella,
- CNCF announces schedule for Bengaluru/Delhi Forums
- M3 website
- M3: Uber’s Open Source, Large-scale Metrics Platform for Prometheus
- Before: Graphite and its Whisper database
- Prometheus
- RRDtool
- M3 on GitHub: open source from the start
- Chronosphere
- Rob’s 2019 KubeCon’s talks:
- Twitter:
Hop on the release train for the fourth and final Kubernetes release for 2019. Release manager Guinevere Saenger joins Adam and Craig. to discuss how a classically trained pianist has a second act as a Kubernetes release team lead.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Craig plays the Oculus Quest:
- Adam sees a play
- Kubernetes 1.17 is out!
- EKS on Fargate now generally available
- Azure Application Gateway ingress controller launched
- CloudBees CI/CD SaaS in preview
- Anthos is CRN’s Hybrid Cloud product of the year
- Troubleshooting Deployments by Daniele Polencic
- Building large Kubernetes clusters at LINE
- CNCF TOC structure and elections
- uSwitch case study
- Making audit logging a viable practice again by Nitzan Niv
- Collaborative piano
- Ada Developers Academy
- (The LSAT is the Law School Admission Test)
- Ruby on Rails
- Samsung SDS Cloud Native Computing Team
- Kubernetes at GitHub
- GitHub Metal Cloud
- #hugops
- SIG Contributor Experience
- Episode 46, with Aaron Crickenberger
- Guinevere speaking at KubeCon about new contributions
- “Complaning about how hard it was to contribute” led to the Contributors Guide
- Episode 10, with Josh Berkus and Tim Pepper
- Kubernetes 1.17 enhancement tracking sheet
- Poor old sidecar containers slipped again
- KubeCon 2019 NA Contributors’ Summit
- 1.17 release team
- Release team shadow program
- Release engineering
- Guinevere Saenger on Twitter
Chaos Engineering is the discipline of experimenting in identifying potential areas of failure before they express themselves in outages. Ana Margarita Medina is a Chaos Engineer and Developer Advocate at Gremlin, a chaos-as-a-service vendor that recently added Kubernetes support. She talks to Adam and Craig about the discipline, and her journey to it.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- AWS announcements:
- Eirini 1.0 is here
- Security considerations for GKE by Maya Kaczorowski
- Managing a multi-site Cassandra cluster on multiple Kubernetes with CassKop / MultiCassKop by Seb Allamand
- Run Ansible Tower or AWX in Kubernetes or OpenShift with the Tower Operator by Jeff Geerling
- Everything I know about Kubernetes I learned from a cluster of Raspberry Pis by Jeff Geerling
- Prometheus OpenMetrics Integration
- Develop a Kubernetes controller in Java by Min Kim and Tony Ado
- Running Kubernetes locally on Linux with Microk8s by Ihor Dvoretskyi and Carmine Rimi
- Linux Foundation Cyber Monday sale
- Barrons says Kubernetes is the future of computing by Tae Kim
Vitess is a cloud native database clustering system for horizontal scaling of MySQL. It was built for YouTube, open sourced, and has recently graduated from the CNCF. Two members of the team who wrote and ran Vitess at YouTube, Jiten Vaidya and Sugu Sougoumarane, are CEO and CTO of PlanetScale; a company they founded to support Vitess commercially. They join Craig and Adam to talk databases.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Anthos news from Next UK
- GitLab Serverless with Cloud Run for Anthos
- Project Antrea from VMware
- Managed Istio GA on IBM Kubernetes Service
- IBM open sources developer tools Kui and iter8
- Solo.io introduces Autopilot
- Hubble, from Cilium
- ByteBuilders introduces Kubeform
- Cloudbees adds Jenkins X UI to their community distribution
- Juniper updates Contrail
- Slack Vitess case study
- Debugging network stalls on Kubernetes by Theo Julienne at GitHub
- Volterra’s control plane for distributed PaaS
- Gravitational takes $25m investment
- Datadog’s 2019 container report
- Aqua Security acquires Cloudsploit
- CNCF 2019 award winners
- Vitess
- Graduated from the CNCF
- Database shards
- Vitess history
- Go; 10 years old
- Google storage systems:
- Scaling MySQL in the cloud with Vitess and Kubernetes and Cloud Native MySQL Sharding with Vitess and Kubernetes by Anthony Yeh, Google Cloud
- Case studies: Stich Labs, Hubspot, JD.com
- Vitess at KubeCon:
- Vitess: Stateless Storage in the Cloud by Sugu Sougoumarane
- Geo-partitioning with Vitess by Deepthi Sigireddi and Jiten Vaidya
- How to Migrate a MySQL Database to Vitess by Sugu Sougoumarane & Morgan Tocker
- Gone in 60 Minutes: Migrating 20 TB from AKS to GKE in an Hour with Vitess by Derek Perkins from Nozzle
- Postgres support
- PlanetScale
- Announcing PlanetScale’s CNDb
- The name
- Jiten Vaidya and Sugu Sougoumarane on Twitter
Catch all the news (and there is a lot of it!) from KubeCon NA 2019 in this week’s show. We then talk to Vicki Cheung, the conference co-chair, and an Engineering Manager running Kubernetes infrastructure at Lyft.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Docker sells its enterprise business:
- New Google Kubernetes Engine features:
- Google Cloud Run is GA
- Microsoft news:
- Helm 3 released, for real!
- Istio 1.4 released
- Kubernetes Security Announcement: CSI sidecar vulnerability
- Red Hat open-sources Quay and launches CodeReady Workspaces v2
- VMware launches Crash Recovery and Enterprise PKS v1.6
- CNCF announcements:
- 500 members
- New Platinum members: Arm, NetApp and Palo Alto Networks
- New Gold members: Equinix and Fidelity Investments
- Over 100 certified Kubernetes distributions
- Announcement of CNCF jobs board
- Datadog:
- Gremlin launches chaos engineering for Kubernetes
- O’Reilly acquires Katacoda
- Mayadata adds Mayastor engine to OpenEBS
- PlanetScale launches CNDb
- Rancher announces k3s GA and Rio is in Beta
- Cloud Native Security Hub from Sysdig
- Pipeline 2.0 Tech Preview from Banzai Cloud
- Clustered Microk8s from Ubuntu
- Weave Flux and Argo CD join forces
- Portworx launches PX-Backup and PX-Autopilot
- Pulumi launches Crosswalk for Kubernetes, kx and .NET Core support
- Snyk Container
- Gloo 1.0 from Solo.io
- Clusterman from Yelp adds Kubernetes
- Building Secure Reliable Systems book, new from Google Cloud
- A-Z Round:
- A10 Networks announced a Blueprint for automation of the Polynimbus secure application service
- Agile Stacks announced KubeFlex to aid in deploying and managing Kubernetes clusters in data centers and at the edge
- Alibaba Cloud released version alpha2 of the Open App Model
- Altinity announced their production-ready Kubernetes operator for ClickHouse data warehouses
- Aporeto launched new identity federation capabilities for Kubernetes and Istio
- Arrikto announced that MiniKF is now available on the GCP Marketplace
- Amazon has published a cost optimization guide for Kubernetes on AWS
- Buoyant launched Dive, a SaaS “team control plane” for Kubernetes clusters
- Chronosphere added tracing capabilities
- Containous launched a new Ambassador Program to reward and support Traefik community members
- Datawire announced a tool for automatic HTTPS for Kubernetes Ingress in Ambassador
- DeployHub announced the release of version 9.0 of their publishing and configuration offering
- DigitalOcean announced a Container Registry and a Kubernetes section in their 1-click apps market
- Fairwinds launched a new open source-as-a-service platform Insights, and Astro, a product for managing monitors in a dynamic environment
- Hammerspace announced a persistent data protection offering for Kubernetes
- Humio added streaming log management capabilities to their IBM Cloud Pak
- Hyscale has announced the open-sourcing of their app deployment tool
- Instana added support for Rancher
- Kublr announced Multi-Site Orchestration in Kublr 2.0 is now in Private Preview
- LINBIT announced Piraeus Datastore, a Software-Defined Storage offering for Kubernetes
- Maestro, from Cloud66, released a Kubernetes management tool for multi-cluster management
- Mattermost introduced ChatOps, an open source projects for real-time DevOps
- NetFoundry announced a programmable networking platform for apps at the edge
- NeuVector announced a Security Policy as Code tool for Kubernetes
- NS1 expanded their suite of integrations
- Opsani AI announced precision tuning for autoscalers
- Oracle announced Oracle API Gateway, Oracle Logging, and Kafka Compatibility for Oracle Streaming
- Redis Labs introduced RedisInsight
- Rookout announced a hybrid Kubernetes debugger for DevOps teams
- SignalFX announced Kubernetes Navigator to provide AI-driven insights
- StorageOS announced the release of version 1.5
- Styra announced new features for their Compliance for Kubernetes tool
- Trilio announced support for TrilioVault on OpenShift
- Turbonomic announced Lemur, a New, Free, Observability Tool for developers
- Wallarm launched support for Envoy proxy and Envoy API protection with their SaaS Security product
- WhiteSource announced native integrations for top container registries
- Yugabyte announced YugabyteDB will be available as a self-managed database service on Crossplane Kubernetes clusters
- Zebrium announced that no-touch log monitoring for Kubernetes is now in private beta
Due to overwhelming submission numbers, 85% of talks proposed to KubeCon are rejected. Cloud Native Rejekts, a two-day community conference immediately before KubeCon, gives a second chance to some of those talks. Chris Kühl is CEO and co-founder of Kinvolk, a Berlin-based Linux company, who organise events including Cloud Native Rejekts. Hosts Adam and Craig ask him about this, and somehow the discussion includes both Pearl Jam and Mötley Crüe.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Listener meetup at KubeCon: 1.30pm at the Google Cloud Lounge
- Adam’s TV recommendation of the week: The Expanse
- Skaffold is now GA
- VMware Tanzu updates from VMworld Europe
- Chronosphere founded with $11m investment to commercialise M3
- Vitess graduates CNCF and releases v4.0
- Azure Monitor Prometheus integration is now GA
- Quarkus 1.0rc
- Knative v0.10
- Pachyderm Hub: ‘Kubernetes as a Service’ as a Service
- D2iQ Kommander
- Cruise releases security tool k-rail
- Kasten K10 v2.0
- Helm security audit results
- Kubernetes: Grokkin’ the Docs
- Rancher releases container industry survey results
- Prometheus: CNCF project journey report
- Tim Hockin draws the kube-proxy iptables stack (direct link)
- Monzo builds network isolation for 1,500 services
- CFP for Google Cloud Next
KUDO is the Kubernetes Universal Declarative Operator, a toolkit for writing operators for Kubernetes. Gerred Dillon works on KUDO at D2IQ, formerly Mesosphere, and joins Craig and Adam to discuss KUDO, how Mesos frameworks relate to Kubernetes operators, and taking care of chickens.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Little Free Libraries
- Top moments of 50 years of the Internet by Vint Cert
- Television network news in NZ 50 years old
- Sysdig container usage report
- Longhorn donates to the CNCF
- Crossplane 0.4
- Helm v3.0.0-rc.2
- CloudEvents reaches 1.0
- Data Center Knowledge: What service meshes are, and why Istio is leading the pack
- Backyards 1.0
- Contour 1.0
- Envoy 1.12
- New encryption options for Google Kubernetes Engine
- Azure services now run anywhere with new hybrid capabilities: Announcing Azure Arc
- ZDNet and TechCrunch coverage
- Brendan Burns’ explainer videos
- CNCF news:
- SIG Docs survey results
- Better Kubernetes networking with Knative by Ahmet Alp Balkan
- Why you don’t have to be afraid of Kubernetes by Scott McCarty
- Brad Childs has passed away
- D2IQ (formerly Mesosphere)
- Apache Mesos
- KUDO
- Kubebuilder
- Operator SDK
- Omakase: Japanese for “I will leave that up to you”
- Tasks
- Metacontroller
- Tekton
- Helm
- D2IQ’s Konvoy distribution of Kubernetes
- Operators using KUDO:
- KUDO proposed to the CNCF
- Gerred’s KUDO webinar for the CNCF
- Contributing to KUDO
- KUDO Slack
- Gerred’s bio
- Gerred Dillon on GitHub
Katharine Berry works in the Engineering Productivity team at Google Cloud, and works in SIG Testing on the Kubernetes project. She joins Adam and Craig to discuss Prow, Pebble and ponies.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- SkyCity Convention Centre Fire
- England knock NZ out of the Rugby World Cup
- Cards Against Humanity to open a restaurant
- GKE Release Channels are in Beta
- GKE usage metering is GA: use it to combat over-provisioning
- A new guide for PCI-DSS compliance on GKE
- Exploring container security: Vulnerability management in open-source Kubernetes
- HPE are set to deliver a Kubernetes platform for data analytics and ML
- How to bulid a kubectl plugin by Jonas-Taha El Sesiy
- NVIDIA Aerial framework
- Red Hat releases OpenShift Container Storage 4.2
- Kontena Lens 2.3 released
- New Octant.dev website and v0.8.0
- Zoho Catalyst and coverage from Container Journal
Joe Duffy is the founder and CEO of Pulumi, an open-source cloud development platform. He joins Adam and Craig to explain why a general purpose programming language is a better tool for cloud infrastructure than a domain-specific language (or YAML), and how you can use Pulumi to provision cloud infrastructure and Kubernetes resources alike.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Dapr, OAM and Rudr
- Red Hat introduces OpenShift 4.2
- Goldilocks from Fairwinds
- Ubuntu 19.10
- Introducing SPIRE 0.8.2
- Istio performance improvements noted by Pablo Moncada Isla
- Graboid: first cryptojacking worm for Docker found by Unit42
- Analysis of two Kubernetes vulnerabiltiies by Palo Alto Networks
- Harbor 1.9
- CNCF announces schedules for Forums in Seoul and Sydney
- Container Platform Networking at Cruise by Karl Isenberg and Buck Wallander
- Sugarkube and cattle clusters
- Pulumi
- Joe Duffy’s blog:
- WPF (Avalon) and WCF
- 10 Years of DevOpsDays
- Comparisons of Pulumi vs other platforms
- TypeScript
- Dark programming language
- Three business models of Open Source by Peter Levine and Jennifer Li
- $ for enterprises and free community edition
- AWS and Elasticsearch Inc.
- Pulumi on GitHub
- Joe Duffy and Pulumi on Twitter
cert-manager is a certificate management toolkit for Kubernetes, commonly used to get TLS certificates from Let’s Encrypt. Project founder James Munnelly of Jetstack joins hosts Craig and Adam to explain how how certificates are issued and managed, and how cert-manager automates it all.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Fast food-themed entertainment:
- KFC virtual escape room training
- Soda-themed entertainment:
- Stranger Things 3: The Game
- Rancher 2.3 released
- Amazon EKS now has Windows containers generally available
- Episode 70, with Patrick Lang
- New on DigitalOcean Kubernetes Service: cluster autoscaling
- Elastic Cloud on Kubernetes v1.0.0-beta1 released
- MuleSoft releases AnyPoint Service Mesh
- Linkerd 2.6
- Trackman, open source step-workflow tool from Cloud 66
- Puppet announces public beta of Project Nebula
- KubeCon NA 2019 contributor summit schedule announced
- Kubernetes patterns for capacity planning by Mohamed Ahmed
- How Booz Allen Hamilton is helping modernize the Federal Government with Kubernetes
- Flant.com compares 11 ingress controllers for Kubernetes
- How Zalando manages over 140 Kubernetes clusters by Henning Jacobs
- Cluster API Simplifies Execution and Powers Projet Pacific at VMware
- Grant Shipley moves from Red Hat/IBM to VMware
- Kubernetes Wild West video game
- SUSE moves on from OpenStack and doubles down on Kubernetes
- SAP to make HANA database available on Kubernetes
- Jetstack
- The two Matts: founders Matt Bates and Matt Barker
- James’s Jetstack bio
- cert-manager
- Docs
- Co-evolved with kube-lego by Christian Simon
- How TLS encryption works:
- Episode 60, with Mark Shuttleworth, founder of Thawte
- LetsEncrypt
- cert-manager concepts:
- Kubernetes and webhooks:
- Kubernetes ingress quick-start tutorial
- Other issuer options:
- Lets Encrypt is blocking old cert-manager versions
- v0.11 release notes
- Upgrading to v0.11
- Getting involved:
- James Munnelly on Twitter
Jorge Castro is a community manager employed by VMware to help keep the Kubernetes project running smoothly. He joins Adam and Craig to talk about the programs run by SIG Contributor Experience, the difference between supporting contributors and end users, and the recent steering committee election.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- The Jordan Luck Band
- The Exponents
- Snippets from Who Loves Who The Most, Victoria and Why Does Love Do This To Me
- Kubernetes Steering Committee election results
- Envoy proxy journey report
- October updates to the StackRox Security Platform
- Protecting Kubernetes against a Billion Laughs attack by Stackrox
- Billion laughs attack on Wikipedia
- Open Source in VMware Tanzu
- Project Contour moves IngressRoute to HTTPProxy
- Sloop from Salesforce
- Kontena Lens: free desktop app
- GKE master on-prem routing
- AKS managed identity
- Envoy proxy perforamcne on Kubernetes by Ambassador
- Announcing Kubernetes Community Days
- WeaveWorks GitOps Manager and WKSctl
- Transmogrify Kubernetes APIs by David Young
- About Jorge Castro
- 11th Armored Cavalry Regiment
- John Wick horse scene
- (Ok, Bradley Fighting Vehicles, not horses)
- From Ubuntu to Heptio
- Community episodes & community managers:
- Kubernetes Slack bot
- Contributor Experience properties:
- Ask Ubuntu
- SIG Contributor Experience
- End user content:
- Bots fixing bugs, merging and celebrating with no humans needed
- WG Kubernetes Infrastructure
- Kubernetes Steering Committee
- 2019 Steering committee election
- Election process: no electioneering
- Condorcet method
- Three “chop wood/carry water” winners were elected
- Jorge himself was also a recipient!
- Self-organised community:
- “Kubeyland” Disneyland trip
- Cloud Native Rejekts
- Jorge and his many friends all hang out on #sig-contribex on Slack and the kubernetes-sig-contribex mailing list
- Jorge Castro on Twitter
Daniel Smith is co-Chair and co-TL of SIG API Machinery, as well as TL of the corresponding Google team. Daniel has been working on Kubernetes since before it was open sourced, and is one of the top overall contributors to the codebase. He joins Adam and Craig to discuss CRDs and extensibility.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubevirt joins the CNCF
- KubeCon San Diego Contributor Summit
- ServiceMeshCon 2019 schedule announced
- GKE Intranode Visibility
- #KUBE100; hosted k3s from Civo
- k8s vs k3s by Andy Jeffries
- Docker: Designing your first application on Kubernetes
- Docker raising funds
- IBM launches Apache CouchDB operator
- 90% of all PaaS and SaaS on IBM Cloud is on Kubernetes
- Kubecost: Requests and Limits by Webb Brown
- Kubeadvisor 1.0 from Magalix
- Kubernetes Liveness Probes are Dangerous! by Henning Jacobs
- DevStats says Daniel is number 2 or number 3 contributor to Kubernetes, in either case just behind Tim Hockin from Episode 41
- Carina star constellation and having to rename it from that
- The Kubernetes API
- API Machinery
- First proposal for API plugins - issue 991!
- Third party resources (deprecated in 1.7)
- Operator packaging
- Custom Resources
- Moving TPRs to CRDs by Nikhita Raghunath
- API Aggregator
- Extension via webhooks
- 1.15 release blog talks about CRD extensibility
- Daniel’s KubeCon talks:
- The Nut That Ties Everything Together
- Daniel Smith on Twitter
Kubernetes 1.16 is out, and our guest this week is its release manager, Lachlan Evenson. Lachie is a Principal Program Manager at Microsoft and an Australian living in the US; Craig and Adam are therefore method-interviewing, being this week in those two countries respectively.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes 1.16 is released
- Traefik 2.0
- Announcing .NET Core 3.0
- GKE Container Native Load Balancing now GA
- Google makes €3 billion of data center investment
- CloudARK’s 5 takeaways from the Helm Summit
- Crossplane 0.3
- Agones 1.0.0
- Spire TPM plugin from Bloomberg
- Azure:
- Monitor your Google Anthos clusters with the Sumo Logic Istio app
- Google Cloud Build named a Leader for Continuous Integration in the Forrester Wave
- Banzai Cloud updates Logging Operator and Istio Operator
- The problem with Cloud Native by Quentin Hardy of Google Cloud
- Citrix integrates its ADC portfolio with Istio
- ContainerShip shuts down
- Prison England
- Lithium Technologies
- Kubernetes 1.0 launch roster
- CrashLoopBackOff
- Helm Classic
- Deis acquired by Microsoft
- 1.16 release blog
- What Lachie is excited about:
- What he’s looking at in Alpha: Ephemeral containers
- What slipped: Sidecar containers
- Breaking old APIs in Kubernetes 1.16
- 1.16 release team
- Emeritus Advisors
- KubeCon San Diego session on shadowing in releases
- Kubernetes 1.17: run by women
- Removing the Test-Infra release role
- Release notes from annotated PRs
- Community retrospective
- Release mascots:
- Olive Garden
- 2019 Steering Committee elections are happening
- Lachlan Evenson on Twitter
containerd was born from community desire for a core, standalone runtime to act as a piece of plumbing that applications like Kubernetes could use. It sits between command line tools like Docker, which it was spun out from, and lower-level runtimes like runC or gVisor, which execute the container’s code. This week’s guest is Derek McGowan, a Software Engineer at Docker and a containerd maintainer-d.
Along with the news of the week, Adam and Craig discuss the many Vancouvers.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Vancouver, Vancouver, and George Vancouver
- South Bend, North Bend, and Bend
- Cosmpolis
- “50 Year Sensation: the Dave McMacken Retrospective” (album art show in Astoria, Oregon)
- Istio 1.3 is out
- Google’s Anthos now incudes Anthos Service Mesh, Cloud Run for Anthos and more
- Cloud Native Application Bundles hit 1.0
- Nominations for the annual CNCF Community Awards
- Bloomberg hits 90% utilization with Kubernetes
- Mistakes that “cost” thousands by Gajus Kuizinas
- Kubernetes Edge working group publishes whitepaper
- Isopod, by Cruise
- Pulumi 1.0
- 5 RBAC mistakes you must avoid (number 4 will shock you)
- OpenShift 4.2 disconnected install
- Red Hat Quay 3.1
- Microsoft AKS brings Scale Sets and Standard LB to GA
- Amazom EKS adds cluster tagging and IAM roles for service accounts
- Deep dive into AWS Fargate by Abhisheck Ray from Amazon
- Kong introduces Kuma, “universal service mesh”
- Google introduces Cloud Dataproc for Kubernetes
- Apache Flink operator from Google Cloud
- Container runtime security bypasses on Falco by Mark “Antitree” Manning
- Rafay Systems lands $8m in Series A funding
- containerd
- Original announcement
- The many meanings of ‘container runtime’
- kubelet and Container Runtime Interfaces
- runC, gVisor, Kata Containers, and the Windows Host Compute Service (HCS)
- ctr debug tool
- containerd’s graduation from the CNCF
- containerd shim API
- rkt announced in 2014 with appC spec
- Open Container Initiative
- libcontainer, which became runC
- Web Assembly (WASM)
- BuildKit
- 1.3.0 releases are coming
- Contribution opportunities:
- Derek McGowan and containerd on Twitter
Patrick Lang is the co-chair of the Kubernetes Windows SIG. He is a Senior Software Engineer at Microsoft, developing Kubernetes and related open-source projects supporting Windows Server Containers. Patrick joins Adam and Craig to tell the story of how containers came to Windows.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- KubeCon 2019 schedule
- GKE Shielded VM Nodes
- Mæsh
- Project Contour 0.15
- TechCrunch video: How Kubernetes Changed Everything
- Aaron Roydhouse reverse engineers release schedules as 1.15 hits Preview on Azure and Rapid Channel on GKE
- GKE Scalability best practices
- Cloud Foundry Networking Team Update
- Building a Continuous Delivery Pipeline for Symphony by Ivan Babenko
- The Cult of Kubernetes and Hacker News discussion
- Windows Server containers
- Windows Server Core and Nano Server
- Sessions on Windows
- Docker and Windows partnership announced in 2014
- Active Directory
- Group Managed Service Accounts (GMSA)
- Windows network namespaces
- Host Networking Service and Virtual Filtering Platform
- GMSA integration with Kubernetes
- GPU acceleration in Windows Containers
- Batch files!
- Patching:
- Docker for Windows
- Get started with Windows containers
- Windows Server Containers in preview on AKS, EKS or GKE
- SIG Windows and their Slack channel
- Patrick Lang on GitHub
kind stands for Kubernetes in Docker. Originally built for continuous integration (CI) and testing of Kubernetes itself, kind has found many uses, including acting as a cluster for bootstrapping other clusters. Original author Ben Elder from Google Cloud joins Craig and Adam to talk about it.
Want to see Adam’s puzzles? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam’s new Seattle office building
- Example Quick Cryptic from The Times
- Example USA Today crossword
- New York Times crossword puzzle case study
- The NYT mini crossword
- Times for the Times solver blog
- A puzzle in a tweet
- Introducing Kubernetes Academy Brought To You By VMware
- Knative serverless Kubernetes bypasses FaaS to revive PaaS
- Helm 3 Beta
- To Helm or not to Helm? by Stepan Stipl
- Announcing etcd 3.4 by Gyuho Lee and Jingyi Hu
- Blocking old Cert Manager versions from Lets Encrypt
- Linux Namespaces by Ifeanyi Ubah
- How kubectl exec works by Erkan Erol
- Announcing the CNCF Kubernetes Project Journey Report
- Adopting Istio for a multi-tenant kubernetes cluster in Production by Vishal Banthia
- StackRox 2.5
- Platform9 raises $25m in Series D
- Dell previews data protection software for Kubernetes
- DNS spoofing in Kubernetes clusters by Daniel Sagi
- Dynamic Kubernetes informers by Robert Ross
- What’s next for Vault and Kubernetes?
- Consul 1.6 is now GA
- Kubernetes security audit: What GKE and Anthos users need to know
- Introducing Red Hat OpenShift 4.2 in Developer Preview; releasing nightly builds
- Operational Insights for Containers and Containerized Applications
- Deploying GitOps with Weave Flux and Amazon EKS
- Ben’s GSoC proposal and first Kubernetes project: use iptables for proxying instead of userspace
- kind webpage
- kind on GitHub
- Privileged containers
- kubernetes CI
- Cluster API
- IPv6 on kind
- End to end testing
- Running Kubernetes in a CI pipeline by Loodse
- Cluster API logo - it’s turtles all the way down
- kubeadm
- cluster-api-provider-docker
- Other tools:
- Shoutouts to:
- Antonio Ojea from SUSE
- James Munnelly from JetStack
- SIG Cluster Lifecycle
- Ben Elder on Twitter
Container Camp is a series of independent conferences, spanning three continents and in their fifth year. “Camp mother” Angie Maguire is the co-organiser, and is also the founder of Ladies of Code. She joins Adam, who is yet to attend a Camp, but actually goes camping, and Craig, who has spoken at Camps in London and Sydney, and prefers hotels.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- VMware buys:
- Pivotal
- Carbon Black
- Intrinsic
- Greenland
- VMworld news:
- Introducing Project Pacific
- Project Pacific technical overview
- Joe Beda’s take
- Tanzu, VMware’s approach to modern applications
- Tanzu Mission Control
- Splunk acquires SignalFX
- 2019 Accelerate State of DevOps report
- Red Hat OpenShift Service Mesh is GA
- Maistra, the upstream of the operators
- Cilium 1.6 is out
- E2E Kubernetes testing with GitHub Actions
- Why does developing on Kubernetes suck?
- CNCF Google Summer of Code projects
- Container Camp
- Ladies of Code
- Container Camp videos on YouTube
- IPFS Camp
- Digital nomads
- Angie’s Netflix recommendations:
- Container Camp and Angie Maguire on Twitter
Kubernetes and Docker might not seem the obvious choice for managing virtual macOS instances on hosted Apple hardware. Learn how they were used to build Orka - Orchestration for Kubernetes on Apple - a virtualisation layer for Mac build infrastructure offered by hosting company MacStadium. Craig and Adam ask MacStadium SVP of Software Chris Chapman about Orka, and how Kubernetes is useful in places you might not expect.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- HTTP/2 security bulletin from Netflix
- New releases for:
- And others
- CNCF archives the rkt project
- GitHub Actions is now a CI/CD service
- Kubernetes web UIs in 2019 and Kubernetes Web View by Henning Jacobs
- k3sup by Alex Ellis
- Evolving Istio’s APIs, by Sandeep Parikh and Louis Ryan
- Intel GPU Plugin for Kubernetes by Brian Carey
- Kubernetes Gated Deployments at GoDaddy
- CNCF now has 100 end user members
- VMware, Pivotal and Dell:
- Helm Summit EU 2019
- MacStadium
- Orka
- Conference presentation videos from Chris:
- macOS in a Docker container for development - MacADUK 2019
- Announcing Orka - AltConf 2019
- Mac OS X Lion supports running additional OS X instances (up to two)
- Device test labs
- Docker for Mac
- Virtual Command, Chris’s prior company acquired by MacStadium
- The orca
- kubevirt
- Mac hardware:
- Mac Pro (2013) - the “trashcan”
- Mac Pro 2019 - the return of the “cheesegrater”
- T2 security chip
- MacStadium in WWDC 2018 keynote
- Inside the MacStadium data center
- JenkinsWorld 2019
- Docker for Mac in macOS on Docker
- MacStadium on Twitter
No matter how you say it, you probably use kubectl all the time. Did you know you can extend it with plugins? Did you know you can find and install those plugins using krew, a plugin manager for kubectl? krew was built by Luk Burchard, a student at TUBerlin, as an intern project. He was supervised by Ahmet Alp Balkan at Google Cloud, and they both join Craig and Adam to discuss it.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- “Open sourcing” the Kubernetes security audit
- CyberArk’s penetration testing methodology
- Docker reverse shells and making it rain shells in Kubernetes by Rory McCune
- Google Cloud Security Scanner: web application vulnerability scanner for GKE
- Knative 0.8 release notes
- Building a Kubernetes platform at Pinterest
- Octant by VMware
- Call to participate in the CNCF Survey
- Reannouncing the Kubernetes Forum
- kubectl overview
- Extend kubectl with plugins
- Sample CLI plugin
- Write your own kubectl subcommands and The case for a kubectl plugin manager by Ahmet Alp Balkan
- kustomize becoming a kubectl sub-command
- kubectl access-matrix (a.k.a. rakkess, as a stand-alone binary)
- krew
- krew plugin index
- Ahmet’s recruitment tweet
- Luk’s first day at Google
- Ahmet Alp Balkan:
- Luk Burchard:
Ian Coldwater specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. A pre-eminent voice in the Kubernetes security community, they are currently a Lead Platform Security Engineer at Heroku. Ian joins Adam and Craig to talk about the offensive and defensive arts.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Mesosphere becomes D2iQ
- Google Cloud launches Migrate for Anthos in Beta
- Google Cloud Game Servers coming soon
- Announcing Kubernetes Summits in Seoul and Sydney
- Security updates of the week
- IBM and Red Hat:
- Cisco Container Platform now supports Microsoft AKS
- Helm deployments at the Kubedex
- How Kubernetes can be used for genetic analysis by Mu Huan and Eric Li Alibaba Cloud
- Announcing CloudBees Jenkins X Distribution
- TiDB Operator now Generally Available
- Red teams and penetration testing
- Fuzzing
- Attacking Helm’s Tiller
- Black-box and white-box testing
- DevSecOps: guard rails, not gates
- OWASP - the Open Web Application Security Project
- The math behind calculating security risk
- CVSS score
- etcd: encrypt it at rest!
- Admission control
- Technologies for isolation:
- AppArmor
- Seccomp
- gVisor
- Firecracker (not yet supported with Kubernetes)
- “Kubernetes is powerful, and it’s insecure by design”
- Threat modelling
- hostpath - “a powerful escape hatch”
- Trail of Bits blog: understanding Docker container escapes
- Recommended watching:
- Ship of Fools by Ian Coldwater (slides)
- Hacking and Hardening Kubernetes by Example by Brad Geesaman (slides)
- A Hackers Guide to Kubernetes and the Cloud by Rory McCune (and his upcoming Black Hat training)
- DIY Pen Testing for your Kubernetes Cluster by Liz Rice (our guest on episode 19)
- Ian Coldwater on Twitter
Cloud Code provides everything you need to write, debug, and deploy Kubernetes applications, including extensions to IDEs such as Visual Studio Code and IntelliJ. Joining Craig and Adam are Sarah D’Angelo, a UX Researcher, and Patrick Flynn, an engineering lead, both on the Cloud Code team at Google.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Happy first birthday Knative!
- Grafana Labs: How a production outage was caused using Kubernetes pod priorities
- Banzai Cloud: Kafka on Istio performance
- Docker Enteprise 3.0 is GA, and their new Technology Partner program
- Tim Hockin on reconcilation
- Fairwinds Polaris
- Container platform security with Cruise
- YuniKorn
- KubeCon China transparency report
- Kazuhm Kubernetes as a Service
- Morpheus v4
Owen Rogers is a Research Vice President at 451 Research, co-leading the cloud team. He gained a PhD in the economics of cloud computing in 2013. Owen joins Craig and Adam to discuss the economics of cloud computing generally, and Kubernetes specifically.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Apollo Guidance Computer Restoration
- CyberSquirrel1 global threat map
- Jellyfish attach power station
- IBM launches Kabanero
- Pivotal launches PAS for Kubernetes
- Weave Flux joins the CNCF
- Windows Container Unconference on Friday July 26th:
- Spinnaker for GCP launched
- Linkerd 2.4
- Architecting with GKE course, free for podcast listeners!
- Deep dive into Virtual Kubelet by Brian Goff
- SIG Usability forming
- Cloud Provider SIGs moving to sub-projects
- Azure Monitor for containers adds Prometheus support
- Kubernetes API deprecations in 1.16
Back in 2012, CERN announced one of its most important achievements; the discovery of the Higgs boson. This work led to the 2013 Nobel Prize in Physics. Ricardo Rocha, Lukas Heinrich and Clemens Lang of CERN redid the data analysis on top of Kubernetes this year, which Ricardo and Lukas demonstrated at a keynote at KubeCon EU. All three join Adam and Craig for a short physics lesson and a view into computing at the largest scale, for particles at the smallest.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- 50th anniversary of the launch of Apollo 11 by NASA’s Astronomy Picture of the Day, and as reported by CBS News in real time
- LEGO Saturn V - mid-completion
- 47th annual Seafair Milk Carton Derby
- Adam’s pictures, including the Saturn V rocket
- IBM announced it has closed its acquisition of Red Hat
- Hashicorp Consul 1.6
- Benchmarking best practices for Istio by Megan O’Keefe, Mandar Jog and John Howard
- IPv6 enhancement proposal for Kubernetes
- Architecting with Google Kubernetes Engine specialization
- Weave Ignite
- Cloud Native CI/CD with OpenShift Pipelines
- k3v
- Avoid time-of-measurement bias with Prometheus
- CERN
- Standard model of particle physics
- Cosmos: A Spacetime Odyssey, with Neil deGrasse Tyson
- Baryonic matter
- Dark matter
- History of computing at CERN
- Where the web was born
- Large Hadron Collider
- Higgs boson
- Servicing the first web server - Tim Berners-Lee’s NeXT cube
- CERN Program Library (FORTRAN)
- KubeCon EU keynote: Reperforming a Nobel Prize Discovery on Kubernetes
- CERN openlab partnership
- ROOT Data Analysis Framework
- Particle physics is embarassingly parallel
- Open Data Initiative
- Clemens’ shirt
- Our guests on Twitter:
The Cloud Native Application Bundle is a spec for packaging distributed apps, developed by Microsoft with support from Docker and Pivotal. Jeremy Rickard, a senior software engineer at Microsoft Azure, and Ralph Squillace, principal PM for open source/developer user experience at Microsoft Azure, join Craig and Adam to discuss it.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Bloons TD 6 - made in New Zealand!
- Full Throttle Remastered
- Kiali 1.0 (and 1.1!) released
- Dockerfile best practices by Tibor Vaas
- Managed CockroachDB on Kubernetes by Josh Imhoff
- To run or not to run a database on Kubernetes: what to consider, by Benjamin Good
- Backyards: Istio multi-cluster, the easy way by Banzai Cloud
- KubeCon EU Transparency Report
- Cloud Native Application Bundles
- The spec
- Chris Crone’s “intro to CNAB” talk
- MSI, aka Windows Installer
- Duffle (and on GitHub)
- Libraries
- cnab-go
- pycnab by Gareth Rushgrove
- libcnab-rust
- Porter (and on GitHub)
- Docker apps and Application in Docker Enteprise
- Helm and Helm 3
- Deis Labs
- Unexpected uses:
- Adding extra verbs by Darren Pulsipher
- CNAB bundle for WSL distros by Nuno do Carmo
- Twitter:
Mark Shuttleworth is the founder of Ubuntu and CEO of its parent company Canonical. Ubuntu is the Linux distribution of the Cloud. You can use it inside your containers, or you can use it as your node OS. Canonical packages Kubernetes for both the edge (MicroK8s) and the server (Charmed Kubernetes). Oh, and aside from that, Mark was the first African in space, spending 8 days on the International Space Station in 2002. Craig and Adam ask Mark about how this all happened, and how it has changed his perspective on technology.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Wicked, the musical
- +LIVE+, the band
- Craig’s video clips: All Over You, Run To The Water, Lightning Crashes
- KubeCon + CloudNativeCon China 2019
- Introducing Workload Identity for GKE
- Knative 0.7.0
- Introducing Deep Learning Containers: Consistent and portable environments
- Launching Talos Systems
- Kubernetes Managed Apps from Platform9
- Istio CVE in JWT handling
- AKS now supports Standard Load Balancing
- Mark Shuttleworth
- Thawte
- Soyuz TM-34 mission to the International Space Station
- Ubuntu
- Getting Ubuntu down to 30mb
- Snaps
- MicroK8s
- Charmed Kubernetes for larger-scale deployments
- OpenEBS, and Episode 56 with Evan Powell
- Anthos
- Sunrise and sunset from the ISS
- Mark Shuttleworth on Twitter
Banzai Cloud is a cloud-native software company that builds Pipeline, a managed Cloud Native application and devops platform, featuring tools for managing multi- and hybrid-cloud Kubernetes deployments. Pipeline is open source, and Banzai Cloud has many other interesting open-source projects, including a Kubernetes distribution, and operators for things like Vault, Kafka and Istio. Adam and Craig talk to its co-founder and CTO, Janos Matyas, who is based in Budapest, but is spiritually of Oahu, Hawaii.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Is this what childrens music has become?
- Dogs That Look Like Their Owners
- Kubernetes 1.15 is released
- Announcing Envoy Mobile
- kubectl cp vulnerability
- Kontena Pharos 2.4
- CNCF announces SIGs
- Aqua Security 4.2
- Scytale Enteprise 1.0
- Diamanti 2019 Container Survey (PDF)
- Fast key-value stores: An idea whose time has come and gone
- Banzai Cloud
- Pipeline
- Cloud pricing info
- Telescopes
- Banzai PKE for Azure and AWS
- Operators:
- CoreOS’ Operator Framework and SDK
- Bank-Vaults and source
- Logging Operator and source
- Kafka Operator and source
- Istio Operator and source
- The Banzai Pipeline surf spot
- Janos Matyas on Twitter
Istio 1.2 has been released. Louis Ryan is a core contributor to Istio and a member of its Technical Oversight Committee, in his role as Principal Engineer at Google Cloud. He talks to Craig and Adam about his history with API infrastructure and the service mesh, and the history and future of the Istio project.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Istio 1.2
- HAProxy 2.0
- New Docker Desktop for Windows with WSL 2 coming
- Facebook peels the lid off Tupperware
- Wind River adds Docker and Kubernetes support for the edge
- Banzai Cloud adds Istio to Pipeline
- Apple joins the CNCF as a Platinum member
- Modernize IT 2019 digital conference from Google Cloud
- Istio service mesh
- Louis Ryan’s talk at QCon
- gRPC
- Sidecar pattern
- Core features of Istio
- amalgam8 from IBM in 2016
- What is a service mesh?
- Envoy Proxy
- Istio 1.2 release notes
- The upcoming Istio operator
- Common misconceptions:
- Related episodes:
- Louis Ryan on Twitter
Darren Shepherd builds the Cloud at Rancher Labs, a company making entirely open source Kubernetes tooling, from the enterprise to the edge. This week Craig and Adam will finally learn how to pronounce ‘k3s’ and ‘k3OS’.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Day of the Tentacle at The Digital Antiquarian
- Vigil Files (Android)
- Reflections on the Fifth Anniversary of Kubernetes
- Orka, from MacStadium
- Five enterprise takeaways from KubeCon EU by Platform9: number 4, the SOA Tikka Masala, will shock you
- 11 salary statistics for Kubernetes jobs from The Enterpriser’s Project
- Want to work for Google? E-mail us!
- Rancher Labs
- RKE
- Longhorn
- Darren’s Rancher shirt
- k3s - “Lightweight Kubernetes. 5 less than k8s.”
- k3OS
- Rio
- Darren Shepherd on Twitter
Evan Powell is the CEO and chairman of MayaData, the corporate sponsor of OpenEBS, which has just joined the CNCF Sandbox. He talks to Adam and Craig about Cloud Native storage, chaos engineering for stateful workloads, and the stubbornness of hybrid clouds.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Cricket and rugby on the same day
- Poseidon’s Anchor bass
- Black Mirror and The Rain
- Docker bug allows reading/writing host files
- Kubernetes bug allows containers to run as root
- Palo Alto Networks announces intention to buy Twistlock
- Kubernetes Node.js client library 0.9.0
- NVIDIA EGX
- CKA now valid for 3 years
- Microsoft news:
- AKS available in South Africa North
- OCI types and Helm 3 charts in Azure Container Registry
- Azure Monitor supports Windows Server nodes
- OpenEBS
- Now a CNCF Sandbox project
- A year later: updating Container Attached Storage by Evan Powell
- MayaData
- KUBEMOVE (and on GitHub)
- NDM, the Node Disk Manager
- Evan’s talk at SDC 2017 with Homer Simpson references
- New storage technologies:
- Optane/3D XPoint for DRAM-like storage
- NVME over Fabrics
- SPDK
- Fast fabrics
- Litmus (and on GitHub)
- The mule logo: OpenEBS, MayaData
Solo.io was founded in 2017 by this week’s guest, Idit Levine. She talks to Craig and Adam about API gateways, service meshes, and lots of project names with two O’s in them.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Casa Battlo
- Picasso Museum
- Dali Museum and Theatre in Figueres
- MoPOP in Seattle
- A bottle of Sortilege whisky
- Announcing SMI
- CNAB and Virtual Kubelet updates from Microsoft
- Banzai Cloud Kafka Operator
- Razee: multi-cloud CD from IBM
- Couchbase Autonomous Kubernetes Operator 1.2
- Rio, a MicroPaaS from Rancher Labs
- Atlassian Software for Kubernetes from Praqma
- Kyma goes 1.0
- Intuit win the CNCF End User Award
- CapitalOne make their Kubernetes platform available
- Solo.io
- Gloo
- SuperGloo
- SMI
- GlooShot
- Service Mesh Hub
- Flagger by Weaveworks
- Chaos Debugging talk from KubeCon EU; discussing Loop
- Knative
- Idit Levine on Twitter
Bryan Liles is a Senior Staff Engineer at VMware, the program co-chair for this week’s KubeCon EU, a sought-after speaker, and a minority in an industry with few people who look like him. He shares his story with Craig and Adam, who also bring you the week’s news from KubeCon EU and beyond.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- VMware acquires Bitnami and Bitnami is acquired by VMware
- Knative 0.6 is out
- GKE Sandbox: bring defense in depth to your pods
- Stackdriver Kubernetes Monitoring is GA
- Helm 3 preview
- GKE announces Release Channels
- Windows Server containers in Preview:
- Bring your own subnet to AKS
- Lyft bug bounty program
- Velero 1.0
- Digital Ocean Kubernetes is GA
- Kubernetes apps on GCP Marketplace
- Terraform Cloud Remote State Management
- CNCF adds 42 new members
- Cloud Native Logging with Fluentd
- OpenTracing + OpenCensus = OpenTelemetry
- OpenEBS joins the CNCF
- Lightning round:
Dan Dyer is Senior Vice President of Technical Product Management at Optiva, a provider of business support services to the telecommunications industry. Optiva have been moving services to Kubernetes, and with the help of Kyle Bassett and team from Arctiq, a cloud-native consultancy, kicking the tyres of Anthos and GKE On-Prem. Adam and Craig learn about this journey from Dan and Kyle, and discuss dragons and foxes.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Baby foxes
- Aaron Crickenberger interview on the Kubernetes blog
- Dragon research
- Red Hat:
- F5 closes its acquisition of NGINX
- Docker CEO Steve Singh steps down
- Alpine Linux root escalation: CVE-2019-5021
- Introducing GitHub Package Registry
- VS Code extension for Kubernetes goes 1.0 (changelog)
- WSL 2 brings Linux to Windows
- Gravitational: AWS vs Colo? and Hacker News debate
- k8s.af with Kubernetes failure stories
- Google Cloud launches GKE in Osaka, Tokyo
- KubeCon US 2019 CFP opens
- Railyard: Training ML models on Kubernetes at Stripe
- KubeOne from Loodse
- Kubedex: Kubernetes operating systems
- Akrobateo, a general-purpose load balancer for Kubernetes from Kontena
- Optimization of etcd at web-scale by Xingyu Chen
- Optiva
- Arctiq
- Kyle Bassett on Twitter
AutoTrader UK were an early adopter of Istio. Adopting it to meet GDPR requirements for encrypted traffic, Head of Infrastructure and Operations Russell Warman and lead engineer Karl Stoney have gone on to use it to reduce resource usage, and thus cost, as well as uncover bugs in their applications. They talk to Craig about it, while Adam serves his country.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Microsoft and Red Hat announce KEDA
- Updates from Microsoft: AKS virtual nodes GA, DevSpaces GA, Policy in Preview
- Remote development with VS Code
- DockerCon:
- Monzo Response:
- Velero v1.0.0-beta.1 is out
- Grafana dashboards for Kubernetes administrators by Povilas Versockas
- KubeCon EU Diversity Lunch and Hack
- Red Hat Quay v3
- Rook 1.0
- 5G Depends on Kubernetes in the Cloud, according to Steven J. Vaughan-Nichols
- Autotrader UK
- Craig, Russell and Karl in the studio
- Craig’s 1993 Vauxhall Cavalier
- GCP Case study
- Mutual TLS encryption in Istio
- Onramp to Istio: An Adoption Story Google Cloud Next session with Dan Ciruli, Russell Warman and Karl Stoney
- Managing your costs on Kubernetes: Karl’s blog post
- Istio 1.1 feature: Sidecar resources
- 15,000 releases per year
- Russell Warman and Karl Stoney on Twitter
Gabe Jaynes is a DevOps Architect at KeyBank, an American retail bank. KeyBank were an early adopter of containers, and Gabe talks about the reasons they undertook this transformation. Craig and Adam also celebrate our first birthday and spoil the concept of spoilers.
Please say hello and 🎂🎁!
- twitter: @kubernetespod
- mail: kubernetespodcast@google.com
- Avengers: Endgame easter egg in Google search (no spoilers)
- Throne of Games (no spoilers)
- Gorogoa
- “I desire a conversation. Will you talk to me?”
- DockerHub breached: change your password
- k3os, the Kubernetes Operating System
- Multi-cluster service mesh overview by Andrew Jenkins
- Containing our enthusiasm: All the Kubernetes security news from Google Cloud Next ‘19 by Maya Kaczorowski and Anne Bertucio
- How You Can Help Localize Kubernetes Docs by Zach Corleissen
- Hardware Accelerated SSL/TLS Termination in Ingress Controllers using Kubernetes Device Plugins and RuntimeClass by Mikko Ylinen
- EmpowHER Reception Renamed EmpowerUs For KubeCon + CloudNativeCon Europe 2019
Spotify were early adopters of Docker, and wrote their own deployment tool to run it in production. David Xia from the Spotify platform team talks about Spotify’s engineering, challenges, how Helios worked, and migrating from it to Kubernetes. Adam and Craig also give a round up of the week’s news, in the form of a question.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Introducing GKE Advanced
- Managed certs on GKE Ingress
- Linkerd 2.3
- PodSecurityPolicy support on AKS
- Berglas from Google Cloud Platform
- kubernetes-external-secrets from GoDaddy
- Platform9 open-sources KlusterKit
- CNCF and Alibaba offer free Cloud Native training to Chinese developers
- Tinder’s move to Kubernetes
- kube-iptables-tailer
- The future of Cloud Providers in Kubernetes
- Pod priority and preemption
- Istio observability with Go and gRPC/protobuf microservices
- Spotify
- Helios
- 2014 introduction video with Rohan Singh
- Apollo: Java libraries for microservices
- GKE Usage Metering: Whose line item is it anyway? with Madhu Yennamani and Yang Guan from Google, and David Xia from Spotify
- Episode 40 with Madhu Yennamani
- GCP Firewall Enforcer
- David Xia on Twitter
Live from Google Cloud Next ‘19 the KPfG team presents a fireside chat with Eric Brewer, our first guest with their own Wikipedia page. Eric devised the CAP theorem for distributed systems, based on his work at early search company Inktomi and UC Berkeley. He was the person who announced Kubernetes to the world almost 5 years ago, and has been working on Google’s cluster and compute infrastructure since 2011.
How did you like the live show format? Please let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Anthos:
- Fluentd graduates to top level project in CNCF
- Speakers for KubeCon China ‘19 announced
- AKS to South Central, South and Central
- The Fargate Illusion, by Lee Briggs
- OpenStack Stein launches with improved Kubernetes support
- New GKE features from Next session videos:
- Process ID limiting for stability improvements in Kubernetes 1.14
- Eric Brewer:
- Inktomi
- DEC SRC, working on AltaVista
- Inktomi’s wild ride: A Personal View of the Internet Bubble - Eric presenting at the Computer History Museum in 2008
- CAP theorem
- Application Modernization and the Decoupling of Infrastructure, Services and Teams
- President Clinton with Eric
- Eric’s interview on theCUBE at Next
Anthos (previously known as Cloud Services Platform) has just gone GA at Google Cloud Next. One of its new features is Anthos Migrate, a tool for migrating monolithic apps directly to containers. Issy Ben-Shaul is a Director of Software Engineering at Google Cloud and led the team building Anthos Migrate. He talks to Craig and Adam about it.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
Adam enjoyed:
- Umbrella Academy on TV
- Hearthstone on the computers
- Jarrod Alonge in his ears
Craig enjoyed:
- Saturday
- 2/3 of “On The Basis Of Sex”
- Anthos from Google Cloud
- Project Eirini updates bring Kubernetes to Cloud Foundry
- OPA graduates to the CNCF incubator
- CRI-O joins the CNCF incubator
- Buildpacks: defense against the Docker arts
- Local persistent volumes in Kubernetes - PVC pipes!
- Istio 1.1.2 out for the Envoy CVEs:
- Why Rainforest moved from Heroku to GKE
- Enabling RBAC for Groups in GKE
- Metalkube 🤘
- Krew moves to SIG-CLI
- New gVisor website
- Anthos Migrate & Velostrata
- Next sessions:
- Anthos Migrate: On-Prem to Cloud-Native on GKE
- Real World Customer Migration with Cardinal Health and Atos
- Anthos
- Issy Ben-Shaul on Twitter
Tekton brings Kubernetes-style resources for declaring CI/CD-style pipelines. Kim Lewandowski is the Google Cloud product manager who recently announced it. She talks to Adam about the project while Craig sneaks in some vacation at the cafes of New Zealand.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Register for the Kubernetes Podcast from Google Cloud Live session!
- Craig has a lovely afternoon at the Cable Bay Cafe
- Auckland Kubernetes Meetup - thanks everyone!
- Adam reads Origin by Dan Brown
- Renowned Author Dan Brown, one of Craig’s favourite newspaper columns of all time
- Minikube releases v1.0.0
- Episode 39, with Dan Lorenc
- Running Kubernetes locally on Linux with Minikube by Ihor Dvoretski
- Uber open-sources Peloton
- Square build a service mesh with Envoy and gRPC
- AWS App Mesh is GA
- Tetrate Q
- The Service Mesh Era: Istio’s role in hybrid and multi-cloud by Megan O’Keefe
- Merging OpenTracing and OpenCensus
- kubectl cp vulnerability and CSI portmap vulnerability
- Brigade 1.0 from Deis & Microsoft
- Debugging an intermittent connection reset in kube-proxy by Yongkun Gui
- Register for the Kubernetes 1.14 webinar
- Meet the Ambassador: Paris Pittman
- Four key tips on how to do massive scale with Kubernetes by Reda Benzair
- Tekton
- Open Source Leadership Summit
- A tektōn is a Greek artisan or craftsman
- Formerly known as Knative Pipeline
- GitHub repo
- Triggermesh Aktion
- In Defense of YAML
- Continuous Delivery Foundation
- Contributing to Tekton
- Kim Lewandowski on Twitter
Kubernetes 1.14 is out! Your hosts talk to release manager Aaron Crickenberger of Google Cloud about the release process, working with Kubernetes Enhancement Proposals (KEPs), cat t-shirts, and being bearded on face vs. at heart.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- MySpace “loses” 12 years of music
- Peel Forest and The Green Man Cafe
- Kubernetes Podcast from Google Cloud Next Live
- Eric Brewer
- Sign up for free tickets to Google Cloud Next!
- Kubernetes 1.14 released
- Maybe you don’t need Kubernetes? (Spoiler: you do.)
- Gravity 5.5 with Helm chart support
- How a cryptocurrency miner made its way onto Kubernetes clusters at JW Player
- A guide to Kubernetes admission controllers
- Automated testing for Helm charts with Terratest
- Kubernetes End-to-End Testing for Everyone
- To Russia with Love: deploying Kubernetes in foreign locations
- Aaron Crickenberger
- Co-founder of SIG Testing
- Member of the Kubernetes steering committee
- Blackhawk flight simulator but it’s in a container
- Aaron’s soundcloud page
- Release lead
- Aaron’s podcast recording cat t-shirt
- Episode 10, with Josh Berkus and Tim Pepper
- New in 1.14:
- LTS Working Group
- Cryptonomicon by Neal Stephenson: the suit and the beard
- Aaron Crickenberger on Twitter
SPIFFE is the Secure Production Identity Framework for Everyone. Craig hates the name. Andrew Jessup, co-founder and VP of Product at Scytale (with a C) tells him and Adam why they should look past that and how Jason Bourne fits into the world of Cloud Native.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Victim Support Official Page: Christchurch Shooting Victims’ Fund
- The Small Screw Phenomenon from The Book of Ultimate Truths by Robert Rankin
- Istio 1.1 is out!
- NGINX acquired by F5
- Tetrate raises $12.1 million
- Buoyant raises less
- KubeCon EU schedule is live
- Rancher releases Submariner
- Takeaways from the Google Cloud Security Summit
- CNCF hits 375 members
- CNCF TOC for 2019
- Kubernetes: AWS vs GCP vs Azure vs DigitalOcean
- VS Code updates for Kubernetes
- NetEase: 30,000 nodes in a cluster
- Music in Ancient Greece
- SPIFFE
- Scytale
- Joe Beda’s Gluecon talk
- Application Layer Transport Security, which Andrew and Joe refer to as “LOAS”
- The Bourne Identity
- Istio Citadel
- Scytale Enterprise
- Andrew Jessup on Twitter
Today Google and CloudBees, along with 20 other companies, launch the Continuous Delivery Foundation (CDF). Tracy Miranda is the Director of Open Source Community at CloudBees, who coordinated donating Jenkins and Jenkins X to the CDF. She talks to Adam and Craig about why it the CDF been formed, and what to expect in this space in the future.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- John Wilkes’ series of simulations
- Kubernetes Podcast from Google Cloud Next - live show at Google Cloud Next!
- Continuous Delivery Foundation
- Red Hat introduces Quarkus
- The service mesh era: Using Istio and Stackdriver to build an SRE service
- How Red Hat are changing deployment topology in OpenShift 4
- Quickfire container security news:
- StackRox won an award for Best Emerging Technology from SC Media
- Alcide won the Breakout Cloud Security infosec award from Cyber Defense Magazine
- Capsule8 made it into the RSA innovation sandbox
- Aqua 4.0 now does function vulnerability scanning
- Twistlock 19.03 adds host forensics and runtime self-protection functionality for VMs
- SSH.com extended their tech to manage SSH keys for containers
- CNCF joins Google Summer of Code
- Fill out the State of DevOps Report
- CloudBees
- Jenkins
- Jenkins X
- Tekton
- Spinnaker
- Continuous Delivery Summit at KubeCon EU in May
- CDF members
- Fastlane, continuous delivery for mobile, is on Tracy’s wishlist
- Tracy Miranda on Twitter or at tracymiranda.com
Brian Grant joined the Borg team in 2009, and went on to co-found both Omega and Kubernetes. He is co-Technical Lead of Google Kubernetes Engine, co-Chair of Kubernetes SIG Architecture, a Kubernetes API approver, a Kubernetes Steering Committee member, and a CNCF Technical Oversight Committee member, where he’s sponsored 11 CNCF projects. Your hosts talk to him about all those things.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Rancher introduces k3s
- VMware launches VMware Essential PKS
- Istio Operator from BanzaiCloud
- CVE-2019-1002100
- containerd graduates at the CNCF
- Scytale announces $5m funding and Scytale Enterprise
- Automate operations on your cluster with OperatorHub.io
- RightScale State of the Cloud 2019
Kubernetes has a number of mechanisms to enforce policy: some built-in, like quota and NetworkPolicy; some extensions or add-ons like OPA. John Murray, a product manager at Google Cloud, joins Craig and Adam to talk about policy and configuration, and introduce the new CSP Config Management tool launched to Beta along with the new Cloud Services Platform.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Google brings Cloud Services Platform to Beta
- Application Modernization and the Decoupling of Infrastructure Services and Teams by Eric Brewer and Jennifer Lin
- Developer preview of OpenShift v4
- Knative v0.4
- Update to Azure DevOps Projects support for Azure Kubernetes Service
- The service mesh era: Securing your environment with Istio by Samrat Ray of Google Cloud
- Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus
- All new Reddit services run on Kubernetes
- Breaking Docker via runC by Yuval Avrahami of Twistlock
- Secure Kubernetes with Vault by Bjorn Wenzel
- Migrating from Heroku to GKE
- How to prepare for a Kubernetes interview
- Adding “containers” to Linux
The history of Borg influences the history of Kubernetes in many ways: Google has different teams handle “get traffic to a cluster” and “serve traffic”, so Kubernetes has a conceptual split here too. Tim Hockin, Kubernetes co-founder, Google principal engineer and former Borg/Omega team leader, joins Adam and Craig to explain the history and future of the Ingress API, why it’s taken so long to get to v1, and how it might evolve in the future.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Intelligence Squared: Can an AI change your mind?
- Robot or Not: Is your AI a robot?
- Arm joins the CNCF
- Cilium 1.4 is released
- Lightboard: week
- New EKS regions
- Kubernetes Day India schedule announced
- The Information on Kubernetes (subscription or e-mail address required)
- Hello, my name is Tim Hockin, and I pronounce “kubectl” as “kubectl”
- lmctfy, Google’s open source container tool
- Kubernetes network concepts: Service and Ingress
- Annotations
- NGINX ingress
- Google Cloud BackendConfig
- Heptio Contour
- IngressRoute
- Istio v1alpha3 API
- KEP to move Ingress to v1 (GA)
- T-shirt logos
- Tim’s favourites: Brushstrokes and Pixels
- Craig’s favourite is the paint splash
- Tim Hockin on Twitter
The new GKE Usage Metering feature lets you find out how much your tenants or applications cost to run. Your hosts talk to Madhu Yennamani, product manager at Google Cloud, about usage metering, and how new GKE features are implemented.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- runc vulnerability:
- Infoworld names Kubernetes a Technology of the Year
- Encrypting GKE secrets with Google Cloud KMS
- Build containers faster with Google Cloud Build and Kaniko
- Jib 1.0.0 GA
- Red Hat CodeReady Workspaces
- Heptio open source project changes
- Platform9 VMware Kubernetes managed service
- ClearDATA launches Kubernetes solution for healthcare
- KubeCon diversity scholarships
- Poseidon Firmament scheduler
Minikube is a tool that makes it easy to run Kubernetes locally, by running a single-node Kubernetes cluster inside a VM on your desktop or laptop. Craig and Adam talk to author and maintainer Dan Lorenc from Google Cloud, and in the wake of the Super Bowl, discuss how “football” means something different to each of them.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam watched the Super Bowl
- Craig watched some Superb Owls
- You can watch some ads
- Jeff Bezos’s earnings per minute
- Spark Operator for Kubernetes now in Beta
- New members in the CNCF TOC
- Alexis Richardson from Weaveworks
- Brendan Burns from Microsoft
- Joe Beda from VMware
- Matt Klein from Lyft
- Xiang Li from Alibaba
- Kelsey Hightower from Google
- Google Kubernetes Engine usage metering
- Advanced application deployments and traffic management with Istio on GKE
- Ambassador 0.5.0
- Kubernetes as an API standard; looking toward a Rust implementation
- Dan leads a team working on:
- Minikube was helped in the early days by Localkube from RedSpread, who were acquired by CoreOS (who were acquired by Red Hat, who were acquired by IBM)
- There was also Boot2docker, but Kubernetes didn’t like Docker-in-Docker much back then
- Guide for developing Minikube
- Other similar projects:
- Things it was hard to get working:
- Load balancers; solved via tunneling
- Persistent volume provisioning, solved with a custom hostpath provisioner
- Minikube Roadmap
- Dan Lorenc on GitHub and on the web
You learn so much more from failure than success. Henning Jacobs, head of Developer Productivity at Zalando, joins Adam and Craig to share his own stories of failure, and talk about what he has learned by reading stories from others.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- CoreDNS graduates
- Intel introduces Nauta; enterprise Kubeflow
- Ian Lewis’s blog posts on container runtimes
- Istio blog intro by Megan O’Keefe
- Kubinception: Using Kubernetes to run Kubernetes at OVH
- GKE Jenkins Plugin and source code
- Deploying to Kubernetes from GitHub Actions
- Mortar; the manifest shooter for Kubernetes
- It’s a good time to be working in Kubernetes
- Kubernetes Failure Stories blog post
- Zalando
- A Million Ways to Crash Your Cluster
- Tacoma Narrows Bridge collapse
- Nordstrom talk at KubeCon NA 2017
- Serverless Failure Stories
- Startup scripts used to just kill the Docker daemon
- 90 days of EKS in production: configuration options you need to set
- CPU throttling
- Facebook oomd
- John Wilkes: only make new mistakes
- Henning Jacobs on Twitter
Richard Hartmann is a member of the Prometheus Team and the founder of the OpenMetrics project, which aims to replace SNMP with a modern format for transmitting metrics. He joins your hosts to discuss both projects, and how Cloud Native technology can improve the datacenter.
No soup for you! Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Knative 0.3 released
- Service Mesh Day; March 28-29, San Francisco
- FoundationDB Record Layer
- Tumblr open sources Kubernetes tools
- gVisor presentation by Adin Scannel
- Aleksa Sarai on tar in oci
- Detect overspending by measuring idle Kubernetes resources
- SQL Server on GKE and AlwaysOn Availability Groups
- Namely’s Crash Course in Running Istio
- Kubernetes failure stories
- 9 security best practices
- Google remains the top contributor to CNCF projects, even if you were to remove Kubernetes!
- Space.net
- Prometheus
- Built by ex-Googlers at Soundcloud
- Better than MRTG and rrdtool
- Cortex, Thanos, InfluxData for persisting Prometheus data long-term
- Manage multiple DCs
- Grafana for visualising data
- Variables for templating
- PromQL
- OpenMetrics
- A new Lingua Franca for monitoring and tracing that isn’t SNMP
- Transforming the Prometheus Exposition Format into a Global Standard; Richard’s PromCon talk
- End goal: write an RFC
- GitHub repo
- Prometheus 2.5 has experimental OpenMetrics support
- QUIC becomes HTTP/3
- Get involved with the Prometheus community
- Richard Hartmann on Twitter
Rook is a cloud native storage orchestrator and a controller for storage systems such as Ceph. Jared Watts has been working on Rook since the start, first at Quantum, and then at Upbound. He talks to Craig and Adam about storage, chess, and premium-rate telephone numbers.
Does anyone actually read the show notes? Turns out a few of you do. Thank you for listening and reading!
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Tabletop Simulator (a computer game)
- Happy (a televisual programme)
- Kubernetes Day India from the CNCF
- Vertical Pod Autoscaling in GKE in Beta
- Announcing TriggerMesh Knative Lambda Runtime (KLR)
- Episode 28 with Sebastien Goasguen
- krew, the package manager for kubectl plugins
- Monitoring Kubernetes, by Sean Porter of Sensu on the CNCF Blog
- Istio 1.1 update
- Episode 15 with Jasmine Jaksic and Dan Ciruli
- Kubernetes authorization via Open Policy Agent by Stefan Bueringer
- Symform; Jared’s first startup, peer-to-peer cloud storage
- Totally unlike KaZaA
- Where Jared first met open source, through the Mono project
- Acquired by Quantum
- Craig explicitly remembers owning a Quantum Bigfoot (though that one wasn’t his first hard drive)
- Rook, a cloud native storage orcestrator
- SIG Storage and the Volume abstraction
- Started with support for Ceph
- Also now supports CockroachDB, Minio, NFS, Apache Cassandra
- But not Gluster - for now at least
- Added to the CNCF Sandbox in January 2018, and moved to incubating in August
- Upbound; founded by Bassam Tabbara
- Container Storage Interface 1.0.0
- Rook on GitHub
- Queen Storage
- Jared Watts on Twitter and the Rook blog
The Cloud Native Computing Foundation was formed to create a vendor-neutral home for Kubernetes. Now with over 30 projects, we kick off 2019 by talking to Dan Kohn, Executive Director of the CNCF, and hearing his views on projects, licenses and conferences.
Please reach out and say hello:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Platform9’s KubeCon survey
- Security notices:
- Cloud Native Computing Foundation
- Linux Foundation
- Jim Zemlin
- Other projects: Lets Encrypt, Hyperledger, Node.js Foundation
- Fellows: Linus Torvalds and Greg Kroah-Hartman
- CNCF members and Governing Board
- Getting people on board with Open Source
- Crossing the Chasm (a book by Geoffrey A. Moore)
- Why Software Is Eating The World (an article by Marc Andreessen)
- CNCF projects
- Project list
- Interactive landscape and trail map
- Licenses
- What would Dan like to see in the CNCF?
- Technical Oversight Committee Principles say it’s OK for overlapping projects
- Certification
- For people: Certified Kubernetes Administrator and Certified Kubernetes Application Developer; curriculum
- For distributions: Software Conformance
- KubeCon + CloudNativeCon
- Dan Kohn on Twitter
Adam and Craig end the year by talking to Jordan Liggitt, the member of the Kubernetes Product Security Team who fixed the recent critical security vulnerability in the Kubernetes API server. We also take a look at the news from KubeCon.
This is our last episode for 2018. Thank you for your support this year, and we’ll be back on the 8th of January!
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- etcd donated to the CNCF
- Chubby paper
- Raft paper
- Blog post on the relationship between Kubernetes and etcd by Gyuho Lee and Joe Betz
- Istio:
- Knative:
- Oracle Cloud Native Framework
- Microsoft:
- Digital Ocean Kubernetes now open to everyone
- Linode Kubernetes CLI
- VMware closes its acquisition of Heptio
- Quickfire Kubernetes security news
- NeuVector announced containerd and CRI-O runtime support in their container firewall
- Aqua’s Container Security Platform is now certified to cover the Kubernetes CIS benchmarks
- Lacework announced their configuration scanning platform covers Kubernetes
- Sysdig released Sysdig Secure 2.2, which adds Kubernetes audit events, and the ability to block deployments using Kubernetes admission controllers
- Twistlock released 18.11, which “introduces security visualization for Kubernetes, and compliance and security configuration checks for Istio, including new alerting integrations with PagerDuty, and cloud services
- Grafana Loki
- Maestro – A declarative, no-code approach to Kubernetes Day 2 Operators
- rbacsync
- PlanetScale announces funding
- Jordan’s suggested KubeCon talks to watch:
- OpenShift before Kubernetes in 2014
- Kubernetes Product Security Team
- CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections
- Answering questions on Stack Overflow
- Jordan Liggitt on Twitter, GitHub, Slack or Stack Overflow
The Envoy proxy, a universal data plane for Cloud Native, has just graduated as the third top-level project in the CNCF. Craig and Adam talk to its author, Matt Klein from Lyft, about modern load balancing for microservices and pragmatically avoiding “second system” syndrome.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections
- Microsoft Connect();
- AKS virtual nodes are in preview
- Virtual Kubelet joins CNCF
- GPU support for ACI
- ACS to be retired in favour of AKS
- Cloud Native Application Bundle
- DockerCon EU 2018:
- Hashicorp Vault 1.0
- Upbound introduce Crossplane
- Rook 0.9.0 — available you-guessed-where
- MicroK8s from Canonical:
- Envoy
- Recently graduated to top-level project at the CNCF
- Built at Lyft
- Replaces libraries like Finagle and Hystrix
- Introduction to modern network load balancing and proxying
- Envoy contributors
- Istio, built on Envoy
- Turning down the VC money: Why Matt isn’t starting an Envoy company
- Service mesh data plane vs. control plane
- Matt Klein on Twitter
- Matt’s blog
If you’re running on-prem, and you say set up a Service type=LoadBalancer, what happens? Does your cluster call your NOC and have them order you a Juniper router? MetalLB is a popular answer to that question. Your hosts discuss load balancing with MetalLB’s author, Google Cloud SRE David Anderson.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes 1.13 released
- Kubernetes is the most popular skill in tech, according to Indeed’s Hiring Lab
- Envoy graduates to a full CNCF project
- AWS re:Invent
- Istio on GKE released
- Agones 0.6.0 released
- MetalLB
- David Anderson on Twitter
Kontena Pharos is a Kubernetes distribution which “just works”, even on bare metal. Adam and Craig talk to Kontena’s CTO, Jari Kolehmainen on the decisions required to distribute Kubernetes and heating your house with bare metal.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Wayne
- Dive
- Weave Scope releases 1.10
- KubeCon US waitlist
- containerd Beta in GKE
- Cyber Monday savings on Kubernetes courses and certification from the Linux Foundation
- Kontena
- Kontena Pharos
- CoreOS Matchbox for PXE boot
- Heating houses with nerd power
- Jari Kolehmainen on Twitter
In some ways, China has a parallel Internet to the West. Is that Internet powered by Kubernetes? Of course! Joe Zou, PaaS Product Center Director at Tencent Cloud, talks to Craig and Adam about Kubernetes in China.
Thanks to our translator, Rae Wang.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
On the eve of the first KubeCon in China, your hosts talk to co-chair and Google software engineer Janet Kuo about the program, and her work with SIG Apps.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- VMware acquires Heptio:
- VMware blog
- Heptio blog
- Madrona blog (one of their investors)
- Pivotal blog
- Cisco integrates on-prem Kubernetes with Amazon Web Services
- Kontena launches Pharos 2.0
- Nabla Containers v0.2
- The Kubernetes API Server by Dominik Tornow and Andrew Chen
- CNI Plugins for Kubernetes by Steven Acreman
- The Beginners Guide to the CNCF Landscape
- IceCubeCon from Mesosphere
- Tweet us your puns!
TriggerMesh is a new serverless management platform built on top of Knative. Co-founder Sebastien Goasguen joins Adam and Craig to discuss serverless, and potential trips to space.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- James Acaster: Live or on Netflix
- Card game Gloom
- PC game Grim Fandango
- We’re on Spotify!
- Peter Benjamin’s list of Kubernetes resources
- TriggerMesh announced
- Istio 1.0.3
- Contour 0.7.0
- Peloton from Uber
- GSoC 2018: Building a Conditional Name Server Identifier for CoreDNS
- Azure news:
- Sebastien’s books: CloudStack, Docker, and Kubernetes Cookbooks
- Background:
- Kubeless, built with Nguyen Anh-Tu
- Other projects: Fission, Riff, Nuclio
- Knative
- TriggerMesh
- Sebastien Goasguen on Twitter
Sarah Novotny is Head of Open Source Strategy at Google Cloud and a board member of the Linux Foundation (the parent of the CNCF). She joins Craig and Adam to talk about the evolution of the Kubernetes community, governance models and Codes of Conduct, and how nascent open source communities can learn from it.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Cake!
- Lord’s Cricket Ground Tour
- The Play That Goes Wrong
- Bohemian Rhapsody
- Mr Robot (no link provided!)
- Castlevania and its video game
- IBM enters into agreement to acquire Red Hat:
- OpenShift Container Platform 3.11
- IBM Container Service now available in Milan, Italy
- Mirantis Cloud Platform Edge
- Mesosphere Kubernetes Engine
- Kubedex On-Prem and Dolos
- gRPC-Web has gone GA
- Whose Pod Is It Anyway?
- FoundationDB Summit announced
- CNCF planning “Global South” outreach
- OSCON
- Raven Rock - a book Sarah read while setting up the CNCF
- Conway’s Law
- Paxos and Byzantine Generals
- CNCF Code of Conduct
- We Don’t Do That Here by Aja Hammerly
- Sarah’s 2017 KubeCon NA talk
- Hiding behind a Viewmaster
- Julian Cash, photographer
- Find Sarah:
- at KubeCon China or Kubecon NA
- as sarahnovotny on Twitter or LinkedIn
Ubisoft and Google Cloud have extended Kubernetes to support dedicated game servers. Cyril Tovena, a Technical Lead from Ubisoft in Montreal, and Mark Mandel a Developer Advocate at Google Cloud, lead the project. They talk to Adam and Craig about what they had to do, the Agones community, and how you can apply it to your Enterprise Software.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes v2 Provider for Spinnaker
- KubeCon NA Contributor Summit
- The Forrester New Wave™: Enterprise Container Platform Software Suites, Q4 2018
- Kubernetes Steering Committee election resutls
- Kubernetes High Availability, by Dominik Tornow from SAP and Andrew Chen from Google Cloud
- Kubernetes Deep Dive by Nigel Poulton on A Cloud Guru, from listener mail
- 1.12 Release Retrospective by Tim Pepper from VMware
- Admiralty’s Multicluster Controller
- Best practices for building Kubernetes Operators and stateful apps by Palak Bhatia and Jun Xiang Tee from Google Cloud
- Pulumi raises $15M
GKE container-native load balancing enables Google Cloud load balancers to target Pods directly, rather than the VMs that host them, and to evenly distribute their traffic. Product manager Ines Envid and staff software engineer Neha Pattan explain how.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam meets Orlando
- Craig meets a Banksy
- GKE Private Clusters are GA
- Announcing Cloud NAT and Container-Native Load Balancing
- Amazon Elastic Container Service for Kubernetes now supports dynamic admission controllers
- Fast Kubernetes development with Skaffold 0.16.0
- New Cloud Foundry support for Kubernetes
- Managing Kubernetes from O’Reilly; sign up for a free e-book version courtesy of Heptio
- Days of Kubernetes 1.12 Past: Volume snapshots, RuntimeClass and topology-aware volume provisioning
- Kubedex: GKE vs EKS vs AKS vs IKS vs ACCSK
- New Relic acquires Coscale
- GKE container-native load balancing:
- Configuring services with an annotation to preserve source IP
- VPC-native clusters with Alias IPs
- Network Endpoint Groups
Steven Kim is an engineering manager at Google, based in New York City, working on the Spinnaker project. In a companion piece to last week’s episode about CI and CD, Steven talks to Craig and Adam about how Spinnaker evolved from VMs to Kubernetes and support for other cloud native technologies.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Evoland 2
- Stickers on the fridge
- Seat entertainment on Air New Zealand Link
- Last Week Tonight on the NZ flag
- Craig and Sir John Key
- Kubernetes for personal projects
- Cloud Native Buildpacks enter the CNCF Sandbox
- AWS Service Operator for Kubernetes
- Limited availability of DigitalOcean Kubernetes
- etcdadm from Platform9
- Introducing the Kubernetes Non-Code Contributors Guide
- Pulumi explores how Kubernetes deployments work
- Health checking gRPC services in Kubernetes with grpc-health-probe
- Teleport v3 adds Kubernetes support
- Steven Kim on Twitter
- Spinnaker
- Slack
- Forums, please don’t troll
- Spinnaker Summit
Andrew Phillips (PM) and Lars Wander (Software Engineer) from Google Cloud talk to Adam and Craig about the difference between CI and CD, and how to apply these processes to your release and rollout processes.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes 1.12 released
- Kubecon NA 2018 schedule announced
- Rook moves to CNCF Incubator
- GSoC: Extending fuzzing coverage of Envoy
- News from Microsoft Ignite:
- The New Stack suggests the best CI/CD tool for Kubernetes doesn’t exist
- Weaveworks named the category of GitOps
- Jenkins X; Kubernetes-friendly Jenkins
- Spinnaker
- Lars Wander
- Andrew Phillips
Dawn Chen, TL for SIG-Node and the Google Kubernetes Engine node team, joins Craig and Adam this week. She has worked on containers and container schedulers since 2007 - not a typo. We also bring you the news, in part from the echo chamber of Google Cloud Summit in Sydney.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Stickers!
- Google Cloud Summit in Hong Kong
- Google Cloud Next in London
- Gartner Symposium Orlando
- KubeCon Shanghai
- NetApp acquires StackPointCloud
- Cloud news:
- GSoC: katacontainer support in containerd, by Jian Liu
- linkerd 2.0 is GA
- Cortex added to the CNCF sandbox
- Red Hat OpenShift Service Mesh, based on Istio
- Microservice observability with Istio at Trulia
- Contour 0.6 from Heptio
- Dawn Chen on GitHub
- The Borg paper
- Process containers (later ‘cgroups’):
- The first submission of containers to the Linux kernel
- Early coverage of process containers
- Paul Menage’s 2007 paper “Adding Generic Process Containers to the Linux Kernel”
- Dawn’s first job: tracking processes. Each job had its own GID - she would use netlink connection tracking to map processes and threads to GIDs, and, using procfs, figure out CPU and memory usage.
- Dawn’s second job: adjusting CPU usage using nice
- Today we just use memcg
- Fake NUMA - cut a machine into big chunks and assign them to groups of processes.
- Linux Plumbers Conference
- lmctfy - Let Me Contain That For You
- In case you don’t get the joke
- It’s like runc and containerd
- SIG Node
- Node and lifecycle management
- Application management
- Container runtimes and kubelet
- Node problem detection
- Resource management
- GPU & TPU
- Security isolation
- gVisor and Sandbox Pods
- Logging and monitoring
- Was SIG Node the first SIG?
- Tied with SIG API Machinery
- How did we get to CRI?
- Container RuntimeHandler, so some pods can run with one runtime and some with another
This week, your hosts talk to Ihor Dvoretskyi, Developer Advocate at the Cloud Native Computing Foundation, about SIG-PM, the Special Interest Group for Kubernetes Program, Product and Project Management.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Tensor Processing Units (TPUs for short) are now available in Beta from Google Kubernetes Engine
- Tom Gallacher’s heart rate admission controller
- CNCF case study on Northwest Mutual Bank
- Pulumi released their Cloud Native SDK
- Join the Kubernetes 1.13 release team!
- Run Akka Cluster in Kubernetes
- Elliot Forbes’ See-CAD notes
- Advanced health check patterns by Ahmet Alp Balkan
- Sysdig raises $68.5M
- Ihor Dvoretskyi on Twitter or GitHub
- SIG-PM - Program, Product and Project Management
- SIG-PM Intro Talk from KubeCon EU 2018
Justin Garrison is both a student and a teacher. A senior systems engineer in the media industry, he has boiled his experience and wisdom, as well as that of his co-author Kris Nova, into the book Cloud Native Infrastructure. He talks to Craig and Adam about the Kubernetes community and the process of writing.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- KubeCon NA ‘17 keynote: Your Philips Hue Light Bulbs Are Turned On By Kubernetes by Mark van Straten
- Philips Lighting case study on Google Cloud
- Cisco Hybrid Cloud Platform for Google Cloud is now generally available
- Enter the Cisco & Google Cloud Challenge! Win things!
- Consul + Kubernetes from Hashicorp
- Open Match announced by Google Cloud and Unity
- Agones 0.4.0 released
- Couchbase Autonomous Operator
- Amazon EKS now available in Ireland
- Platform9 introduces spot instance arbitrage
- External DNS 0.5.6 released
- Red Hat on Kubernetes and application servers
- mintCast, which featured Justin a long time ago
- Cloud Native Infrastructure book: website and O’Reilly
- Justin’s last KubeCon talk: Let’s Build Kubernetes, With a Spreadsheet and Volunteers!
- Justin Garrison on Twitter and GitHub
- Justin’s blog
Liz Rice from Aqua Security builds penetration testing tools for Kubernetes by day, and runs the KubeCon program by night. Adam and Craig dig into both topics.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam went to Battle Ground Lake State Park
- Adam and Craig are both going to Google Cloud Next in Tokyo (September 19-20)
- Craig is also going to Google Cloud Summits in Singapore (September 13), Sydney (September 26) and Hong Kong (October 10)
- Google Cloud grants $9M in credits for the operation of the Kubernetes project
- The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience
- CNCF to host TiKV in the Sandbox
- New CNCF members
- CNCF Survey
- Istio 1.0.1
- Forbes contributor Janakiram MSV on Cloud Native
- Amazon adds support for Horizontal Pod Autoscaler
- Kontena 1.3.0
- Aqua Security
- kube-bench
- kube-hunter:
- KubeCon & CloudNativeCon:
What does it take to support Kubernetes for other users? Kenneth Massada, a lead for GKE support at Google Cloud, tells Craig and Adam his story.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Adam lives in Seattle, which is on fire
- Craig baked some tasty cookies
- Using this recipe
- But not using Vegemite, British Marmite or New Zealand Marmite, which are three totally separate things. Only one of which is nice.
- Hint: it’s the last one
- 2018 Kubernetes Steering Committee Elections
- Binary Authorization on Google Kubernetes Engine
- kube-hunter from Aqua Security
- Kubernetes issues and solutions from Alexander Lukyanchenko at Avito
- Cilium 1.2 released
- James Lee’s blogs on Kubernetes networking
- Amazon EKS supports GPU-Enabled EC2 instances
- etcd is hard:
- Configuration flags
- OpenAI suggestions on scaling Kubernetes to 2,500 nodes includes a separate events database
- Kubernetes docs on configuring and upgrading etcd
- Tina and Fred from Google SRE also discussed etcd on Episode 9
- (Or use GKE, where we do it all for you)
- Other hard concepts:
- apiVersion: is hard
- spec: is hard
- Liveliness and readiness probes - don’t make them the same!
- Joe Beda thinks of YAML as machine code in Episode 12
- What would Ken like to see changed in Kubernetes?
- Affinity and anti-affinity rules and topology keys
- Kenneth Massada on Twitter
Jon Pulsifer is a Production Security Engineer at Shopify, and Canada’s biggest Kubernetes fan. Adam and Craig dig into why, and what Adam’s new mode of transport is going to be.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Sling TV using Kubernetes
- MITMproxy, Charles and Fiddler
- Adam has a lot of EconoLodge points
- Not as many as Software Defined Talk hosts Matt Ray and Michael Coté
- Craig thinks he should spend them on the Pepsi jet as seen in this wonderful video
- Service Networking in a Hybrid Infrastructure by Praveen Shukla from GoJek
- KubeCon and CloudNativeCon China
- 7 best practices for operating containers by Théo Chamley from Google Cloud
- kustomize on Homebrew for macOS
- Understanding the Container Storage Interface (CSI) by Anoop Vijayan Maniankara
- The Istio 1.0 Release Stream or jump straight to the part with Dan Ciruli from episode 15
- Royal Canadian Navy - Canadian Forces NOC
- SANS institute and instructors
- Jon Pulsifer is a Production Security Engineer at Shopify
- Shopify’s adopting Kubernetes and Google Cloud
- The evolution of Kubernetes security
- Before RBAC, you used to have to mount an empty directory over the service account to disable access to it
- seccomp and AppArmor
- RBAC
- PodSecurityPolicy
- gVisor and Kata Containers
- Planning for Secure Container Isolation in Kubernetes
- RuntimeClass enhancement proposal
- Binary Authorization
- Launch blog post
- Kritis - open source reference implementation of Binary Authorization (the judge)
- Grafaes - API spec for Container Analysis API
- Shopify Voucher, a tool that creates attestations for Binary Authorization and prevents the deployment of images that don’t meet Shopify’s security requirements.
- Jon’s talk on Binary Authorization at Google Cloud Next: Securing the Software Supply Chain
- Shopify’s $25,000 Kubernetes bug bounty payout
- Getting started with security by reading kubesec.io
- Around Ottawa
- Jon Pulsifer on Twitter
Tim Kelton is co-founder and cloud architect for Descartes Labs. Prior to starting Descartes Labs, he was a R&D engineer for 15 years at Los Alamos National Laboratory, working on problem areas such as deep learning, space systems, nuclear non-proliferation, and counterterrorism. Tim talks to Craig and Adam about the use of Kubernetes and Istio in geopolitics, machine learning and food supply.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Cloud Native Computing Foundation Announces Prometheus Graduation
- OpenMetrics project accepted into CNCF Sandbox
- An Exciting New Direction for the Kubic project
- Demystifying RBAC in Kubernetes
- Kubebuilder 1.0 scaffolds (with a C) Kubernetes APIs and operators
- Operator Lifecycle Management - it’s operators all the way down
- Descartes Labs
- Beowulf clusters (a Slashdot meme)
- Omega and Borg papers
- Mountain biking in Sedona
- Descartes Labs Python client
- SRE books:
- Site Reliability Engineering
- The Site Reliability Workbook - free until August 23
- Descartes Labs talks from Cloud Next ‘18:
- SRE Quality Operations for Your Services Using the Istio Service Mesh & Stackdriver - with Tim Kelton and Jay Judkowitz from Stackdriver Service Monitoring
- How Computers See the Earth: A ML Approach to Understanding Satellite Imagery with Kyle Story
- Building Multi-Tenancy ML Applications with GKE and Istio to Better Understand the Earth with Tim Kelton and Sam Skillman
- Descartes Labs GeoVisual Search - find the squares on the globe that look most like a given square
- Tim Kelton on Twitter
Istio has hit 1.0, and there’s no-one better to tell you about it than Jasmine Jaksic and Dan Ciruli from Google Cloud. Adam and Craig bring you this, as well as the news from the ecosystem.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes now in Docker Desktop
- Harbor enters the CNCF sandbox
- Azure Metrics Adapter
- CloudBees Core GA on AKS
- Red Hat OpenShift Container Platform 3.10
- Codefresh Enterprise
- Synchronizing Kubernetes secrets with LastPass at Upside
- Istio nightly on EKS at Tetrate
- Announcing Istio 1.0
- SRE Quality Operations for Your Services Using the Istio Service Mesh and Google Stackdriver, featuring Tim Kelton from Descartes Labs (who presented at the Toronto event two years ago, and has been using Istio in production since 0.2)
- Google’s Cloud Services Platform
- Istio à la carte; a presentation by Dan
- Istio and the future of service meshes; an article by Jasmine
- The Istio project:
- The URL (The IP address is 104.198.14.52)
- Community page, listing Google Groups
- Rocket Chat for users
- Jasmine Jaksic and Dan Ciruli on Twitter
One of the most interesting announcements from Google Cloud Next was Knative, a framework for building serverless products on top of Kubernetes. Craig and Adam talk to Google Director of Product Management, Oren Teich, about the launch.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Google’s Cloud Services Platform:
- Recapping GKE On-Prem and Knative
- Cloud Services Platform session video with Chen Goldberg and Aparna Sinha
- Google Cloud Build
- GitHub integration
- Knative analysis:
- Visual descriptions:
- Kubernetes blog posts:
- Oren Teich on Twitter
- About Knative:
- Google Cloud Next videos:
- Serverless at Google Cloud, with Oren Teich
- High-level video intro to GKE Serverless add-on and Knative, with DeWitt Clinton and Ryan Gregg
- Developer video intro to Knative, with Ville “Fifth Beatle” Aikas and Mark Chmarny
- IBM “Zed Series”
Learn about the announcements from Google Cloud Next, including GKE On-Prem, Cloud Services Platform, and Istio 1.0. Google’s product management lead for Kubernetes and CNCF governing board member Aparna Sinha joins Adam and Craig to discuss what’s new.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
Joe Beda, Craig McLuckie and Brendan Burns are considered the “co-founders” of Kubernetes; working with the cluster management teams at Google, they made the case that their implementation of the Borg and Omega patterns should become a proper product. Joe and Craig now run Heptio, a company working to bring Kubernetes to the enterprise. Your hosts talk to Joe Beda about the history of Kubernetes, creating a diverse company, and what exactly is wrong with YAML.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Minimal Ubuntu
- Sysdig security blog series
- Why Red Hat think Kubernetes is the new application server
- Deep dive blog posts for Kubernetes 1.11:
- Interview transcript blog post for Episode 10 with Josh Berkus and Tim Pepper
- Elastifile announce Kubernetes and Tensorflow integration
- Heptio Ark v0.9.0
- Joe Beda on Twitter
- Heptio
- 4 years of Kubernetes blog post
- Heptio open source projects:
- What’s wrong with YAML?
- TGI Kubernetes video series
Helm and its Charts help you manage Kubernetes applications. Vic Iglesias, a Solutions Architect at Google Cloud, is a maintainer of the Helm charts repository. He talks to Craig and Adam about how people are using Helm, and where the project is going.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
A special extended episode going deep on the process of releasing Kubernetes, and this week’s 1.11 release in particular. Hear from Josh Berkus from Red Hat and Tim Pepper from VMware, release manager and shadow release manager for Kubernetes 1.11, on how a release team is put together, the good and the bad of 1.11, and how Kubernetes is like a pastry oven.
Don’t you think it’s about time you said hello?
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Kubernetes 1.11 released
- VMware Kubernetes Engine
- Google Cloud Filestore, for hosted NFS on GKE
- The plan for Helm 3
- Consul Connect service mesh
- SIG-Release
- Release calendar for 1.11
- Feature branches
- SIG-Scalability
- Breaking changes in release notes
- Priority and preemption enabled by default
- JSON decoders should be case sensitive
- Bug triage lead
- Growing In Your Contributor Role from Tim at KubeCon EU
- Last Week in Kubernetes Development from Josh
Craig and Adam from the Kubernetes Podcast talk to Tina and Fred from Google Cloud Site Reliability Engineering (SRE) about managing GKE and what lessons you can take to your own clusters.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Paul Ingles on standardising on Kubernetes
- GPUs as a service with Kubernetes Engine are now generally available
- Rackspace and HPE announce private Kubernetes as a service
- GitLab:
- SUSE CaaS Platform 3
- Announcing Fedora CoreOS
- Lacework study finds 300 unsecured container orchestration dashboards
- Google and Unity announcement
- 19 new CNCF members
- Stories from the Playbook, Tina and Fred’s talk from KubeCon Copenhagen
- The Google SRE Book
On this week’s Kubernetes Podcast, your hosts talk to Maya Kaczorowski from Google Cloud about Kubernetes security, and look at announcements from Microsoft, Docker, Cisco and Spotify.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Microsoft Azure Kubernetes Service goes GA
- IBM launch multi-zone clusters
- Dockercon:
- Cisco Live announcement on CCP, Kuberenetes, and Cloud partnership
- How Spotify is migrating from an in-house Docker orchestration platform to Kubernetes
- Kromtech article on cryptojacking
- Security scanning tools:
- Kubernetes secrets
- Cluster hardening guides:
- Exploring Container Security blog series
- Overview by Maya Kaczorowski
- Node and container operating systemes by Aditya Kal and Dan Lorenc
- Digging into Grafeas container image metadata by Felix Glaser and Wendy Dembowski
- Protecting and defending your Kubernetes Engine network, by Manjot Pahwa, Ahmet Alp Balkan and Bowei Du
- Running a tight ship with Kubernetes Engine 1.10 by Aaron Small and Vic Iglesias
- Using Cloud Security Command Center (and five partner tools) to detect and manage an attack by Maya Kaczorowski and Andy Chang
- Isolation at different layers of the Kubernetes stack by Tim Allclair and Maya Kaczorowski
- @MayaKaczorowski on Twitter
This week on the Kubernetes Podcast from Google, Craig and Adam give you the low down on new GKE features and talk to Phillip Wittrock about Kustomize.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Regional clusters in Google Kubernetes Engine are now generally available
- How to deploy geographically distributed services on Kubernetes Engine with kubemci
- Kubernetes tools for Visual Studio
- Helm becomes a CNCF hosted project
- Deploying to Google Kubernetes Engine
- Amazon EKS is now generally available
- Kubernetes Best Practices: Upgrading clusters with zero downtime
- Kustomize
- Phillip Wittrock and Jeff Regan on GitHub
On this weeks Kubernetes Podcast, Adam and Craig talk to Matt Rickard about Skaffold.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
This week, Craig and Adam bring the news from Google Kubernetes Engine and elsewhere, and talk to SIG-Docs leads Zach Corleissen (from the CNCF) and Jared Bhatti (from Google).
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Google Cloud has updated Kubernetes Engine to bring Kubernetes 1.10 to General Availability
- container-dee’s new 1.1 release is now generally available for use in Kubernetes
- New CNCF Sandbox projects:
- SAP launches “Gardener”, an open source tool for managing and updating multiple Kubernetes clusters
- Happy Birthday Istio!
- CloudOps joins the Kubernetes Training Partner program
Guests:
Links:
On this weeks Kubernetes Podcast, your hosts talk to JD Velasquez from Google Cloud about Stackdriver Kubernetes Monitoring; a new product that brings first-class Kubernetes monitoring and Prometheus support to the Stackdriver monitoring and observability suite.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Rackspace announced Kubernetes-as-a-Service
- Cisco patches for their Digital Network Architecture Center
- eSecurityPlanet interview with Brandon Philips, about how Kubernetes responds to security threats
- Kubernetes The Hard Way updated for Kubernetes 1.10
- Kiali, observability for Istio:
Stackdriver Kubernetes Monitoring:
On this weeks Kubernetes Podcast, Adam and Craig talk to Nicolas Lacasse and Yoshi Tamura from Google Cloud about gVisor, a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It provides an isolation boundary between the application and the host kernel and integrates with Docker and Kubernetes, making it simple to run sandboxed containers.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Microsoft announced four new features to AKS
- Microsoft and Red Hat announced the upcoming Managed OpenShift on Azure.
- Red Hat announced roadmap for CoreOS integration.
- Mirantis has announced “Virtlet”, which enables customers to run VMs as pods in a Kubernetes cluster.
- Kubernetes Ingress Controller is now available for Kong
- Techcrunch took a look at how Kubernetes is creating a broad ecosystem for startups.
gVisor:
Craig and Adam bring you the news from KubeCon and an interview with Kubeflow product manager David Aronchick from Google.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Certified Kubernetes Application Developer from CNCF
- Kubernetes Training Partners from CNCF
- Red Hat’s CoreOS team launch the Operator Framework
- Kafka operator from Confluent
- Digital Ocean’s new Kubernetes service
- Craig’s KubeCon keynote video with Google’s announcements
- Datadog container map view
- Upbound emerges from stealth, raises $9M from GV to build a multicloud platform on Kubernetes
- Kubeflow:
- David Aronchick on Twitter
In this first episode your hosts introduce the show, give an update to the news of the week, and interview Kubernetes community manager Paris Pittman.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod