Red Hat Kubernetes weekly technology podcast hosted by Brian Gracely (@bgracely) and friends from the Kubernetes community. Focused on Containers | Kubernetes | Red Hat OpenShift | Cloud Native Applications | Microservices | PaaS | CaaS | DevOps.
DevOps for Dummies
SHOW: 75SHOW OVERVIEW: Chris talks with Emily Freeman (@editingemily, Ops Advocacy Manager, Microsoft) about the biggest challenges faced in cloud adoption and DevOps culture changes. SHOW NOTES:OpenShift Homepage - http://openshift.comTry OpenShift 4 - http://try.openshift.comLearn OpenShift - http://learn.openshift.comEmily Freeman's HomepageDevOps for Dummies (book)SHOW TOPICS:Topic 1 - What is an Ops Advocacy Manager?Topic 2 - What are some of the biggest challenges you and your team are facing in cloud and more specifically container adoption amongst those you help?Topic 3 - You wrote DevOps for Dummies which is wonderful. Now you’re working on a new project? 97 Things Every Cloud Engineer Should Know. Care to tell us more about that?Topic 4 - The tech job train and its long term impactFEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podcast.podctl.com
12/21/2019 • 26 minutes, 23 seconds
Introduction to Java Quarkus for Kubernetes
SHOW: 76SHOW OVERVIEW: Chris talks with Daniel Oh (@danieloh30, Principal Technical Product Marketing Manager, Red Hat) about new innovation in deploying Java applications on Kubernetes, with Quarkus. SHOW NOTES:OpenShift Homepage - http://openshift.comTry OpenShift 4 - http://try.openshift.comLearn OpenShift - http://learn.openshift.comQuarkus HomepageUnderstanding Java Quarkus (videos)SHOW TOPICS:Topic 1 - Quarkus: What is it, how does it save developers so much time, and how do folks get startedTopic 2 - Java developers are in demand across the planet and the Java language is evolving at the speed of cloud-native. How do you stay sharp on the skills you need and stay aware of the new things in the ecosystem?Topic 3 - Does this change the reality of Java development on containers? Will Quarkus help developers feel more comfortable using Java as serverless apps on immutable infrastructure (i.e. Kubernetes/OpenShift)? How does Quarkus change the reality for developers?Topic 4 - Does Quarkus help Spring Boot apps and Spring Developers with Kubernetes/OpenShift?Topic 5 - How does Quarkus unify imperative and reactive applications? FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podcast.podctl.com
12/20/2019 • 29 minutes
Digging into OnCallOps
SHOW: 74SHOW OVERVIEW: Chris talks with Matt Stratton (@mattstratton, DevOps Advocate, PagerDuty) about how to better manage OnCall Rotations, integrating DevOps concepts with OnCall, and suggestions about better organizing to handle alerting and observability.SHOW NOTES:OpenShift Homepage - http://openshift.comTry OpenShift 4 - http://try.openshift.comLearn OpenShift - http://learn.openshift.comMatty Stratton - DevOps TalksArrested DevOps (podcast) - Matty Stratton is a co-hostSHOW TOPICS:Topic 1 - Since you work at PagerDuty, how does PagerDuty use PagerDuty?Topic 2 - What are some interesting uses of PagerDuty you’ve seen out in the wild?Topic 3 - You’ve built on call rotations. You’ve got your scars. One thing I’ve noticed is discussions about alert fatigue. Do you have any suggestions around how organization can better handle on call and alerting in general? (“Fight, Flight, or Freeze - Releasing Organizational Trauma”)Topic 4 - DevOps at 10. For me, DevOps crossing into that double-digit year number seems to have increased awareness of it and its potential for orgs not embracing it. What have you seen in terms of organizations embracing DevOps? What are Matt’s highlights of DevOps after ten years?Topic 5 - You're writing an article on SysAdvent website called “15 Ways to Make On-Call More Fun”; It’s supposed to be published around December 3rd. Watch https://sysadvent.blogspot.com/ for this year’s stuff.FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podcast.podctl.com
12/2/2019 • 36 minutes, 13 seconds
KubeCon NA 2019 Contributor Summit & Event Preview
SHOW: 73SHOW OVERVIEW: Chris talks with Marky Jackson (@markyjackson5, Senior Software Engineer, Sysdig) about the KubeCon Contributor Summit, their experiences contributing to the Kubernetes community, and involvement of the military veterans in open source communities.SHOW NOTES:OpenShift Homepage - http://openshift.comTry OpenShift 4 - http://try.openshift.comLearn OpenShift - http://learn.openshift.comKubernetes Contributor SummitKubernetes New Contributor WorkshopSHOW TOPICS:Topic 1 - Welcome to the show. This time next week we’ll be getting ready for a busy day in San Diego at KubeCon NA 2019. What are you doing at the conference?Topic 2 - Contributor Summit: Can you explain what this is, who should attend, and why it’s being put together?Topic 3 - A lot of people feel intimidated by Kubernetes. But, every year the new contributor workshop fills up quickly. Why do you think that is?Topic 4 - The day we’re recording this is Veterans’ Day. There are a number of veterans working in the Kubernetes community. What is it about Kubernetes that brings Veterans to the project?Topic 5 - Inviting more Military members active duty, reserve or retired. We want to hear from you. We need you because...FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podcast.podctl.com
11/14/2019 • 25 minutes, 11 seconds
Building a Cloud-native Kubernetes Platform
SHOW: 72SHOW OVERVIEW: Brian talks with Joe Fernandes (@JoeFern1, VP of Product Management, Red Hat Cloud BU) about Red Hat's experience with Kubernetes, innovating upstream and integrating products, OpenShift 4 cloud-like architectural changes, allowing developers to be productive, and new ways to create a better customer experience.SHOW NOTES:OpenShift Homepage - http://openshift.comTry OpenShift 4 - http://try.openshift.comLearn OpenShift - http://learn.openshift.comOpenShift Commons - http://commons.openshift.orgOpenShift Blog (Joe Fernandes) - https://blog.openshift.com/author/joefernandes/SHOW TOPICS:Topic 1 - Welcome to the show. Let’s start by talking about your experience at Red Hat in managing OpenShift. Topic 2 - We talk a lot about Kubernetes on this show obviously. Tell us how you and the OpenShift product team first got involved with Kubernetes.Topic 2a - Give the audience a sense of what it takes to build (and continue to maintain) not just a commercially-supported Kubernetes distribution, but all the on-going integrations to make it a production application platform. Topic 2b - What are some of the things needed to evolve a platform from “just running containerized apps” to one that is intelligent enough to manage many different types of applications? Topic 3 - There is always some Twitter chatter that Kubernetes is too complicated and nobody should run Kubernetes except the 3 major public cloud providers. What types of things has OpenShift needed to do to be able to run “like a managed cloud platform”?Topic 4 - When you get “above” Kubernetes, you have to start thinking about how developers will interact with the platform. This is where there are a lot of opinions, and many new innovations/projects. How does OpenShift think about “building on the platform”?Topic 5 - Part of “the cloud experience” is being able to gather information about how the platform is used, in order to make better product decisions. The public cloud does this behind the scenes for every customer. Can OpenShift do anything to help create better customer experiences?FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podcast.podctl.com
11/12/2019 • 37 minutes, 28 seconds
The Intersection of DevOps and Kubernetes
SHOW: 71SHOW OVERVIEW: Brian talks with Chris Short (@ChrisShort, Technical Marketing @RedHat, CNCF Ambassador, writes at DevOps’ish) about DevOps 10th birthday, how Kubernetes helps DevOps, and the exciting news that Chris will be co-hosting PodCTL.SHOW NOTES:Try OpenShift 4 - http://try.openshift.comLearn OpenShift - http://learn.openshift.comRed Hat announces Global Transformation Office - https://www.redhat.com/en/blog/introducing-red-hat-global-transformation-officeChris’ DevOps’ish Homepage (subscribe to the newsletter) - https://devopsish.com/SHOW TOPICS:Topic 1 - Welcome to the show. Let’s talk a little bit about your background and the plethora of things you’re working on these days.DevOps’ish: Weekly newsletter covering cloud-native, DevOps, open source, and industry news Cloud Native Ambassador: Our Super Bowl is coming up (KubeCon)Ansible Operators (get your stickers at KubeCon)OpenShift team helping customers getting their clusters up and runningTopic 1a - BIG NEWS! Chris Short is joining the show to be a new co-host. Topic 1b - MORE BIG NEWS! Kevin Behr, Jabe Bloom, John Willis, Andrew Clay Shafer are joining Red Hat to create the Global Transformation OfficeTopic 2 - A couple of weeks ago, the DevOps community (and DevOps Days) celebrated its 10yrs anniversary. You’ve been involved in that community for a number of years. What are the big trends happening around DevOps these days? (have we figured out the difference between DevOps and SRE?)Topic 3 - One of the common challenges that companies often talk about it scaling Agile/DevOps across their company. What are some of the things you’re seeing that enable success? What are some of the common mistakes that companies make in trying to scale? Topic 4 - We tend to talk about Kubernetes quite a bit on this show. As you’re beginning to work with Kubernetes more, are you finding that it helps in scaling Agile and DevOps? Topic 5 - You’re going to be hosting a number of the PodCTL shows going forward. What are some of the topics that you hope to cover in 2019 and 2020?FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podcast.podctl.com
11/8/2019 • 28 minutes, 2 seconds
Introduction to GitOps
SHOW: 70SHOW OVERVIEW: Brian talks with Alexis Richardson (@monadic, CEO @weaveworks) about the emerging concepts and technology behind “GitOps”. SHOW NOTES:Gitops at Weave Works[video] GitOps - Git push all the thingsOperatorHubSHOW TOPICS:Topic 1 - Welcome to the show. Tell us about your background both at Weave and your involvement in the CNCF.Topic 2 - Weave really started evangelizing this concept of “GitOps”. For anyone that isn’t familiar, walk us through the basics building blocks. Topic 3 - Git becomes the CMDB (single source of truth, single source for compliance). Developers push code (Git > CI/CD). CI/CD system builds containers and deploys to Kubernetes. What assumptions does this model make about the underlying infrastructure operations? Topic 4 - Let’s talk about the separation of interests between the CI system and the CD system and how this impacts security. Topic 5 - Let’s talk about the role of Operators in a GitOps environment. Operators (today) tend to be more focused on stateful applications, so how does this link into developer code? FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
6/18/2019 • 20 minutes, 44 seconds
Reviewing KubeCon Barcelona 2019 - Part I
SHOW: 69SHOW OVERVIEW: Brian reviews the major project-level news and announcements from KubeCon Barcelona 2019, as well as gives some feedback about the overall show. SHOW NOTES:Try OpenShift 4 - http://try.openshift.comAll of the CNCF talks/sessions (videos) from KubeContheCUBE coverage of KubeCon[NEW] CNCF Projects - Health ChartSHOW TOPICS:Kubernetes 5 year anniversary - 7700 people in BarcelonaALL the CNCF announcements during KubeConFluentd graduatedHelm v3 - no more TillerOpenTracing + OpenCensus = OpenTelemetrySMI - Service Mesh InterfaceRook 1.0 and Rook OperatorOpenEBS into CNCFVelero 1.0FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
5/24/2019 • 18 minutes, 16 seconds
Operators and OperatorHub
SHOW: 68SHOW OVERVIEW: Brian talks with Rob Szumski (@robszumski, Sr. Manager Product Management @OpenShift) about the evolution of Operators, the emerging capabilities in Kubernetes to support Operators, OperatorHub, Helm Operators and how OpenShift 4 is integrating the Operator experience. SHOW NOTES:Try OpenShift 4 - http://try.openshift.comOperator FrameworkOperatorHub Maturing Operators (Rob’s Keynote at KubeCon 2018)OpenShift Commons - State of Operators OpenShift Commons Gathering - Operator FrameworkDiscussing Operator Framework with Brandon Philips (Eps.33)SHOW TOPICS:Topic 1 - Welcome to the show. Tell us a little about your background, and how you’re involved in Kubernetes operators. Topic 2 - Last year (May 2018) we spoke with Brandon Philips around the launch of Operator Framework. How has the ecosystem around Operators evolved over the last year? Topic 3 - We spoke with Clayton Coleman and Derek Carr about how Operators are now core to the architecture of OpenShift 4, but what role do Operators play for applications running on Kubernetes or OpenShift?Topic 4 - How are complex applications getting turned into Operators? What’s the model to get them engaged with the SDK and Metering frameworks? Topic 5 - How is OpenShift 4 interacting with OperatorHub? FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
5/1/2019 • 18 minutes, 3 seconds
Ceph Storage with Rook
SHOW: 67SHOW OVERVIEW: Brian talks with Annette Clewett (@aclewett, Senior Architect @RedHat) and Travis Nielsen (@STravisNielsen, Senior Principal Software Engineer @RedHat) about software-defined storage, managing storage with Kubernetes, and how Rook is bringing the Operator model to storage systems like Ceph. SHOW NOTES:Try OpenShift 4 - http://try.openshift.comProject Rook - Storage Orchestration for KubernetesDeep Dive: Rook (video) - KubeCon 2018Ceph on OpenShift with Rook (video) - Commons Gathering 2019Rook Channel on SlackSHOW TOPICS:Topic 1 - Welcome both of you to the show. Before we get into discussing Ceph and Rook, can you tell us about your background around these projects? Topic 2 - One of the most frequent requests we get from listeners is to discuss how to integrate (and manage) storage into OpenShift/Kubernetes environments. Let’s talk about storage needs for OpenShift/Kubernetes infrastructure (masters, logging, monitoring, etc.) vs. storage for applications. Topic 3 - Help us understand the difference between a storage manager like Rook and a storage system like Ceph. Where does one start and the next one stop? Topic 4 - Rook now uses the Operator pattern for managing underlying storage systems. How does the Operator technology help make managing (and lifecycling) storage easier or more robust? Topic 5 - As you talk to users of Ceph and Rook, what are some of the best practices that you’re seeing them implement? FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
4/24/2019 • 27 minutes, 7 seconds
Kubernetes Extended Authentication Model
SHOW: 66SHOW OVERVIEW: Brian talks with Marc Boorshtein (@mlbian, CTO at Tremolo Security) about trends in Kubernetes security, and how to think about the Kubernetes Extended Authentication Model. SHOW NOTES:Try OpenShift 4 - http://try.openshift.comBeyond RBAC in OpenShift – Open Policy AgentOpenShift Commons Briefing: Securing OKD at Multiple LayersKubernetes Security SHOW TOPICS:Topic 1 - Welcome back to the show. Your focus is on security. What’s one new thing that’s really interesting to your right now, and what’s one “mundane” thing you’re seeing all the time that isn’t getting enough discussion? Topic 2 - A few weeks ago we talked with John Osbourne about “Kubernetes Policy”. This is very different than “Authentication” or “Authorization”. For people that don’t live around security, can you help us understand the difference between policy and the things that make up AAA (Authentication, Authorization and Accounting)?Topic 3 - You and I were talking a few months ago at OpenShift Commons Gathering in London about “the Kubernetes extended authorization model”, and I wonder if you could elaborate on that a little bit. Topic 4 - What are some of the areas where you feel like there isn’t enough awareness, especially for production environments, between policy and AAA models (e.g. Kubernetes elements vs. user-level elements)?Topic 5 - Give us a quick set of thoughts on how any of this changes if we start doing multi-cluster or Federation. FEEDBACK?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
4/5/2019 • 26 minutes, 12 seconds
Multi-Cluster and Federation v2
SHOW: 65SHOW OVERVIEW: Brian talks with Paul Morie (@cheddarmint, Sr. Principal Software Engineer @RedHat, Reviewer/Approver of Federation v2) about the evolution of multi-cluster and Federation v2 in Kubernetes. SHOW NOTES:Try OpenShift 4 - http://try.openshift.comKubernetes Federation v2 - https://github.com/kubernetes-sigs/federation-v2Kubernetes Federation v2 on OperatorHub - https://operatorhub.io/operator/alpha/federation.v0.0.6Kubernetes Federation v2 on OpenShift 3.11 - https://blog.openshift.com/kubernetes-federation-v2-on-openshift-3-11/SHOW TOPICS:Topic 1 - Let’s start with some basics. The differences between “Federation” and “Multi-Cluster”?Topic 2 - What are the basic functionality that needs to be in place to federate more than 1 cluster together (authentication, registry, cluster registry, network routing, etc.)Topic 3 - What are some of the mechanisms that help determine which cluster a container should run?Topic 4 - Is the current design intended to handle applications that span clusters, or is the expectation that apps live in a single cluster? What about deploying the same app to multiple clusters?Topic 5 - For more advanced capabilities, such as intelligence to know where to dynamically place an application, would that be something that’s within Kubernetes, or any external service?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
3/29/2019 • 26 minutes, 59 seconds
Project Quarkus, Kubernetes-native Java
SHOW: 64SHOW OVERVIEW: Brian talks with Burr Sutter (@BurrSutter, Director Developer Experience @RedHat) about Project Quarkus (@QuarkusIO), Supersonic Subatomic Java for Kubernetes-native application development. SHOW NOTES:Try OpenShift 4 - http://try.openshift.comLearn OpenShift for FREE (Knative, Istio, Operators, etc.) - http://learn.openshift.comBurr Sutter YouTube Channel - https://www.youtube.com/user/burrsutterJava inside Docker - https://developers.redhat.com/blog/2017/03/14/java-inside-docker/Introducing Project Quarkus - https://developers.redhat.com/blog/2019/03/07/quarkus-next-generation-kubernetes-native-java-framework/Quarkus Homepage - https://quarkus.io/GraalVM - https://www.graalvm.org/Burr's Istio Tutorial - http://bit.ly/istio-tutorialBurr's Knative Tutorial - http://bit.ly/knative-tutorialSHOW TOPICS:Topic 1 - Welcome to the show. Tell us a little bit about your world and how it intersects Kubernetes, Developers and Cloud-native application development. Topic 2 - Today we’re going to talk about Java and containers. Before we get into the new technologies, let’s talk about what the world of Java in containers (and Kubernetes) looks like today - especially the challenges and tradeoffs from the Java EE world to Kubernetes. (see: “Kubernetes as the New Application Server”, Eps.55 on PodCTL)Topic 3 - Please introduce us to Project Quarkus. Unifies Imperative and Reactive development modelsInvolves both GraalVM and HotSpotFast startup timesLow memory requirementsSmaller application and container image footprint Topic 4 - So for the Kubernetes or container person, how does this change things? It’s still Java/Quarkus in the container, but it is the smaller/faster aspect that’s interesting, or better interaction with the native Kubernetes patterns?Topic 5 - What does this mean for today’s Java developer in terms of learning new capabilities or reusing any existing stacks or frameworks? (Eclipse MicroProfile, JPA/Hibernate, JAX-RS/RESTEasy, Eclipse Vert.x, Netty, and more.Topic 6 - What’s the best way for developers to get the technology or engage with other developers/community around questions? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
3/19/2019 • 22 minutes, 44 seconds
Understanding Project Velero (formerly Ark)
Show: 63Show Overview: Brian talks with Carlisia Pinto (@carlisia, Sr. Member of Technical Staff at VMware, OSS Maintainer of Project Velero) about Project Velero (formerly “Ark”), and backing up and migrating applications on Kubernetes. Show Notes:Try OpenShift 4 - http://try.openshift.comProject Velero - https://github.com/heptio/veleroRepository for Velero community meetings - https://github.com/heptio/velero-communitySlack Group https://kubernetes.slack.com/messages/C6VCGP4MTTwitter - https://twitter.com/projectveleroGoogle group - https://groups.google.com/forum/#!forum/projectveleroVelero 0.11 released - https://blogs.vmware.com/cloudnative/2019/02/28/velero-v0-11-delivers-an-open-source-tool-to-back-up-and-migrate-kubernetes-clusters/[Blog] Velero with Restic and Rook-Ceph - https://blog.kubernauts.io/backup-and-restore-of-kubernetes-applications-using-heptios-velero-with-restic-and-rook-ceph-as-2e8df15b1487Show Topics:Topic 1 - Welcome to the show. Tell us about your background and how you got involved in Project Velero.Topic 2 - Let’s talk about the Velero Project, which was recently renamed from “Ark”. [From GitHub] “Velero gives you tools to backup and restore your Kubernetes cluster resources and persistent volumes.” It got started in 2017 by engineers at Heptio. Help us understand the scope of the project (backup/recovery, disaster recovery, other).Topic 3 - Tell us about the architecture behind Velero. Take backups of your cluster and restore in case of loss.Copy cluster resources to other clusters.Replicate your production environment for development and testing environments.Topic 4 - Right now it appears that all the “Compatible Storage Provider” targets are public cloud storage services. Is there a framework to allow other storage services to be plugged into Velero? Topic 5 - If people want to get involved in Velero, is there a roadmap of things that are coming in future releases, or a wishlist of things that the project would like to see people focus on? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
3/8/2019 • 25 minutes, 30 seconds
Ansible Operators
Show: 62Show Overview: Brian talks with Fabian von Feilitzsch (@fabianismus, Sr. Software Engineer at RedHat) and Shawn Hurley (@shawn_hurIey, Sr. Software Engineer at Red Hat) about Ansible Operators, how they work with Ansible Playbook, on-platform and off-platform usage, and examples to help people learn the new Kubernetes technology. Show Notes:Try OpenShift 4 - http://try.openshift.comAnsible Operator (GitHub) - https://github.com/operator-framework/operator-sdk/blob/master/doc/proposals/ansible-operator.mdAnsible Operator - What is it? - https://www.ansible.com/blog/ansible-operatorAn Introduction to Ansible Operators - https://opensource.com/article/18/10/ansible-operators-kubernetesLearn Ansible Operators - https://learn.openshift.com/ansibleop/ansible-operator-overview/Sample Ansible Operator (from Fabian) - https://github.com/fabianvf/jellyfin-operatorShow Topics:Topic 1 - There are multiple types of operators: Go, Ansible, Helm. What are the basic things that the Ansible Operator does - in the context of the Operator Framework?Topic 2 - Are there some basic things that an existing Ansible Playbook should have in order to easily fit into an Ansible Operator? Topic 3 - Will Ansible Operator mostly be targeting applications that are automated via Ansible Playbooks, or is it also applicable to infrastructure or security-related playbooks?Topic 4 - How does an Ansible Operator interact with Ansible Tower, or how due those two worlds co-exist (or not)?Topic 5 - Are there examples today of Ansible Operators that people can look at or try out? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
2/27/2019 • 19 minutes, 2 seconds
OpenShift 4 Architecture Overview
Show: 61Show Overview: Brian talks with Clayton Coleman (@smarterclayton) and Derek Carr (@derekwaynecarr), Technical Leads of Red Hat OpenShift, about the upcoming architectural changes in version 4.Show Notes:Try OpenShift 4 - http://try.openshift.comOpenShift 4 - Features, Functions, Future (Commons Gathering KubeCon 2018) - https://www.youtube.com/watch?v=-xJIvBpvEeEThe Modern Software Platform - https://blog.openshift.com/the-modern-software-platform/Topic 1 - Welcome back to the show. Let’s talk about some of the architectural concepts that will exist in OpenShift 4, and why decisions were made.Topic 2 - OpenShift has always been a flexible/composable/modular platform. How does that evolve in OpenShift 4 (e.g. Operators, Platform + OS, etc.)? Topic 3 - OpenShift has evolved since the early 3.x days, when a lot of necessary things weren’t “Kubernetes embedded” (install/upgrade tools, monitoring, scanning, visualization of resources, etc.). OpenShift has been moving to adopt the Kubernetes native elements as they mature (e.g. Prometheus). Can you talk about some of the new Kubernetes native capabilities coming in OpenShift 4 that people should start looking into? (e.g. CRI-O, Cluster-Version-Operator, Machine APIs)Topic 4 - Let’s come back to the discussion of Operators. We heard alot about Operators for applications (e.g. databases), but are there uses for Operators for things that would be considered more platform-centric (e.g. storage, logging, service mesh, etc.)?Topic 5 - There are some things happening in the public cloud that make it easier to manage nodes and scaling of nodes. Any interesting stuff coming to OpenShift 4 to help make those elements easier to manage? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
2/20/2019 • 36 minutes, 6 seconds
Kubernetes Policies
Show: 60Show Overview: Brian and new co-host John Osborne (@OpenShiftFed) discuss policies in and around Kubernetes.Show Notes:Try OpenShift 4 - http://try.openshift.comOpenShift in Action - https://www.manning.com/books/openshift-in-actionKubernetes Policies - https://kubernetes.io/docs/concepts/policy/Kubernetes SIGs and Working Groups - https://github.com/kubernetes/community/blob/master/sig-list.mdOpen Policy Agent - https://www.openpolicyagent.org/Topic 1 - Welcome John Osborne to the show. Let’s talk about your background. Topic 2 - We decided to discuss “policy” in Kubernetes. Where do you usually find that discussion begins. If I were to do a Google search, the Kubernetes site highlights “Pod Security Policies” and “Quotas”. Topic 3 - What types of tools do you see in production being used to apply and track policy within Kubernetes environments? Topic 4 - Grafaes and Kritis are often discussed around policy for “securing Kubernetes software supply chain”. Are these types of projects focused on Kubernetes as a platform, or applications running on Kubernetes, with more of a focus on the CI/CD and Testing pipelines?Topic 5 - There is a newer framework that’s starting to emerge, called “Open Policy Agent”. What are some of the things that it is focused on? Topic 6 - Are there communities within Kubernetes that are focused on policy, if people want to follow discussions or contribute to projects? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
2/15/2019 • 22 minutes, 53 seconds
The Show is Back, 2019 style!
Show: 59Overview: Brian Gracely is back as the host of PodCTL for 2019, with some news about changes and improvements to the show. Show Notes: OpenShift 4 PreviewPodCTL.com - New PodCTL WebsiteFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://PodCTL.com
2/7/2019 • 5 minutes, 50 seconds
Reviewing KubeCon 2018 Seattle
Show: 58Show Overview: Brian and Tyler talk about the announcements, trends and highlights from KubeCon and CloudNativeCon Seattle 2018. Show Notes: OpenShift 4 PreviewEtcd Donated to CNCFEnvoy Graduates in CNCFHeptio acquired for $550MCNCF Project HealthTrends: From 1500 people (2016) to 8000 people (2018) Less focus on Kubernetes, more focus up the stack (Istio, Knative)Many companies focused on developer tools - Atomist, Pulumi, Windmill, MicrosoftOther Tidbits: AWS published an ECS, EKS, Fargate Roadmap - https://github.com/aws/containers-roadmap/Announcements:A list of KubeCon 2018 Seattle Announcements All the Slides and Videos from KubeCon 2018 (Seattle)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
12/20/2018 • 30 minutes, 19 seconds
Kube Security, Kube 1.13 and KubeCon
Show: 57Show Overview: Brian and Tyler talk about a significant security bug in Kubernetes, the recently announced Kubernetes 1.13 release, and the upcoming KubeCon event in Seattle. Show Notes: Kubernetes Privilege Escalation Flaw - https://www.redhat.com/en/blog/kubernetes-privilege-escalation-flaw-innovation-still-needs-it-security-expertiseKubernetes 1.13 Release Announcement - https://kubernetes.io/blog/2018/12/03/kubernetes-1-13-release-announcement/What’s new in Kubernetes 1.13 - https://coreos.com/blog/whats-new-kubernetes-113OpenShift Commons Gathering Seattle (preview)- https://blog.openshift.com/openshift-commons-gathering-preview-your-personal-prelude-to-kubecon-seattle/Kubernetes 1.13 FeaturesKubeadm is now GACSI (Container Storage Interface) is now GACore-DNS is now GA, replacing kube-dns (as default)Alpha - support for device monitoring pluginsStable - Kubelet Device Plugin RegistrationStable - Topology Aware Volume SchedulingBeta - APIServer DryRunBeta - Kubectl DiffBeta - Raw Block Device with Persistent VolumeFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
12/7/2018 • 16 minutes, 2 seconds
Windows Containers with Microsoft
Show: 56Show Overview: Brian and Tyler talk with Mike Kostersitz, (@huskyat, Principal Program Manager (@huskyat) in Core Networking for Microsoft) about the basics of Windows containers, the differences between Linux and Windows containers, considerations for deployments, commons questions about Windows containers and the interaction between Red Hat and Microsoft Kubernetes engineering. Show Notes: Managing Windows containers with Red Hat OpenShift Container Platform - Part I of Blog SeriesAbout Windows Containers OpenShift in AzureWhy Red Hat and Microsoft are Bringing Managed OpenShift to AzureTopic 1 - From a Windows perspective (OS, Application), talk us through how you typically explain Windows Containers to other people? What are some of the important technologies, or changes to Windows?Topic 2 - If someone has a Windows (.NET) application today, how would they go about getting into a Container/Kubernetes environment today, and in the near future?Topic 3 - What are you finding is different between Kubernetes with Linux containers, and Kubernetes with Windows containers?Topic 4 - You're in the process of writing a series of blogs about OpenShift + Windows containers. You've been working with both the Microsoft and Red Hat teams in getting this supported with OpenShift. What are some of the things you're seeing either Developer Preview customers? Topic 5 - What are some of the questions that you're getting from people interested in Windows Containers and Kubernetes? (normal and unusual)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
11/29/2018 • 21 minutes, 51 seconds
Kubernetes as the New Application Server
Show: 55Overview: Brian and Tyler talk about how existing application developers and PlatformOps teams can map existing applications and framework services into a more distributed set of services that run in containers on Kubernetes and OpenShift. Show Notes: Why Kubernetes is the New Application Server (blog)Kubernetes: Your Next Java Application Server (video and demo from @burrsutter)We mentioned last week that we’re moving into the 3rd Era of Kubernetes (automated ops, automated apps), with the 2nd Era being about getting a broader set of applications on Kubernetes. Today we thought we’d talk about some design patterns, especially for anyone that’s transitioning from existing applications, and how some of those concepts map to the evolving Kubernetes eco-system.Topic 1 - At the core of this statement about “Kubernetes is the New Application Server” is three things: Some explanation about why containers are a useful packaging mechanism to avoid the difference between developer environments and production environments (package dependencies, etc.)How to mentally map between the more monolithic frameworks that are widely used today, and more distributed concepts that align more with Kubernetes and containers.Even within a language like Java, there are now variants (JakartaEE, Microprofile, Node, SpringBoot, etc.) and developers might not want to embed all functionality within the application, if it can be offloaded to platform services.Topic 2 - It walks through the 10 elements that either map to Kubernetes, an OpenShift service, or emerging functionality in Istio (or maybe Knative)Discover (Service Discovery)Invocation of the ApplicationElasticity / ScalingResilienceCI/CD Pipeline IntegrationAuthenticationLoggingAPI Mgmt and IntegrationsFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
11/15/2018 • 27 minutes, 22 seconds
Have We Reached Kubernetes-Native Yet
Show: 54Overview: Brian and Tyler talk about how well the industry has created or evolved Kubernetes-Native platforms and services. Show Notes:Topic 1 - We’re more than 3yrs into Kubernetes, and almost at the 2yr anniversary of the 1st big CloudNativeCon / KubeCon in Seattle (we’ll be back again this year). So let’s ask a big question - how has the industry evolved to actually deliver Kubernetes-Native?Topic 2 - What is Kubernetes-Native? Is it specific to containers?Is it specific to Kubernetes scheduling?Is it specific to Kubernetes extensibility?Topic 3 - Was reading a report recently that separated the concepts of DevOps from PlatformOps. We know Developers experiences and expectations are never the same and always evolving. But should the PlatformOps side of things be standardizing on something Kubernetes-native? Topic 4 - What are some of the common things you’ve seen in the Kubernetes community (products, platforms, services) that have gained some traction, but aren’t really aligned to Kubernetes? Most Developer FrameworksCI/CD PipelinesStorage (CSI framework)ITIL ProcessesFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
11/9/2018 • 20 minutes, 56 seconds
The Internal Build vs Buy Discussion
Show: 53Show Overview: Brian and Tyler talk about how companies rationalize a Buy (or consume) vs Build decision for a Kubernetes platform or service. Show Notes:This show is somewhat free form, but it ultimately started with a listener question that asked:"We run an internal Kubernetes platform in our centralized IT group, but some other developer groups also run their own Kubernetes platform. How do we convince them, or our management team, to bring other groups onto our platform to be both more cost effective and more collaborative with developers?"How do we rationalize having one vs multiple platforms (cost, support, feature differences)?How do we communicate to internal groups about the capabilities of an internal platform?How do we stop thinking like an IT group and start thinking like a product team?How do we measure success of the platform?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://blog.openshift.com, search #PodCTL
10/31/2018 • 25 minutes, 45 seconds
OpenShift 3.11 and OpenShift Container Engine
Show: 52Overview: Brian and Tyler talk about updates to OpenShift 3.11, including new Operations Console, integrated Prometheus monitoring and Grafana graphing and supported Operators on OpenShift. They also discuss the introduction of OpenShift Container Engine (OCE)Show Notes:Red Hat OpenShift Container Platform 3.11 is GAOpenShift Container Engine (announcement)Kubernetes Operators & Operator FrameworkKubernetes Operators with Helm3.11 - Cluster Monitoring, dashboards, alerting3.11 - Event Feeds, Node & object introspection3.11 - Access Control, auditing, Role impersonationTopic 1 - CoreOS integration into OpenShift (admin dash, operators, etc)Topic 2 - New Cluster Console and Administrator DashboardTopic 3 - Integrated Prometheus Metrics and AlertsTopic 4 - Kubernetes Operator Previews and ISV OperatorsTopic 5 - A discussion of OpenShift Container Engine (OCE)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://blog.openshift.com, search #PodCTL
10/17/2018 • 24 minutes, 43 seconds
Reviewing Kubernetes 1.12 Updates
Show: 51Show Overview: Brian and Tyler talk about updates to Kubernetes v1.12 Show Notes:Kubernetes 1.12 Updates (Official Kubernetes blog)What’s new in Kubernetes 1.12 (Red Hat CoreOS blog)OpenShift Commons Briefing on October 4 at 9 AM PT to discuss Kubernetes 1.12Operator FrameworkTopic 1 - Kubelet TLS Bootstrap moves to GA - simplify how nodes are securely added/removed into a cluster. As an add-on, server certificate rotation functionality moves into beta, and this will be tied in with Cluster Operators and Application Operators.Topic 2 - Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler is Now StableTopic 3 - On the network security front, two NetworkPolicy components graduate to GA: egress and ipBlock.Topic 4 - Multi-Tenancy: In this release comes the ability to support priority on the various resource quotas via the new ResourceQuotaScopeSelector feature. This enhances the existing priority and preemption feature that was delivered in Kubernetes 1.11.Topic 5 - CSI now supports the notion of topology awareness and this functionality moves to beta in Kubernetes 1.12. What this means is that stateful workloads can now have a conceptual understanding of where storage resources live, whether it be a rack, datacenter, availability zone, or region.Topic 6 - Kubectl Plugins: With kubectl plugins, developers can engineer extensions to kubectl, which accommodate their administration scenarios, while not being baked into the core kubectl codebase. This is going to allow teams to develop and deliver kubectl functionality faster and in a more consistent manner. (example: OpenShift “oc commands”) Topic 7 - Let’s discuss the upgrading process of Kubernetes (again). Other noteworthy features:Snapshot / restore functionality for Kubernetes and CSI is being introduced as an alpha feature. This provides standardized APIs design (CRDs) and adds PV snapshot/restore support for CSI volume drivers. Improvements that will allow the Horizontal Pod Autoscaler to reach proper size faster are moving to beta. Vertical Scaling of Pods is now in beta, which makes it possible to vary the resource limits on a pod over its lifetime. In particular, this is valuable for pets (i.e., pods that are very costly to destroy and re-create). Encryption at rest via KMS is now in beta. This adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault, that will encrypt data as it is stored to etcd. Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
10/3/2018 • 26 minutes, 39 seconds
Listener Mailbag Questions
Show: 50Show Overview: Brian and Tyler answer questions from podcast listeners, about big data and analytics, application deployments, routing security, and storage deployment models. Show Notes:Spark and AnalyticsJupyter NotebooksPackaging Applications on Kubernetes (PodCTL #37)Topic 1 - From David - Is it possible to do a show about running Spark, Jupyter notebooks and analytical workloads on k8s?Topic 2 - From Matthew - it would be interesting to hear your thoughts for how apps will be deployed and maintained in the future of OpenShift/kubernetes (covered in Eps.37 in late May).Topic 3 - From Will - One thing I would still like to know about is how people secure their running kubernetes deployments. Are people generally just exposing their ingress nodes to the open internet, or is it more complicated than that? I'm familiar with Nginx/Apache and modsecurity, and saw that OpenShift recently started supporting Nginx as ingress, and would like to know if anybody is using that as a WAF.Topic 4 - From Walid - What storage available options are available for production use cases? and what diverse use cases are out there? e.g. stateful mostly, how about trends in machine learning/AI, Big Data workloads not the conventional K8s workloads!Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
9/19/2018 • 22 minutes, 17 seconds
Security & Service Meshes
Show: 49Show Overview: In a joint show between The Cloudcast and PodCTL, Brian and Tyler talk with John Morello (@morellonet, CTO at @TwistlockTeam) about how Service Mesh technologies, such as Istio, can be used for more advanced security of containerized applications and Kubernetes environments. Show Notes:Twistlock WebsiteSecuring Istio and KubernetesMaking Istio Security Layer Easier to MonitorService Mesh TutorialsTopic 1 - Welcome to the show. Tell us about your background, and introduce us to Twistlock for anyone that isn’t familiar with the company. Topic 2 - One of the most popular concepts in the world of containers and Kubernetes is “Service Mesh” (projects like Istio). Let’s talk about the basics of what a service mesh does. Topic 3 - Service mesh provides routing capabilities, so let’s talk about where security comes into the picture. Topic 4 - Service mesh introduces a concept in Kubernetes where you deploy multiple containers in a pod, one the application and one the service-mesh proxy. Does security introduce yet another container/agent into a pod? Topic 5 - What sort of tools are available today for security professionals are service meshes are introduced into a container environment? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
9/12/2018 • 24 minutes, 59 seconds
Patching VMs, OS, Containers
Show: 48Show Overview: Brian and Tyler try and clarify some confusion about how much patching is still involved when moving from Virtualization to Containers. Show Notes:Lots of confusion about how to manage patching of VMs vs. Containers.Topic 1 - What do I have to patch in a VM-centric environment? Who is typically responsible for that patching?Host OS HypervisorGuest OS Application StackTopic 2 - What do I have to patch in a Container-centric environment? Who is typically responsible for that patching?Host OS Container LayerApplication StackTopic 3 - Is it possible to quantify the difference between the amount of patching that’s needed?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
9/5/2018 • 19 minutes, 33 seconds
VM Admin vs Container Admin
Show: 47Show Overview: Brian and Tyler talk about how the day-to-day tasks of a VM Admin would change if they adopted Containers in their environment. Show Notes:Let’s put ourselves in the shoes of a virtualization admin. How would we transition their day-to-day activities from VMs to Containers?Topic 1 - What does the virtualization infrastructure/platform vs. container infrastructure/platform consist of?Control Plane Content RepositoryData Plane (Hosts, OS, Apps) Networking, Storage, Management, Logging, MonitoringTopic 2 - How do we get an application onto each platform, and how are resources provisioned?Network Storage Security Backups What is automated (by default vs. tooling) Availability (models)Topic 3 - Who is responsible for the different aspects of the application once it’s running?Topic 4 - What are the biggest differences or misperceptions between the environments?Stateful vs. Stateless apps Automated (integrated) vs. Manual tasks PatchingFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
8/30/2018 • 31 minutes, 20 seconds
KubeVirt and Container Native Virtualization
Show: 46Show Overview: Brian and Tyler talk with Steve Gordon (@xsgrodon, Principal Product Manager @RedHat) about the intersection of containers, Kubernetes and virtual machines with the KubeVirt project and Container Native Virtualization. Show Notes:KubeVirt - Building a Virtualized API for KubernetesKubevirt-dev Google Group#virtualization on Slack#kubevirt on IRCIntro to Container Native Virtualization (CNV)CNV Demo - Red Hat SummitTopic 1 - Welcome to the show. Tell us about some of the areas you’re focused on these days.Topic 2 - Let’s talk about some of the basics of KubeVirt. How does it work? What problem is this trying to solve?Topic 3 - What are some of the technical challenges that have to be overcome for Kubernetes to understand how to deal with virtual machines?Topic 4 - Looking at the project today, what are some of the things that are possible, and what are some of the goals to add over the next 6 or 12 months?Topic 5 - What has been the feedback you’ve heard from companies as you’ve introduced them to KubeVirt and CNV?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
8/23/2018 • 21 minutes, 24 seconds
Container Registries
Show: 45Show Overview: Brian and Tyler talk about the core capabilities of container registries, how they interact with Kubernetes and CI/CD pipelines, and some design and security considerations for architects. Show Notes:Twistlock $33M in Funding - Container SecurityProject Clair - Vulnerability ScanningQuay Container RegistryRed Hat OpenShift RegistryTopic 1 - Let’s start with the basics. What does a container registry do? Is it just a glorified FTP server?Serves and stores container images Has a storage backend that should be replicated (somewhere) - usually Object or NFS May have the ability to scan images for vulnerabilities or digitally sign imageTopic 2 - What are the typical interactions that a container registry has with elements of Kubernetes (e.g. Deployments, Kubernetes masters) and elements around Kubernetes (e.g. CI/CD pipeline)?Topic 3 - How do things like scanning and signing fit into container registries? Or should that function reside somewhere else?Topic 4 - What sort of design considerations should architects consider for the container registry?Where is it physically located? How to handle redundancy or replication? How to scope out performance? Multi-Tenancy or Groups?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
8/15/2018 • 31 minutes, 59 seconds
Looking Forwards and Backwards at 3yrs of Kubernetes
Show: 44Show Overview: Brian and Tyler talk about how Kubernetes has evolved over the last three years, from the community to the technology to new things coming down the road. Show Notes:Kubernetes 3rd AnniversaryTopic 1 - Let’s start with people and community. How have you seen the Kubernetes community evolve over the past 3 years? What’s working well, and where have there been struggles?Topic 2 - Technology-wise, where would you place the highlights for Kubernetes? This could be the technology itself, or how it’s been adopted, or maybe just the overall architecture.Topic 3 - Technology-wise, where would you place the challenges for Kubernetes? This could be the technology itself, or how it’s been adopted, or maybe just the overall architecture.Topic 4 - There seems to be a new chorus of pushback on Kubernetes, around the complexity of managing complex environments (e.g. DR for Stateful apps) and the serverless fans. Do you see this as a problem, a distraction, or valid criticisms?Topic 5 - What do you see making a lot of headlines vs. being the important things for end-users to focus on for the next year?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
8/2/2018 • 35 minutes, 57 seconds
Istio, Knative and GoogleNEXT
Show: 43Show Overview: Brian and Tyler talk about Kubernetes 3rd Anniversary, Istio, Knative, and the Kubernetes-related announcements from GoogleNEXT2018. Show Notes:Kubernetes 3rd Anniversary Google Cloud Services Platform (GCSP) - Hybrid and Multi-cloud application development stack, built on Kubernetes and Istio - custom-configured, enterprise-hardened, and delivered by Google.GKE On-Prem - A core component of CSP, with GKE On-Prem, customers get the Google Kubernetes Engine (GKE) experience in their data center. The first private cloud option for deployment is vSphere 6.5 in alpha release this fall and Google will continue to look at the hardware and other virtualization environments. In a parallel statement, Cisco Hybrid Cloud for Google Cloud will be the first GKE-certified hybrid cloud platform, although any direct relationship to GKE On-prem is unclear.Project Knative - (Knative on Github) it provides fundamental building blocks for serverless workloads in Kubernetes, empowering the creation of modern, container-based and cloud-native applications which can be deployed anywhere on Kubernetes. OpenShift + Knative (blog).Istio 1.0 - Istio service mesh is now version 1.0, and available as a managed add-on to GKE, as well as being integrated into Google Stackdriver. PodCTL #23 - Microservices with IstioGoogle Cloud Platform Marketplace (pre-announced) - Marketplace of packaged applications to run on GCP and Google Cloud services (e.g. Kubernetes) GKE Serverless Containers Add-On - Similar to AWS Fargate, Google announced an early-trial serverless infrastructure option to GKE , simplifying infrastructure operations management. Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
7/27/2018 • 34 minutes, 53 seconds
Kubernetes 1.11 Released
Show: 41Show Overview: Brian and Tyler talk about the new Kubernetes 1.11 release, the new features and capabilities. Show Notes:Kubernetes 1.11 ReleaseKubernetes 1.11 - Custom Resources, Pod Priority & Preemption, and moreKubernetes Ramps Up Custom Resource DefinitionsTopic 1 - Let’s review for anybody that’s a new listener how the Kubernetes community identifies the maturity level of features and how they should consider interpreting those classifications.Topic 2 - Kubernetes release usually have a few new GA features, and then lots of Beta or Tech Preview features. What were the highlights of this release for you, or some of the core areas you suggest people focus on?Topic 3 - Let’s walk through some of the most mentioned capabilities:IPVS-Based In-Cluster Service Load Balancing Graduates to General Availability CoreDNS Promoted to General AvailabilityDynamic Kubelet Configuration Moves to Beta Custom Resource Definitions Can Now Define Multiple Versions Resizing Persistent Volumes using KubernetesFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
7/16/2018 • 18 minutes, 20 seconds
Dissecting Kubernetes Survey Data
Show: 41Show Overview: Brian and Tyler talk about a number of data surveys that have recently been published about container usage, Kubernetes usage, and several other cloud trends. Show Notes:Cloudability “State of Cloud (2018)”DataDog - “Surprising Facts about Real Docker Adoption”Digital Ocean “Currents” (June 2018)CNCF Survey (June 2018)Topic 1 - Lots of differences between these surveys, both in methodology and results:Does the data come from surveys or actual monitoring? How do they classify various technologies (by project, by vendor, by cloud service, by both)? Do they include usage-based details?Topic 2 - Would you prefer to see more vendor-usage data in these reports, or is it OK to just have generic usage data? Right now it’s sort of a mixed bagTopic 3 - It’s (usually) never clear who is running these container environments. We see some survey data targeting developers, but not all of them explain (or know) which groups are running the container environments vs. consuming services.Topic 4 - It’s interesting that none of these surveys highlight the location of companies/customers/users, since we know that certain geographic pockets of the world have very different usage behaviors than others.Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
7/10/2018 • 27 minutes, 28 seconds
Scaling OpenShift Roadshows
Show: 40Show Overview: Brian and Tyler talk with Erik Jacobs (@ErikonOpen, Principal Technical Marketing Manager, Red Hat OpenShift) about designing, deploying and teaching the OpenShift/Kubernetes roadshows for Developers and Operators. Show Notes:Red Hat OpenShift RoadshowLabs (source code)OpenShift Guides (source code)Workshops in KatacodaInfrastructure/Ops LabsTopic 1 - Welcome to the show. Tell us a little bit about your background, as well as some of your focus areas at Red Hat.Topic 2 - You work on lots of different things, but today we wanted to talk about the technical roadshows. They are hands-on environments, which cater to both Developers and Operators. Give us some of the background of how these get pulled together.Topic 3 - Are there ways that people could replicate these environments, or the labs/trainings on their own?Topic 4 - What types of things can you teach developers in a day?Topic 5 - What types of things can you teach operators in a day? Topic 6 - What other resources do you suggest people use outside of these events?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
6/25/2018 • 25 minutes, 11 seconds
CI/CD and Kubernetes
Show: 39Show Overview: Brian and Tyler talk about the latest news from the Kubernetes community, the difference between CI and CD, and various considerations for integrating CI/CD environments with Kubernetes. Show Notes:OpenShift PipeinesJenkins KubernetesJenkins XSpinnakerCircleCITravisCIGitOps - Operations by Pull RequestCloud Native Landscape 2.0 (Interactive)Topic 1 - One of our listeners asked if we would CI / CD in the content of Kubernetes, so we thought we’d go through some of the basics and some of the options. First of all, we always say ‘CI/CD’ but what is Continuous Integration, what is Continuous Delivery and what’s the difference?Topic 2 - What do all these different tools do?Topic 3 - Is there an approved Kubernetes CI/CD tool, or model? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
6/18/2018 • 25 minutes, 36 seconds
A Beginners Guide to Kubernetes
Show: 38Show Overview: Brian and Tyler talk some of the basics, lessons learned and other things people could use to “fast-track” what they need to be successful with Kubernetes. Show Notes:Learn KubernetesLearn OpenShiftLearn Containers (with Docker)Learn Containers (without Docker)Learn PrometheusShow Premise: Kubernetes community now has 10 releases (2.5yrs) of software and experience. We just finished KubeCon and Red Hat Summit and we heard lots of companies talk about their deployments and journeys. But many of them took a while (12-18) months to get to where they are today. This feels like the “early adopters” and we’re beginning to get to the “crossing the chasm” part of the market. So thought we’d discuss some of the basics, lessons learned and other things people could use to “fast-track” what they need to be successful with Kubernetes. Topic 1 - What are the core skills needed for a team that manages/runs/interacts with a Kubernetes environment?Ops Skills Dev Skills Compliance Skills / Security SkillsTopic 2 - What has significantly changed in the Kubernetes world since 2015/16 to today that people should consider taking advantage of?Persistence Immutability Operators Native tools vs. Config Mgmt tools StorageTopic 3 - What do you consider “still hard” and should probably justify more early effort?Security? Storage? Monitoring? Being overly precise about capacity planning?Topic 4 - What patterns have you seen from successful deployments and customer behaviors? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
6/4/2018 • 34 minutes, 56 seconds
How to Deploy Applications to Kubernetes
Show: 37 Show Overview: Brian and Tyler talk about the many ways to deploy an application onto a Kubernetes cluster, from the perspective of Devs and Ops. Listener Question (Matthew):"I was interested to know if you guys could talk a little more about the relationship between":OpenShift templates Helm templates CoreOS OperatorsShow Notes:PodCTL Basics - How to Containerize an ApplicationPodCTL #10 - Service Broker all the ThingsPodCTL #22 - Highway to HelmPodCTL #33 - Operator FrameworkPodCTL #28 - Roles & PersonasPodCTL #24 - Blurred Lines between Applications and Containers CNCF 2020 Vision (Alexis Richardson)Draft vs. GitKube vs ksonnet vs Metaparticle vs. SkaffoldKubernetes: Where Helm and Related Tools SitTopic 1 - Let’s start with the basics. Can you please briefly tell the audience how to deploy an application to Kubernetes?Topic 2 - Let’s discuss that complexity in the context of this specific question, as I believe it’ll help us frame out the rest of the conversation.Topic 3 - Why do we have so many different ways to deploy things to Kubernetes, and also from Kubernetes?Developer Requirements Operations Requirements On-Platform Requirements Off-Platform RequirementsTopic 4 - Let’s talk about where the Developer experience should exist and why that’s likely not one specific place.BrigadeDraft GitKube Ksonnet OpenShift ODOSkaffold Many others... Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
5/28/2018 • 31 minutes, 36 seconds
VMs for Infrastructure or Isolation?
Show: 36Show Overview: Brian and Tyler talk about the role (pros & cons) of VMs in isolation and security, as well as the broader context of security for containerized applications. Show Notes:[Red Hat] 10 Layers of Container Security[Google] Exploring Container Security - An Overview[Google] Exploring Container Security Isolation at Different Layers[Google] gVisorJess Frazelle “Hard Multi-Tenancy in Kubernetes”Jess Frazelle “Security and Echo Chambers”Kubevirt and Container-native VirtualizationTopic 1 - Let’s start with the basics. Can you please tell the audience the one command to run to make all containers secure?Topic 2 - This past week (or 2 weeks) has been a good reminder that there are certain patterns that repeat themselves in emerging technologies and open source: hype (cool demo), binary claims of market dominance and destruction of previous technology (containers vs. VMs), buzzwords of simplicity which go against decades of experience, and then the realities of production environments.Topic 3 - Let’s talk about where VMs provide value in a container environment, and realities of VMs that people should be aware of in production and in multi-cloud environments.Topic 4 - Let’s talk briefly about a few of the recent announcements in this space (e.g. gVisor, CNV, etc.)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
5/22/2018 • 32 minutes, 29 seconds
Kubernetes News & Events
Show: 35Show Overview: Brian and Tyler review the Kubernetes news coming out of Cloud Foundry Summit, KubeCon and Red Hat Summit. Lots of things to talk about. Cloud Foundry SummitAttendance: 1500Fragmentation of the Container Orchestrator within the Cloud Foundry community - SUSE, IBM and SAP endorse Kubernetes, Pivotal still supporting DiegoKubeCon / CloudNativeCon (all videos)Attendance: 4300PaaS is now “GitOps” Don’t run containers as root Operator FrameworkServerless v0.1 events spec is updatedMany new container runtimes options - Google gVisor Red Hat Summit (all videos)OpenShift Commons Gathering (Attendance: 700+ - all videos)Attendance: 7000+ CoreOS + OpenShift Converged Kubernetes platform (PodCTL#34)OpenShift + Istio OpenShift + Cloud Functions (via OpenWhisk) Red Hat + IBM announcementRed Hat + Microsoft announcementFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
5/14/2018 • 26 minutes, 30 seconds
Unifying CoreOS and OpenShift
Show: 34Show Overview: Brian and Tyler talk with Joe Fernandes (@joefern1, Sr. Director Product Management @OpenShift) and Reza Shafii (@rezaloo, Sr. Director Product Management @OpenShift, formerly @CoreOS) about the CoreOS acquisition and transition, how CoreOS technologies are being integrated into Red Hat platforms, new capabilities for OpenShift, updates on Operators, updates on Container Linux and updates on Quay. Show Notes:Red Hat Unveils Roadmap for CoreOS Integration with Red Hat OpenShiftRed Hat Brings Cloud-Native Capabilities to Software Partner Ecosystem with Kubernetes Operatorshttp://podctl.comBringing CoreOS technology to Red Hat OpenShift to deliver a next-generation automated Kubernetes platformPodCTL #33 - Operators FrameworkTopic 1 - Welcome to the show, both of you. Before we get to the announcements and roadmap, let’s do quick introductions and maybe tell us how things have been going since the acquisition of CoreOS was announced at the end of January.Topic 2 - What have been the core focus areas since the acquisition, both near-term and longer-term? Both in terms of Platforms (OpenShift/Tectonic) and OS (RHEL/Atomic/Container Linux)Topic 3 - What are the announcements coming out this week, related to the Kubernetes platform? What timelines are important for these announcements?Operators as a community project (also see PodCTL #33)Operators for OpenShift Operators for ISVs Full Stack Automation (New Installer, New Admin Console)Topic 4 - What are the announcements coming this week, related to the Linux OS platform? What timelines are important for these announcements?Red Hat CoreOS Red Hat QuayTopic 5 - If you’re a customer (new or existing), or an ISV partner of Red Hat, what are you hoping will be the top few takeaways that they understand after hearing these announcements and seeing the demonstrations?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
5/8/2018 • 30 minutes, 20 seconds
Operator Framework
Show: 33Show Overview: Brian and Tyler talk with Brandon Philips (@brandonphilips, Founder/CTO at @CoreOS, Member of Technical Staff at @RedHat) about the announcement of the Operators Framework, how the Operator SDK and Lifecycle Manager will help companies, as well as his experience at CoreOS of developing etcd, Prometheus and Vault operators. We also discussed how the broader ISV ecosystem is beginning to embrace the concept of Operators. Show Notes:Introducing Operator Framework - Building Apps on KubernetesOperator Framework (GitHub)CoreOS introduces OperatorsOperators Homepage and OverviewKubernetes Application Operator BasicsVault OperatorCouchbase OperatorList of Existing Operators (many companies and software)Topic 1 - Welcome to the show. Tell us about your role within the Kubernetes community, as well as your new role within Red Hat. Topic 2 - Back at the original KubeCon in Seattle, you introduced the concept of Operators, as “human operational knowledge in software, to reliably manage an application”. Give us the basics of your original thinking behind Operators.Topic 3 - What is being announced today at KubeCon with the Operator Framework? Topic 4 - Let’s walk through the 3 core pieces of the Operator FrameworkOperator SDK Operator Lifecycle Management Operator Metering Topic 5 - How will the broader community plan a role in Operator Framework?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
5/1/2018 • 22 minutes, 48 seconds
Container Vulnerability Scanning
Show: 32Show Overview:Tyler and Aaron Delp talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @TheCloudcastNet podcast. Show Notes:Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?”Use code CLOUD to get 20% off Velocity or OSCON ticketsAqua Security HomepageLiz Rice’s Blog[Video] Kubernetes, Metadata and You (KubeCon 2017 Austin)Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days.Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file?Topic 3 - Is it up to the CI/CD system or host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists?Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks?Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
4/19/2018 • 25 minutes, 45 seconds
PodCTL Basics - Windows Containers & Kubernetes
Show Overview: Brian and Tyler discuss the basics of Microsoft Windows Containers and their integration into Kubernetes. Show Notes:Kubernetes Sig-WindowsWindows Containers (Microsoft)Getting Started with Windows Containers (CNCF)Red Hat OpenShift + Windows ContainersPodCTL Basics - Linux Containers Windows Server 2019 (preview) - KubernetesTopic 1 - Containers on WindowsHistory of Containers & WindowsHow Windows Containers differ from Linux ContainersTopic 2 - Running Windows Containers on KubernetesRequirementsLimitationsDevelopmentFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
4/2/2018 • 13 minutes, 56 seconds
Reviewing Kubernetes 1.10
Show: 31Show Overview: Brian and Tyler talk about the Kubernetes v1.10 release, new features and how they can apply to a broad set of application, security and infrastructure use-cases. Show Notes:(CNCF) Kubernetes 1.10: Stabilizing Storage, Security, and Networking(Red Hat / CoreOS) Kubernetes 1.10 is Here! (OpenShift Commons) OpenShift Commons Briefing: Kubernetes 1.10 Release Update with Cole Mickens and Stefan Schimanski (Red Hat)OpenShift 3.9 Released to GAHow to use GPUs with Device Plugin in OpenShift 3.9 (Now Tech Preview!)We discussed some of the new features (Stable, Beta and Alpha) from the Kubernetes 1.10 release. We don't cover every new feature, but we tried to hit the highlights. Topic 1 - API aggregation is stableTopic 2 - Container Storage Interface (CSI) - Standardized Storage SupportTopic 3 - A replacement for kube-dnsTopic 4 - GPUs and Expanded support for Performance-Sensitive WorkloadsTopic 5 - Pod Security PolicyTopic 6 - Adding Identity to Containers (not just pods)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
3/28/2018 • 15 minutes, 7 seconds
2018 Kubernetes Trends
Show: 30Show Overview:Brian and Tyler talk about the biggest trends that will shape the Kubernetes community in 2018, with a focus on five critical areas of stability, innovation and experimentation. Show Notes: Topic 1 - Open Service Brokers - who is delivering them, who maintains them, how are they evolving, etc.Topic 2 - Improved Ops Experiences - Operators, Fargate, Container InstancesTopic 3 - Virtualization + Containers - KubeVirt, Kata Containers, does Network Policy overlap SDN/SecurityTopic 4 - Developer Experiences - big area of evolution (Istio, Draft, SpringCloud-Kubernetes, Helm v3, Source-to-Image like capabilities)Topic 5 - Breadth of Supported Applications - Databases, Windows Containers, Serverless,Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
3/19/2018 • 42 minutes, 21 seconds
Kubernetes Networking
Show: 29Show Overview: Brian and Tyler talk with Marc Curry (@redhatmarc, OpenShift Principal Product Manager, Container Infrastructure) about the basics of Kubernetes networking, CNI plugins, managing Network Policy, granular ingress and egress routing, and how CaaS/PaaS and IaaS are being integrated. Show News:Kubernetes becomes a “Graduated Project” in CNCFShow Notes:Kubernetes Network PluginsKubernetes Cluster NetworkingKubernetes Network PolicyKubernetes IngressKubernetes Container Network Interface (CNI)Topic 1 - Welcome to the show. Tell us about your background and some of the areas you focus on now?Topic 2 - Let’s talk about the basics of Kubernetes networking. Walk us through the core elements from container addressing, pod/cluster networking, and things like ingress/egress routing (direct or through proxies).Topic 3 - Kubernetes has a standard called “CNI” (Container Networking Interface). What does this do, and how does it interact with various SDN projects/products?Topic 4 - A recent enhancement to Kubernetes was “Network Policy”. What does this provide, and where does it overlap with some commercial SDN capabilities?Topic 5 - Let’s talk about inbound and outbound routing of traffic. What are some of the biggest issues that people need to take into consideration (proxies, traffic sources, protocols supported, etc.)?Topic 6 - What are some of the things you’re working on to bridge the networking between CaaS/PaaS layers and IaaS layers?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
3/12/2018 • 29 minutes, 53 seconds
Kubernetes Roles & Personas
Show: 28Show Overview: Brian and Tyler talk about Joe Beda's "More Usable Kubernetes" presentation at KubeCon focused on Roles and Personas of Kubernetes environments. They look at how Cluster and Applications are separated, and how Operators and Developers distribute roles, as well as the intersection of those four areas. Show Notes:Kubernetes Personas (via Joe Beda, KubeCon 2017 Austin)Spring Cloud for Microservices Compared to Kubernetes (by Bilgin Ibryam)Topics - On today's show, we looked at the four quadrants outlined by Joe Beda in his talk "More Usable Kubernetes" at KubeCon 2017 Austin. He looked at each role and how well the Kubernetes community has addressed that functional area in both tooling and clear definition of the tasks required. We explored where areas are doing well (green) and where there are still areas that need improvement (yellow or red). Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
3/5/2018 • 29 minutes, 5 seconds
The Serverless Landscape
Show: 27Show Overview: Brian and Tyler talk about the new Serverless working group and whitepaper from CNCF, the 4 elements of serverless, the difference between serverless and FaaS, and the on-going role of Ops teams in a serverless world. Show Notes:CNCF Serverless WhitepaperServerless Working Group in the CNCFEvent SpecificationInnovate Summit - State of Serverless Serverless Landscape (via Redpoint VC)Kubernetes/Serverless Frameworks - Fission, Fn, Kubeless, Nuclio, OpenWhisk, OpenFaaS, Riff (and several others emerging)Serverless isn’t SimplerA Twitter Rant about Serverless and OpsAnsible for ServerlessTopic 1 - Let’s talk about the history of serverless within the CNCF, and maybe within the context of PaaS and Kubernetes.Topic 2 - When talking about Serverless, there seem to be 4 areas to dissect:The thing that executes the function (is this a container orchestrator)The data sources that can be on either side of the function execution The developer experience (or lack of experience)Billing/Usage/MeteringTopic 3 - What were your key takeaways from reading the CNCF Serverless whitepaper?Topic 4 - What about Operations? Do those jobs go away? Are there Ops uses for serverless?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
2/26/2018 • 38 minutes, 38 seconds
Kubernetes Myths & Misperceptions - Part II
Show: 26Show Overview: Brian and Tyler talk common myths and misperceptions about Kubernetes, container usage, Kubernetes architecture, compatibility, and OSS stats. Show Notes:This is Part 2 of a 2-part series. Part 1 was focused on the platform elements of Kubernetes, what applications are good for containers, the scale of microservices, and stateful vs. stateless apps.Myths & Misperceptions - Part 1 - https://blog.openshift.com/podctl-25-kubernetes-myths-misperceptions-part-i/Kubernetes Operations (with Brian "Redbeard" Harrington, CoreOS) - https://softwareengineeringdaily.com/2018/01/16/kubernetes-operations-with-brian-redbeard/Myth/Misunderstanding 1 - Architecture - Kubernetes Multi-TenancyMyth/Misunderstanding 2 - Architecture - Kubernetes is only for OperatorsMyth/Misunderstanding 3 - What does "GKE Compatible" mean?Myth/Misunderstanding 4 - Enterprises should run Kubernetes as trunk versionMyth/Misunderstanding 5 - Are OSS stats important? How to interpret them?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
2/19/2018 • 35 minutes, 49 seconds
Kubernetes Myths & Misperceptions - Part I
Show: 25 Show Overview: Brian and Tyler talk common myths and misperceptions about Kubernetes, container usage, and which applications are a good fit for container platforms. Show Notes:This is Part 1 of a 2-part series. Part 2 will focus on Kubernetes architecture, operations, Kubernetes compatibility and updates, open source communities.Myth/Misunderstanding 1 - Kubernetes is a platform.Myth/Misunderstanding 2 - Containers are only for microservicesMyth/Misunderstanding 3 - Microservices are always “micro” (small in size)Myth/Misunderstanding 4 - Kubernetes is only for stateful appFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
2/12/2018 • 18 minutes, 58 seconds
The Blurred Line Between Containers and Applications
Show: 24Show Overview: Brian and Tyler talk about the differences between a container and an application, and where the lines are blurred at the platform later. What should developers care about? Should Kubernetes be the only platform technology? Show Notes:Kelsey Hightower’s Keynote at KubeConServerless is the new PaaS (via Redmonk)News of the Week:Red Hat acquires CoreOS Cisco Container Platform Heptio Kubernetes Subscription (HKS)Topic 1 - What’s the most common “basic” question you get about containers? How often is it about either [a] what should developers care about?, or [b] what applications can go into a container?Topic 2 - As we’ve seen from various survey data (both from CNCF and analyst firms), there is still some amount of “mixed orchestration” in usage. Have you seen specific applications that really require different orchestrators these days?Topic 3 - Are the orchestrators similar enough that Ops teams can learn multiple? What else is required to operator multiple orchestrators?Topic 4 - What is the line between a CaaS and a PaaS? Are those even the right distinctions anymore? What’s different for each for a developer?Topic 5 - As we’re seeing more “serverless / FaaS” projects created for Kubernetes (OpenFaaS, Kubeless, Fission, OpenWhisk, Nuclio, Fn, etc.), where developers just deal with functions and event-sources, won’t this blur the line more? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
2/5/2018 • 33 minutes, 45 seconds
Microservices with Istio
Show: 23 Show Overview: Brian and Tyler talk with Christian Posta (@christianposta, Chief Architect, Cloud Application Development at Red Hat) about the evolution of SOA and Microservices, Envoy Proxy and Istio Service Mesh, emerging application patterns, and how Kubernetes and Istio are the future of microservices. Show Notes:Istio HomepageEnvoy ProxyIntroduction to Modern Load-Balancing and ProxyingMicroservices: From NetFlix OSS to IstioMicroservic’ing Like a UnicornChristian’s Blog (lots of Microservices stuff)Topic 1 - Welcome to the show. Give us a little bit of your background as a developer and history of working with various development frameworks/languages/concepts.Topic 2 - Let’s start with some basics - as a development paradigm, why are we now seeing technologies like Istio and Envoy? The premise of service mesh “reliably connecting services across the network” sounds eerily similar to what we heard about ESB technology. Can you say some words about why this service mesh concept idea is different? Or is it?Topic 3 - So we’re seeing a need to decouple the application code from the routing-level logic and control. Walk us through the types of things that Istio and Envoy are providing for applications? What are the performance implications of the service mesh? How is this related to API management? Topic 4 - Architecturally, where are you seeing some of the advantages of Istio / Envoy vs. either previous approaches, or some other service-mesh like projects in the market? (e.g. linkerd, Netflix OSS projects) Topic 5 - What are some specific problem examples that people run into that should make them think “maybe I need Istio”?Topic 6 - Where is Istio in its maturity to run in production? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
1/29/2018 • 25 minutes, 6 seconds
Highway to Helm
Show: 22Show Overview: Brian talks with Taylor Thomas (@_oftaylor, Software Engineer at Nike, @HelmPack Maintainer) about the architecture of Helm, how developers interact with it to deploy applications, how Helm manages ALM, Helm Summit, and the future plans for Helm v3. Show Notes:Helm (homepage)Helm - Kubernetes Package ManagerHelm Charts - https://github.com/kubernetes/chartsKubeApps - Online Repository of Helm ChartsGetting Started with Helm on OpenShiftHelm SummitHelm Emeritus Core Maintainers“Highway to Helm” (Introduction video)Topic 1 - Welcome to the show. Let’s talk about your background prior to getting involved in the Helm community, as well as where you’re focused on with Helm these days.Topic 2 - For someone that might only be familiar with docker containers (e.g. a DockerFile), give us the basics of what Helm does and the various pieces involved with using Helm (e.g. Helm, Helm Charts, Tiller, Kubernetes).Topic 3 - Helm is like a blueprint of how you want your containers / application to run. Can you walk us through what else is built into Helm to give it the ability to do Application Lifecycle Management? (versioning, updates, rollback, deletion, etc.)Topic 4 - Kubernetes can have a lot of different deployment models (stateful, stateless, jobs, batch, custom-resources, etc.). Does Helm have awareness of all of these models?Topic 5 - What are some of the common tools and patterns you’re seeing around using Helm (CI/CD pipelines, multicloud deployments, etc.)?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
1/22/2018 • 26 minutes, 34 seconds
Effective RBAC for Kubernetes
Show: 21Show Overview: Brian and Tyler talk about how Role-Based Access Control (RBAC) is implemented for Kubernetes. Show Notes:Effective RBAC (video) from KubeConUsing RBAC AuthorizationAudit2RBAC ToolTopic 1 - The concept of RBAC is best described as “Can ______ (noun) ______ (verb) on ______ (object) at ______ (location)?” where “noun” is a person/service, “verb” is an action, “object” is a function of the API, and “location” is proximity to a Kubernetes cluster.Topic 2 - RBAC operates on the concept of Roles and RoleBindings, which map actors to actions, and those actors and actions are defined either globally or locally, and the actions are also defined globally or locally.Topic 3 - RBAC can be manually defined, or enabled (by default) by an installer or distribution. It comes with a default set of Roles. Everything is done within the scope of a cluster.Topic 4 - By default, the kube-scheduler, kube-controller-manager, and kube-proxy all have RBAC roles defined. Kubelets (node-level) don’t use RBAC by default, but have their own authorizer, which can then be combined with an RBAC authorizer.Topic 5 - “Add-ons” (networking, monitoring, logging, etc.) can have RBAC defined in their manifests, or you can grant them access to their service account.Topic 6 - “If the element needs to be something other than those default roles, or using default authorizer services, then CustomRoles can be created. Can use audit logs to track the needs of a specific add-on. Can use “audit2rbac” tool to views the logs and create custom RBAC roles. Topic 7 - “Aggregate Roles” are now available in Kubernetes 1.9.Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
1/15/2018 • 20 minutes, 34 seconds
Gathering Kubernetes Communities
Show: 20Show Overview: Brian and Tyler talk with Diane Mueller (@pythondj, Director, Community Development Red Hat, OpenShift Commons) about OpenShift Commons the Open Source community that’s grown up around OpenShift Origin and the OpenShift ecosystem. Show Notes:OpenShift CommonsOpenShift Commons “Interest Groups”OpenShift Commons Gatherings (videos)Upcoming London OpenShift Commons Gathering Jan 31Upcoming OpenShift Commons BriefingsTopic 1 - Welcome to the show. Tell us a little bit about your background, as you’ve been through many of the transitions in the application/developer platform market. Topic 2 - With the breadth of the Kubernetes community today, why does the OpenShift Commons community exist? Don’t they overlap, or are they different types of goals?Topic 3 - We wanted to talk about the bridge between really wide open communities and customers aligning around common interests. Can you tell us how OpenShift Commons is helping to facilitate those connections? What are some of the “interests” that are growing?Topic 4 - Almost every week you host at least one video webinar that highlight new technologies. Why do you spend all this time on non-Red Hat technologies and vendors? Have you had any recently that really jumped out at you? Topic 5 - Around each KubeCon and Red Hat Summit, you host an event called OpenShift Commons Gathering. Can you tell us what these events are, who typically attends, and how these have co-existed with the KubeCon events?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
1/8/2018 • 27 minutes
PodCTL Basics - Understanding Service Meshes
Show Overview: Brian and Tyler discuss the basics of Service Meshes, such as Istio, Envoy and Linkerd. Show Notes:Istio HomepageEnvoy HomepageLinkerd HomepageIntroduction to modern network load balancing and proxyingOpenShift Commons Briefing #103: Microservices and Istio on OpenShiftSidecars and a Microservices MeshVideos from CNCF / KubeConService Mesh is a layer that manages the communication between apps (or between parts of the same app, e.g. microservices) Just as applications shouldn’t be writing their own TCP stack, they also shouldn’t be managing their own load balancing logic, or their own service discovery management, or their own retry and timeout logic. - link Mesh: A group of hosts that coordinate to provide a consistent network topology. In this documentation, an “Envoy mesh” is a group of Envoy proxies that form a message passing substrate for a distributed system comprised of many different services and application platforms. - link Topic 1 - What is a Service Mesh?Service Discovery Routing Load-Balancing Fault Injection Circuit Breaking A/B Deployments Blue/Green Deployments Canary Deployments Traffic Limiting Tracing Security Services (e.g. Mutual TLS)Topic 2 - Didn’t developers build Microservices before Service Meshes?Topic 3 - How does a Container or Kubernetes interact with a Service Mesh?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
1/4/2018 • 16 minutes, 14 seconds
2017 Kubernetes Year in Review
Show: 19Show Overview: Brian and Tyler talk how the Kubernetes community and technology have evolved in 2017, and make a few predictions for 2018 Show Notes:OpenShift Commons Gathering (videos): bit.ly/2BB3weVKubeCon (videos): bit.ly/2jczyn1Topic 1 - GETTING STARTED: People said that getting started w/ Docker Swarm was easier than Kubernetes. Kubernetes community created tools like Minikube & Minishift to run locally on the laptop, automation playbooks in Ansible, Katacoda have made it simple to have online tutorials, multiple cloud offerings (GKE, AKS, EKS, OpenShift Dedicated) make it simple to get a working Kubernetes cluster.Topic 2 - ENSURING PORTABILITY: Enterprise customers wants Hybrid Cloud environment. they need to understand how multiple cloud environments will impact this decision. The CNCF’s Kubernetes Conformance model is the only container-centric framework that can ensure customers that Kubernetes will be consistent between clouds.Topic 3 - INFRASTRUCTURE BREADTH: Other container orchestrators had ways to integrate storage and networking, but only Kubernetes created standards (e.g. CNI, CSI) that have gained mainstream adoption to create dozens of vendors/cloud options.Topic 4 - APPLICATION BREADTH: The community has evolved from supporting stateless apps to supporting stateful applications (and containerized storage), serverless applications, batch jobs, and custom resources definitions for vertical-specific application profiles. Topic 5 - SECURITY: There were concerns about K8S security. the community has responded with better encryption and management of secrets, and improved Kubernetes-specific container capabilities like CRI-O and OCI standardization. Topic 6 - PERFORMANCE: Red Hat (and others) have started the Performance SIG to focus on high-performance applications (HPC, Oil & Gas, HFT, etc) and profiling the required performance characteristics of these applications in containerized environments. Topic 7 - DEVELOPER EXPERIENCE: One of the themes of KubeCon was focusing on developer experience, and in just a few months we’re seeing standardization around the Helm format (for application packaging), Draft to streamline application development, Kubeapps to simplify getting started with apps from a self-service catalog. We also seen security model of non-root containers (vs. the Docker model of root-enabled containers).Topic 8 - APPLICATION EXTENSIBILITY: Kubernetes community decided not to reinvent the wheel, instead working with the Cloud Foundry Foundation to create the Open Service Broker API. Within a year, we’re now seeing implementations that have not only ported all the functionality to Kubernetes, but have extended it beyond Cloud Foundry’s previous capabilities to include support for external clouds (e.g. AWS, Azure, GCP), as well as additional services such as Ansible playbooks and other 3rd-party capabilities.Topic 9 - IMPROVING OPERATIONAL EXPERIENCE: As Clayton Coleman (Red Hat) discussed in his KubeCon keynote, companies like Red Hat are using their online environments to improve their operational experience and ultimate feed this knowledge back into the upstream products. Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
12/18/2017 • 46 minutes, 37 seconds
Microsoft in the Kubernetes Ecosystem
Show: 18Show Overview: Brian and Tyler talk with Gabe Monroy (@gabrtv, Lead Product Manager Containers @ Azure, CNCF Board Member) about a wide variety of projects and services that Microsoft is working on in the Kubernetes and CNCF communities - from Windows containers to Container orchestration to making it simpler for application developers. Show Notes:Azure Container Service (AKS)Azure Container Instances (ACI)Azure Draft (OSS project)Helm - Kubernetes Package Manager (OSS project)Azure Service BrokerVirtual Kublet (OSS project)Gabe Monroy’s Azure BlogTopic 1 - Welcome to the show. You joined Microsoft via the Deis acquisition. Let’s talk about some of the work you’ve been focused on since joining Microsoft.Topic 2 - Microsoft Azure offers several options to use containers and container services (ACS, AKS, ACI). Can we dig into each of those services?Topic 3 - Working on hybrid environments is becoming more important. Let’s dig into how Microsoft is expanding the capabilities of the Open Service Broker.Topic 4 - Help us understand what the Helm project and Draft project enable for developers.Topic 5 - One of the most frequent questions we get is around Windows-based containers. When will they be available, and what is Microsoft doing to make them easier to use? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
12/11/2017 • 27 minutes, 1 second
Kubernetes Everywhere, Now What...
Show: 17Show Overview: Brian and Tyler talk about the containers and Kubernetes news coming out of AWS re:Invent, as well as a look ahead to KubeCon in Austin. Show Notes:Amazon announced its much-anticipated Kubernetes service Amazon Elastic Container Service for KubernetesAmazon announced AWS Fargate “a technology that enables you to use containers as a fundamental compute primitive without having to manage the underlying instances.”Topic 1 - AWS re:Invent happened last week. Any news about Kubernetes?Topic 2 - The concept of “Bring Your Own Container” is evolving to “Bring A Workload that Runs in a Container” (Fargate, Microsoft ACI, etc.)Topic 3 - What can we expect at KubeCon this week? What new trends are you seeing emerge, or are you looking to see if they have momentum?Evolution of User-ExperienceServerless standards?Adjacent projects to Kubernetes (backups, CI/CD, etc.)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
12/4/2017 • 35 minutes, 57 seconds
Day to Day Kubernetes Operations
Show: 17Show Overview: Brian and Tyler talk about CNCF Kubernetes Conformance, OpenShift 3.7 GA, and some common questions about day-to-day operations with Kubernetes. Show Notes:Cloud Native Computing Foundation Launches Certified Kubernetes Program with 32 Conformant Distributions and PlatformsRed Hat OpenShift Container Platform v3.7 goes GAKubernetes and OpenShift: Community, Standards and CertificationsTopic 1 - How do you deploy the underlying compute resources that are used as Nodes in a Kubernetes cluster?Topic 2 - If a Kubernetes environment has to scale, how do you grow out the computing (or other) resources?Topic 3 - When a new version of Kubernetes comes out, how do you manage to upgrade the environment?Topic 4 - What are the common things that the Ops team is tracking, monitoring, measuring in a Kubernetes environment? Topic 5 - What are some things that have changed, from an operational perspective, because a Container/Kubernetes environment and previous technologies (e.g. VMs)? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
11/20/2017 • 35 minutes, 37 seconds
Security: Identity Management, RBAC, Authentication and Authorization
Show: 15Show Overview: Brian and Tyler continue their focus on Security with Marc Boorshtein (@mlbiam, CTO of @tremolosecurity), discussing Identity Management, Container and Kubernetes Authorization and Authentication, RBAC, and how IT teams evolve to manage security in more agile environments. Show Notes:PodCTL #14 - Security: Hosts, Registries, Content and Pipelines[Video] Identity Management and Compliance[Video] DevOps Identity Management[Website] Tremolo Security10 Layers of Container SecurityOpen Source k8s SSO projectOpen Source OpenShift Identity Manager projectTopic 1 - Let’s talk about User authentication in Kubernetes>Certificate Authentication OpenID Connect Reverse ProxyTopic 2 - Let’s dig into the various types of AuthorizationsOverview of RBAC (Role-Based Access Control) Mapping of Roles to Users and Groups Organizational ChallengesTopic 3 - Given that various people (Devs & Ops) interact with dashboards, how do we manage that Authentication? Topic 4 - How are organizations evolving to keep up with this more agile form of software development and the associated security challenges?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
11/13/2017 • 25 minutes, 49 seconds
Security: Hosts, Registries, Content and Pipelines
Show: 14Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes. Show Notes and News:10 Layers of Container SecurityGoogle, VMware and Pivotal announced a Hybrid Cloud partnership with KubernetesGoogle and Cisco announced a Hybrid Cloud partnership with Kubernetes (and more)Docker adds support for Kubernetes to DockerEERancher makes Kubernetes the primary orchestratorMicrosoft announces new Azure Container Service, AKSOracle announced Kubernetes on Oracle Linux (and some installers)Heptio announces new toolsTopic 1 - Let’s start at the bottom of the stack with the security needed on a container host.Linux namespaces - isolation Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls SELinux (or AppArmor) - mandatory access controls cGroups - resource managementTopic 2 - Next in the stack, or outside the stack, is the sources of container content.Trusted sources (known registries vs. public registries (e.g. DockerHub) Scanning the content of containers Managing the versions, patches of container contentTopic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.Making a registry highly-available Who manages and audits the registry? How to scan container within a container? How to cryptographically sign images? Identifying known registries Process for managing the content in a registry (tagging, versioning/naming, etc) Automated policies (patch management, getting new content, etc.) Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.Does a platform require containers, or can it accept code? Can it manage secure builds? How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)? How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.) How to promote images to a platform? (automated, manual promotion, etc.)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
11/6/2017 • 41 minutes, 38 seconds
An Introduction to CRI-O
Show: 12 Show Overview: Brian and Tyler talk with Dan Walsh (@rhatdan, Consulting Engineer at Red Hat, container team lead) and Mrunal Patel (@mrunalp, Principal Engineer at Red Hat, OCI/runc maintainer) about the evolution of containers with Kubernetes, the creation of CRI-O, and the focus on container security and stability. We also discussed emerging projects like Skopeo, Buildah, Intel Clear Containers and Grafeas. Show Notes:CRI-O HomepageCRI-O BlogIntroducing CRI-O v1.0 (blog)Containers Project (Image, Storage)Project Buildah - A tool which facilitates building OCI imagesProject Skopeo - Work with remote images and registriesProject Grafeas - An open artifact metadata API to audit and govern your software supply chainIntel Clear ContainersTopic 1 - Welcome to the show. Why don’t you both introduce yourselves and tell us what areas you focus on.Topic 2 In past episodes, we’ve talked about the CRI-* concept in Kubernetes. We’ve also talked about the OCI standard for containers. So what is CRI-O?Topic 3 What problems does CRI-O attempt to solve for the container ecosystem? Topic 4 - How does CRI-O different from containerd and CRI-containerd?Topic 5 - How can people get CRI-O today? What are some of the things people can expect with CRI-O beyond v1.0? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
10/30/2017 • 28 minutes, 54 seconds
An Introduction to Prometheus Monitoring
Show: 11Show Overview: Brian and Tyler talk Julius Volz (@juliusvolz, @PrometheusIO co-founder, promcon.io founder) about the challenges that Prometheus solves, how it does monitoring and interacts with other systems, how it works with Kubernetes, and common-use cases and patterns. Show NotesPrometheus (homepage)Part II - Evolution of Prometheus, v2.0 (via The Cloudcast)PromCon and PromCon VideosPrometheus v1.0 on The Cloudcast (v1.0 launch)WeaveWorks Managed PrometheusRobust Perception Blog (Prometheus consulting) Topic 1 - You created Prometheus a couple years ago at SoundCloud. What were the core challenges you were trying to solve?Topic 2 - For people new to Prometheus, what does it do (at a basic level) in terms of monitoring containers and applications?What can it monitor?What can it trigger other systems to do? Topic 3 - Prometheus is now part of CNCF. Is it a native Kubernetes service, or a sidecar application for containers, or a broad service that just runs on Kubernetes?Topic 4 - What are the basic things that most people use Prometheus to monitor for? What are a few complex use-cases? (application types, application frameworks, usage-patterns, etc.)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podtl.com
10/23/2017 • 16 minutes, 43 seconds
Service Catalog All the Things
Show: 10Show Overview: Brian and Tyler talk with Paul Morie (@cheddarmint, Principal Software Engineer @RedHat, Lead of Kubernetes Service Catalog SIG) about the evolution of the Open Service Broker API, integrating with external services, the role of Service Brokers, and use-cases to expand Kubernetes applications. Show NotesKubernetes Service Catalog SIGOpenShift Commons - Kubernetes Service Catalog Deep DiveKubernetes Service Catalog SIG (meetings, demos)Open Service Broker APITopic 1 - Welcome to the show. Before you got involved in the Service Catalog SIG, you worked on several other aspects of Kubernetes (security, etc.). Tell us about some of the things you’re been involved with? Topic 2 - Let’s go back to when the Open Service Broker API was announced. What was the purpose and how did it evolve to where it is now? Topic 3 - What are the basics of how the Service Broker / Service Catalog interacts with applications on Kubernetes and 3rd-party services? Example: How do we think about user/password/security credentials to a database?Example: Is the Service Broker in the data path as well as the control path? Example: Where would traffic auditing functions happen?Topic 4 - We saw a demo of the Service Catalog/Broker at Red Hat summit during an announcement with AWS, where is showed AWS services as part of the catalog. Previously, we’ve seen the CF Service Broker interact with Google or Azure services. Is the relationship between the broker and cloud-services “cloud specific”, or will things be interchangeable at all?Topic 5 - Beyond public cloud services, what other types of things might be interconnected or managed via the Service Broker? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl..com
10/17/2017 • 24 minutes, 18 seconds
Unclogging some Kubernetes Plumbing Issues
Show: 9Show Overview: Brian and Tyler talk about Kubernetes Networking and Kubernetes Storage. Show Notes:Kubernetes Network PluginsKubernetes and StorageContainer Native StorageTopic 1 - Let’s talk about the challenges of networking with containers and some of the ways that Kubernetes addresses these challenges.There’s lots of different ways to network containers together. Kubernetes does some basic networking (by default), and then there are add-on options for more complex, secure scenarios.The role of DNS in Kubernetes networking (services, etc.) Kubernetes network plugins (CNI: container network interface) Ingress and Egress Routes, Services, Load Balancing Network Policy (fine-grained traffic control) Topic 2 - Let’s talk about the challenges of storage with containers and some of the ways that Kubernetes addresses these challenges.There’s definitely a misperception that containers should only be used for stateless applications. Containers are (primarily) Linux, and Linux has well known concepts about how to interact with persistent storage. Containers need a way to interact with persistent storage in a model where it can be dynamically allocated. Kubernetes storage plugin proposal (CSI: container storage interface)Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
10/9/2017 • 31 minutes, 3 seconds
Managing High Performance Workloads
Show: 8Show Overview: Brian and Tyler talk with Jeremy Eder (@jeremyeder, Senior Principal Software Engineer at Red Hat) about the Kubernetes Resource Management Working Group, scaling Kubernetes environments, extending Kubernetes for high-performance workloads (HPC, HFT, Animation, GPUs, etc.), testing at scale and how companies can get involved. Show Notes:KubeCon 2017 (Austin) ScheduleOpenShift Commons Gathering (Austin, Dec.5th)Kubernetes Resource Management Working GroupContact the Resource Management Working GroupDeploying 1000 Nodes of Kubernetes/OpenShift (Part I)Deploying 2048 Nodes of Kubernetes/OpenShift (Part II)Topic 1 - Welcome to the show. You recently introduced the Resource Management Working Group within Kubernetes. Tell us a little bit about the group. Topic 2 - The group’s prioritized list of features for increasing workload coverage on Kubernetes enumerated in the charter of the Resource Management Working group includes (below). Let’s talk about some of the types of use-cases you’re hearing that drive these priorities.Support for performance sensitive workloads (exclusive cores, cpu pinning strategies, NUMA) Integrating new hardware devices (GPUs, FPGAs, Infiniband, etc.) Improving resource isolation (local storage, hugepages, caches, etc.) Improving Quality of Service (performance SLOs) Performance benchmarking APIs and extensions related to the features mentioned above Topic 3 - This is a broad list of areas to focus on. How do you determine what things should be kernel-level focus, Kubernetes-level focus, or application-level focus? Topic 4 - How do you go about testing these areas? Are there lab environments available? How will you publish methodologies and results? Topic 5 - As you talk to different companies, do you feel like they are holding back on deploying higher-performance applications on Kubernetes now, or they are looking for more optimizations?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
10/2/2017 • 21 minutes, 58 seconds
Digging into Kubernetes 1.8
Show: 7Show Overview: Brian and Tyler talk with Clayton Coleman (@smarterclayton, Lead Kubernetes Architect) and Derek Carr (@derekwaynecarr, Kubernetes Lead Engineer) about the Kubernetes development process, the role of SIGs, the process for deciding what gets included in a release, as well as an in-depth discussion about the extensibility of Kubernetes 1.8 Show Notes:The early days of KubernetesContributing to KubernetesKubernetes 1.8 featuresKubernetes 1.8 features (tracking spreadsheet)An Overview of Project "Istio"Topic 1 - Welcome to the show. Both of you are top contributors to Kubernetes, both also lead (or co-lead) some of the SIG/Working group. Can you give us a sense of your community involvement from a contributor and leader perspective? Topic 2 - Derek, you're on the nomination list for the Kubernetes Steering Committee. Chris Aniszczyk mentioned it a couple weeks ago, but what does that group do that’s different than SIGs? Topic 3 - When there are 100s of contributors and many different focus areas, what is the process for deciding what’s included or prioritized or dropped from a specific release? Topic 4 - Kubernetes 1.8 has a mix of Alpha, Beta and Stable features. What do you see as the key focus areas in this release? (e.g. RBAC, CRI-O, etc.) Topic 5 - How does Kubernetes look at the explosion of “tools” around core Kubernetes (deployers, application templates, application frameworks) and when to make those parts of the project or keep them separate?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
9/25/2017 • 25 minutes, 49 seconds
What's included with Kubernetes?
Show: 6Show Overview: Brian and Tyler talk about the technologies in “core” Kubernetes and the additional elements needed to evolve it into a more complete application platform. Show Notes:[TRANSCRIPTION] - coming soon PodCTL #4 - All the Tools in the Kubernetes Toolbox PodCTL #3 - Making sense of container standards (including OCI)Kubernetes by ExampleNews of the Week:Oracle joins the CNCFHeptio takes Series B round of VC fundingJaeger (@JaegerTracing) and Envoy (@EnvoyProxy) become official CNCF projects.Topics 1 - What's included in Kubernetes (by default)? We’ve seen quite a bit of survey data recently that shows usage of Kubernetes is growing quite rapidly. If somebody says they are “using Kubernetes”, by default, what functionality do they have available to them?Topic 2 - What core “platform” elements aren’t included with Kubernetes? Container Runtime (e.g. docker, rkt, oci)Container RegistryAdvanced NetworkingPersistent StorageMonitoring, LoggingBackup tools for Kubernetes or the applications running in Pods.Topic 3 - What are some of the standard ways to plug in those pieces?Container Runtime - CRI (Container Runtime Interface)Registry - Many 3rd-party optionsNetworking - CNI (Container Network Interface) Storage - CSI (Container Storage Interface)Logging / Monitoring - Sidecar ContainersTopic 4 - What does a company get with a "distribution" vs. "platform" vs. "public cloud service"?Tectonic (example)OpenShift (example)Google Container Engine (example)Question of the Week:Q: What is "pure" Kubernetes?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
9/18/2017 • 32 minutes, 26 seconds
PodCTL Basics - How to Containerize an Application
Show Overview: Brian and Tyler discuss the basics of how an application gets into a container, how to layer OS + applications + dependencies, how a container interacts with a container registry, and how container files different from Kubernetes manifests. Show Notes:[TRANSCRIPTION] PodCTL Basics - How to Containerize an ApplicationSetting up a DockerfileBuilding an OCI-compliant container with "Buildah"Deploying with Kubernetes ManifestsTopic 1 - How does a Container know what application to run?MetadataImage LayersTopic 2 - Can any Application run in a Container? Does it have to be modified?User namespace vs. RootResource requirementsTopic 3 - How does a Container interact with a Container Registry? Topic 4 - How does a Container tell Kubernetes about it’s Application needs (HA, Static IP, Storage, etc.)?Pods and ManifestsTopic 5 - Can a Containerized Application interact with other applications? How?Within a ClusterDNS Services / NetworkingKubernetes ServicesService Discovery frameworks Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
9/13/2017 • 14 minutes, 6 seconds
Understanding the Cloud Native Ecosystem
Show: 5Show Overview: Brian and Tyler talk with Chris Aniszczyk (@cra, CTO/COO of CNCF, Executive Director of OCI) about the Cloud-Native Ecosystem, if there is a CNCF "stack", the CNCF process for project acceptance, and the growth vs. hype of Kubernetes. Show Notes:[TRANSCRIPTION] PodCTL #5 - Understanding the Cloud-Native EcosystemCloud Native Computing Foundation (CNCF) HomepageCNCF LandscapeOpen Containers Initiative (OCI) HomepageKubeCon & CloudNativeCon - Austin, TX (Dec.6-8) News of the Week Mesosphere adds Kubernetes support to DC/OSMirantis claims that Kubernetes is OpenStack 2.0 Interview with Chris Aniszczyk Topic 1 - Welcome to the show. What hats do you wear at both the CNCF and OCI? Topic 2 - How do the CNCF projects and OCI projects work together? (example: why is rkt or containerd in the CNCF and not OCI?) Topic 3 - What is the role of the CNCF? Is there a CNCF stack?Can you talk about how projects get engaged with CNCF and the process of “official” vs. “incubation”, etc?Will it ever make sense to have a “certification” program for CNCF-associated offerings, or does that create too much overhead?Topic 4 - With so many projects being created, in different parts of the stack, where do you potentially see the next “official” projects coming from? Topic 5 - Can you give us your perspective on some of the noise recently around Kubernetes? Community Question of the Week: Q: My company runs mostly pre-packed Windows applications. Is there anything that we can do with Containers or Kubernetes to help them?Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com
9/11/2017 • 29 minutes, 7 seconds
PodCTL Basics - Linux Containers
Show Overview: Brian and Tyler discuss the basics of Linux containers. Show Notes:[TRANSCRIPTION] PodCTL Basics - Linux ContainersAn Introduction to Container TerminologyArchitecting Containers: User Space vs. Kernel Space Segment 1 - What is a Linux Container?Filesystem + Metadata (JSON) Segment 2 - How do Linux hosts interact (and isolate) Linux Containers?Host OS vs. Container OSContainer isolation Container security 101Segment 3 - How does a container interact with Networking and Storage?Pass-thru host detailsCNI - Container Native InterfaceNative container networkingStorage Volumes (static & dynamic)Segment 4 - Can any Application run in a Linux Container? Does it have to be modified?User namespace vs rootResource requirements Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl..com
9/7/2017 • 9 minutes, 50 seconds
All the Tools in the Kubernetes Toolbox
Show: 4Show Description: Brian and Tyler discuss the broad range of tools that are available to deploy, operate and manage Kubernetes environments. There are lots of options...Show Notes:PodCTL #4 - TranscribedKubernetes: A Little Guide to Install OptionsMonitoring OpenShift: Three Tools for SimplificationRolling Updates to Kubernetes - At MacQuarie Bank [video]Segment 1 - [News of the Week]VMware, Google and Pivotal announced a packaged version of the Kubo project, called Pivotal Container Service (PKS). CNCF continues to be the center of Enterprise IT with VMware, Pivotal joiningSegment 2 - Why do Open Source Projects often end up with so many installers? Segment 3 - What are some of the common types of tools for kubernetes installations?Install on your laptop (e.g. Minikube, Minishift, etc.) Public Services (OpenShift Online, GKE, Azure Container Service, etc)Quickstart installer on a public cloud (e.g. Heptio, DO, kops, etc.)Kubernetes-specific installers (kubeadm, kubicorn, kargo, etc.) Deployment scripts and variations on “runbooks” (e.g. Ansible, Chef, Puppet, etc.)Segment 4 - What are some of the Day 2 tools that are used with Kubernetes?Upgrade tools (e.g. 1-click, Operators, etc.) Monitoring & Management (e.g. Prometheus, Datadog, New Relic, Zabbix, SysDig, CoScale) - https://blog.openshift.com/monitoring-openshift-three-tools/ Logging (e.g. EFK, Loggly, etc.) Application Frameworks - Save that for future shows!Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com
9/4/2017 • 26 minutes, 58 seconds
Making Sense of Container Standards
Show: 3Show Description: Brian and Tyler talk with Vincent Batts (@vbatts, Principle Software Engineer in the Office of Technology for Container Architecture at Red Hat) about the state of container standards - OCI, containerd, Moby, Linux vs. Windows containers, etc.Show Notes:Vincent Batts on GitHubOpen Container Initiative (OCI)CRI-O: Container Runtime InterfaceRelevant XKCDA Comparison of Linux Container Images Segment 1 - News of the WeekRed Hat and Microsoft announce partnership around Windows Containers and OpenShift and Azure, plus much more. Segment 2 - An Interview with Vincent BattsTopic 1 - Welcome to the show Vincent. Tell us what types of things you work on in the container community.Topic 2 - 2yrs ago, there was docker and rkt arguing about container standards, and the OCI emerged. Can you give us an update on where container standards are today? Topic 3 - What is this new concept called CRI-O, and how does it relate to Kubernetes? Topic 4 - Containers always used to be Linux-specific, but we’re starting to hear more noise around Windows containers. Is this Microsoft specific, or are standards groups working on this too?Segment 3 - Question(s) of the WeekQ1: What’s the difference between the Host OS and the Container OS, and do they need to be the same? A1: A Comparison of Linux Container ImagesFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://PodCTL.com
8/28/2017 • 30 minutes, 50 seconds
Who has a Kubernetes problem?
Show Description: Brian and Tyler discuss some of the use-cases that businesses have for using Kubernetes. They review several public examples of Kubernetes uses, both in web scale and Enterprise environments. Show Notes:GitHub Goes All-In on Kubernetes (via TheNewStack)KubeCon / CloudNativeCon CFP is Due August 21stSegment 1 - Thank you for the great response to the initial show. Response has been very positive and we’ve already had like 8-10 people ask to be guests on the show. The challenge is to figure out what to do on show #2 or #3 since there is so much happening. So we’ve decided that for a while, we’re going to make sure that we cover all the fundamentals of containers and Kubernetes. Segment 2 - News of the WeekGitHub announces details of how they use Kubernetes AWS does not announce a Kubernetes services at AWS Summit in NYC KubeCon CFP is due by August 21stSegment 3 - How are companies using Kubernetes?daemonSets (instance on each node), replicaSets (specific # is always running), jobs (run to completion), statefulSets (stateful apps) vs persistent Volumes (stateful storage) Kubernetes Job Openings Customer sessions at Red Hat Summit OpenShift Commons Gathering (videos) Kubernetes Case-Studies Segment 4 - How to Learn MoreFree Kubernetes Training from CNCF Kubernetes by Example (Michael Hausenblas) How does the Kubernetes scheduler work? (Julia Evans) Kubernetes the Hard Way (Kelsey Hightower) Segment 5 - Question(s) of the Week Q1: What’s the right way to install Kubernetes? There seem like too many options. A1: Kubernetes: A Little Guide to Install Options Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://PodCTL.com