Kubernetes Podcast from Google

Xander Grzywinski is a Senior Open Source Product Manager at Microsoft and the Kubernetes 1.27 release lead.

We interviewed Xander to explore some highlights from the release, and discuss a bit about what it’s like to work with the release team.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

Traefik Labs Launches Traefik Hub

Software Supply Chain Security Assessment:

• Prometheus

• Argo CD

CNCF Spring 2023 Cloud Native Ambassadors

Updates to the Auto-refreshing Official CVE Feed

What’s New in Red Hat OpenShift Virtualization 4.12

Azure Kubernetes upgrades and Long Term Support

KubeCon SHANGHAI, CHINA is back on Sept 26-28, 2023

• CFP Closes on June 18, 2023

KubeCon NA takes place on Nov 6-9, 2023 in Chicago, Illinois

• CFP Closes on June 18, 2023

KubeCon EU 2024 takes place on Mar 19-22 in Paris, France

Introducing Sessionize: a new CFP platform for CNCF events

Manage Amazon EKS Clusters with New VMware Tanzu Mission Control Features

Google Cloud turned profit for the first time according to the earning call of Q1 2023

Xander Grzywinsk:

• Twitter

• LinkedIn

Pod Security Policies

KEP 753: Sidecar containers

Kubernetes 1.27 Release team

Kubernetes 1.27: Chill Vibes

Freeze k8s.gcr.io image registry

Kubernetes Vertical Pod Autoscaler

Kubernetes Removals and Major Changes In v1.27

Kyverno — verify Kubernetes control plane images

Kubernetes 1.27: StatefulSet PVC Auto-Deletion (beta)

Kubernetes 1.27: Query Node Logs Using The Kubelet API

Kubernetes 1.27: Efficient SELinux volume relabeling (Beta)

Kubernetes 1.27: StatefulSet Start Ordinal Simplifies Migration

Kubernetes 1.27: Introducing An API For Volume Group Snapshots

Kubernetes 1.27: Quality-of-Service for Memory Resources (alpha)

Kubernetes 1.27: Vertical Pod Autoscaler supporting in-place updates

Kubernetes 1.27: Server Side Field Validation and OpenAPI V3 move to GA

Kubernetes 1.27: More fine-grained pod topology spread policies reached beta

Kubernetes 1.27: Single Pod Access Mode for PersistentVolumes Graduates to Beta

Kubernetes 1.27: HorizontalPodAutoscaler ContainerResource type metric moves to beta

GKE Workload rightsizing

Paris Pittman is a Senior Program Manager at the Open Source Program office at Apple. A Prominent Kubernetes and CNCF member who served many roles with a focus on community and governance. Paris was on some key milestones for this show. First appearance was on Episode 1 and later on Episode 100. So we could not be happier to have Paris back in Episode 200. We discussed how Paris got started with community work and how the experience has been. Paris shared with us some words of wisdom on the power of working with others and the importance of moving on.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

KCD Amsterdam Retro

AWS announced Data on EKS

Kubecon EU 2023 “Security Village”

Podman desktop released version 0.14

Keycloak joined CNCF as an incubating project

Kubernetes v1.27 code name Chill Vibes was released

The CNCF “Cloud Native Explorers” - Amsterdam Edition

CNCF white paper on Platforms for Cloud Native Computing

GKE Autopilot is now the default mode of operations for new clusters

Paris Pittman:

• Linkedin

• Twitter

• Mastodon (@paris@hachyderm.io)

OSCON 2016

Sarah Novotny

Kaslin is a new chair of SIG contribX

In this episode we bring you with us to Southern California Linux Expo, or SCaLE20x in Pasadena, California. We interviewed several attendees about their experience at the conference.

Featuring:

• Robin Phantomhive, attendee at SCaLE and community member

• Mofi Rahman, Developer Advocate at Google

• Fatima Sarah Khalid, Dev Evangelist at GitLab

• Bryan Behrenshausen, Open Source Program Manager at GitLab

• Laura Santamaria, Geek with an achievement streak at Dell

• Jeff Deifik, Cybersecurity at Aerospace Corp

• Jill Bryant Ryniker of LWDW and the Destination Linux Podcast

• Bill Schouten of Tux Digital and the Sudo Show Podcast

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

• Chainguard contributes Rekor Search Project to Sigstore

• Docker and Ambassador Labs Announce Telepresence for Docker, Improving the Kubernetes Development Experience

• Docker, Inc. Celebrates 10th Anniversary With Alliances

• Oracle Cloud Infrastructure to Increase the Reliability, Efficiency, and Simplicity of Large-Scale Kubernetes Environments at Reduced Costs

• cdCon / GitOpsCon Schedule

• Crossplane Security Audit

• Crossplane completes fuzzing security audit

• Improving Security by Fuzzing the CNCF landscape

• Report

• Destination Linux Podcast

• LWDW

• LinuxChix LA

• Sudo Show Podcast

• Tux Digital

• Creating a cluster with kubeadm

David Flanagan is a developer, educator and technology enthusiast with a special interest for Kubernetes and Cloud Native technologies. David is the founder of Rawkode Academy, an online platform aiming at teaching kubernetes to developers.

One of the popular shows on RawKode is Klustered. Where david invites people to fix broken kubernetes clusters, learn a thing or two and have a laugh

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

Istio Ambient Mesh merged into the main branch

Kubernetes 1.27 changes and removals

k8s.gcr.io to registry.k8s.io redirect

Preview support for pod sandbox on Azure Kubernetes Services

Katacontainers

Docker apologies for handling Free Teams deprecation

Schedule for CNCF-hosted and colocated events is up

Kubernetes WithOut Kubelet

CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes

David Flanagan

• Twitter

• Linkedin

• RawKode Academy

• Klustered

How Spotify Accidentally Deleted All its Kube Clusters with No User Impact - David Xia

You probably DON'T need a service mesh

Klustered episode with Abdel and Marek

Docker first release at PyCon 2013

KubeHuddle 2023 Toronto

Kubernetes Failure Stories

Kubelete runOnce flag

Cilium Hubble

Telnet Talkers

Teamrock

MUD's

eBPF

Emily Fox is a security engineer @Apple Cloud Services, a CNCF Technical Oversight Committee member and co-chair for a bunch of CNCF events including recently the Cloud Native Security Conference in Seattle.

We had a chance to talk to Emily about the first edition of the CNSC 2023, her involvement with the CNCF community. Her role as a security engineer and some career discussions.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

KubeEdge v1.13.0 released on January 18, 2023, achieves SLSA 3 compliance

SLSA 3 compliance

KubeVela brings software delivery control plane capabilities to CNCF Incubator

GKE Updates:

• Balanced compute classes are now offered in GKE Autopilot

• GKE Autopilot now supports exposing randomly assigned host ports for pods

• GKE has started offering ephemeral storage with local SSDs

• Added support for Windows Server 2022 nodes

AWS announced the availability of AKS anywhere on Snowball Edge Devices

Sysdig released their 6th annual Cloud Native Security and Usage Report.

Rebooting the Cloud Native Hamburg community group

KubeCon EU Amsterdam Schedule

Katacoda Kubernetes tutorials shutdown

LFX Internships for WASMEdge

Kubernetes Community Days (KCDs):

• Upcoming CFP deadlines:

• KCD Italy CFP closes February 20 2023 (in-person)

• KCD Czech + Slovak CFP closes March 1, 2023 (in-person)

• KCD Bangaluru CFP closes March 20, 2023 (in-person)

• KCD Zurich CFP closes March 31, 2023 (in-person)

• KCD Colombia CFP closes March 31, 2023 (in-person)

• Check out upcoming KCDs that might be in your region:

  • Sponsorship opportunities are available

  • Donation Prospectus available for review

• KCD Israel 2023, Mar 23, 2023

• KCD LA, Mar 9, 2023

• KCD Pakistan (Islamabad), February 20, 2023

• KCD Netherlands (Amsterdam), February 23-24, 2023

• KCD France (Paris), March 7, 2023

• KCD Los Angeles, March 9-10, 2023

• KCD Ukraine Virtual Fundraiser, March 16, 2023

Emily Fox:

• Twitter

• Linkedin

Cloud Native Security Con Youtube Playlist

How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo

eBPF

CIA Triad

Waterfall development

Cloudcareers.dev podcast

Rory McCune on twitter

Software Supply Chain Security

Emily Fox on SBOM

Emily Fox on SDLC

Shift Left Security: Best Practices for Getting Started

Episode 196 with Benjamin Elder

CNSC 2023 seattle guests

• David Wolf

• Eric Knauer

• Liz Rice

• Mitch Connors

• Josh Knarr

• Nick Young

• Taylor Dolezal

Frederick Kautz on SPIFFE/SPIRE

Chris Aniszczyk's Blog

The Falco Project

Cilium Tetragon

Pixie

Aviatrix

Keylime

Google Anthos

Beyond Cluster-Admin: Getting Started with Kubernetes Users and Permissions - Tiffany Jernigan

Standardization & Security - A Perfect Match - Ravi Devineni & Vinny Carpenter, Northwestern Mutual

CSI Container: Can You DFIR It? - Alberto Pellitteri & Stefano Chierici, Sysdig

Cloud Native Security Con Eu 2023

CNCF TOC

Benjamin Elder is a Senior Software Engineer at Google, a Kubernetes SIG Testing Chair & Tech Lead, and a Kubernetes Steering Committee member. In this episode we got to chat with Benjamin about the new kubernetes registry migration from k8s.gcr.io to registry.k8s.io. We also had an opportunity to discuss the community, the various SIG's (Special Interest Groups) Benjamin is involved with the amount of work needed to drive the project forward.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

Google Developer Experts program.

ChatGPT.

OpenAI Case Study.

Kubernetes Jobs API.

Job Tracking, to Support Massively Parallel Batch Workloads, Is GA in kubernetes 1.26.

Stateful apps on Kubernetes.

Kelsey Hightower's take on Databases on Kubernetes twitter space.

Kubernetes Resources Model

Linkerd published a 2022 recap

The CNCF Cloud Native Maturity Model

The CNCF Cloud Native Maturity Model website

Using Amazon EKS with Google Workspace identities

CNCF Ambassador 2.0 program

Cloud Native Security Con NA 2023 (website - recordings)

The CNCF important updates for KubeCon + CloudNativeCon 2023 and co-located events

Kubernetes 1.26 news:

• https://kubernetes.io/blog/

• Eviction policy for unhealthy pods guarded by PodDisruptionBudgets:https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/

• Retroactive Default StorageClass: https://kubernetes.io/blog/2023/01/05/retroactive-default-storage-class/

• Alpha support for cross-namespace storage data sources: https://kubernetes.io/blog/2023/01/02/cross-namespace-data-sources-alpha/

• Advancements in Kubernetes Traffic Engineering: https://kubernetes.io/blog/2022/12/30/advancements-in-kubernetes-traffic-engineering/

• Job Tracking, to Support Massively Parallel Batch Workloads, Is Generally Available: https://kubernetes.io/blog/2022/12/29/scalable-job-tracking-ga/

• CPUManager goes GA: https://kubernetes.io/blog/2022/12/27/cpumanager-ga/

• Pod Scheduling Readiness: https://kubernetes.io/blog/2022/12/26/pod-scheduling-readiness-alpha/

• Support for Passing Pod fsGroup to CSI Drivers At Mount Time: https://kubernetes.io/blog/2022/12/23/kubernetes-12-06-fsgroup-on-mount/

• GA Support for Kubelet Credential Providers: https://kubernetes.io/blog/2022/12/22/kubelet-credential-providers/

• Introducing Validating Admission Policies: https://kubernetes.io/blog/2022/12/20/validating-admission-policies-alpha/

• Device Manager graduates to GA: https://kubernetes.io/blog/2022/12/19/devicemanager-ga/

• Non-Graceful Node Shutdown Moves to Beta: https://kubernetes.io/blog/2022/12/16/kubernetes-1-26-non-graceful-node-shutdown-beta/

• Alpha API For Dynamic Resource Allocation: https://kubernetes.io/blog/2022/12/15/dynamic-resource-allocation/

• Windows HostProcess Containers Are Generally Available: https://kubernetes.io/blog/2022/12/13/windows-host-process-containers-ga/

• We're now signing our binary release artifacts!: https://kubernetes.io/blog/2022/12/12/kubernetes-release-artifact-signing/

Benjamin Elder

• LinkedIn

• Github

• Twitter

Kubernetes Steering Committee

Kubernetes SIG Testing

Kubernetes IN Docker (KIND)

Benjamin on the podcast episode 96

Paris Pittman

• LinkedIN

• Twitter

Kubernetes registry move from k8s.gcr.io to registry.k8s.io

• Archeio is the tool used to redirect to GCR or S3 depending on the client.

• The design of how requests are handled.

• Doc detailing the background of this migration.

Kubernetes SIG Contributor Experience

Kubernetes Slack channel

Leonard Pahlke is not only the Release Lead for Kubernetes v1.26, he's also a co-chair of the CNCF TAG for Environmental Sustainability and a student working toward a Master's Degree in Computer Science at the Hamburg University of Applied Sciences. In this episode, Leonard talks with us about Open Source contribution, environmental sustainability, and Kubernetes v1.26.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

The 1.23 Release team (where Kaslin was a comms shadow)

Shoutout to Kunal Kushwaha, another Kubernetes contributor who started out as a student, and who advocates for students in the community via his YouTube channel & more.

KubeCon EU 2023 (which will have a student track as part of the schedule)

KubeCon Diversity and Inclusion Scholarships

Kubernetes Removals, Deprecations, and Major Changes in 1.26

AWS ReInvent 2022

AWS YouTube Channel

Control Plane Logs added for GKE

Gateway Controller for Single Clusters reaches GA for GKE

Prometheus Turns 10

Prometheus Training

Prometheus Documentary by HoneyPot

Move to registry.k8s.io

Leak Signal Micro-waf

CNCF Maintainer Track changes

Leonard Pahlke’s Blog

Leonard Pahlke blog about contribution: Start Contributing to Open Source Projects

Leonard Pahlke CNCF WG Environmental Sustainablity Blog Post

TAG Environmental Sustainability GitHub

Specific 1.26 changes mentioned:

• Kubernetes 1.26: We're now signing our binary release artifacts!
• Kubernetes 1.26: Windows HostProcess Containers Are Generally Available
• CEL for Admission Control KEP
• In-tree Storage Plugin to CSI Migration - Azurefile
• In-tree Storage Plugin to CSI Migration - vSphere
• In-tree storage plugin removals for GlusterFS and OpenStack, and more, are outlined in the “Kubernetes Removals, Deprecations, and Major Changes in 1.26” blog

Kubernetes Enhancement Proposals (KEPs)

Kubernetes v1.26 Electrifying Release Blog

List of Kubernetes SIGs

Kubernetes Release Team Shadow program

Louis Bailleul is a Chief Enterprise Architect at PGS. After years of running highly-ranked super computers to process PGS’ seismic data, Louis’s team at PGS has lead a transition to Google Cloud. Listen in to learn about HPC in Google Cloud with GKE, and to explore using Kubernetes to do processing on vessels at sea!

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Listen to the KubeCon NA 2022 recap episode

• Docker + Wasm
• Istio control plane vulnerability CVE-2022-39278
• KubeFlow joins CNCF as an Incubating Project
• CNCF Backstage course
• CNCF Istio intro course

• PGS
• A picture of a PGS vessel
• PGS post from 2021 about their supercomputing rankings and transition to Google Cloud
• Top500 List
• Kubernetes Custom Resources (CRDs)
• Scaling Kubernetes to Thousands of CRDs
• Google Cloud Spot Instances
• Google Cloud Preemptible VM Instances
• Google Cloud - Manage capacity and quota
• KubeCon NA 2019: How the Department of Defense Moved to Kubernetes and Istio - Nicolas Chaillan
• Bare Metal K8s Clustering at Chick-fil-A Scale by Brian Chambers, Caleb Hurd, and Alex Crane

In this episode we bring you with us to KubeCon NA 2022 in Detroit, Michigan. We interviewed 15 attendees from various backgrounds and learned some cool insights.

Featuring:

• Mo Khan, Software Engineer, Microsoft.
• Katrina Verey, Senior Staff Production Engineer, Shopify.
• Aishwarya Harpale, Student, Rutgers University.
• Jeffery Sica, Principal Developer Experience Engineer, CNCF.
• Kirsten Schumy, Software Engineer, AWS.
• John-Paul Robinson, HPC Architect, University of Alabama at Birmingham.
• Madhav Jivrajani, Software Engineer, Vmware.
• Leigh Capili, Developer Advocate, Vmware Tanzu.
• Nim Jayawardena, Developer Programs Engineer, Google.
• Charlie Yu, Developer Programs Engineer, Google.
• Ahrar Monsur, Developer Programs Engineer, Google.
• Mickey Boxell, Product Manager, Oracle.
• Eddie Zaneski, Software Engineer, Chainuard.
• Andy Piggott, Chief Product Officer, Section.
• Logan Smith, Director of Business Development, GrafanaLabs.
• Brian Dorsey, Developer Advocate, Google - Shoutout for recommending the microphones for interviews.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• CrowdStrike cryptojacking finding
• Skaffold v2 Generally Available
• GKE Security Posture Dashboard
  • Blog
  • Video
• Cdk8s+ from AWS
  • Blog
  • Project page
• CNCF Sandbox project application information
• Istio becomes a CNCF Incubating project
• Cert-manager becomes a CNCF Incubating project
• Cisco OpenClarity
• Kube-router bug
• Google Cloud Next Wrap-Up
• Microsoft Ignite highlights blog
• Cloud Native SecurityCon
• Linux Foundation partnership with Razom for Ukraine

• Kubernetes SIG Auth
• Kubernetes SIG API Machinery
• FluxCD
• Online Boutique Sample App
• Kubernetes SIG-CLI
• Cloud Native 101: Motor City Edition by Bob Killen and Jeffrey Sica
• Consumers to Contributors by Brendan O’Leary
• Kubernet-Bees: How Bees Solve the Problems of Distributed Systems
• SchedMD Slurm
• Kube-bind
• Contribute to etcd!
• Cloud Native WASM Day
• Cloud Native SecurityCon
• Backstage (Incubating CNCF Project)
• eBPF
• Cilium (Incubating CNCF Project)
• Acorn Labs
• Vulcan Mind-Meld (Star Trek)
• Kids’ Day at KubeCon NA 2022

After four and a half years hosting this podcast (and almost 9 years at Google) Craig Box is moving on from the latter, which unfortunately means leaving the former. But the show must go on. In this episode Craig introduces new hosts Abdel Sghiouar and Kaslin Fields. We take a small look forward, and then a big look back.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Adam’s last episode
• Abdelfettah Sghiouar
  • Devoxx MA
  • Cloud Careers Podcast
  • You probably DON’T need a Service Mesh
• Kaslin Fields
  • Containers as cookies
  • Biscuits and gravy
  • Contributor comms
• First-gen stickers
• Second-gen stickers
• Episode 60, with Mark Shuttleworth
• Episode 15, with Dan Ciruli and Jasmine Jaksic
  • Dan on sticker duty
• Episode 30, with Joe Zou
  • A rare team photo
• Music and musicians
  • Kaossilator
  • Episode 191, with DJ Fresh
  • Episode 127, with David Pait
  • Episode 83, with Guinevere Saenger
  • Episode 120, with Melanie Cebula
  • Episode 121, with Ed Huang
• Double guest trivia:
  • Episodes 1 and 100 with Paris Pittman
  • Episodes 62 and 180 with Ricardo Rocha (on a technicality)
• The Adam face
  • Corey Quinn: separated at birth?
• One of many booth meetups
• Follow Craig Box on Twitter
• Follow Adam Glick on LinkedIn

Dan Stein is an engineering manager at General Bioinformatics. Dan Stein is also DJ Fresh, a multi-million selling artist with two UK number one records. Learn about the surprising overlap between these two careers.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod and @craigbox

• Trevor Noah stepping down as host of Daily Show
• Follow @craigbox to learn what’s next

• Google Cloud adds GPU support to Autopilot
  • Pricing
• CVE-2021-36782 in Rancher
• State of DevOps Report for 2022
• Congratulations to the 27 Summer LFX Program CNCF interns
• Reviewing the 2019 Kubernetes security audit

• DJ Fresh
• Atari 800 and Atari ST
  • Pong
  • Atari BASIC
• Commodore Amiga
  • OctaMED
• Fatboy Slim and the Atari ST
• Dogs on Acid music forum
• Taylor Hawkins Tribute Concerts
• Abolishing the high tax rate in the UK, or not
• Breakbeat Kaos
  • Hold Your Colour by Pendulum
• Kryptonite by DJ Fresh
• Gold Dust
• Subsequent hits:
  • Louder
  • Hot Right Now
• Kyma (sound design language) and Max/MSP
• We Got Coders
• General Bioinformatics
  • NGS gene sequencing
  • Ensembl
• Hasura
• GraphQL Playground
• NCBI - National Center for Biotechnology Information
• Max Martin
• How Music Works by John Powell
• Learning:
  • Treehouse
  • Udemy
  • 3Blue1Brown
  • Codeacademy
• DJ Fresh’s new single, Higher
• DJ Fresh on Facebook
• Dan Stein on Twitter

Betty Junod, VP of Product Marketing at VMware Tanzu, kindly took up Craig’s challenge to explain the various parts of the Tanzu ecosystem, and how the traditional IT buyer and the modern cloud native really aren’t that different.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod and @craigbox

• NASA DART mission
  • Deep Impact
  • Armageddon
• Apparent retrograde motion
• Planets beyond Neptune

• Istio sails into the CNCF
• SPIFFE and SPIRE graduate
  • Episode 45, with Andrew Jessup
• Brigade archived
• Sysdig 2022 Cloud Native threat report
  • The nice TeamTNT
  • Episode 188, with Kateryna Ivashchenko
  • Episode 169, with Anna Belak
• Chainguard introduces Wolfi
• workerd, from Cloudflare
• Introducing Palaemon
• Custom org policy for GKE in preview
• Leveraging Kubernetes for an elastic platform at Blablacar by Sebastien Doido

• VMware
  • History
• Docker
• Solo.io
• VMware Tanzu introduction blog
  • VMware acquires Heptio
  • VMware acquires Pivotal
• Tanzu Mission Control
• Tanzu for Kubernetes Operations
• Tanzu Application Platform
• Tanzu Kubernetes Grid
  • Bring your own host to TKG
• Project Pacific introduction
  • TKG 2.0
• VMware Aria Operations for Applications
• Tanzu Application Service
  • Cloud Foundry
• Open source projects:
  • Velero
  • Antrea
  • Carvel
  • Cartographer
• Michigan cider
• Detroit-style pizza
• Betty Junod on Twitter

When you think of a service mesh, you probably think of “sidecar containers running with each pod”. The Istio team has come up with a new approach, introduced recently as an experimental preview. Google Cloud software engineers Justin Pettit and Ethan Jackson join Craig to explore ambient mesh.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Listening immediately and listening on a 1 year delay
• Death and state funeral of Queen Elizabeth II
• The Queue
  • What the queue says about our relationship with royalty

• Cloud Custodian becomes an incubating project
• Anthos VM support
• GKE control plane metrics
• CVE-2022-3172: Aggregated API server can cause clients to be redirected
• CVE-2021-25749: runAsNonRoot logic bypass for Windows containers
• Akuity Platform
  • Episode 172, with Jesse Suen
• Weave GitOps 2022.09
• Coroot Community Edition
• Constellation, by Edgeless Systems
• Register for Google Cloud Next
• Dell and Red Hat expand strategic collaboration

• Nicira
• Open vSwitch
• Introucing Ambient Mesh
  • Service mesh
• First mention of Ambient in 2018
• No first class support for sidecars in Kubernetes
• Istio working group meeting, August 2021
  • Remote proxy proposal
• HBONE: HTTP/2-based overlay network environment
• mTLS
• HTTP Connect
• GIF
• MASQUE and QUIC
• Get started with Ambient Mesh
• Ambient Mesh Security Deep Dive
• Justin Pettit and Ethan Jackson on Twitter

Kateryna Ivashchenko is a Senior Demand Generation Manager at Teleport, an organizer of community events, and a supporter of the developer community in her home country of Ukraine.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Introducing Ambient Mesh in Istio
• Istio 1.15
• Linkerd 2.12
  • Linkerd and the Gateway API
• Symbiosis
• Cuber nay-tace
  • Reddit discussion
• VMware Tanzu announcments from VMware Explore
• Isovalent raises $40m Series B
• Kubernetes Blog:
  • PodSecurityPolicy: The Historical Context
  • Pod Security Admission Controller in Stable
  • CSI Inline Volumes have graduated to GA
  • cgroup v2 graduates to GA
• Kubernetes was never designed for batch jobs by Kurt Schelfthout
• 7 years of GKE General Availability

• Portworx
• Teleport
• 24 February 2022: Russia invades Ukraine
• BeyondCorp
• Teleport open source
• hunter2
• Okta breach
• Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg
• War in Ukraine
• Kateryna’s sister’s T-shirt
• Independence Day
• Chris Lentricchia and Operation Dvoretskyi
• CNCF crowdfunding
• DevOpsDays Kyiv
• International Snack Exchange
• Kateryna Ivashchenko on Twitter

It’s release day! We discuss today’s Kubernetes 1.25 with release team lead Cici Huang, Software Engineer at Google Cloud. What’s in, what’s out, and what is it like to lead a release you are also promoting a feature in?

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Nelson underwater
• England underwater
• A picture of a sheep
• Follow Craig on Twitter for more like that

• Kubernetes 1.25 release
• Introducing Acorn
  • Acorn Labs: Rancher Co-Founders’ New Kubernetes Startup by Christine Hall
  • Episode 57, with Darren Shepherd
• GKE updates:
  • New observability metrics
  • GKE Autopilot now default
  • 256 pods per node
• KubeCon schedule published
  • Cloud Native Rejekts
• Scaling Kubernetes to thousands of CRDs by Nic Cope

• IBM Watson
• Kubernetes Community Awards
• SIG API Machinery
  • Chair & Cici’s hiring manager: Fede Bongiovanni
• Kubernetes 1.25 release team
• Release blog
• Highlights:
  • PodSecurityPolicy is removed; Pod Security Admission is stable
  • cgroups v2
  • KMS v2alpha1
  • CRD valdation experession language
  • Registry change
• Kubernetes 1.24 delay
• Theme and logo
• Envelopes:
  • 1.24 lead: Episode 178, with James Laverack
  • 1.26 lead: Leonard Pahlke
• Cici Huang on GitHub

Three years after they were first proposed, the new Kubernetes Gateway APIs - the evolution of the Ingress API - are in Beta. Rob Scott is a software engineer at Google and a lead on the SIG Network Gateway API project.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Hot hot hot
• Stevenson screen
  • Heathrow Airport
  • Kew Gardens
  • RAF Coningsby

• Argo security audit:
  • Argo blog
  • ADA Logics blog
  • Episode 172, with Jesse Suen
• Kubernetes Cluster API integrates continuous fuzzing
  • The report
  • OSS Fuzz
• Cilium 1.12
• GKE Cluster Autoscaler location policy
• The quest for neutrinos
  • Ray traced Quake II

• Gateway API
• Spire Labs
• Fairwinds
  • rbac-manager
  • Polaris
• Episode 104, with Bowei Du
• Ingress
• Gateway API concepts and role-orientation
  • Roles and resource model
• GatewayClass
• GKE implementation of GatewayClass
• Conformance tests
• Policy attachment
• Gateway
• Routes
• Gateway API goes to Beta
• GRPCRoute
• Gateway Enhancement Proposal (GEP)
• Istio APIs that influenced the Gateway API
• GAMMA Initiative
  • Istio support for Gateway API
  • SMI community joining
• Gateway API on GitHub
• Santa Cruz Moutains
• Rob Scott on Twitter and LinkedIn

Ian Miell is a partner at consultancy Container Solutions, and an author of books on Bash, Git, Terraform and Docker. He explains to Craig how writing - whether runbooks, blog posts, training courses, or “real” books, can help you learn and make your team more effective.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Hot hot hot
• Small pools and larger pools

• Gateway API goes to Beta
  • Episode 104, with Bowei Du
  • Istio support for Gateway API
  • SMI community gets behind Gateway API
• Kyverno and Keptn move to incubation
  • Episode 119, with Alois Reitbauer
• Tau T2A Arm VMs now on Google Compute Engine
  • GKE support for Tau T2A Arm nodes
• Kubeshop acquires BotKube
• Exploiting Authentication in AWS IAM Authenticator for Kubernetes by Gafnit Amiga
  • New Vulnerabilities in Kubernetes NGINX Ingress Controller
• CNCF sponsors audit of KubeEdge
  • KubeEdge security threat model
  • Audit report
• Red Hat announces new CEO
• Google Cloud announces new Distinguished Engineer
  • Episode 185, with Clayton Coleman

• Zwischenzugs
• Business Value, Soccer Canteens, Engineer Retention, and the Bricklayer Fallacy
• Zwischenzug and zugzwang in chess
• Ian’s books:
  • Learn Bash The Hard Way
  • Learn Git The Hard Way
  • Learn Terraform The Hard Way
  • All three in a bundle
  • Docker in Practice
• Tcl
• Why are enterprises so slow?
• Erlang
• Episode 164, with Daniel Walsh
• ‘AWS vs K8s’ is the new ‘Windows vs Linux’
• The Runbooks Project
• ITIL
• Consultancy:
  • Episode 183, with Steve Wade
  • Why it’s great to be a consultant
  • Container Solutions
• Finance topologies:
  • Team Topologies by Manuel Pais and Matthew Skelton
  • If You Want To Transform IT, Start With Finance
  • Conway’s Law
• Ian Miell on Twitter

Why does a car manufacturer own an IT company? How did that IT company end up running 900 Kubernetes clusters, starting at version 0.9? Craig asks these questions and more of Sabine Wolz, Product Manager at Mercedes-Benz Tech Innovation.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Live UK political coverage on the day of recording. As predicted, news happened slightly faster than publication, and at the time of release, Boris Johnson is expected to resign as Conservative Party leader today.
• Shibboleth
• Lord of the Rings TV show moved to UK

• GKE Cost Allocation
• CubeFS accepted as CNCF incubating project
• Bare metal deployments for EKS Anywhere
  • Episode 142, with Gianluca Arbezzano
  • Cubernetes
    • Episode 20, with Justin Garrison
• OpenShift Service Mesh 2.2
• Tanzu Mission Control adds FluxCD
• Pixie plugins
• What GKE users need to know about Kubernetes’ new service account tokens, by Taahir Ahmed
• Kubernetes is a red flag signalling premature optimisation, by Jeremy Brown
  • Hacker News discussion
• eBPF Summit 2022

• Mercedes-Benz Tech Innovation
• Mercedes-Benz and Daimler Truck
• How should electric vehicles sound?
• Ulm and its church
• Sabine’s KubeCon keynote
• How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime: Tobias Giese & Sean Schneeweiss
• Game theory
• FOSS Manifesto
• Inner source
• CNCF End User Community
• The promise of flying cars
• Sabine Wolz on LinkedIn

Gone are the days of working at the same company for 50 years. Consultants and contractors bring specialised experience to many companies in short bursts. Steve Wade is an independent Kubernetes consultant and trainer, and he tells us how that became the life for him.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Queen
• Bourton-on-the-Water, fire in the sky
• Model village
• Model village inception

• New GKE features:
  • eBPF and IP masquerading in GKE Autopilot
  • Dual stack networking
  • Time-shared GPUs
  • Confidential GKE nodes
• Paralus (by Rafay)
• Furiko (by Shopee)
• New CNCF Sandbox projects:
  • Clusterpedia
  • OpenCost
  • Aeraki Mesh
  • Curve
  • OpenFeature
  • Kubewarden
  • DevStream
• Traefik Hub
• Cyble’s exposed Kubernetes clusters
• Bitnami index FAQ

• Premier League
• Tesco
• Consultants and IR35
• KSOC
• Indian food
• Steve Wade (1987) on Twitter

As we move further up the stack, we rely on many foundations – including storage. Alex Chircop is co-chair of the CNCF Storage Technical Advisory Group (TAG), as well as founder and CEO of Ondat (formerly StorageOS). Join us to learn why no app is truly stateless, and how data is the new storage.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Crowded House snippets:
  • Distant Sun
  • Sister Madly
  • Don’t Dream It’s Over (you know this one)
  • Weather With You
  • Something So Strong
  • How Will You Go

• Kubernetes 2021 annual report and blog post discussing it
• SUSECon news
  • SLSA Level 4
• The State of CD 2022 report
• Introducing OpenCost
  • Spec
  • Episode 124, with Webb Brown
• OSTIF and ADA Logics posts discussing the CRI-O project audit
• Bitnami Helm chart pruning and Reddit discussion
• Upcoming Code of Conduct changes at the CNCF

• Goldman Sachs on Google Cloud
• Episode 181, with Justin Santa Barbara
• KubeCon EU 2016
• CNCF TAG Storage
• Data on Kubernetes community
• CNCF TAGs
  • CNCF Storage WG talk at KubeCon EU 2019
  • CNCF TAG Storage talk at KubeCon EU 2022
• Kubernetes SIG Storage
  • Xing Yang
  • CSI and COSI
• Quinton Hoole
  • Federation, aka “Ubernetes”
• Whitepapers:
  • Storage
  • Disaster Recovery
• Ondat
  • Updog
• Alex Chircop on Twitter

What is configuration as data, how is different from infrastructure as code, and why can’t anything just be itself anymore? We posed these questions and more to long-time Kubernetes contributor Justin Santa Barbara at KubeCon EU, and this episode is the result. Justin created the kOps project and now leads the team at Google that makes Kubernetes easier to consume.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• #kubecovid
• Alhambra
• La Alhambra
• Cats of the Alhambra

• Cloud Native at Microsoft Build
  • Azure Container Apps are GA
  • AKS updates
• Docker acquires Tilt
• Broadcom acquires VMware
  • FT coverage
  • Customer reaction from The Register
• Istio 1.14
• GKE Cost Estimator
• Goodbye to Katacoda
• Take the DORA survey or read the 2021 report

• FathomDB
  • Meteor acquires FathomDB for its development platform
  • Sherlocking
• OpenStack
• kOps
  • GitHub
• Configuration management tools
• Infrastructure as Code
• JSON, YAML, Proto and INI
• Helm
  • values.yaml
• Kubernetes Resource Model (KRM)
• kustonize
• kpt
• Package management
• Configuration as Data announcement blog
• Porch
• kpt functions
• Backstage
• Config Sync and Config Connector
• Kubernetes component configuration
• Cluster API
• Justin Santa Barbara on Twitter

Live from Valencia, it’s KubeCon EU! Craig talks to conference co-chair and CERN computer scientist Ricardo Rocha about the event, and what it’s like to be in a room full of people again.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• 9am Karaoke

• CNCF news from KubeCon EU:
  • SlashData survey
  • 800 members
  • Boeing
  • Coinbase
  • Prometheus Certified Associate
• Google Cloud improves GitOps usability with Config Sync and Porch
  • kpt
  • Other Google news from KubeCon
• Tetragon from Isovalent
• Envoy Gateway
• Infra
  • Ask HN with the creators
• Cloud Foundry launches Korifi
• SUSE NeuVector is open source
• CloudNativePG from EnterpriseDB
  • All the other options
• Assured Open Source Software from Google Cloud
• Recent Guest news:
  • Akuity announces $20m Series A (episode 172)
  • Komodor raises $42 million Series B (episode 153)
  • Deepfence launches Deepfence Cloud (episode 173)

• Armory announced public early access to their new Continuous Deployment-as-a-Service product
• Aserto announces its ”better together” approach to authorization by bringing together OPA, OCI, and Sigstore
• Bunnyshell Introduces support for multi-repository Terraform with full-stack drift management and GitOps
• Calyptia announces the General Availability of Calyptia for Fluent Bit,
• CAST AI introduces advanced Autoscaler for AKS
• Clastix launches Kamaji, a new open source tool for Managed Kubernetes Service
• CloudCasa by Catalogic expands to support Microosft AKS
• Codenotary combines Community Attestation Service with background vulnerability scanning
• CodeZero Launches Surf, a new developer tool for observability in pre-production Kubernetes environments
• CrateDB introduces Logical Replication
• D2iQ Partners with GitLab
• DataCore Bolt container-native storage software now GA; built on their acquisition of Mayadata
• Datadog launches Application Security Monitoring and support for OpenTelemetry Protocol in the Datadog Agent,
• Deepfactor partners with Synopsys to help developers resolve cloud native supply chain security risks
• env0 enables full-stack IaC deployment and management with native Kubernetes support
• Era Software introduces EraStreams
• Fairwinds Insights unifies DevSecOps with additional shift-left enhancements
• GitLab free tier adds pull-based Kubernetes deployments
• Google announced a new low-cost, high-usage pricing tier for Google Cloud Managed Service for Prometheus
• HCL Technologies launches Kubernetes migration platform
• Kasten by Veeam launches K10 v5.0 released
• Runecast adds CI/CD integration and image scanning
• Lacework introduces new Kubernetes Audit Logs monitoring
• Loft Labs announces a Cluster API provider for vcluster
• NetFoundry embeds zero trust into Prometheus
• New Relic introduces low-overhead Kubernetes monitoring and Pixie plug-in framework
• Pure Storage’s new Database as a Service platform is GA
• Replicated introduces community licensing and pre-flight checks
• SphereEx releases DB-Plus Suite
• Snapt announces security package to run Kubernetes in public cloud
• SPIRE now runs on Windows
• Sysdig launches new Advisor and Sysdig Open Source leverages Falco plugins
• SysEleven unveils MetaKube Operator
• Timescale announces OpenTelemetry Tracing support for Promscale
• Vultr Kubernetes Engine now Generally Available
• Zesty Disk for Kubernetes introduced

• Episode 62
  • Lukas Heinrich
  • Clemens Lange
• CERN
  • LHC Computing Grid
  • Large Hadron Collider
• Kubeflow
• Data on Kubernetes Community
• CNCF Research User Group
• CNCF TOC
• Volcano moves to incubation
• KubeCon EU 2022
• Episode 165, with Jasmine James
• Selection process report for KubeCon EU
• KubeCon China 2021
• Research track
• Puppies at KubeCon NA 2019
• Code, mountains and flying
• Kubernetes on an F/16
• Ricardo Rocha on Twitter and on the web

Docker CEO Scott Johnston joins us to talk about the announcements from this week’s DockerCon, the transition from an enterprise to a developer tools company, and the Internet’s favourite whale.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Podes and antipodes
  • Side note: Kubernetes needs the concept of an Antipod. BRB, writing a KEP
• Google Cloud Podcasts

• DockerCon 2022
  • Docker Extensions
  • Docker Desktop for Linux
  • Late breaking news: Docker acquires Nestybox
• Spot VMs now on GCE and GKE; spot pods now on GKE Autopilot
• Fully managed Linkerd with Buoyant Cloud
• Sign up for CDcon and save 40% by using the code CdCon22AMEET40
• AWS adds Kubernetes resource view
• Deploying Kubernetes clusters in absurd languages by Lee Briggs

• Docker
• DockerCon ‘22
• DockerCon ‘14, the announcement of Kubernetes
• Return or Revenge?
• Scott’s history
  • Four degrees from Stanford, including an MSMSE
  • Sun and Netscape
    • Java Servlets and J2EE
    • Moore’s Law and Metcalfe’s Law
      • Standard on the Internet
      • Tom Lyon
  • Loudcloud/Opsware and a16z
  • Puppet
• Scott joins Docker in 2014
• The monorepo
• The Soul of a New Machine
• Docker Swarm
• Messages from the future and the Google crystal ball
• Open Cotainers Initiative
• Docker Desktop for Apple Silicon Macs
• virtiofs for Mac
• $2.1 billion valuation
• Moby Project
  • Moby
  • Ice Cube
• The Dockershim saga, as reported throughout the episodes:
  • Don’t panic about Docker
  • Dockershim deprecation FAQ
  • Mirantis will support the Dockershim
  • But seriously, don’t worry about the Dockershim
  • Dockershim is, like, proper gone
• The puns and joke section
  • Docker is krilled to see you
  • Billy T James
  • Beached Az. Can’t eat chups!
• Docker Extensions
  • CNCF Landscape or Magic Eye?
• Docker Desktop for Linux
• Multi-arch on Docker Hub
• Docker roadmap
• Scott Johnston on Twitter

Gaze into the stars with Kubernetes 1.24 release team lead, James Laverack. James is a software engineer turned solutions engineer at Jetstack, and explains the difference between the two roles, as well as how he found his home in SIG Release and what to expect in 1.24.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• IMDB and MusicBrainz
• SheetOps
• xlskubectl by Daniele Polencic

• Kubernetes 1.24
• Metaflow on Kubernetes
• KubeVela 1.3
• SocketCAN X Kubernetes
• ARMO raises $30m
• Aqua’s 2022 Cloud Native Threat Report
• CVE-2021-25746 in ingress-nginx
  • About the fix
  • Episode 162, with Alejandro de Brito Fontes and Ricardo Katz
• Plain Kubernetes Secrets are fine, by Mac Chaffee

• Bristol
• Box
• Life as a Solutions Engineer at Jetstack
  • “I don’t think your job is to code anymore, you just talk to people all day.”
• Minecraft operator
• Improbable’s etcd operator
• Intro to the Kubernetes 1.24 release process
• Kubernetes 1.24
  • Full release notes
  • Dockershim is, like, proper gone
    • cri-dockerd
    • containerd
    • CRI-O
  • Beta APIs Off by Default
  • Release artifacts are signed, with experimental support for verifying them
    • Increased supply chain security for Kubernetes
    • SLSA
    • Episode 167, with Rey Lejano
    • Episode 174, with Santiago Torres-Arias
  • Storage Capacity tracking and Volume Expansion
  • Storage plugin migration
    • Azure Disk
    • OpenStack Cinder
  • gRPC liveness and readiness probes
  • Avoiding collisions in IP ranges
• Release theme and logo
• 1.25 release team
• Go 1.18 error delays 1.24 release
• James Laverack on Twitter

Big week for Istio! Craig talks to Mitch Connors, Istio user experience working group lead and IstioCon program committee co-chair, about the project and the conference. Mitch talks to Craig about the news that Istio has been proposed to the CNCF.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• 40th anniversary of the ZX Spectrum
• Some soothing YouTube channels:
  • Adrian’s Digital Basement
  • Jan Beta
  • RMC - The Cave
  • Mark Fixes Stuff
• Some conference talks about the Commodore 64:
  • Rich Code for Tiny Computers
  • DevOps for the Commodore 64
• DevOps for the ZX Spectrum
• Manic Miner
  • Play online

• Istio has applied to join the CNCF
• Istio mode in Tanzu Service Mesh
• KubeVirt moves to Incubation phase in CNCF
• New sandbox projects:
  • OpenFunction, from Kubesphere
  • Teller, from Spectral Ops
  • Sealer, from Alibaba
• Chainguard Enforce
  • Episode 47, with Kim Lewandowski
• EKS Blueprints
• Unit 42 finds serious vulnerabilities in AWS log4shell hotfix
• Tanzu State of Kubernetes report
• Go article in the Communications of the ACM
• Please support DevOpsDays Kyiv

• Istio
  • What is Istio?
  • ServiceMeshCon 2019
• F5 Networks
• Merkle tree
  • Merkel tree
  • Sparse Merkle tree
  • When was the last time you implemented a linked list?
• Envoy proxy
• istioctl wait
• Istio working groups
• Sidecar containers proposal
• Anthos Service Mesh
  • Managed control and data plane
• IstioCon 2022
  • Mitch and Lin’s keynote
• Istio has applied to join the CNCF
  • Pull request to the CNCF TOC
• Prusa i3
  • The frankenprinter
  • RepRap
• Mitch Connors on GitHub
  • Mitch Conner from South Park
• Mitch Connors on Twitter

Divya Mohan is a Technical Writer with SUSE, a CNCF Ambassador, co-chair of Kubernetes SIG Docs, and a mentor to new contributors. Learn how her love of language and learning led her from production support to the core of the community.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Volcano moves to incubation stage in CNCF
• Nephio
  • Automating cloud native networks
  • Announcement press release
• Improving secure software supply chain by Asra Ali and Laurent Simon, Google Open Source Security Team
• Docker SBOM
  • When the moon hits your eye like a big pizza pie, that’s Anchore
• Talos Linux 1.0
  • What’s new in Talos 1.0
  • Episode 159, with Andrew Rynhard
• Grafana raises Series D
• Tanzu Application Platform v1.1
• Kubernetes 1.24 delayed
  • But seriously, don’t worry about the Dockershim
• Ever Forward also delayed

• From zero to WIP: How I transitioned from being a sys admin working on legacy middleware to sailing the cloud native seas
• Hindi, Marathi, Malayalam; just 3 of the 22 scheduled languages of India
• IGATE
• HSBC
• Middleware
  • Episode 175, with Bruno Andrade
• SIG Docs
  • Kubernetes Community Days Bengaluru
  • SIG Contributor Experience
  • Kubernetes and Cloud Native Associate (KCNA)
  • Season of Docs
  • Summer of Code
  • How to contribute to Kubernetes docs
  • Arsh Sharma
• LitmusChaos, founded by Uma Mukkara and Karthik Satchitanand
• Divya joins SUSE
  • Hayden Barnes
• The Friday Four
• Divya’s writing on WebAssembly
• Divya Mohan on Twitter

Bruno Andrade is founder and CEO of Shipa, delivering applications and policy “as code” to Kubernetes with a SaaS model. We discuss founding companies in Canada vs the USA, abstractions for deploying apps, and whether Kubernetes will really ever disappear.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Jimmy Fallon and Jimmy Kimmel
  • One show
  • The other show
  • One behind-the-scenes video
  • Another one
• Ron Gilbert does not like April Fools
  • Just kidding: Return to Monkey Island
  • “If I ever get to make another Monkey Island, I’m going to announce it on April 1st.”

• Grafana Mimir
  • FAQ/Interview with the CEO
  • Hacker News discussion
• Can Grafana run Doom?
• Open source StackRox is now available
  • GitHub link
• Dagger
  • Public launch announcement
  • Series A finance round
  • CUE
• Fermyon introduces Spin
  • Episode 102, with Matt Butcher
• Google Distributed Cloud Edge
• IstioCon 2022 program announced
• PlatformCon 2022
• Chainguard: It’s all about that base image by John Speed Meyers and Zack Newman
• Docker raises $105m Series C
  • TechCrunch coverage
• Garden.io raises $16m Series A
  • VentureBeat coverage
• The Ever Forward container ship is still not going forward

• Shipa
• IBM WebSphere and WebSphere Application Server
• Juniper acquires HTBASE
• Shipa launch press release
• Ketch
  • Announcement blog
• Why Kubernetes Will Disappear
• The English way
• Bernese mountain dog
• Application CRD
• Application API for Kubernetes
• Sidecar containers
• Bruno Andrade on Twitter

When is it safe to run software? When is it safe to drink orange juice? Are we a better judge of one or the other? Santiago Torres-Arias is an Assistant Professor at Purdue University, the team lead of the in-toto project, and a contributor to The Update Framework. He joins Craig to talk security in both physical and software supply chains.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Don’t Forget The Lyrics
• Gettin’ Jiggy Wit It
• Explained on Genius
• Will Smith on Top Gear
• The Oscars thing (CW: violence, cuss words that Will Smith didn’t used to have to rap to sell records)
• He’s The Greatest Dancer by Sister Sledge; written by Bernard Edwards and Nile Rodgers of Chic

• New Cisco Intersight Kubernetes features
• Red Hat OpenShift v4.10
• ChaosNative acquired by Harness
• Azure PlayFab launches Thundernetes
  • Episode 26, with Cyril Tovena and Mark Mandel
  • Hacker News commentary
• Weave GitOps v2022-03
• Qumulo for Kubernetes
• SpectroCloud raises $40m
• Pinterest: 99% to 99.9% SLO, high performance control plane
• Uber: Avoiding CPU throttling in a containerized environment

• in-toto
• The Update Framework
• Purdue University
  • Elmore Family School of Electrical and Computer Engineering
  • Purdue Boilermakers
  • Open Source Software Senior Design Projects
• NYU
  • Tandon School of Engineering
  • Justin Cappos
• PolyPasswordHasher
• Episode 155, with Priya Wadhwa
• apt-secure for Debian packages
• A keysigning and a signed PGP key
• Farm to table attestation
• Potato tracking
• An example of E. coli in lettuce
• in-toto record
• Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack by Trevor Rosen, Solarwinds
• Reflections on Trusting Trust by Ken Thompson
• Secure Publication of Datadog Agent Integrations with TUF and in-toto
• US Executive Order on Improving the Nation’s Cybersecurity
• Readout of White House Meeting on Software Security
• sigstore
  • in-toto is the second most used format for sigstore
• SPIFFE
• SLSA
• in-toto moves to incubation in the CNCF
• CFSSL
• Math rock
  • Covet: “falkor”
  • TTNG: +3 Awesomeness Repels Water
• Bird of the Year
  • The kea
  • Breaking a police car
• Santiago Torres-Arias on Twitter and at badhomb.re

ThreatMapper is an open source tool that hunts for vulnerabilities in your production Kubernetes environment, and ranks them based on their risk of exploit. It is built by Deepfence, who also sell a commercial product based on it called ThreatStryker. Co-founder/CEO Sandeep Lahane and head of products/community Owen Garrett join Craig to discuss how to decide what to open and what to keep closed, and just how deep his fence needs to be.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 171, with Frederic Branczyk
• Ahmet Alp Balkan’s coffee beans
• French press
• Moka pot

• Go 1.18 released
  • Go now with Google Cloud
• Continuous fuzzing in etcd
• Veritas says Kubernetes is an Achilles Heel in defense against ransomware attacks
• ARMO’s changelog for the NSA/CISA hardening guide
  • KubeScape
• Cloud Native Developer Bootcamp
  • Use the code K8SPC30 for 30% off, if it’s before April 19, 2022 when you read this
• Plural launches with $6m seed round
  • Launch HN post
• Speed boost on Docker Desktop for Mac
• Track the Ever Forward

• Deepfence
• ThreatMapper: the open source project
• ThreatStryker: the commercial product
• A failed startup story
  • Heartbleed
  • Buffer overflow
  • Address Sanitizer
  • Intel SGX
  • Chrome sandbox
  • Intel MPX
  • Spectre and Meltdown
• NGINX (the company)
• eBPF
• Forward secrecy
• Deepfence’s Series A announcement
• Shifting left
• Behind 2 proxies
• MITRE ATT&CK matrix
• Cyber Kill Chain
• ThreatMapper on GitHub
• What’s new in ThreatMapper 1.3.0?
• Sandeep Lahare and Owen Garrett on Twitter

The Argo project is a set of four tools to help “get stuff done” with Kubernetes: Workflows, CD, Rollouts and Events. Jesse Suen is a creator of the Argo project and co-founder and CTO of Akuity, a company set up to provide commercial support for it.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Daylight saving time
• Container ship follow-up

• Backstage and in-toto join the CNCF
  • Episode 136, with Lee Mills and Matt Clark
  • Episode 155, with Priya Wadhwa
• Gloo Mesh 2.0 announced at SoloCon
  • The New Stack coverage
• Linkerd failover operator
• cr8escape vulnerability in CRI-O
• GKE Autopilot vulnerabilities disclosed by Palo Alto Networks
• Updated Kubernetes hardening guide (PDF)
• KubeCon EU 2022 schedule
  • Inside the numbers
• CNCF Observability micro-survey
• run:AI raises $75m

• Argo Project
• Argo (film)
• Jason and the Argonauts
• Applatix
  • Pratik Wadher and Rahul Dhide
• Argo Workflows
• Applatix acquired by Intuit; Intuit acquired Applatix
  • Marianna Tessel
• Alex Matyushentsev
• The archived Argo CI
• Argo CD
• Argo Rollouts
• GitOps Engine:
  • Flux CD
  • Argo and Flux joining forces
  • First release of the GitOps Engine
  • FAQ about why this didn’t work out
• Remote vs Core
• Argo Events
  • Original BlackRock announcement
• Argo in the CNCF
• Akuity
  • The many Aaron Court Motels
• App of Apps
• ApplicationSets
• Join the CNCF Slack
• Argo Workflows and CD community meetings
• Jesse Suen on Twitter

The fourth horseman of the apocalypse observability, according to Frederic Branczyk, is continuous profiling. Frederic is founder and CEO of Polar Signals and creator of the Parca open source project. He and Craig talk all things Cloud Native observability.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Bad news from Australia:
  • Shane Warne died
  • National emergency called over flooding
• Strange news
  • Photoshopped fridge magnets
  • Cookery books

• Knative accepted as a CNCF incubating project
• Google Cloud Managed Service for Prometheus is GA
• k8ssandra 2.0: operator boogaloo
• Merbridge: eBPF for Istio by DaoCloud
• New Kubernetes experience in New Relic
• CVE-2022-0492 coverage:
  • Unit 42 by Palo Alto Networks
  • Jordy Zomer

• Frederic Branczyk
• Over-engineering coffee:
  • Niche Zero grinder
  • Decent Espresso
• Prometheus
  • Creation at SoundCloud
• Observing the Kubernetes stack:
  • SIG Instrumentation
  • kube-state-metrics
  • Prometheus Operator
  • Thanos
  • Grafana Loki
• Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers
• Shades of blue are no joke when they make you $200m
• KubeCon EU 2019 Keynote: …What Does the Future Hold for Observability? - Tom Wilkie & Frederic Branczyk
• Polar Signals
• Parca
  • Introducing Parca and getting funded
  • Parca on GitHub
• Episode 163, with Thomas Dullien
• Flame graphs and icicle graphs
• PARCA: Program for Arctic Regional Climate Assessment
• Pyrra by Matthias Loibl
• Frederic Branczyk on Twitter

Six years after its creation, Kubernetes is the subject of its very own documentary film. Job platform Honeypot has released. Josiah McGarvie was Honeypot’s head of video, and the lead filmmaker for Kubernetes: The Documentary. Join us for the director’s commentary.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 21, with Ihor Dvoretski
• Ihor joins the army
• Donate to:
  • Come Back Alive
  • Ukrainian National Bank
  • The International Committee of the Red Cross
  • Red Cross Red Crescent

• Podman 4.0.0
  • Episode 164, with Daniel Walsh and Brent Baude
• Signadot announces public beta
• Okteto raises $15m Series A
  • Episode 125, with Ramiro Berrelleza
• Platform9’s Enterprise Trends in Cloud Native report.
• Robin.io acquired by Rakuten Symphony
  • TechCrunch coverage
  • Superbowl ad

• Kubernetes: The Documentary Part 1 and Part 2
• Honeypot
  • What is Honeypot?
• Honeypot documentaries
  • Elixir
  • Ember
  • GraphQL
  • Vue.js
• Chad Torbin at Speakeasy Strategies
• Guillermo López
• Explaining Kubernetes to a child
• Bohemian Rhapsody (film)
• Docker’s 1-year anniversary
• Netflix Kanye West documentary
• Aspect ratios
• Some PHP source code
• Tim Hockin’s t-shirts
• A wild Kubernetes Podcast sticker
• Recommended on LinkedIn
• The Simpsons go to Australia
• Brisbane Documentary Company
• Josiah McGarvie on Twitter

Anna Belak learned about containers and security as a Gartner industry analyst. She is now the Director of Thought Leadership at Sysdig, who have just published their latest annual Cloud Native Security and Usage Report. Anna joins Craig to dicuss the report’s findings.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Chaos Mesh moves to Incubation in CNCF
  • Episode 121, with Ed Huang
• Google raises payouts for Kubernetes vulnerabilities
  • 2021 VRP roundup
• Sysdig teams up with Snyk, Snyk teams up with Sysdig
• $25m investment in KubeCost
  • Episode 124, with Webb Brown

• Sysdig Cloud Native Security and Usage Report 2022
• The last time we had a materials engineer on the show
• Tricking a rock into thinking
• Why Software is Eating The World
• Can analysis be worthwhile? Is the theater really dead?
• Industry analysts
• Anna Belak at Gartner
• Doge. Much wow
• Sysdig
  • $2.5 billion valuation
  • Beginnings
  • Source code
  • Episode 91, with Leonardo Di Donato
• Tectonic Summit, 2015
• Loris Degioanni
• Episode 137, with Michael Gerstenhaber
• Sysdig’s changing reports:
  • 2017
  • 2018
  • 2019
  • 2020
  • 2021
• GKE Autopilot
• Are we human, or are we dancer?
• Anna Belak on Twitter

We’re back for 2022 with a look at Rancher Desktop, which recently hit 1.0. Its creator, Matt Farina, is today’s guest. Matt is a Distinguished Engineer at SUSE, was a founding chair of Kubernetes SIG Apps, and was recently appointed to the CNCF TOC.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Kubernetes: The Documentary
• Sysdig Cloud Native Security and Usage Report
• Rancher Desktop 1.0
• Microshift from Red Hat
• Docker’s second fiscal year
• Solo announces Bumblebee
• Istio 1.13
• IstioCon announcement
• Google Cloud Deploy GA
• GKE Cost Optimization Insights GA
• Anthos Service Mesh on GKE Autopilot cluster
• OpenMetrics moves to Incubation phase
  • Episode 37, with Richard Hartmann
• CNCF archives the OpenTracing project
• Kubernetes policy management paper
• CNCF 2021 survey results

• Matt Farina
• General Dynamics Land Systems
• Drupal
• Palintir (not that one)
• HP donates patents to support Linux
• HP acquires Stackato Cloud Foundry distribution
• CNCF Landscape
  • Or not
• Helm
• SIG Apps
• Artifact Hub)
  • What is the Artifact Hub?
• Rancher Labs acquired by SUSE
• Episode 57, with Darren Shepherd
• Open source from SUSE/Rancher
  • Rio
  • Longhorn
  • Epinio
  • Kubewarden
• Rancher Desktop
  • Announcement
  • 1.0 release
• Slashes
• kube-solo
• nerdctl
• k3s and k3d
• Matt Farina joins the CNCF TOC
• Cloud Native Podcast
  • Episode 102, with Matt Butcher
• Matt Farina on Twitter

Learn all about what’s new in today’s Kubernetes 1.23 with its release team lead, Rey Lejano. Rey is a Field Engineer at SUSE/Rancher Labs, and a contributor to the Docs, Release and Security SIGs. Long time listener Adam also drops by to ask Craig what’s been happening with the hiatus.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Ted Lasso
  • Filming locations
• Knative applies to become a CNCF project

• African clawed frog
  • Cross-fertilization and structural comparison of egg extracellular matrix glycoproteins from Xenopus laevis and Xenopus tropicalis
• ITIL
• RX-M
• 1.18 release team
• 1.23 release team
• Kubernetes 1.23: The Next Frontier
  • Odd numbered Star Trek movies
  • Star Trek V: The Final Frontier
  • SIG Release Charter
• Enhancements:
  • Dual stack IPv4/IPv6 - Stable
  • Pod security admission - Beta
  • TTL After Finished Controller - Stable
  • Auto delete PVCs created by StatefulSets - Alpha
  • Skip Volume Ownership Change - Stable
  • Generic Ephemeral Inline Volumes
  • CronJobs
  • Deprecation of FlexVolumes
  • Deprecation of klog flags
  • HorizontalPodAutoscaler v2 API - Stable
  • Ephemeral containers - Beta
  • kubectl events improvements - Alpha
  • Kubelet CRI support - Beta
• 1.22 interview with Savitha Raghunathan
• 1.24 lead: James Laverack
• Kubernetes Contributor Celebration
• Rey Lejano on Twitter

We celebrate the launch of Knative 1.0 with Ville Aikas, who has been with the project since the beginning. He was also with the Kubernetes team at the beginning, and thus we cannot resist a Pete Best comparison. We also celebrate Jimmy’s last show as our guest host with a rapid-fire Kubernetes quiz.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Jimmy graduates!
  • CNCF Landscape
  • The menu at the Cheesecake Factory
  • In-n-Out Secret Menu

• Important programmers from Finland
• Paddington Bear
• University of Washington
• Google Voice
• Google Cloud Storage
  • Read-after-write consistency
• The Fifth Beatle
• Knative
  • Serving
  • Eventing
  • Build, which became Tekton Pipelines
• Did we market Knative wrong? by Ahmet Alp Balkan
• Duck typing
  • Rubber duck debugging
  • Extending Knative for Fun and Profit, by Matt Moore & Ville Aikas
  • Subresources
  • Proposal for custom subresources for CRDs
• Google Cloud Run
• IBM Cloud Code Engine
• Knative steering committee and technical oversight committee
• Great artists steal
• Chainguard
  • Episode 152, guest hosted by Dan Lorenc
  • Episode 47, with Kim Lewandowski
  • SLSA
  • Sigstore
• Ville to present at Knative community meetup on November 17
  • Craig presented Knative at the Kubernetes Colorado meetup in July 2018
• Seattle Kraken
• Ville Aikas on Twitter

Jasmine James is an Engineering Manager within the Engineering Effectiveness organization at Twitter, focused on their internal developer experience. She is also the latest co-chair of KubeCon + CloudNativeCon, starting with the North America event last week. Jasmine joins us to talk about being in the same room as other people - up to 3,000 of them - for the first time in a long while.

The cover art for this show is courtesy of the CNCF and licensed under CC-BY.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• KubeCon NA 2021
• Google Cloud Next ‘21
• SREcon21
• William Shatner’s words after touching the edge of the final frontier
• Adele to release a new album
• Common People
• Shatner’s new album “Bill”

• Google Cloud Next:
  • Google Distributed Cloud Edge and Hosted
  • BigQuery Omni is GA
  • Anthos for VMs
  • Managed Service for Prometheus
• VMworld
  • VMware Tanzu Community Edition
  • Cartographer for supply chain choreography
• KubeCon + CloudNativeCon
  • CNCF announces record number of new silver members
  • KCNA entry-level certification
  • Cilium joins the CNCF
  • Triggermesh becomes open source
  • Codefresh replatforms on upstream Argo
  • Cloud Native security microsurvey results
  • Introducing Chainguard
    • Episode 152, guest hosted by Dan Lorenc
    • Episode 47, with Kim Lewandowski
• Kubernetes documentary trailer

• Atlanta
• AT&T
• Delta Air Lines
• Avoiding the weeds in the Cloud Native Landscape at KubeCon NA 2018
• Q&A with Jasmine James, newest KubeCon co-chair
• The selection process for KubeCon NA 2021
• Upcoming CNCF events
• Co-co-chairs:
  • Episode 117, with Constance Caramanolis
  • Episode 130, with Stephen Augustus
• Keynotes of note:
  • Three Developer Experience keynotes from Constance, Jasmine, and Robert Duffy
  • A Vulnerable Tale about Burnout by Julia Simon
  • The Road to Multicluster by Kaslin Fields
• Episode 62, with Ricardo Rocha, Lukas Heinrch and Clemens Lange
• Interaction wristbands
• Horseback riding and fishing
• Jasmine James on Twitter

Red Hat maintains a full set of container tools and libraries, bringing their pedigree in security and operating system engineering. The most notable of those tools, Podman, has had a surge in popularity this month, after Docker announced changes in their subscription model. Daniel Walsh leads the Red Hat containers team, and Brent Baude is the architect and primary maintainer of Podman.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Ira Glass in the wardrobe

• Announcing Google Cloud Deploy
• DORA Accelerate State of DevOps 2021 report
• Mirantis Flow “reinvents the datacenter”
  • Episode 110, with Adrian Ionel
• Deis Labs introduces Hippo
• Accelerating new features in Docker Desktop
• Distroless builds are now SLSA 2
  • Episode 155, with Priya Wadhwa
• CNCF DevSecOps radar

• Dan Walsh
• Brent Baude
• SELinux
  • Stop Disabling SELinux
  • SELinux Sandbox
• Project Atomic
• Red Hat patches for container registry rejected by Docker
• Docker client/server model
• Red Hat’s container suite:
  • Podman
  • CRI-O
  • Buildah
  • containers/storage
  • containers/image
  • Skopeo
• Open Container Initiative (OCI)
• Podman features:
  • Drop-in Docker replacement
  • play kube, run a pod from YAML
  • generate kube, make YAML from local containers
  • Running rootless
  • systemd integration
  • Socket activated services
  • podman-compose
• Podman in Podman
• Podman in Kubernetes
• Builder in a Boston accent
• containerd, CRI-O and Docker in Kubernetes
• “Podman Desktop”
  • Docker changes desktop subscription model
  • Podman on Mac
  • Podman on Windows with WSL2
  • Remote client
  • Notes from the recent Podman Cabal meeting
  • Quay
  • GitHub discussion
• Daniel Walsh on Twitter
• Brent Baude on Twitter

Prodfiler is a new tool that provides fleet-wide full-system continuous profiling. It is in some ways the second act of its co-creator Thomas Dullien, who is an internationally-renowned reverse engineer and vulnerability researcher under the name Halvar Flake. Thomas joins us to discuss his career, what you should profile in a distributed system, and why you can’t sell something with a negative cost.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Container blocakges
• Container houses

• Crossplane moves to incubation in CNCF:
  • CNCF coverage
  • Crossplane coverage
  • Episode 141, with Daniel Mangum
• Backup for GKE
• Google Cloud Next session catalog is live
  • Register here
• Kubernetes multi-cluster panel on October 6
• GKE updates: publishing with Private Service Connect, CSI driver for Filestore GA, SSL policies & HTTPS redirects for multi-cluster Ingress
• Azurescape: attack on Azure Container Instances by Unit 42 at Palo Alto Networks
• CVE-2021-25741 for subpath mount symlink attack (High)
• CVE-2020-8561 for webhook response logging (Medium)
• NCC Group weighs in on NSA guidance
• Snyk raises $530m
  • Episode 140, with Kamil Potrec
• Sqlcommenter merges with OpenTelemetry
• Kubermatic 2.18 and KubeOne 1.3
  • Episode 109, with Sebastian Scheele
• Tanzu Kubernetes Grid 1.4
• 5 years of Envoy OSS
  • Episode 33, with Matt Klein

• Thomas Dullien/Halvar Flake
• Mathematik, with a K
• Stages of life vs. maths ability required, by Pearls of Raw Nerdism
• Vicky the Viking TV show
• Assembly Language Masterclass
• GEOS copy protection by Michael Stiel
• Time travel debugging
• “German hacker denied entrance into US for Black Hat training”
• Zynamics acquired by Google
  • BinDiff
  • BinNavi
• Project Zero
• “For whom?”, asked R Morris Sr.
• optimyze.cloud’s original business model
• Introducing Prodfiler
• Profiling
• The Datacenter As A Computer: An Introduction to the Design of Warehouse-Scale Machines
• Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers
  • Dapper, a Large-Scale Distributed Systems Tracing Infrastructure and Jaeger
• The mystery of Kubelet eating CPU and IOPS
• Fortran Web Framework: it’s not irrelevant, really!
• Halvar Flake on Twitter

The most popular Ingress controller for Kubernetes is ingress-nginx, created in 2015 by Alejandro de Brito Fontes. Alejandro stepped down earlier this year, and the project is now maintained by a team including Ricardo Katz. Learn the history and what’s in the new 1.0 release from a pair of South American self-proclaimed sysadmins.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• New Zealand cinema worker left red-faced after voicemail blooper
  • Uncensored version on TikTok

• Amazon EKS Anywhere is GA and EKS Connector is in preview
• CNI 1.0.1
• Red Kubes makes Otomi self-service features free of charge
• Scale down mode and custom policy for Microsoft AKS
• k8ssandra moves from Helm to operator
• API server tracing in Kubernetes 1.22 by David Ashpole
  • Episode 113
• How Docker Broke In Half, by Scott Carey]
  • Episode 156, with Sebastien Pahl
  • Episode 110, with Adrian Ionel

• ingress-nginx
• Early computing
  • IBM PC/XT
  • Windows 95 Pinball
  • Flight simulator easter egg in Excel 97
  • Slackware Bible
  • Foca Linux
• History of Ingress
  • Ingress announced in Kubernetes 1.1
  • CoreOS Fleet
  • Service loadbalancer
  • kube-haproxy-router
  • Kubernetes Ingress proposal issue
  • ingress-gce
• ingress-nginx:
  • Alejandro’s proposal for ingress-nginx
  • Original PR
  • Alejandro’s bare metal cluster - then and now
  • Ricardo’s early contributions
  • Note that NGINX Inc. have their own Ingress controller, for the open source or commercial versions of NGINX
    • Their comparison of the two versions
• Supporting open source:
  • Alejandro steps down as ingress-nginx maintainer
    • He actually tried earlier, but no-one else stepped up!
  • Core Infrastructure Initiative fund for supporting the Internet
  • xkcd on internet dependencies
  • Episode 116, with Alex Ellis
• The future:
  • ingress-nginx 1.0.0
  • NGINX Inc. commits more to open source
  • Gateway API
  • IngressClass and upgrades to the v1 Ingress API
  • ModSecurity and Curiefense
• Alejandro de Brito Fontes on Twitter
• Ricardo Katz on Twitter

Adevinta is an online classified ads company, operating many local brands. Daniel Megyesi is a DevOps engineer at Adevinta and maintainer of their central big data and Machine Learning platform, Unicron. Learn why they wanted to replace Mesos, how they aligned their engineering efforts to do so, and the choices that had to be made to provide an easy experience for their data engineers.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Dolores Park
• The Garden at Buckingham Palace
  • The fire at Windsor Castle
• Most currencies featuring the same individual

• Docker updates subscription plan
• Google commits $10 billion to advance cybersecurity
  • Detail blog from previous guests Eric Brewer and Dan Lorenc
  • Episode 155, with Priya Wadhwa
• ingress-nginx 1.0.0
  • NGINX Inc. commits to open source
• OpenTelemetry moves to Incubation phase
• IBM open sources Tornjak
  • Tornjak dog
• SUSE Rancher 2.6
• VMware announces Tanzu Application Platform
  • Infoworld coverage
• Rafay Systems raises $25 million
• Grafana Labs raises $220 million
  • Episode 122, with Torkel Ödegaard

• April Fools Proxy
• Adevinta, the world’s largest online classifieds group after acquiring eBay’s classifieds division
• Spark, Mesos, Chronos, AWS EMR
• Introducing Unicron, our big data and Machine Learning platform by Daniel Megyesi
  • Not the logo
• Gardener
• GKE Autopilot
• Argo CD and Argo Workfloads
• Spark Operator and Luigi
• 1:8 scale model DeLorean
  • 1:2 scale model Terminator
• Infrastructure Adventures, Daniel’s blog
• Daniel Megyesi on LinkedIn

KEDA, the Kubernetes Event-Driven Autoscaler, is a project that adds superpowers to the Kubernetes horizontal pod autoscaler, including zero-to-one scaling. Celebrate KEDA reaching Incubation in the CNCF by listening to an interview with maintainer Tom Kerkhove from Codit. But first, learn about Craig’s worst concert experience.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Correction to Episode 158: Mike Richards is no longer host of Jeopardy!
  • Troy meets LeVar Burton
  • The Chase (USA)
  • The Chase (UK)
• The Judds
• Charlie Watts: Rolling Stones drummer dies at 80
  • The Rolling Stones: A Bigger Bang tour
  • Moving stage

• KEDA moves to CNCF Incubation
• Kubescape from ARMO Security
• GKE adds OIDC identity provider and gVNIC support
• Gloo Mesh 1.1
  • Istio security announcement
  • Envoy security announcement
• Cron jobs and timezones in Kubernetes

• KEDA: Kubernetes Event-Driven Autoscaling
• Bruges
• Codit
• Azure Service Fabric
• Azure Cloud Services
• Horizontal pod autoscaler
  • Custom metrics in HPA (added in Kubernetes 1.6)
• Promitor: bridge between Azure Monitor and Prometheus
• KEDA announcement from Microsoft
• Scaling a deployment
• Scalers
• Microsoft moves KEDA to the CNCF Sandbox
• External scalers
• KEP for adding scale-to-zero to HPA
• Knative scale to zero
• CNCF Sandbox announcement
• Versions 1.0 and 2.0
• Users
• KEDA on GitHub
• Tom Kerkhove on Twitter and his blog

Kubernetes lets us manage our infrastructure declaratively, so why do we still manage the underlying OS with a myriad of different text files? And why allow shell and SSH access to a machine that should be immutable? So asked Andrew Rynhard before creating Talos, a Linux distribution built for Kubernetes. He’s now CTO of Talos Systems, a company founded to take it to market.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• 40 years of the IBM PC
  • 5150 emulator and docs
  • What was it like to use?
  • Twitter thread about the cost of add-ons
  • 41 years ago: the story of the creation of the PC
• DONKEY.BAS
  • Play it on the 5150 emulator
  • Learn about it
  • Play it on the iPhone or Apple Watch
• Commodore 64
  • Wheel of Fortune
  • Little Computer People
  • C64 vs IBM advertising
  • 6502 and derivative CPUs: the C64 used a 6510
  • Bender

• Litmus 2.0.0
  • Episode 56, with Evan Powell
• SPIRE security audit
  • Episode 45, with Andrew Jessup
• Bovine by Nick Gerace
  • Rust Cloud Native
• Verify GKE services are up with dedicated uptime checks
• LFX projects open for (Northern) Fall term

• Talos (the OS)
• Linux from Scratch
• Talos (the robot)
• COSI
• Comparing k3s to vanilla Kubernetes on Talos
• Talos announcement on Reddit and Hacker News
• Talos Systems
  • Launch blog
• Brazilian jiu-jitsu
• COSI announcement from KubeCon EU 2021
• Andrew Rynhard on Twitter

What is a telecommunications provider, if not a very distributed system? Kubernetes is becoming an important engine for the world’s telcos, especially as they roll out 5G. Vuk Gojnic leads the team rolling out Kubernetes across Deutsche Telekom (the parent company of T-Mobile), and he tells us how the worlds of telco and cloud have converged.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• New Jeopardy! hosts
• The Price Is Right
  • Bob Barker in Happy Gilmore
  • Spay and neuter your pets

• eBPF Foundation announcement
  • Episode 91, with Leonardo Di Donato
  • Episode 133, with Thomas Graf
• Istio 1.11
• NSA & CISA release Kubernetes hardening guidance
  • PDF link
• Google Cloud Service Discovery adds GKE auto-discovery
• Troubleshoot GKE faster with monitoring data in your logs
• Sysdig announces new Prometheus integrations
• Nirmata takes $4m in funding
• CNCF Survey, part 2

• History of Montenegro
  • Balkans region
• Postal, telegraph and telephone services
• Cafe del Montenegro “archeological remains” (archeological remains of original Cafe del Montenegro)
  • CdM today
• Crnogorski Telekom
• Deutsche Telekom
• Crossbar switches
• O-RAN Software Community and source code
• Network function virtualization
• Natural selection
• Mobile base station
• DSLAM
• 5G
• Das blinkenlights
• Das Schiff
  • Das Boot
  • Cluster API
  • Flux CD
• OpenStack Ironic
• mIRC
• Vuk Gojnic on Twitter

It’s Kubernetes release day! The team that launched v1.22 of everyone’s favourite cluster management software was led by Savitha Raghunathan, Senior Platform Engineer at MathWorks. Savitha joins host Craig Box to talk contribution, containers and cricket.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Life before smartphones
• Dark Sky, hyperlocal weather app
• Karl the Fog
• Universal Studios
• Kubeyland 2021
• The Simpsons Ride

• Kubernetes 1.22 announcement
  • Sign up for the 1.23 release team
• Linkerd graduates* in the CNCF
• Cosign 1.0
  • Episode 152, guest host Dan Lorenc
  • Episode 155, with Priya Wadwha
• Cloud Native Rejekts CFP
  • Episode 79, with Chris Kühl
• Introducing Koncrete by the Kalm team
• Nestybox adds Kubernetes support
• Curiefense adds NGINX support
• Replicated announces $50M Series C
  • Episode 143, with Grant Miller
• Kubernetes platform updates:
  • Deckhouse, by Flant, is GA
  • Red Hat OpenShift 4.8
  • Rafay adds new features to Kubernetes Management Cloud
• Carvel Package Manager for Kubernetes
• Porter and seed funding announcement

• Chennai Super Kings
  • Stephen Fleming; coach, A/C salesman and Yellow Wiggle
• Royal Challengers Bangalore
• MathWorks
  • MATLAB
  • Math vs maths? (Doesn’t actually matter; MATLAB is short for Matrix Laboratory)
• Savitha’s first contribution
• Kubernetes GitHub workflow and pull request guide
• Kubernetes 1.22 release announcement
  • Release Team
• Loki and WandaVision
• Enhancements of note:
  • Seccomp by default
  • Rootless Kubelet
  • Pod admission control
  • Node swap support
  • Windows privileged containers
• 1.21 release interview with Nabarun Pal
  • Do, Delegate and Defer
• Release lead for 1.23: Rey Lejano
• In memoriam: Peeyush Gupta
  • Donate to Peeyush’s Family Education Fund
• Coffee art
• Amigurumi
  • Savitha’s cat
• Savitha Raghunathan on Twitter

Sebastien Pahl is a pioneer of container technology, building the predecessor to Docker as a co-founder of Dotcloud. After working at some big tech companies, he’s back to the startup life as co-founder of Opstrace, a fully open source observability distribution, built on top of the tools you know and love.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Pictograms
• Korea on Italy
• Pita Taufatofua, the oily Tongan
• Olympic drones
• Inclement weather:
  • Tokyo
  • New York City
  • London

• Kubernetes 1.22 release candidates is out
  • Episode 146, with Nabarun Pal
• Cloud Foundry Foundation releases v5
  • Episode 105, with Chip Childers
• Connaisseur 2.0.0
  • Episode 155, with Priya Wadwha
• Chaos Mesh 2.0.0
  • Episode 121, with Ed Huang
• Spectro Cloud raises $20m Series A
• Nominate yourself for the 1.23 Release Team

• EPITECH
• Solomon Hykes
  • Departure blog
• Dotcloud
• Y Combinator
• $10m funding round
• Cloudflare
• Mesosphere
  • HD-DVD and Betamax
• Operator Framework/Operator SDK
• Opstrace
  • Prometheus
  • Cortex
  • Grafana
  • Loki
• Grafana relicensing
• OpenMetrics and OpenTelemetry
• Matter, for smart home devices
• Opstrace on GitHub
• Sebastien Pahl on Twitter

The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Virgin Galactic launch
  • NBC News
  • BBC News
• Blue Origin launch
  • NBC News
  • BBC News
• Rocket scene from Austin Powers: The Spy Who Shagged Me
  • The memes

• Google Cloud Container Security webinar
• Register for Google Cloud Next 2021
• Google Cloud IDS
• Windows Server support for Anthos on-prem
• Multi-Cluster Ingress for GKE
• CVE-2021-22555: Kernel code execution through Netfilter bug
• CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
• CVE-2021-32690: Helm repository credentials passed to alternate domain
• Attacks on Argo Workflows discovered by Intezer
• Sysdig acquires Apolicy; Apolicy acquired by Sysdig
• CockroachDB Operator for Kubernetes
• Automatic remediation of Kubernetes nodes at Cloudflare
  • Sciuro
  • Kured
• CNCF App Delivery TAG publishes operator whitepaper

• Software supply chain
  • Know, Prevent, Fix
• Reproducible builds
  • Debian Project
• SolarWinds hack
• US Executive Order on Improving the Nation’s Cybersecurity
• Binary Authorization
• Provenance, in art and software
• in-toto
  • “Farm to table”
• sigstore
  • Announcement blog
  • cosign
    • Announcement blog
    • Dan Lorenc’s blog
  • Connaisseur
  • Rekor
  • Fulcio
  • Key signing ceremony:
    • Dan Lorenc on Episode 152
    • Announcement blog
    • Video
• Tekton
• Tekton Chains
  • Announcement blog, by Priya & Dan
• SBOM (Software Bill of Materials)
• Open Source Insights
  • Announcement blog
  • Nine Inch Nails’ Year Zero ARG
  • Scorecards
    • Announcement blog
    • v2 blog
• SLSA
  • Announcement blog
  • GitHub
• SupplyChainSecurityCon
• sigstore Slack channel
• Priya Wadhwa on Twitter

Gatekeeper is an open source project which lets you enforce policy in a Kubernetes cluster. It’s also the basis for Policy Controller, a hosted and managed version now available for all GKE users. Max Smythe, a senior SWE at Google, is a maintainer of Gatekeeper and the TL of Policy Controller. He joins us to talk constraints, config and Cruise.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• England loses Euro 2020 final
• It’s Coming Ohm: prediction on power usage
• Half time power spike
• Top 20 spikes
  • The Thorn Birds
• The Superbowl Flush - debunked!
• Tokyo Olympic Games Opening Ceremonies
• Hedbanz

• APIs being removed in Kubernetes 1.22
• ContainIQ launches
• Postgres Operator 5.0
• NetworkServiceMesh 1.0.0
• Google Cloud Certificate Authority Service GA and cert-manager integration
• Platform9 Managed KubeVirt
• InsightCloudSec from Rapid7
• Sophos acquires Capsul8
• Spring 2021 graduating class from CNCF-sponsored LFX Mentorship program

• Brian May
• Edge of Tomorrow
  • The redemption thereof
• Chubby
• Riak
• Gatekeeper
• Anthos Config Management
  • Config Sync
  • Policy Controller
• Episode 101, with Tim Hinrichs and Torin Sandall
• PodSecurityPolicy is not going GA
  • SIG Auth’s replacement proposal
  • Using ACM constraints to enforce Pod security
• OPA Constraint framework
• Policy Controller:
  • Creating constraints
  • Writing a constraint template
• Structural schemas
• Design Patterns for Extendable, Scalable K8s Extensions by Rita Zhang and Max Smythe
• Max Smythe on Twitter

Debugging Kubernetes often involves correlating what happened just before something went bad. Itiel Shwartz is a co-founder of Komodor, a startup who builds a platform to help with exactly that. We talk Hebrew names, Hungarian dogs and German car crashes.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Jimmy Moore steps out from behind the scenes
• Conan O’Brien Needs A Friend
• Revisionist History
• Letterman reads out Johnny’s jokes
• Mythic Quest

• Joint US/UK cybersecurity advisory saying Russia is using Kubernetes
• CNCF and FinOps Foundation survey
• Canonical Kubernetes usage survey
• CNCF End User Radar for multi-cluster tools
• runc 1.0.0
• Buoyant Cloud Public Beta
• Sloth, by Xabier Larrakoetxea

• Komodor
• “Itiel” and “ETL”
• Rookout
• Forter
• Ben Ofiri
• Komodor team photo
• The Komondor (and image search)
• Man Who Looks Like His Dog
• Jack Tramiel, co-founder of Commodore International
  • The story of the name “Commodore”
• Man Who Looks Like His Dog
• Single bit-flip renders certificate transparency log invalid
• $25 million funding with angel investors
• Itiel Shwartz and Komodor on Twitter

Steve McGhee worked as an SRE at Google for almost 10 years, then took a job outside the company. He was tasked with recreating “Google Production” and SRE practice from first principals, but with three books, modern cloud providers, and the entire Kubernetes ecosystem to help. How did he do? Learn about that which you can and can’t replace.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Dan’s recent work has come up in episodes 136, 142, and 151, to name but a few
  • Episode 39, with Dan Lorenc
• Tekton CD
• Sigstore
• Dan’s Peter Jackson look
• Sigstore Root Key Ceremony
• IANA Key Signing Ceremonies and changes in the time of COVID

• GKE news:
  • New Tau VMs on Google Cloud and GKE
  • Committed use discounts for GKE Autopilot
  • Cloud Onboard training for GKE with Kaslin Fields, on June 22
• Stackrox/Red Hat State of Kubernetes Security blog post and report
• etcd 3.5
• SLSA: Supply chain Levels for Software Artifacts
• Ensemble, by Tesera
• Harbor operator 1.0
• Weave GitOps Core
  • Episodes 144 and 145, with Alexis Richardson
• WSO2 launches Choreo and acquires Platformer
• KubeCon EU 2021 transparency report
• COVID vaccine required to attend fall 2021 Linux Foundation events
• Opinions on Knative positioning by Ahmet Alp Balkan
  • Episode 66

• LG Chocolate Phone and the Crazy Frog
• Good SRE is the inverse of the XKCD comic on Standards
• “Breaking Prod: More than once, I personally made it impossible to use google search from a phone (for a little bit). Like, for everyone on the planet.”
• San Luis Obispo, California (SLO)
• GIFEE, coined at CoreOS
• Rebuilding SRE, from Memory
  • Ben Treynor Sloss
• Homer Simpson’s Car
• Postcards from the future and the crystal ball
  • It is against the law to have a sleeping donkey in your bathtub after 7pm
  • How To Avoid Huge Ships
• Prometheus
• Canary releases
  • Canary deployments with Istio
• SLO Math, by Steve McGhee (SLOconf 2021)
• The SRE I Aspire To Be, by Yaniv Aknin (SREcon 2019)
  • RAID. a Redundant Array of Inexpensive/Independent Disks
• Deployment Archetypes for Cloud Applications, by Brad Calder and Anna Berenberg
• Steve McGhee on Twitter

NVIDIA and Google have teamed up to bring the new Multi-Instance GPU feature, launched with the NVIDIA A100, to GKE. We speak to Kevin Klues from NVIDIA and Pradeep Venkatachalam from Google Cloud on how and why people use GPUs, optimising instance shapes for machine learning, and why less is often more.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 64, with Sarah D’Angelo and Patrick Flynn
  • Catching up with Patrick in Episode 148
• Winthrop, Washington
• Blackdown Hills, Devon

• Azure App Services now available for Azure Arc
  • Azure Arc and App Service blog posts
  • Other new AKS capbilities
  • Virtualization Review coverage
• ECS Anywhere made GA by press release
• AWS App Runner
• Integrating Google Cloud DNS with GKE
• Istio 1.10
• Terraform 1.0
• Grafana 8.0 and Tempo 1.0
• Argo Rollouts 1.0
• Kubesphere 3.1.0
• Cilium 1.10
• OpenSLO spec launched at SLOConf
  • Episode 147, with Brian Singer and Kit Merker
• Envoy GA on Windows
• Chaos Experimentation Framework for Envoy
• El Carro operator for Oracle Database from Google Cloud
• Moco operator for MySQL from Kintone
• PlanetScale GA
  • Episode 81, with Jiten Vaidya and Sugu Sougoumarane
• FoundationDB paper from ACM SIG MOD
• DockerCon announcements
• Coverage of Development Environments from The Register
• Deps: Open Source Insights project from Google
  • Graph for Kubernetes 1.0.0
  • Graph for Kubernetes 1.22.0-alpha.2
• Verifiable Supply Chain Metadata with Tekton Chains
• Kubernetes CVEs:
  • CVE-2021-25736
  • CVE-2021-25737
  • CVE-2021-25738
• runc CVE-2021-30465
• VS Code Plugin for Kubernetes CVE-2021-31938
• Steve Smith says “GitOps is a placebo” in a blog post and Twitter thread
  • Follow up from Vic Iglesias
  • GitOpsDays
• Styra raises $40m Series B round
  • Episode 101, with Tim Hinrichs and Torin Sandall
• Cloud Native community goes live with 10 shows on something called Twitch
• YouTube playlist for KubeCon EU 2021

• Episode 92, with Pramod Ramarao
• Dogecoin
• Training and inference
• 12 things that prove Doom will run on literally anything
• “It runs Doom” subreddit
• CUDA
• vGPUs
• Multi-Instance GPUs
• GKE now supports multi-instance GPUs
• 7 core MacBook Air GPUs
• A100 GPU
• 16 A100 GPUs on a Google Cloud VM
• Running GPUs on GKE
  • Node taints for scheduling
• NVIDIA Container Toolkit
• GCP NVIDIA GPU device plugin
• Kubernetes NVIDIA device plugin
• GTC 2021 talks:
  • A Deep Dive on Supporting Multi-Instance GPUs in Containers and Kubernetes by Kevin and Pradeep
  • Gain Competitive Advantage using ML Ops: Kubeflow and NVIDIA Merlin and Google Cloud by Andrew Stein and Maulin Patel (Google) and Davide Onofrio (NVIDIA)
• Kevin’s KubeCon talk and slides
• Kevin Klues on Twitter

Pixie Labs built an observabiity platform for Kubernetes, which uses eBPF to get telemetry without user intervention. They were recently acquired by New Relic, who open sourced the Pixie software. Co-founders Zain Asgar and Ishan Mukherjee join Craig Box to tell the story and talk about what’s next. Guest host Alex Ellis tends his garden.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 116, with Alex Ellis
• GrowLab
  • Announcement blog
  • Alex’s talk at the GIFEE Day
  • Monty Don
• OpenFaaS in the RISC-V keynote
• New Kubernetes on Edge training course

• eBPF for Windows
• GKE Dataplane V2 is GA
• Confluent for Kubernetes GA
• VMware Tanzu SQL, with MySQL, for Kubernetes, 1.0
• VMware Modern Apps Connectivity Solution
• Do the State of DevOps survey!

• Pixie Labs
• What is Pixie overview slides presented to CNCF
• Public beta launch and announcement of Series A funding
  • TechCrunch coverage
• Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs
• A day in the life of a Kiva robot
• Recognition for Google Lens clothing recognition
• Dog or blueberry muffin?
• Episode 125, with Ramiro Berrelleza
• How Pixie Works
• New Relic goes all-in on OpenTelemetry and Open Source
• Pixie on GitHub
• Pixienauts community
• New Relic upgrades to Platinum member at CNCF
• Zain Asgar and Ishan Mukherjee on Twitter

A small army of community volunteers is necessary to host a KubeCon, but behind them is a professional events team. Colleen Mickey is Director of Event Services at the Linux Foundation and is responsible for KubeCon + CloudNativeCon, as well as other events like Hyperledger Global Forum and cdCon. She talks to us about hosting, feeding and watering 10,000 people, as well as the change to virtual events.

We also bring the round-up of the KubeCon news, including our famous Lightning Round.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 29, with Janet Kuo
• Looking back at KubeCon Shanghai 2018

• New Relic and Pixie Labs blogs on Pixie being open sourced
  • New Relic joins CNCF as a Platinum Member
• Red Hat launches the Stackrox community at stackrox.io
  • OpenShift GitOps and OpenShift Pipelines
• Snyk’s State of Cloud Native Application Security report announcement and results
• OCI Distribution Specification reaches 1.0
• Prometheus to launch conformance program
• New CNCF sandbox projects:
  • Vineyard, an in-memory immutable data manager
  • WasmEdge Runtime, a WebAssembly Virtual Machine for cloud, AI, and blockchain applications
  • ChaosBlade, an open-source version of Alibaba’s chaos tools
  • Fluid, a data and storage abstraction for AI and cloud-native applications
  • Submariner, a cross-cluster overlay of overlay networks
  • Antrea, a Kubernetes CNI plugin
    • Episode 128, with Antonin Bas
• CNCF Edge survey results and free Kubernetes on Edge Training
  • Episode 116, with Alex Ellis
• Inclusive Naming Initiative receives Honorable Mention at Fast Company’s 2021 World Changing Ideas Awards
  • ‘Master,’ ‘Slave’ and the Fight Over Offensive Terms in Computing by Kate Conger of the New York Times
  • Episode 130, with Stephen Augustus
• Spotify wins CNCF Top End User Award
  • Episode 50, with David Xia
  • Episode 136, with Lee Mills and Matt Clarke.

• Accuknox secured $4.6m in seed funding
• Accurics announced Terrascan integrates with Argo CD
• Ambassador introduced a Developer Control Plane
• Armory introduced mini-Spinnaker installation Minnaker, built on k3s
• Arrikto announced MiniKF 1.3 and Eenterprise Kubeflow for Azure
• Avesha launched Smart Application Cloud Framework
• Bridgecrew published security trends from analyzing Helm charts
• CAST AI announced Amazon EKS cost optimizer
• Civo launched K3s-as-a service to early adopters
• Cloudical introduced version 1.8 of VanillaStack
• DataStax announced that k8ssandra supports all distributions
• Dynatrace added the ability to ingest OpenTelemetry traces
• HAProxy launched version 1.6 Kubernetes ingress controller
• Kasten added ransomware protection with v4.0 of K10
• Kubermatic Kubernetes Platform 2.17
• Kubernative says that KubeOps is now a full-fledged Managed Kubernetes Framework
• Netdata has added Kubernetes monitoring features to their Cloud service
• Nirmata announced Nirmata Policy Manager, based on Kyverno
• OpenNebula released a new K3s Virtual Appliance for running Edge Clouds
• Portainer raised $6M in a Series A round to Accelerate their global expansion
• Portworx pre-announced PX-Backup 2.0 with support for external auth services
• Rancher launched a new Rancher Desktop tool in Alpha for Windows and Mac
• Rafay launched new features to its Kubernetes Management Cloud
• Splunk announced their Observability Cloud is Generally Available
• StackPulse announced a Kubernetes-centric operations center
• StorageOS version 2.4 brings encryption at rest and rapid application recovery
• StormForge introduced automatic scanning of in-cluster resources
• StreamNative open sourced Function Mesh for running Apache Pulsar functions
• Sysdig added runtime detection and response for AWS Fargate
• Tigera released Calico Enterprise 3.5 with Dynamic Service Graph and eBPF data plane
• Timescale raised $40m Series B for Postgres-based TSDB and Prometheus cloud
• Trilio announced Kubernetes Backup Monitoring for Velero users
• Vitess launched version 10, with support for the Ruby on Rails framework
• Wanclouds launched multi-cloud Disaster Recovery as a Service
• Weaveworks launched Weave Kubernetes Platform 2.5 with multi cluster observability platform
• Zebrium now automatically perform Root Cause Analysis with integration into Opsgenie

• The first KubeCon in 2015
• KubeCon donated to the CNCF
• CNCF presents CloudNativeCon and hosts future KubeCon events (2016)
• Dreamforce brings in cruise ships
• KubeCon NA 2017 in Austin, TX
• Linux Foundation Climate Finance Foundation
• Diamond sponsor lottery
• Diversity and inclusion at KubeCon EU
• Sponsorship open for KubeCon NA 2021
• Event platforms:
  • Intrado
  • MeetingPlay
• KubeCon + CloudNativeCon Europe 2021
• KubeCon + CloudNativeCon North America 2021
• GopherCon EU 2018 in Iceland
• Colleen Mickey on LinkedIn

Liqo is short for Liquid Computing. It’s a tool for extending Kubernetes onto others clusters, developed at the Polytechnic University of Turin. Research assistant and Liqo co-creator Alex Palesandro is our guest this week.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 64 with Sarah D’Angelo and Patrick Flynn
• Three years ago today
• James Strachan, James Rawlings and Dan Lorenc
• Jib
• reCAPTCHA

• Microsoft to acquire Kinvolk, Kinvolk to be acquired by Microsoft
  • Episode 79 with Chris Kühl
• Red Hat Virtual Summit announcements
  • Red Hat OpenShift Platform Plus
• Rackspace and Platform9 announce partnership
  • Episode 88, with Madhura Maskasky
• Lens 5 Beta
• HYCU joins the Kubernetes backup party
• Sysdig joins the cloud security unicorns
  • Episode 91, with Leonardo Di Donato
• GKE adds multi-instance GPUs and a new Gateway controller
• Kubernetes moves to three releases per year

• Alex Palesandro
• Politecnico di Torino
• Alex’s thesis
• Episode 141, with Daniel Mangum
• Episode 142, with Gianluca Arbezzano
• Fiat and Stellantis
• DAUIN, Department of Control and Computer Engineering
  • Netgroup
• Crown Labs
  • Blender
• Liqo
  • Virtual Kubelet
  • mDNS
  • Kubernetes TLS bootstrapping
• Vint Cerf at 6UK launch in 2010
• kubefed
• Liqo roadmap
• Liqo on GitHub
• Alex Palesandro on Twitter

Brian Singer co-founded Orbitera, which was acquired by Google in 2016. During that process he met Kit Merker, who was a PM on GKE and the GCP Marketplace, and the two are now working togther on relability engineering startup Nobl9. We talk about migrating Orbitera to GKE and Google’s SRE platform, and how many 9s are too many.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 94, with Richard Belleville
• The G in gRPC stands for:
  • Gilded
  • Guadalupe River Park Conservancy
  • The Great British Bake Off?
• Not grey, just backlit! Much improved here

• Grafana relicensing to AGPLv3
  • Q&A on relicensing
  • Google’s public ban on AGPL
• Amazon introduces OpenSerarch
• Pulumi v3.0
  • Episode 76, with Joe Duffy
• k8ssandra v1.1
  • Cassandra Kubernetes SIG picks Cass Operator
• Docker Desktop for Apple Silicon Macs is GA
• Zerto for Kubernetes
• Three different multi-tenancy models
• Loft Labs open sources Vcluster
• CVE-2021-20291 in CRI-O and Podman
• Kubernetes blog updates:
  • Volume health monitoring
  • Indexed Jobs
  • Graceful node shutdown
  • Defining Network Policy conformance for CNI providers
  • Evolving Kubernetes networking with the Gateway API

• Orbitera in 2016 - acquired by Google
• Why Orbitera was migrated to GKE
• Site Reliability Engineering
  • Service level objectives
  • Error budgets and risk
  • Being too reliable
  • SLOs, SLAs, SLIs
• SLOs explained in 90 seconds video by Kit Merker
• Nobl9
  • SLO Platform
• SLOconf
  • Fly to SLO
  • Fly to Oslo
• Beyond Seattle SRE meetup
• Slash at Wembley Arena
• Brian Singer on Twitter
• Kit Merker on Twitter

Celebrate the release of Kubernetes 1.21 with release team lead Nabarun Pal from VMware. Nabarun talks about choosing between “hardware” and software, additions and removals from Kubernetes 1.21, and how the Kubernetes project has become more welcoming to people outside the USA.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Moscone Center vaccination site
• Monday morning weather in London
• Before and after haircut
• World record barbering

• Kubernetes 1.21
  • CronJobs are GA
  • Local Storage features go Beta
  • Suspended Jobs in Alpha
• kube-state-metrics v2.0
• emissary-ingress joins the CNCF
• Shell Operator v1 for Kubernetes operators
• kubesploit, from CyberArk
• CVE-2021-25735: Validating Admission Webhook does not observe some previous fields on Node objects
• Kubegres
• Minio adds Kubernetes operator and console
• Scaling Kubernetes with assurance at Pinterest by Anson Qian
• SUSE sponsors 300 scholarships in cloud native education
• A reprieve for Apache Mesos

• Nabarun Pal
• IIT Roorkee
• Logo
• ABU Robocon
• Models and Robotics Section, IIT Roorkee
• Rorodata/Algoshelf
• PyCon India
  • Building microservices with Firefly at PyCon India 2017
• Conference talks
• Linux Users’ Group of Durgapur (DGPLUG) and FOSS training
• Kubernetes Bangalore meetup
• Nabarun’s journey in the Kubernetes release team
• Applications for Kubernetes 1.21 release team are open
• Episode 130 with Stephen Augustus
• Kubernetes 1.21 release blog
• Kubernetes Enhancement Proposals (KEPs)
• 1.21 release page
• PodSecurityPolicy deprecation and KEP
• Making sure features don’t languish in Beta
• Volume health monitoring
• Command metadata in kubectl headers
• Tweet from @dims bribing people to test Release Candidate builds
• Savitha Raghunathan is release lead for 1.21
• Lewis Hamilton tied with Michael Schumacher
• Mick Schumacher joins F1
• Nabarun Pal on Twitter

We conclude our two-part conversation with Weaveworks co-founder Alexis Richardson, picking up when the company received Series A investment in December 2014. Since then, they built projects like Scope, Cortex and Flux as well as SaaS offerings based on them. We also look at Alexis’s role in the founding of the CNCF.

Please be sure to listen to the first part before this one!

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Educational YouTubers:
  • Film Riot
  • Mental Floss
  • Animator Island
• Infrastructure for Entertainment by Justin Garrison at KubeCon NA 2020
• Episode 20, with Justin Garrison

• Kubernetes 1.21
• PodSecurityPolicy deprecation
• KubeVela 1.0
• Argo Workflows 3.0 and Argo CD 2.0
• Cilium launches NetworkPolicy site
• IBM Cloud Code Engine is GA
• Tanzu Cloud Native Runtimes public beta
• New security offerings from Tanzu
• Cisco Intersight Kubernetes Service is GA
• Tetrate Service Bridge is also GA
• Updates to Azure Arc enabled Kubernetes and OpenServiceMesh add-on for Azure in Preview
• etcd project journey report published
• Single sign-on guide for Kubernetes by Ben Dixon
• Apache Mesos moving to the Attic

• Last week’s episode
• Weaveworks
• Weaveworks takes a $5m Series A round
• Weave Scope and its annoucement
• Cortex
• Flux CD and its announcement as a service routing layer
• Weave Cloud
• Docker Swarm Mode
• kubernetes-anywhere
• kubeadm
  • How we made kubeadm
  • Brandon Philips’ newsletter
• Launching eksctl
• The August 2017 post introducing GitOps
  • Peter Bourgon and Michael Bridgen
• Kelsey Hightower talk at GitOpsDays
• Guide to GitOps
• Steam engine centrifugal governor
• Flux joins the CNCF
• Flagger
• Announcement about Argo and Flux joining forces
• Weaveworks is a founding member of the CNCF
• Alexis elected as TOC chair
• Battlestar Galactica
• Weave Kubernetes Platform
• Series C funding
• Alexis Richardson on Twitter

We’re trying something new!

In Part 1 of a two-part conversation with Weaveworks co-founder Alexis Richardson, we have a wide ranging conversation about career choices, finance, founding and selling tech companies, and the dangers of being pigeon-holed based on the first project your company releases.

Next week we’ll finish the conversation by talking about Weave projects like Flux and Cortex, as well as their SaaS offerings, the founding of the CNCF, and whether Weave built the platform they set out to build when they started 7 years ago.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Evergiven Everywhere
• “Reply all” at the State Department
• Evergreen truck blocks Chineses highway
• Little ship stuck in Littlehampton harbour
• Vote for the name of the Seattle Tunnel Boring Machine
  • Sir Mix-a-Lot

• Outdated; a new open source project from Replicated
  • Episode 143, with Grant Miller
• Kubestr by Kasten by Veeam, by golly
• The Aerospike Kubernetes Operator
• Tanzu Kubernetes Grid v1.3
• Red Hat OpenShift on AWS is GA
• Quay.io is changing login methods
• Container vulnerability scanning from Sophos
• Kubecost raises $5.5m in funding
  • Episode 124, with Webb Brown
• Security Updates in Docker by Itamar Turner-Trauring

• Mathematical logic at Oxford University
  • Stewart Butterfield on philosophy
  • Computer Literacy Project
  • Jeremy Ruston’s BBC Micro Revealed and 80s hair
  • Haskell, Orwell and Miranda
  • OCaml and Standard ML
• 1998 Russian financial crisis
• Metalogic Oy
• Cohesive Networks
• AMQP
• RabbitMQ
  • NZ Easter Bunny hunt
  • Matthias Radestock
  • Erlang
  • ejabberd
  • Matthew Sackman and Tony Garnock-Jones
  • Open Telecom Platform (OTP)
  • VMware acquires Rabbit Technologies
  • SpringSource previously Interface21
• Weaveworks
  • Introductory blog
  • “Zettio introduces Weave”
  • Weave Net
• Alexis Richardson on Twitter

Grant Miller is the co-founder and CEO of Replicated, which helps operationalize and scale the delivery of Kubernetes-based apps into the enterprise. We look at what it means to be enterprise software in a SaaS world, and we also get some 2021 predictions from guest host Liz Rice.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 19, with Liz Rice
• Episode 133, with Thomas Graf
• Cilium talk at DockerCon 2017
• Liz’s 2021 predictions from KubeCon NA (Virtual) 2020
• Cheese exports are down
• Autonomous driving levels
• Prince Harry joins a startup
• Nick Clegg joins Facebook

• SoloCon announcements
• Mesh7 to be acquired by VMware
• GKE adds runtime configuration of pod subnets and larger Internal Load Balancer support
• Amazon reduces EKS cluster create time from “glacial” to “slow”
• NetApp launches Spot Wave
• CircleCI Server 3.0
• Diamanti Spektra 3.2
• Sonatype launches Nexus Container
• Davanum Srinivas elected to the CNCF TOC
• “Unironically Using Kubernetes for my Personal Blog”

• SparkPeople
• Marc Campbell
• look.io acquired by LivePerson
• Replicated
• Open source from Replicated
  • kurl
  • KOTS
  • Troubleshoot
  • SchemaHero
    • Donated to the CNCF
• EnterpriseReady and the EnterpriseReady Podcast
• Kubelist and the Kubelist Podcast
• Replicants, replicators and gremlins
• Grant Miller and Replicated on Twitter

If you’d like something more tangible than a virtual cloud instance, there’s always (still!) bare metal. Tinkerbell is a project from Equinix Metal to manage bare metal servers at scale, and Gianluca Arbezzano is one of its maintainers. We talk stacks, racks and MACs.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 11, with Vic Iglesias
• Vic lives here, but not here
• Pokémon Go social distancing

• Flux moves to incubation in the CNCF
• NetApp Astra goes GA; more information
• Fairwinds introduces Saffire
• Cosign, by Dan Lorenc
  • Episode 39
• Komodor beta and swag offer
• Announcing Private Clusters on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE)
• Linkerd 2.10
• The Money Section, with thanks to David Pait, guest of Episode 127
  • Docker takes $23m in Series “B” funding to get ship done
  • Aqua Security takes $135m in Series E at $1b valuation
  • Snyk raises $300m in Series E valuing company at $4.7 billion
  • Tetrate raises $40m Series B
• Is Crossplane the Infrastructure LLVM? by Daniel Mangum
  • Episode 141

• PHP. and PHP in 2020
• Turin
• InfluxData
• Episode 91, with Leonardo Di Donato
• Dropbox’s exodus from Amazon
• Equinix Metal
  • Packet acquired by Equinix
• Tinkerbell
• OpenCompute and Open19
• Server terminology:
  • Next Unit of Computing (NUC)
  • Baseboard management controller (BMC)
  • Preboot Execution Environment (PXE)
  • Floppy disks
• DIY Board management control for an Intel NUC: power control
• Tinkerbell services:
  • Tink
  • Boots
  • OSIE
  • Hook
  • Hegel
  • PB&J
• OVH fire
• How Tinkerbell Got Its Wings, including joining the CNCF
• Tinkerbell community
• Episode 136: Backstage, with Lee Mills and Matt Clarke
• Gianluca Arbezzano on Twitter and on the web
• Tinkerbell on Twitter

Crossplane lets you automate creation of infrastructure using Kubernetes APIs. Daniel Mangum is a Crossplane maintainer working at its creator Upbound, a TL of Kubernetes SIG Release, and a YouTube streaming star. He chats about tech with host Craig Box, who is helped this week by returning guest Ken Massada from GKE’s Support team.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 18, with Ken Massada
• Things We Don’t Say podcast
• Glow in the dark sharks
• Earthquakes and tsunamis

• Microsoft Ignite news:
  • Azure Arc for Kubernetes
  • Azure Migrate app containerization service
  • AKS release notes
  • Microsoft Mesh
• Helm second security audit
• Meet Brigade v2
• Harbor 2.2 and roadmap
• Google Summer of Code 2021
• KubeCon EU 2021 schedule launched and the selection process explained
• Issue #100000 on kubernetes/kubernetes

• Visual Basic for Applications
• NYT article on retro computing
• Compiler Explorer
• Rich Code for Tiny Computers by Jason Turner
• Upbound
  • Episode 36, with Jared Watts
• Crossplane
  • Crossplane vs Terraform blog by Nic Cope
  • Compositions and XRDs
  • Crossplane vs Cloud Infrastructure Add-ons
  • TBS episode with Matt Moore of Knative
  • Helm provider
  • July 2020: Crossplane joins the CNCF
    • LFX mentorship program
  • Dec 2020: v1.0
  • Mar 2021: v1.1
• Kubernetes SIG Release
• doc.crds.dev
• Upcoming KubeCon talk: FPGK8s: Consumer-Grade FPGAs on Kubernetes
  • Cutting GTA loading times by 70% and how YAML parsing can become quadratic
• Daniel’s current hirsuteness
• The Binding Status
• Flake-Finder Fridays
• Daniel Mangum on Twitter and on the web

Kamil Potrec is a Senior Security Engineer at Snyk, working on security around Kubernetes and cloud platforms. He joins the show to discuss how to think about securing your infrastructure, the different arts (and colors) of offensive and defensive security, and what not to lose sleep over.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Episode 23, with Andrew Philips and Lars Wander
• A pile of mail and a bike

• Red Hat OpenShift 4.7 is GA
• Fairwinds Insights 3.0
• Envoy zero-day patched
  • Istio security bulletin
• Sysdig contributes Falco modules to the CNCF
• StorageOS raises $10m in Series B
• Platform9 raises $12.5m in Series D
• CNCF relaunches Kubernetes Community Day with KCD Africa and Bengaluru

• Offensive unit in American Football
• Hand-egg
• Red and blue teams
• Unreal Tournament
• Capture the flag
• Kubernetes secrets
  • Design document
  • Encrypting secrets at the application layer
• Antivirus software
• Tracer-tee
• SolarWinds attack
• Reflections on Trusting Trust by Ken Thompson
• left-pad deleted from NPM
• Snyk Open Source
  • The open source parts
• Snyk vulnerability database
• MITRE CVE database
• Kubernetes security at Snyk
• Deploy only trusted containers to GKE
• Application threat modeling
• Kubernetes security best practices, including security context, AppArmor, gVisor etc
• CVE-2020-8554: man-in-the-middle attack using ExternalIP services
• CVE-2020-14386: packet socket vulnerability with user namespaces enabled
  • Earlier related work: CVE-2017-7308 and CVE-2016-8655
  • Project Zero writeup
• Rewrite it in Rust!
• Kamil Potrec on LinkedIn

Today Google Cloud introduced GKE Autopilot, a new mode of operation where you no longer manage or configure nodes, and you pay per-pod, per-second. Craig talks Autopilot with GKE product manager Yochay Kiriaty.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod