Guest is Bill Mulligan. Bill is Community Pollinator at Isovalent working on Cilium and eBPF. We learned how to properly pronounce Isovalent and what it actually means. We also spoke in depth about eBPF, Cilium, network function in Kubernetes and more.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week The Kubernetes legacy Linux package repositories are going away in January 2024 Kubernetes 1.29 is now available on GKE in the Rapid Channel The Vmware Tanzu Application Catalog is fully compliant with the SLSA Level 3 AWS extended support for Kubernetes minor versions pricing update The Kubernetes Contributor Summit Paris CFP is Open, closes Feb 4th KubeCon and CloudNativeCon EU 2024 co-located events agenda is live The Cloud Native Glossary is now available in French Blixt a new experimental LoadBalancer based on the Gateway API and eBPF Links from the interview Bill Mulligan: LinkedIn Twitter/X Covalent bonds on Wikipedia Isovalent Hybridization on Wikipedia Isovalent company site BPF - Berkeley Packet Filtering eBPF project site Fast by Friday: Why eBPF is Essential - Brendan Gregg GKE Dataplane V2 Cilium project site Hubble documentation Cilium Service Mesh Cilium annual report Cilium Certified Associate (CCA) CCA Study Guide from Isovalent on GitHub Istio Certified Associate (ICA) Certified Kubernetes Administrator (CKA) Certified Kubernetes Application Developer (CKAD) Kubernetes and Cloud Native Associate (KCNA) Resources to prepare for the CCA certification Isovalent library The World of Cilium Cisco acquired Isovalent Developing eBPF Apps in Java BGP in eBPF

This week’s guests are Johnny Horvi and Frode Sundby from NAVs (Norwegian Labour and Welfare Administration) platform team. We talked about NAIS. A kubernetes-based team centric platform aiming at providing the tools needed to deploy and operate apps easily.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Kubernetes 1.29 features: https://kubernetes.io/blog/2023/12/14/cloud-provider-integration-changes/ https://kubernetes.io/blog/2023/12/20/contextual-logging-in-kubernetes-1-29/ https://kubernetes.io/blog/2023/12/19/pod-ready-to-start-containers-condition-now-in-beta/ https://kubernetes.io/blog/2023/12/19/kubernetes-1-29-taint-eviction-controller/ https://kubernetes.io/blog/2023/12/18/read-write-once-pod-access-mode-ga/ https://kubernetes.io/blog/2023/12/18/kubernetes-1-29-feature-loadbalancer-ip-mode-alpha/ https://kubernetes.io/blog/2023/12/15/kubernetes-1-29-volume-attributes-class/ https://kubernetes.io/blog/2023/12/15/csi-node-expand-secret-support-ga/ Kubernetes 1.29 release lead Interview Cisco acquired Isovalent Cilium 2023 Annual report KubeCon and CloudNativeCon Paris 2024 Hackathon https://www.cncf.io/blog/2023/12/20/kubecon-cloudnativecon-europe-hackathon-challenges-brought-to-you-by-the-united-nations/  https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/ https://unite.un.org/  https://sdgs.un.org/goals OpenFeature incubated as a CNCF project   Links from the interview Guests: Johnny Horvi Frode Sundby Nais Nais.io Twitter/X Github NAV JBoss IBM Websphere Apache Mesos   Links from the post-interview chat Nais on GitHub  

In this episode we interviewed Priyanka Saggu, Kubernetes v1.29 release lead and SIG ContribEx Tech Lead. We spoke about the release, the new features and enhancements, and more.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Kyverno completes third-party security audit Google Deepmind Introduction to Gemini Google launches Gemini - The Verge Linux Foundation Newsletter: November 2023 High Performance Software Foundation (HPSF) Founding Announcement App Defense Alliance joins Joint Development Foundation under the Linux Foundation Open Source Summit North America 2023 CFP (closes January 14, 2024) Links from the interview Kubernetes v1.29 release information page on k8s.dev Removals, Deprecations, and Major Changes in Kubernetes 1.29 Release Blog - Kubernetes v1.29: Mandala Breaking changes KEP 2395: Removing In-Tree Cloud Providers (SIG Cloud Provider, Beta) Kubernetes v1.28 on the Kubernetes Podcast from Google - discussion of removal of in-tree storage plug-ins Major Changes KEP 1287: In-Place Update of Pod Resources (SIG Node, Alpha) Support in-place Pod vertical scaling in VPA KEP 753: Sidecar Containers (SIG Node, Beta)   Stable KEP 3299: KMS v2 Improvements OR KMSv2 (SIG Auth) SIG Etcd on the Kubernetes Podcast from Google KEP 2485: ReadWriteOncePod PersistentVolume Access Mode (SIG Storage, SIG Scheduling) KEP 727: Kubelet Resource Metrics Endpoint (SIG Instrumentation) “The Kubelet Summary API is a source of both Resource and Monitoring Metrics. Because of it’s dual purpose, it does a poor job of both.” Beta KEP 2799: Reduction of Secret-based Service Account Tokens (SIG Auth) Alpha KEP 3866: nftables kube-proxy backend (SIG Network) [KCSNA 2023] Iptables the end of an era - Dan Winship, Antonio Ojea   Links from the post-interview chat   Kaslin’s blog about “Out of Tree” Kubernetes In this episode we interviewed Priyanka Saggu, Kubernetes v1.29 release lead and SIG ContribEx Tech Lead. We spoke about the release, the new features and enhancements, and more.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Kyverno completes third-party security audit Google Deepmind Introduction to Gemini Google launches Gemini - The Verge Linux Foundation Newsletter: November 2023 High Performance Software Foundation (HPSF) Founding Announcement App Defense Alliance joins Joint Development Foundation under the Linux Foundation Open Source Summit North America 2023 CFP (closes January 14, 2024) Links from the interview Kubernetes v1.29 release information page on k8s.dev Removals, Deprecations, and Major Changes in Kubernetes 1.29 Release Blog - Kubernetes v1.29: Mandala Breaking changes KEP 2395: Removing In-Tree Cloud Providers (SIG Cloud Provider, Beta) Kubernetes v1.28 on the Kubernetes Podcast from Google - discussion of removal of in-tree storage plug-ins Major Changes KEP 1287: In-Place Update of Pod Resources (SIG Node, Alpha) Support in-place Pod vertical scaling in VPA KEP 753: Sidecar Containers (SIG Node, Beta)   Stable KEP 3299: KMS v2 Improvements OR KMSv2 (SIG Auth) SIG Etcd on the Kubernetes Podcast from Google KEP 2485: ReadWriteOncePod PersistentVolume Access Mode (SIG Storage, SIG Scheduling) KEP 727: Kubelet Resource Metrics Endpoint (SIG Instrumentation) “The Kubelet Summary API is a source of both Resource and Monitoring Metrics. Because of it’s dual purpose, it does a poor job of both.” Beta KEP 2799: Reduction of Secret-based Service Account Tokens (SIG Auth) Alpha KEP 3866: nftables kube-proxy backend (SIG Network) [KCSNA 2023] Iptables the end of an era - Dan Winship, Antonio Ojea   Links from the post-interview chat Kaslin’s blog about “Out of Tree” Kubernetes

This episode Kaslin went to KubeCon North America In Chicago. She spoke to folks on the ground, asked them about their impressions of the conference, and collected a bunch of cool responses. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Google researchers discover 'Reptar,’ a new CPU vulnerability Reptar by Tavis Ormandy Tim Hockin: Kubernetes Needs a Complexity Budget Kubernetes' Tim Hockin on a decade of dominance and the future of AI in open source  Keynote: A Vision for Vision - Kubernetes in Its Second Decade - Tim Hockin Open and Secure: A Manual for Practicing Thread Modeling to Assess and Fortify Open Source and Security Announcing our latest book release: a comprehensive security guide to assess and fortify open source security Links from the interview CNCF LLM Starter Pack Crossplane Web Assembly Intro to Kubernetes Gateway API Links from the post-interview chat  SIG ContribEx Comms Team Rap by Bart Farrell

Jesper Larsson is a Freelance PenTester. Jesper works with a hacker community called Cure53. Co-organizes SecurityFest in Gothenburg, Sweden. Hosts Säkerhetspodcasten or The Security Podcast. Jesper is also a Star on Hackad, a Swedish TV Series about hacking.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Kubernetes Removals, Deprecations, and Major Changes in Kubernetes 1.29 Introducing SIG etcd etcd, with Marek Siarkowicz and Wenjia Zhang (The Kubernetes Podcast from Google) WebAssembly (WASM) and OpenShift: A Powerful Duo for Modern Applications Linux Foundation Events Pass the torch in ContribEx #7603 Links from the interview Cure53 Hacker Community Säkerhetspodcasten Hackad TV Show on IMDB SecurityFest Gothenburg Falco by Sysdig Wolfi by Chainguard The Untold Story of NotPetya, the Most Devastating Cyberattack in History Links from the post-interview chat The Untold Story of NotPetya, the Most Devastating Cyberattack in History

Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include: * A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs * An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing * And more recently securing SPIFFE-based machine identities via hardware attestation.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   Links from the interview Confidential Computing Blog from kubernetes.io Confidential Computing Consortium Confidential Computing Whitepaper Intel SGX Enclave Swap Memory with Kubernetes in Beta in 1.28 Hardware Security Modules Trusted Platform Modules (TPM) Envelope Encryption Confidential Computing Concepts - Confidential Virtual Machine AMD Secure Encrypted Virtualization (AMD SEV) AMD Secure Encrypted Virtualization - Secure Nested Paging (AMD SEV SNP) Trusted Computing Base (TCB) Remote Attestation Confidentiality, Integrity, and Availability: The CIA Triad Intel SGX Enclaves Confidential Containers (CoCo) Katacontainers AWS Firecracker  

Guests are Marek Siarkowicz , Senior Software Engineer in Google Cloud, Tech Lead of SIG-etcd   AND Wenjia Zhang, Engineering Manager in Google Cloud, Co-Chair of SIG-etcd, Google. We spoke about the project, the recent change to become a Special Interest Group and how to learn etcd.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Co-host this week is Mofi Rahman [X, LinkedIn]. Cloud Developer Advocate at Google Karpenter graduated to Beta The Kubernetes SIG Network announced release 1.0 of the Gateway API Ingress2gateway new CLI to migrate from Ingress to Gateway The Call for Proposals for KubeCon EU 2024 will close on Nov 26, 2023 Links from the interview etcd Meaning of etcd etcd history from CoreOs Raft paper On the Hunt for Etcd Data Inconsistencies by Marek Siarkowicz - [youtube] Lessons Learned From Etcd the Data Inconsistency Issues by Marek Siarkowicz - [youtube] The first pancake rule etcd as a Kubernetes sig The Case for SIG-ifying etcd CNCF Contributor License Agreements (CLA) Kubernetes Prow Contributor Experience Special Interest Group Kubernetes Watch Go Serialization and Deserialization Cilium with external etcd Certified Kubernetes Administrator etcd mentorship program etcd @kubecon NA 2023 Links from the post-interview chat Kubernetes considerations for large clusters Operating etcd clusters for Kubernetes Kueue etcd on the podcast The Heartbleed Bug XKCD meme about dependency  

WasmCon took place in BELLEVUE, WASHINGTON on Sept 6-7 2023. Kaslin and Mia from our advocacy team went down there and spoke to some folks at the conference to get their impression of the event. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Mia Villaseñor: Twitter/X LinkedIn Cilium Graduated Docker AI apps tools Kubernetes steering committee election results CRI-O moved to Kubernetes owned repository CNCF TOC voted to archive the SMI project Links from the interview WasmCon 2023 Guests Dan Wilson Hood Chatham Brendan Irvine-Broque Josh Berkus Kevin Zheng Sid Hussmann Dawn Parzych Daiki Akasaka Radu Matei Dan Mihai Dumitriu Russell Ashi Chris Madison Brooks Townsend Open Policy Agent V8 Gapfruit OS WASI Capabilities Trusted Compute Group Trusted Platform Module (TPM) Jnode Midokura WASM Runtime Cosmonic Cloud CNCF WasmCloud Wasm Components Model WASI WasmTimeSQLite in Wasm talk at WasmCon AI and Wasm talk at WasmCon Envoy and Wasm The WIT format Cloudflare RU workers Wasm and Kubernetes Wasm and Kubernetes case study Doom on Cloudflare workers with Wasm Wasm and bosch by Emily Ruppel Dynamic Linking Python Dynamic Linking in Wasm from Wasm I/O 23 Links from the post-interview chat Podcast episode#208 with Phil estes Podcast episode#203 with Justin Cormack

  This week we explore what’s new in Istio with core maintainers John Howard and Keith Mattix   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Announcing Linkerd 2.14: Improved enterprise multi-cluster, Gateway API conformance, and more! Amazon to invest up to $4 billion in AI startup Anthropic KubeCon EU 2024 CFP is open until November 26th CNCF Security Slam NEW Certification: Istio Certified Associate (ICA) npm packages caught exfiltrating Kubernetes config, SSH keys Links from the interview Kubernetes Native Sidecars in Istio (Blog from Istio) Kubernetes v1.28: Introducing native sidecar containers Argo Workflows Apache Airflow Envoy Proxy Istio Ambient Mesh Introducing Rust-Based Ztunnel for Istio Ambient Service Mesh eBPF Kernel TLS HTTP Based Overlay Network Environment (HBONE) KubeCon EU 2023: “Future of Service Mesh - Sidecar or Sidecarless or Proxyless?” - Idit Levine & Yuval Kohavi, Solo.io; Keith Mattix II, Microsoft; Eric Van Norman, IBM; John Howard, Google Istio Ambient Waypoint Proxy Made Simple kiali.io Kubernetes Gateway API (Istio) Getting Started with Istio and Kubernetes Gateway API Istio Desitination Rule Announcing Istio's graduation within the CNCF Istio sails into the Cloud Native Computing Foundation (CNCF Blog)

This week we explore the history of containers, particularly containerd, with Phil Estes.

Guest is Grace Nguyen. Kubernetes 1.28 release lead and student at the University of Waterloo. Grace had to juggle exams and community work to bring Kubernetes 1.28 to life. We will get to know grace and learn what work went into release, where the theme come from and what's special about it Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Docker Desktop 4.22 is live The CNCF announced the End User Technical Advisory Board The Go community released v1.21 Configu raised a $3M pre-seed round Links from the interview Grace Nguyen LinkedIn X Kubernetes SIG-Security Kubernetes 1.28 Planternetes API Awareness of SideCars Native SideCar containers in Istio pkgs.k8s.io: Kubernetes Community-Owned Package Repositories Expanding support skew between control plane and node components Non-Graceful node shutdown Pod replacement policy for Jobs (alpha) Match conditions for admission webhooks Feature graduations and deprecations in Kubernetes v1.28 Kubernetes 1.28 webinar. Sept 6th 2023 9am PDT Kubernetes 1.29 PR to assemble team Kubernetes 1.29 shadow program is open Kubernetes 1.27 release lead Xander Grzywinski Links from the post-interview chat Beta support for enabling swap space on Linux SideCars handling is the most popular issue on kubernetes tracker Reddit conversation about native SideCars Native SideCars explained

Guests are Wesley Hales and Max Bruce are co-founders of LeakSignal. LeakSignal is an American startup which is building a set of tools and products to detect and prevent data exfiltration in Service Meshes and proxies supporting Envoy and proxy-wasm.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Dragonfly v2.0.1 is released Redhat Terraform Provider for ROSA Preview Microsoft Azure Operator Nexus Hashicorp Adopts BSL Blog Open Source Security Foundation S2C2F Kubernetes and Cloud Native events Q4, 2023 WasmCon on Sept 6 and 7 in Bellevue, Washington The Open Source Summit EU on Sept 19 to 21 in Bilbao, Spain GRPC Conf on Sept 20 in Sunnyvale, California Virtual IstioCon on Sept 25 and 26. KubeCon, Cloud NativeCon And Open Source Summit China on Sept 26 to 28 in Shanghai, China PromCon EU on Sept 28 and 29 in Berlin, Germany KubeCon and CloudNativeCon NA on Nov 6 to 9 in Chicago, Illinois. KubeDay India On December 8 in Bangalore KubeDay Singapore on December 12 Fermyon added SQL Database support and custom domains to their Wasm Cloud Platform Exposed Kubernetes Clusters are everywhere   Links from the Interview LeakSignal LeakSignal GitHub OpenShift Apigee Keyhouse Spiffe WebSockets gRPC Wasm Envoy Nginx AWS Lambda Proxy Wasm Istio Proxy Wasm Apisix Istio Prometheus PCI Compliance Cloud Armor Blog post about Cloud Armor WAF capabilities Akamai eBPF   Links from the post-interview chat Envoy Mobile

“The State of Kubernetes Cost Optimization,” is a recent report based on research into best practices for running Kubernetes clusters. If you’re running your workloads as efficiently as possible, your costs will be optimal too. The report reviews the data and offers recommendations on tools and techniques you can use to optimize your Kubernetes clusters. We talk with two of the report’s creators, Fernando Rubbo and Kent Hua, to learn more.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week - CNCF Istio Graduation blog - Istio’s blog about CNCF Graduation - CNCF Blog on Flux v2 GA release - Redhat Blog on Kubevirt 1.0 - Pulumi blog on v4.0 of their Kubernetes Provider - VMware Wasm Labs blog on serverless with wasm - CNCF announcement of over 30 new members  - VMware docs on self-hosted Tanzu Links from the interview - The State of Kubernetes Cost Optimization report - “Sharing the inaugural State of Kubernetes Cost Optimization report” blog - Resource Management for Pods and Containers (Kubernetes Documentation) Links from the post-interview chat - Google Site Reliability Engineering (SRE) books - Google Cloud Managed Service for Prometheus

This week we speak to GKE Project Manager, Nicholas Eberts, about Platform Engineering. He draws from his considerable experience both with the Cloud Native community and working with businesses to set up their cloud platforms to explore the trend.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week - Kubernetes binary distribution via CDN at dl.k8s.io - OpenShift Service Mesh version 2.4 - AWS Signer - KubeCon CloudNativeCon North America 2023 registration - KubeCon CloudNatieCon and Open Source Summit China 2023 registration - Kubernetes Bill of Materials CLI from KSOC Labs   -  Blog   - GitHub - CNCF Blog "Version after version: how the open source project Kubernetes releases its software"   Links from the interview Nicholas Eberts: - Twitter - LinkedIn   - Abdel tweeting about Platform Engineering - "DevOps is dead, long live Platform Engineering" tweet - DORA (DevOps Research and Assessment) - Charity Majors on the Hacking the Org Podcast - Charity Majors on the DevInterrupted Podcast - Open Service Broker - CNCF Landscape - Google Bard

This week we speak to Justin Cormack the CTO of Docker. We talked about WASM (or WebAssembly Modules), Docker support for running WASM apps and the future of the technology.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week WASMCon 2023: CFP Event Kyverno Project 1.10 Intro to Cilium course Microsoft Azure Linux is GA CNCF Glossary German edition is live Google C3 Machine family is available for GKE ChainGuard move from Github Registry to self-hosted Amazon Pull through cache on AWS container registry   Links from the interview Justin Cormack: Twitter LinkedIn Docker WebAssembly Docker+WASM asm.js asmjs.org V8 Javascript engine Google Sandboxing WebGPU ByteCode Alliance Containerd Mesos WASM Edge  

In this episode we bring you with us to KubeCon EU 2023 in Amsterdam, Netherlands. We interviewed several attendees about their experience at the conference.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   Featuring: Adnan Hodzic Anisoara-Ionela Dominique Top Ixchel Ruiz Livia-Maria Ciobanu Magarita Manterola Mark Mandel Peter O’Neill Whitney Lee Zoe Steinkamp   News of the week Kubernetes SIG Infra migrating some CI jobs to AWS Kubernetes 1.26 now Generally Available on GKE Software Supply Chain Security startup Stacklock, by Craig McLuckie and Luke Hinds raised 17.5M$ Kubernetes SIG Testing End to End Testing Best Practices update Knative version 1.10 release KubeDay Israel schedule   Links from the interview Kubernetes, Resistance is Futile - Adnan Hodzic, ING Choose Your Own Adventure: The Treacherous Trek to Development - Whitney Lee, VMware & Viktor Farcic, Upbound Agones + Quil;kin: Kubernetes Game Server Orchestration and UDP Service Mesh - Mark Mandel, Google Cloud Open Policy Agent eBPF Build Your Own Path in the Cloud Native Ecosystem - Rich Burroughs, Loft Labs & Kaslin Fields, Google (Whitney mentioned learning about eBPF in this talk) Google Cloud Anthos PlayStation and Kubernetes: How to Solve a Problem Like Real-Time Story of Our Transition to a Custom Kubernetes Operator for an API Gateway - Vincent Behar, Ubisoft CNCF TAG App Delivery Cloud Native Buildpacks Kuberoke

Xander Grzywinski is a Senior Open Source Product Manager at Microsoft and the Kubernetes 1.27 release lead. We interviewed Xander to explore some highlights from the release, and discuss a bit about what it’s like to work with the release team. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Traefik Labs Launches Traefik Hub Software Supply Chain Security Assessment: Prometheus Argo CD CNCF Spring 2023 Cloud Native Ambassadors Updates to the Auto-refreshing Official CVE Feed What’s New in Red Hat OpenShift Virtualization 4.12 Azure Kubernetes upgrades and Long Term Support KubeCon SHANGHAI, CHINA is back on Sept 26-28, 2023 CFP Closes on June 18, 2023 KubeCon NA takes place on Nov 6-9, 2023 in Chicago, Illinois CFP Closes on June 18, 2023 KubeCon EU 2024 takes place on Mar 19-22 in Paris, France Introducing Sessionize: a new CFP platform for CNCF events Manage Amazon EKS Clusters with New VMware Tanzu Mission Control Features Google Cloud turned profit for the first time according to the earning call of Q1 2023   Links from the interview Xander Grzywinsk: Twitter LinkedIn Pod Security Policies KEP 753: Sidecar containers Kubernetes 1.27 Release team Kubernetes 1.27: Chill Vibes Freeze k8s.gcr.io image registry Kubernetes Vertical Pod Autoscaler Kubernetes Removals and Major Changes In v1.27 Kyverno — verify Kubernetes control plane images Kubernetes 1.27: StatefulSet PVC Auto-Deletion (beta) Kubernetes 1.27: Query Node Logs Using The Kubelet API Kubernetes 1.27: Efficient SELinux volume relabeling (Beta) Kubernetes 1.27: StatefulSet Start Ordinal Simplifies Migration Kubernetes 1.27: Introducing An API For Volume Group Snapshots Kubernetes 1.27: Quality-of-Service for Memory Resources (alpha) Kubernetes 1.27: Vertical Pod Autoscaler supporting in-place updates Kubernetes 1.27: Server Side Field Validation and OpenAPI V3 move to GA Kubernetes 1.27: More fine-grained pod topology spread policies reached beta Kubernetes 1.27: Single Pod Access Mode for PersistentVolumes Graduates to Beta Kubernetes 1.27: HorizontalPodAutoscaler ContainerResource type metric moves to beta   Links from the post-interview chat GKE Workload rightsizing

Paris Pittman is a Senior Program Manager at the Open Source Program office at Apple. A Prominent Kubernetes and CNCF member who served many roles with a focus on community and governance. Paris was on some key milestones for this show. First appearance was on Episode 1 and later on Episode 100. So we could not be happier to have Paris back in Episode 200. We discussed how Paris got started with community work and how the experience has been. Paris shared with us some words of wisdom on the power of working with others and the importance of moving on.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week KCD Amsterdam Retro AWS announced Data on EKS Kubecon EU 2023 “Security Village” Podman desktop released version 0.14 Keycloak joined CNCF as an incubating project Kubernetes v1.27 code name Chill Vibes was released The CNCF “Cloud Native Explorers” - Amsterdam Edition CNCF white paper on Platforms for Cloud Native Computing GKE Autopilot is now the default mode of operations for new clusters   Links from the interview Paris Pittman: Linkedin Twitter Mastodon (@paris@hachyderm.io) OSCON 2016 Sarah Novotny Kaslin is a new chair of SIG contribX

In this episode we bring you with us to Southern California Linux Expo, or SCaLE20x in Pasadena, California. We interviewed several attendees about their experience at the conference. Featuring: Robin Phantomhive, attendee at SCaLE and community member Mofi Rahman, Developer Advocate at Google Fatima Sarah Khalid, Dev Evangelist at GitLab Bryan Behrenshausen, Open Source Program Manager at GitLab Laura Santamaria, Geek with an achievement streak at Dell Jeff Deifik, Cybersecurity at Aerospace Corp Jill Bryant Ryniker of LWDW and the Destination Linux Podcast Bill Schouten of Tux Digital and the Sudo Show Podcast   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Chainguard contributes Rekor Search Project to Sigstore Docker and Ambassador Labs Announce Telepresence for Docker, Improving the Kubernetes Development Experience Docker, Inc. Celebrates 10th Anniversary With Alliances Oracle Cloud Infrastructure to Increase the Reliability, Efficiency, and Simplicity of Large-Scale Kubernetes Environments at Reduced Costs cdCon / GitOpsCon Schedule Crossplane Security Audit Crossplane completes fuzzing security audit Improving Security by Fuzzing the CNCF landscape Report   Links from the interview Destination Linux Podcast LWDW LinuxChix LA Sudo Show Podcast Tux Digital Creating a cluster with kubeadm  

David Flanagan is a developer, educator and technology enthusiast with a special interest for Kubernetes and Cloud Native technologies. David is the founder of Rawkode Academy, an online platform aiming at teaching kubernetes to developers. One of the popular shows on RawKode is Klustered. Where david invites people to fix broken kubernetes clusters, learn a thing or two and have a laugh   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Istio Ambient Mesh merged into the main branch Kubernetes 1.27 changes and removals k8s.gcr.io to registry.k8s.io redirect Preview support for pod sandbox on Azure Kubernetes Services Katacontainers Docker apologies for handling Free Teams deprecation Schedule for CNCF-hosted and colocated events is up Kubernetes WithOut Kubelet CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes Links from the interview David Flanagan Twitter Linkedin RawKode Academy Klustered How Spotify Accidentally Deleted All its Kube Clusters with No User Impact - David Xia You probably DON'T need a service mesh Klustered episode with Abdel and Marek Docker first release at PyCon 2013 KubeHuddle 2023 Toronto Kubernetes Failure Stories Kubelete runOnce flag Cilium Hubble Telnet Talkers Teamrock MUD's eBPF  

Emily Fox is a security engineer @Apple Cloud Services, a CNCF Technical Oversight Committee member and co-chair for a bunch of CNCF events including recently the Cloud Native Security Conference in Seattle. We had a chance to talk to Emily about the first edition of the CNSC 2023, her involvement with the CNCF community. Her role as a security engineer and some career discussions.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week KubeEdge v1.13.0 released on January 18, 2023, achieves SLSA 3 compliance SLSA 3 compliance KubeVela brings software delivery control plane capabilities to CNCF Incubator GKE Updates: Balanced compute classes are now offered in GKE Autopilot GKE Autopilot now supports exposing randomly assigned host ports for pods GKE has started offering ephemeral storage with local SSDs Added support for Windows Server 2022 nodes AWS announced the availability of AKS anywhere on Snowball Edge Devices Sysdig released their 6th annual Cloud Native Security and Usage Report. Rebooting the Cloud Native Hamburg community group KubeCon EU Amsterdam Schedule Katacoda Kubernetes tutorials shutdown LFX Internships for WASMEdge Kubernetes Community Days (KCDs): Upcoming CFP deadlines: KCD Italy CFP closes February 20 2023 (in-person) KCD Czech + Slovak CFP closes March 1, 2023 (in-person) KCD Bangaluru CFP closes March 20, 2023 (in-person) KCD Zurich CFP closes March 31, 2023 (in-person) KCD Colombia CFP closes March 31, 2023 (in-person)  Check out upcoming KCDs that might be in your region: Sponsorship opportunities are available Donation Prospectus available for review KCD Israel 2023, Mar 23, 2023 KCD LA, Mar 9, 2023 KCD Pakistan (Islamabad), February 20, 2023 KCD Netherlands (Amsterdam), February 23-24, 2023 KCD France (Paris), March 7, 2023 KCD Los Angeles, March 9-10, 2023 KCD Ukraine Virtual Fundraiser, March 16, 2023   Links from the interview Emily Fox: Twitter Linkedin Cloud Native Security Con Youtube Playlist How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo eBPF CIA Triad Waterfall development Cloudcareers.dev podcast Rory McCune on twitter Software Supply Chain Security Emily Fox on SBOM Emily Fox on SDLC Shift Left Security: Best Practices for Getting Started Episode 196 with Benjamin Elder CNSC 2023 seattle guests David Wolf Eric Knauer Liz Rice Mitch Connors   Josh Knarr Nick Young Taylor Dolezal Frederick Kautz on SPIFFE/SPIRE Chris Aniszczyk's Blog The Falco Project Cilium Tetragon Pixie Aviatrix Keylime Google Anthos Beyond Cluster-Admin: Getting Started with Kubernetes Users and Permissions - Tiffany Jernigan Standardization & Security - A Perfect Match - Ravi Devineni & Vinny Carpenter, Northwestern Mutual CSI Container: Can You DFIR It? - Alberto Pellitteri & Stefano Chierici, Sysdig   Links from the post-interview chat Cloud Native Security Con Eu 2023 CNCF TOC

Benjamin Elder is a Senior Software Engineer at Google, a Kubernetes SIG Testing Chair & Tech Lead, and a Kubernetes Steering Committee member. In this episode we got to chat with Benjamin about the new kubernetes registry migration from k8s.gcr.io to registry.k8s.io. We also had an opportunity to discuss the community, the various SIG's (Special Interest Groups) Benjamin is involved with the amount of work needed to drive the project forward.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod Chatter of the week Google Developer Experts program. ChatGPT. OpenAI Case Study. Kubernetes Jobs API. Job Tracking, to Support Massively Parallel Batch Workloads, Is GA in kubernetes 1.26. Stateful apps on Kubernetes. Kelsey Hightower's take on Databases on Kubernetes twitter space. Kubernetes Resources Model News of the week Linkerd published a 2022 recap The CNCF Cloud Native Maturity Model The CNCF Cloud Native Maturity Model website Using Amazon EKS with Google Workspace identities CNCF Ambassador 2.0 program Cloud Native Security Con NA 2023 (website - recordings) The CNCF important updates for KubeCon + CloudNativeCon 2023 and co-located events Kubernetes 1.26 news: https://kubernetes.io/blog/ Eviction policy for unhealthy pods guarded by PodDisruptionBudgets:https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ Retroactive Default StorageClass: https://kubernetes.io/blog/2023/01/05/retroactive-default-storage-class/ Alpha support for cross-namespace storage data sources: https://kubernetes.io/blog/2023/01/02/cross-namespace-data-sources-alpha/ Advancements in Kubernetes Traffic Engineering: https://kubernetes.io/blog/2022/12/30/advancements-in-kubernetes-traffic-engineering/ Job Tracking, to Support Massively Parallel Batch Workloads, Is Generally Available: https://kubernetes.io/blog/2022/12/29/scalable-job-tracking-ga/ CPUManager goes GA: https://kubernetes.io/blog/2022/12/27/cpumanager-ga/ Pod Scheduling Readiness: https://kubernetes.io/blog/2022/12/26/pod-scheduling-readiness-alpha/ Support for Passing Pod fsGroup to CSI Drivers At Mount Time: https://kubernetes.io/blog/2022/12/23/kubernetes-12-06-fsgroup-on-mount/ GA Support for Kubelet Credential Providers: https://kubernetes.io/blog/2022/12/22/kubelet-credential-providers/ Introducing Validating Admission Policies: https://kubernetes.io/blog/2022/12/20/validating-admission-policies-alpha/ Device Manager graduates to GA: https://kubernetes.io/blog/2022/12/19/devicemanager-ga/ Non-Graceful Node Shutdown Moves to Beta: https://kubernetes.io/blog/2022/12/16/kubernetes-1-26-non-graceful-node-shutdown-beta/ Alpha API For Dynamic Resource Allocation: https://kubernetes.io/blog/2022/12/15/dynamic-resource-allocation/ Windows HostProcess Containers Are Generally Available: https://kubernetes.io/blog/2022/12/13/windows-host-process-containers-ga/ We're now signing our binary release artifacts!: https://kubernetes.io/blog/2022/12/12/kubernetes-release-artifact-signing/   Links from the interview Benjamin Elder LinkedIn Github Twitter Kubernetes Steering Committee Kubernetes SIG Testing Kubernetes IN Docker (KIND) Benjamin on the podcast episode 96 Paris Pittman LinkedIN Twitter Kubernetes registry move from k8s.gcr.io to registry.k8s.io Archeio is the tool used to redirect to GCR or S3 depending on the client. The design of how requests are handled. Doc detailing the background of this migration. Kubernetes SIG Contributor Experience Kubernetes Slack channel

Leonard Pahlke is not only the Release Lead for Kubernetes v1.26, he's also a co-chair of the CNCF TAG for Environmental Sustainability and a student working toward a Master's Degree in Computer Science at the Hamburg University of Applied Sciences. In this episode, Leonard talks with us about Open Source contribution, environmental sustainability, and Kubernetes v1.26.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   Chatter of the week The 1.23 Release team (where Kaslin was a comms shadow) Shoutout to Kunal Kushwaha, another Kubernetes contributor who started out as a student, and who advocates for students in the community via his YouTube channel & more. KubeCon EU 2023 (which will have a student track as part of the schedule) KubeCon Diversity and Inclusion Scholarships   News of the week Kubernetes Removals, Deprecations, and Major Changes in 1.26 AWS ReInvent 2022 AWS YouTube Channel Control Plane Logs added for GKE Gateway Controller for Single Clusters reaches GA for GKE Prometheus Turns 10 Prometheus Training Prometheus Documentary by HoneyPot Move to registry.k8s.io Leak Signal Micro-waf CNCF Maintainer Track changes   Links from the interview Leonard Pahlke’s Blog Leonard Pahlke blog about contribution: Start Contributing to Open Source Projects Leonard Pahlke CNCF WG Environmental Sustainablity Blog Post TAG Environmental Sustainability GitHub Specific 1.26 changes mentioned: Kubernetes 1.26: We're now signing our binary release artifacts! Kubernetes 1.26: Windows HostProcess Containers Are Generally Available CEL for Admission Control KEP In-tree Storage Plugin to CSI Migration - Azurefile In-tree Storage Plugin to CSI Migration - vSphere In-tree storage plugin removals for GlusterFS and OpenStack, and more, are outlined in the “Kubernetes Removals, Deprecations, and Major Changes in 1.26” blog Kubernetes Enhancement Proposals (KEPs) Kubernetes v1.26 Electrifying Release Blog   Links from the post-interview chat List of Kubernetes SIGs Kubernetes Release Team Shadow program

Louis Bailleul is a Chief Enterprise Architect at PGS. After years of running highly-ranked super computers to process PGS’ seismic data, Louis’s team at PGS has lead a transition to Google Cloud. Listen in to learn about HPC in Google Cloud with GKE, and to explore using Kubernetes to do processing on vessels at sea! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Listen to the KubeCon NA 2022 recap episode News of the week Docker + Wasm Istio control plane vulnerability CVE-2022-39278 KubeFlow joins CNCF as an Incubating Project CNCF Backstage course CNCF Istio intro course Links from the interview PGS A picture of a PGS vessel PGS post from 2021 about their supercomputing rankings and transition to Google Cloud Top500 List Kubernetes Custom Resources (CRDs) Scaling Kubernetes to Thousands of CRDs Google Cloud Spot Instances Google Cloud Preemptible VM Instances Google Cloud - Manage capacity and quota KubeCon NA 2019: How the Department of Defense Moved to Kubernetes and Istio - Nicolas Chaillan Bare Metal K8s Clustering at Chick-fil-A Scale by Brian Chambers, Caleb Hurd, and Alex Crane

In this episode we bring you with us to KubeCon NA 2022 in Detroit, Michigan. We interviewed 15 attendees from various backgrounds and learned some cool insights. Featuring: Mo Khan, Software Engineer, Microsoft. Katrina Verey, Senior Staff Production Engineer, Shopify. Aishwarya Harpale, Student, Rutgers University. Jeffery Sica, Principal Developer Experience Engineer, CNCF. Kirsten Schumy, Software Engineer, AWS. John-Paul Robinson, HPC Architect, University of Alabama at Birmingham. Madhav Jivrajani, Software Engineer, Vmware. Leigh Capili, Developer Advocate, Vmware Tanzu. Nim Jayawardena, Developer Programs Engineer, Google. Charlie Yu, Developer Programs Engineer, Google. Ahrar Monsur, Developer Programs Engineer, Google. Mickey Boxell, Product Manager, Oracle. Eddie Zaneski, Software Engineer, Chainuard. Andy Piggott, Chief Product Officer, Section. Logan Smith, Director of Business Development, GrafanaLabs. Brian Dorsey, Developer Advocate, Google - Shoutout for recommending the microphones for interviews. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week CrowdStrike cryptojacking finding Skaffold v2 Generally Available GKE Security Posture Dashboard Blog Video Cdk8s+ from AWS Blog Project page CNCF Sandbox project application information Istio becomes a CNCF Incubating project Cert-manager becomes a CNCF Incubating project Cisco OpenClarity Kube-router bug Google Cloud Next Wrap-Up Microsoft Ignite highlights blog Cloud Native SecurityCon Linux Foundation partnership with Razom for Ukraine Links from the interview Kubernetes SIG Auth Kubernetes SIG API Machinery FluxCD Online Boutique Sample App Kubernetes SIG-CLI Cloud Native 101: Motor City Edition by Bob Killen and Jeffrey Sica Consumers to Contributors by Brendan O’Leary Kubernet-Bees: How Bees Solve the Problems of Distributed Systems SchedMD Slurm Kube-bind Contribute to etcd! Cloud Native WASM Day Cloud Native SecurityCon Backstage (Incubating CNCF Project) eBPF Cilium (Incubating CNCF Project) Acorn Labs Vulcan Mind-Meld (Star Trek) Kids’ Day at KubeCon NA 2022

After four and a half years hosting this podcast (and almost 9 years at Google) Craig Box is moving on from the latter, which unfortunately means leaving the former. But the show must go on. In this episode Craig introduces new hosts Abdel Sghiouar and Kaslin Fields. We take a small look forward, and then a big look back. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Links from the show Adam’s last episode Abdelfettah Sghiouar Devoxx MA Cloud Careers Podcast You probably DON’T need a Service Mesh Kaslin Fields Containers as cookies Biscuits and gravy Contributor comms First-gen stickers Second-gen stickers Episode 60, with Mark Shuttleworth Episode 15, with Dan Ciruli and Jasmine Jaksic Dan on sticker duty Episode 30, with Joe Zou A rare team photo Music and musicians Kaossilator Episode 191, with DJ Fresh Episode 127, with David Pait Episode 83, with Guinevere Saenger Episode 120, with Melanie Cebula Episode 121, with Ed Huang Double guest trivia: Episodes 1 and 100 with Paris Pittman Episodes 62 and 180 with Ricardo Rocha (on a technicality) The Adam face Corey Quinn: separated at birth? One of many booth meetups Follow Craig Box on Twitter Follow Adam Glick on LinkedIn

Dan Stein is an engineering manager at General Bioinformatics. Dan Stein is also DJ Fresh, a multi-million selling artist with two UK number one records. Learn about the surprising overlap between these two careers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod and @craigbox Chatter of the week Trevor Noah stepping down as host of Daily Show Follow @craigbox to learn what’s next News of the week Google Cloud adds GPU support to Autopilot Pricing CVE-2021-36782 in Rancher State of DevOps Report for 2022 Congratulations to the 27 Summer LFX Program CNCF interns Reviewing the 2019 Kubernetes security audit Links from the interview DJ Fresh Atari 800 and Atari ST Pong Atari BASIC Commodore Amiga OctaMED Fatboy Slim and the Atari ST Dogs on Acid music forum Taylor Hawkins Tribute Concerts Abolishing the high tax rate in the UK, or not Breakbeat Kaos Hold Your Colour by Pendulum Kryptonite by DJ Fresh Gold Dust Subsequent hits: Louder Hot Right Now Kyma (sound design language) and Max/MSP We Got Coders General Bioinformatics NGS gene sequencing Ensembl Hasura GraphQL Playground NCBI - National Center for Biotechnology Information Max Martin How Music Works by John Powell Learning: Treehouse Udemy 3Blue1Brown Codeacademy DJ Fresh’s new single, Higher DJ Fresh on Facebook Dan Stein on Twitter

Betty Junod, VP of Product Marketing at VMware Tanzu, kindly took up Craig’s challenge to explain the various parts of the Tanzu ecosystem, and how the traditional IT buyer and the modern cloud native really aren’t that different. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod and @craigbox Chatter of the week NASA DART mission Deep Impact Armageddon Apparent retrograde motion Planets beyond Neptune News of the week Istio sails into the CNCF SPIFFE and SPIRE graduate Episode 45, with Andrew Jessup Brigade archived Sysdig 2022 Cloud Native threat report The nice TeamTNT Episode 188, with Kateryna Ivashchenko Episode 169, with Anna Belak Chainguard introduces Wolfi workerd, from Cloudflare Introducing Palaemon Custom org policy for GKE in preview Leveraging Kubernetes for an elastic platform at Blablacar by Sebastien Doido Links from the interview VMware History Docker Solo.io VMware Tanzu introduction blog VMware acquires Heptio VMware acquires Pivotal Tanzu Mission Control Tanzu for Kubernetes Operations Tanzu Application Platform Tanzu Kubernetes Grid Bring your own host to TKG Project Pacific introduction TKG 2.0 VMware Aria Operations for Applications Tanzu Application Service Cloud Foundry Open source projects: Velero Antrea Carvel Cartographer Michigan cider Detroit-style pizza Betty Junod on Twitter

When you think of a service mesh, you probably think of “sidecar containers running with each pod”. The Istio team has come up with a new approach, introduced recently as an experimental preview. Google Cloud software engineers Justin Pettit and Ethan Jackson join Craig to explore ambient mesh. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Listening immediately and listening on a 1 year delay Death and state funeral of Queen Elizabeth II The Queue What the queue says about our relationship with royalty News of the week Cloud Custodian becomes an incubating project Anthos VM support GKE control plane metrics CVE-2022-3172: Aggregated API server can cause clients to be redirected CVE-2021-25749: runAsNonRoot logic bypass for Windows containers Akuity Platform Episode 172, with Jesse Suen Weave GitOps 2022.09 Coroot Community Edition Constellation, by Edgeless Systems Register for Google Cloud Next Dell and Red Hat expand strategic collaboration Links from the interview Nicira Open vSwitch Introucing Ambient Mesh Service mesh First mention of Ambient in 2018 No first class support for sidecars in Kubernetes Istio working group meeting, August 2021 Remote proxy proposal HBONE: HTTP/2-based overlay network environment mTLS HTTP Connect GIF MASQUE and QUIC Get started with Ambient Mesh Ambient Mesh Security Deep Dive Justin Pettit and Ethan Jackson on Twitter

Kateryna Ivashchenko is a Senior Demand Generation Manager at Teleport, an organizer of community events, and a supporter of the developer community in her home country of Ukraine. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Introducing Ambient Mesh in Istio Istio 1.15 Linkerd 2.12 Linkerd and the Gateway API Symbiosis Cuber nay-tace Reddit discussion VMware Tanzu announcments from VMware Explore Isovalent raises $40m Series B Kubernetes Blog: PodSecurityPolicy: The Historical Context Pod Security Admission Controller in Stable CSI Inline Volumes have graduated to GA cgroup v2 graduates to GA Kubernetes was never designed for batch jobs by Kurt Schelfthout 7 years of GKE General Availability Links from the interview Portworx Teleport 24 February 2022: Russia invades Ukraine BeyondCorp Teleport open source hunter2 Okta breach Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg War in Ukraine Kateryna’s sister’s T-shirt Independence Day Chris Lentricchia and Operation Dvoretskyi CNCF crowdfunding DevOpsDays Kyiv International Snack Exchange Kateryna Ivashchenko on Twitter

It’s release day! We discuss today’s Kubernetes 1.25 with release team lead Cici Huang, Software Engineer at Google Cloud. What’s in, what’s out, and what is it like to lead a release you are also promoting a feature in? Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Nelson underwater England underwater A picture of a sheep Follow Craig on Twitter for more like that News of the week Kubernetes 1.25 release Introducing Acorn Acorn Labs: Rancher Co-Founders’ New Kubernetes Startup by Christine Hall Episode 57, with Darren Shepherd GKE updates: New observability metrics GKE Autopilot now default 256 pods per node KubeCon schedule published Cloud Native Rejekts Scaling Kubernetes to thousands of CRDs by Nic Cope Links from the interview IBM Watson Kubernetes Community Awards SIG API Machinery Chair & Cici’s hiring manager: Fede Bongiovanni Kubernetes 1.25 release team Release blog Highlights: PodSecurityPolicy is removed; Pod Security Admission is stable cgroups v2 KMS v2alpha1 CRD valdation experession language Registry change Kubernetes 1.24 delay Theme and logo Envelopes: 1.24 lead: Episode 178, with James Laverack 1.26 lead: Leonard Pahlke Cici Huang on GitHub

Three years after they were first proposed, the new Kubernetes Gateway APIs - the evolution of the Ingress API - are in Beta. Rob Scott is a software engineer at Google and a lead on the SIG Network Gateway API project. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Hot hot hot Stevenson screen Heathrow Airport Kew Gardens RAF Coningsby News of the week Argo security audit: Argo blog ADA Logics blog Episode 172, with Jesse Suen Kubernetes Cluster API integrates continuous fuzzing The report OSS Fuzz Cilium 1.12 GKE Cluster Autoscaler location policy The quest for neutrinos Ray traced Quake II Links from the interview Gateway API Spire Labs Fairwinds rbac-manager Polaris Episode 104, with Bowei Du Ingress Gateway API concepts and role-orientation Roles and resource model GatewayClass GKE implementation of GatewayClass Conformance tests Policy attachment Gateway Routes Gateway API goes to Beta GRPCRoute Gateway Enhancement Proposal (GEP) Istio APIs that influenced the Gateway API GAMMA Initiative Istio support for Gateway API SMI community joining Gateway API on GitHub Santa Cruz Moutains Rob Scott on Twitter and LinkedIn

Ian Miell is a partner at consultancy Container Solutions, and an author of books on Bash, Git, Terraform and Docker. He explains to Craig how writing - whether runbooks, blog posts, training courses, or “real” books, can help you learn and make your team more effective. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Hot hot hot Small pools and larger pools News of the week Gateway API goes to Beta Episode 104, with Bowei Du Istio support for Gateway API SMI community gets behind Gateway API Kyverno and Keptn move to incubation Episode 119, with Alois Reitbauer Tau T2A Arm VMs now on Google Compute Engine GKE support for Tau T2A Arm nodes Kubeshop acquires BotKube Exploiting Authentication in AWS IAM Authenticator for Kubernetes by Gafnit Amiga New Vulnerabilities in Kubernetes NGINX Ingress Controller CNCF sponsors audit of KubeEdge KubeEdge security threat model Audit report Red Hat announces new CEO Google Cloud announces new Distinguished Engineer Episode 185, with Clayton Coleman Links from the interview Zwischenzugs Business Value, Soccer Canteens, Engineer Retention, and the Bricklayer Fallacy Zwischenzug and zugzwang in chess Ian’s books: Learn Bash The Hard Way Learn Git The Hard Way Learn Terraform The Hard Way All three in a bundle Docker in Practice Tcl Why are enterprises so slow? Erlang Episode 164, with Daniel Walsh ‘AWS vs K8s’ is the new ‘Windows vs Linux’ The Runbooks Project ITIL Consultancy: Episode 183, with Steve Wade Why it’s great to be a consultant Container Solutions Finance topologies: Team Topologies by Manuel Pais and Matthew Skelton If You Want To Transform IT, Start With Finance Conway’s Law Ian Miell on Twitter

Why does a car manufacturer own an IT company? How did that IT company end up running 900 Kubernetes clusters, starting at version 0.9? Craig asks these questions and more of Sabine Wolz, Product Manager at Mercedes-Benz Tech Innovation. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Live UK political coverage on the day of recording. As predicted, news happened slightly faster than publication, and at the time of release, Boris Johnson is expected to resign as Conservative Party leader today. Shibboleth Lord of the Rings TV show moved to UK News of the week GKE Cost Allocation CubeFS accepted as CNCF incubating project Bare metal deployments for EKS Anywhere Episode 142, with Gianluca Arbezzano Cubernetes Episode 20, with Justin Garrison OpenShift Service Mesh 2.2 Tanzu Mission Control adds FluxCD Pixie plugins What GKE users need to know about Kubernetes’ new service account tokens, by Taahir Ahmed Kubernetes is a red flag signalling premature optimisation, by Jeremy Brown Hacker News discussion eBPF Summit 2022 Links from the interview Mercedes-Benz Tech Innovation Mercedes-Benz and Daimler Truck How should electric vehicles sound? Ulm and its church Sabine’s KubeCon keynote How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime: Tobias Giese & Sean Schneeweiss Game theory FOSS Manifesto Inner source CNCF End User Community The promise of flying cars Sabine Wolz on LinkedIn

Gone are the days of working at the same company for 50 years. Consultants and contractors bring specialised experience to many companies in short bursts. Steve Wade is an independent Kubernetes consultant and trainer, and he tells us how that became the life for him. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Queen Bourton-on-the-Water, fire in the sky Model village Model village inception News of the week New GKE features: eBPF and IP masquerading in GKE Autopilot Dual stack networking Time-shared GPUs Confidential GKE nodes Paralus (by Rafay) Furiko (by Shopee) New CNCF Sandbox projects: Clusterpedia OpenCost Aeraki Mesh Curve OpenFeature Kubewarden DevStream Traefik Hub Cyble’s exposed Kubernetes clusters Bitnami index FAQ Links from the interview Premier League Tesco Consultants and IR35 KSOC Indian food Steve Wade (1987) on Twitter

As we move further up the stack, we rely on many foundations – including storage. Alex Chircop is co-chair of the CNCF Storage Technical Advisory Group (TAG), as well as founder and CEO of Ondat (formerly StorageOS). Join us to learn why no app is truly stateless, and how data is the new storage. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Crowded House snippets: Distant Sun Sister Madly Don’t Dream It’s Over (you know this one) Weather With You Something So Strong How Will You Go News of the week Kubernetes 2021 annual report and blog post discussing it SUSECon news SLSA Level 4 The State of CD 2022 report Introducing OpenCost Spec Episode 124, with Webb Brown OSTIF and ADA Logics posts discussing the CRI-O project audit Bitnami Helm chart pruning and Reddit discussion Upcoming Code of Conduct changes at the CNCF Links from the interview Goldman Sachs on Google Cloud Episode 181, with Justin Santa Barbara KubeCon EU 2016 CNCF TAG Storage Data on Kubernetes community CNCF TAGs CNCF Storage WG talk at KubeCon EU 2019 CNCF TAG Storage talk at KubeCon EU 2022 Kubernetes SIG Storage Xing Yang CSI and COSI Quinton Hoole Federation, aka “Ubernetes” Whitepapers: Storage Disaster Recovery Ondat Updog Alex Chircop on Twitter

What is configuration as data, how is different from infrastructure as code, and why can’t anything just be itself anymore? We posed these questions and more to long-time Kubernetes contributor Justin Santa Barbara at KubeCon EU, and this episode is the result. Justin created the kOps project and now leads the team at Google that makes Kubernetes easier to consume. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week #kubecovid Alhambra La Alhambra Cats of the Alhambra News of the week Cloud Native at Microsoft Build Azure Container Apps are GA AKS updates Docker acquires Tilt Broadcom acquires VMware FT coverage Customer reaction from The Register Istio 1.14 GKE Cost Estimator Goodbye to Katacoda Take the DORA survey or read the 2021 report Links from the interview FathomDB Meteor acquires FathomDB for its development platform Sherlocking OpenStack kOps GitHub Configuration management tools Infrastructure as Code JSON, YAML, Proto and INI Helm values.yaml Kubernetes Resource Model (KRM) kustonize kpt Package management Configuration as Data announcement blog Porch kpt functions Backstage Config Sync and Config Connector Kubernetes component configuration Cluster API Justin Santa Barbara on Twitter

Live from Valencia, it’s KubeCon EU! Craig talks to conference co-chair and CERN computer scientist Ricardo Rocha about the event, and what it’s like to be in a room full of people again. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 9am Karaoke News of the week CNCF news from KubeCon EU: SlashData survey 800 members Boeing Coinbase Prometheus Certified Associate Google Cloud improves GitOps usability with Config Sync and Porch kpt Other Google news from KubeCon Tetragon from Isovalent Envoy Gateway Infra Ask HN with the creators Cloud Foundry launches Korifi SUSE NeuVector is open source CloudNativePG from EnterpriseDB All the other options Assured Open Source Software from Google Cloud Recent Guest news: Akuity announces $20m Series A (episode 172) Komodor raises $42 million Series B (episode 153) Deepfence launches Deepfence Cloud (episode 173) Lightning Round Armory announced public early access to their new Continuous Deployment-as-a-Service product Aserto announces its ”better together” approach to authorization by bringing together OPA, OCI, and Sigstore Bunnyshell Introduces support for multi-repository Terraform with full-stack drift management and GitOps Calyptia announces the General Availability of Calyptia for Fluent Bit, CAST AI introduces advanced Autoscaler for AKS Clastix launches Kamaji, a new open source tool for Managed Kubernetes Service CloudCasa by Catalogic expands to support Microosft AKS Codenotary combines Community Attestation Service with background vulnerability scanning CodeZero Launches Surf, a new developer tool for observability in pre-production Kubernetes environments CrateDB introduces Logical Replication D2iQ Partners with GitLab DataCore Bolt container-native storage software now GA; built on their acquisition of Mayadata Datadog launches Application Security Monitoring and support for OpenTelemetry Protocol in the Datadog Agent, Deepfactor partners with Synopsys to help developers resolve cloud native supply chain security risks env0 enables full-stack IaC deployment and management with native Kubernetes support Era Software introduces EraStreams Fairwinds Insights unifies DevSecOps with additional shift-left enhancements GitLab free tier adds pull-based Kubernetes deployments Google announced a new low-cost, high-usage pricing tier for Google Cloud Managed Service for Prometheus HCL Technologies launches Kubernetes migration platform Kasten by Veeam launches K10 v5.0 released Runecast adds CI/CD integration and image scanning Lacework introduces new Kubernetes Audit Logs monitoring Loft Labs announces a Cluster API provider for vcluster NetFoundry embeds zero trust into Prometheus New Relic introduces low-overhead Kubernetes monitoring and Pixie plug-in framework Pure Storage’s new Database as a Service platform is GA Replicated introduces community licensing and pre-flight checks SphereEx releases DB-Plus Suite Snapt announces security package to run Kubernetes in public cloud SPIRE now runs on Windows Sysdig launches new Advisor and Sysdig Open Source leverages Falco plugins SysEleven unveils MetaKube Operator Timescale announces OpenTelemetry Tracing support for Promscale Vultr Kubernetes Engine now Generally Available Zesty Disk for Kubernetes introduced Links from the interview Episode 62 Lukas Heinrich Clemens Lange CERN LHC Computing Grid Large Hadron Collider Kubeflow Data on Kubernetes Community CNCF Research User Group CNCF TOC Volcano moves to incubation KubeCon EU 2022 Episode 165, with Jasmine James Selection process report for KubeCon EU KubeCon China 2021 Research track Puppies at KubeCon NA 2019 Code, mountains and flying Kubernetes on an F/16 Ricardo Rocha on Twitter and on the web

Docker CEO Scott Johnston joins us to talk about the announcements from this week’s DockerCon, the transition from an enterprise to a developer tools company, and the Internet’s favourite whale. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Podes and antipodes Side note: Kubernetes needs the concept of an Antipod. BRB, writing a KEP Google Cloud Podcasts News of the week DockerCon 2022 Docker Extensions Docker Desktop for Linux Late breaking news: Docker acquires Nestybox Spot VMs now on GCE and GKE; spot pods now on GKE Autopilot Fully managed Linkerd with Buoyant Cloud Sign up for CDcon and save 40% by using the code CdCon22AMEET40 AWS adds Kubernetes resource view Deploying Kubernetes clusters in absurd languages by Lee Briggs Links from the interview Docker DockerCon ‘22 DockerCon ‘14, the announcement of Kubernetes Return or Revenge? Scott’s history Four degrees from Stanford, including an MSMSE Sun and Netscape Java Servlets and J2EE Moore’s Law and Metcalfe’s Law Standard on the Internet Tom Lyon Loudcloud/Opsware and a16z Puppet Scott joins Docker in 2014 The monorepo The Soul of a New Machine Docker Swarm Messages from the future and the Google crystal ball Open Cotainers Initiative Docker Desktop for Apple Silicon Macs virtiofs for Mac $2.1 billion valuation Moby Project Moby Ice Cube The Dockershim saga, as reported throughout the episodes: Don’t panic about Docker Dockershim deprecation FAQ Mirantis will support the Dockershim But seriously, don’t worry about the Dockershim Dockershim is, like, proper gone The puns and joke section Docker is krilled to see you Billy T James Beached Az. Can’t eat chups! Docker Extensions CNCF Landscape or Magic Eye? Docker Desktop for Linux Multi-arch on Docker Hub Docker roadmap Scott Johnston on Twitter

Gaze into the stars with Kubernetes 1.24 release team lead, James Laverack. James is a software engineer turned solutions engineer at Jetstack, and explains the difference between the two roles, as well as how he found his home in SIG Release and what to expect in 1.24. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week IMDB and MusicBrainz SheetOps xlskubectl by Daniele Polencic News of the week Kubernetes 1.24 Metaflow on Kubernetes KubeVela 1.3 SocketCAN X Kubernetes ARMO raises $30m Aqua’s 2022 Cloud Native Threat Report CVE-2021-25746 in ingress-nginx About the fix Episode 162, with Alejandro de Brito Fontes and Ricardo Katz Plain Kubernetes Secrets are fine, by Mac Chaffee Links from the interview Bristol Box Life as a Solutions Engineer at Jetstack “I don’t think your job is to code anymore, you just talk to people all day.” Minecraft operator Improbable’s etcd operator Intro to the Kubernetes 1.24 release process Kubernetes 1.24 Full release notes Dockershim is, like, proper gone cri-dockerd containerd CRI-O Beta APIs Off by Default Release artifacts are signed, with experimental support for verifying them Increased supply chain security for Kubernetes SLSA Episode 167, with Rey Lejano Episode 174, with Santiago Torres-Arias Storage Capacity tracking and Volume Expansion Storage plugin migration Azure Disk OpenStack Cinder gRPC liveness and readiness probes Avoiding collisions in IP ranges Release theme and logo 1.25 release team Go 1.18 error delays 1.24 release James Laverack on Twitter

Big week for Istio! Craig talks to Mitch Connors, Istio user experience working group lead and IstioCon program committee co-chair, about the project and the conference. Mitch talks to Craig about the news that Istio has been proposed to the CNCF. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 40th anniversary of the ZX Spectrum Some soothing YouTube channels: Adrian’s Digital Basement Jan Beta RMC - The Cave Mark Fixes Stuff Some conference talks about the Commodore 64: Rich Code for Tiny Computers DevOps for the Commodore 64 DevOps for the ZX Spectrum Manic Miner Play online News of the week Istio has applied to join the CNCF Istio mode in Tanzu Service Mesh KubeVirt moves to Incubation phase in CNCF New sandbox projects: OpenFunction, from Kubesphere Teller, from Spectral Ops Sealer, from Alibaba Chainguard Enforce Episode 47, with Kim Lewandowski EKS Blueprints Unit 42 finds serious vulnerabilities in AWS log4shell hotfix Tanzu State of Kubernetes report Go article in the Communications of the ACM Please support DevOpsDays Kyiv Links from the interview Istio What is Istio? ServiceMeshCon 2019 F5 Networks Merkle tree Merkel tree Sparse Merkle tree When was the last time you implemented a linked list? Envoy proxy istioctl wait Istio working groups Sidecar containers proposal Anthos Service Mesh Managed control and data plane IstioCon 2022 Mitch and Lin’s keynote Istio has applied to join the CNCF Pull request to the CNCF TOC Prusa i3 The frankenprinter RepRap Mitch Connors on GitHub Mitch Conner from South Park Mitch Connors on Twitter

Divya Mohan is a Technical Writer with SUSE, a CNCF Ambassador, co-chair of Kubernetes SIG Docs, and a mentor to new contributors. Learn how her love of language and learning led her from production support to the core of the community. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Volcano moves to incubation stage in CNCF Nephio Automating cloud native networks Announcement press release Improving secure software supply chain by Asra Ali and Laurent Simon, Google Open Source Security Team Docker SBOM When the moon hits your eye like a big pizza pie, that’s Anchore Talos Linux 1.0 What’s new in Talos 1.0 Episode 159, with Andrew Rynhard Grafana raises Series D Tanzu Application Platform v1.1 Kubernetes 1.24 delayed But seriously, don’t worry about the Dockershim Ever Forward also delayed Links from the interview From zero to WIP: How I transitioned from being a sys admin working on legacy middleware to sailing the cloud native seas Hindi, Marathi, Malayalam; just 3 of the 22 scheduled languages of India IGATE HSBC Middleware Episode 175, with Bruno Andrade SIG Docs Kubernetes Community Days Bengaluru SIG Contributor Experience Kubernetes and Cloud Native Associate (KCNA) Season of Docs Summer of Code How to contribute to Kubernetes docs Arsh Sharma LitmusChaos, founded by Uma Mukkara and Karthik Satchitanand Divya joins SUSE Hayden Barnes The Friday Four Divya’s writing on WebAssembly Divya Mohan on Twitter

Bruno Andrade is founder and CEO of Shipa, delivering applications and policy “as code” to Kubernetes with a SaaS model. We discuss founding companies in Canada vs the USA, abstractions for deploying apps, and whether Kubernetes will really ever disappear. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Jimmy Fallon and Jimmy Kimmel One show The other show One behind-the-scenes video Another one Ron Gilbert does not like April Fools Just kidding: Return to Monkey Island “If I ever get to make another Monkey Island, I’m going to announce it on April 1st.” News of the week Grafana Mimir FAQ/Interview with the CEO Hacker News discussion Can Grafana run Doom? Open source StackRox is now available GitHub link Dagger Public launch announcement Series A finance round CUE Fermyon introduces Spin Episode 102, with Matt Butcher Google Distributed Cloud Edge IstioCon 2022 program announced PlatformCon 2022 Chainguard: It’s all about that base image by John Speed Meyers and Zack Newman Docker raises $105m Series C TechCrunch coverage Garden.io raises $16m Series A VentureBeat coverage The Ever Forward container ship is still not going forward Links from the interview Shipa IBM WebSphere and WebSphere Application Server Juniper acquires HTBASE Shipa launch press release Ketch Announcement blog Why Kubernetes Will Disappear The English way Bernese mountain dog Application CRD Application API for Kubernetes Sidecar containers Bruno Andrade on Twitter

When is it safe to run software? When is it safe to drink orange juice? Are we a better judge of one or the other? Santiago Torres-Arias is an Assistant Professor at Purdue University, the team lead of the in-toto project, and a contributor to The Update Framework. He joins Craig to talk security in both physical and software supply chains. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Don’t Forget The Lyrics Gettin’ Jiggy Wit It Explained on Genius Will Smith on Top Gear The Oscars thing (CW: violence, cuss words that Will Smith didn’t used to have to rap to sell records) He’s The Greatest Dancer by Sister Sledge; written by Bernard Edwards and Nile Rodgers of Chic News of the week New Cisco Intersight Kubernetes features Red Hat OpenShift v4.10 ChaosNative acquired by Harness Azure PlayFab launches Thundernetes Episode 26, with Cyril Tovena and Mark Mandel Hacker News commentary Weave GitOps v2022-03 Qumulo for Kubernetes SpectroCloud raises $40m Pinterest: 99% to 99.9% SLO, high performance control plane Uber: Avoiding CPU throttling in a containerized environment Links from the interview in-toto The Update Framework Purdue University Elmore Family School of Electrical and Computer Engineering Purdue Boilermakers Open Source Software Senior Design Projects NYU Tandon School of Engineering Justin Cappos PolyPasswordHasher Episode 155, with Priya Wadhwa apt-secure for Debian packages A keysigning and a signed PGP key Farm to table attestation Potato tracking An example of E. coli in lettuce in-toto record Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack by Trevor Rosen, Solarwinds Reflections on Trusting Trust by Ken Thompson Secure Publication of Datadog Agent Integrations with TUF and in-toto US Executive Order on Improving the Nation’s Cybersecurity Readout of White House Meeting on Software Security sigstore in-toto is the second most used format for sigstore SPIFFE SLSA in-toto moves to incubation in the CNCF CFSSL Math rock Covet: “falkor” TTNG: +3 Awesomeness Repels Water Bird of the Year The kea Breaking a police car Santiago Torres-Arias on Twitter and at badhomb.re

ThreatMapper is an open source tool that hunts for vulnerabilities in your production Kubernetes environment, and ranks them based on their risk of exploit. It is built by Deepfence, who also sell a commercial product based on it called ThreatStryker. Co-founder/CEO Sandeep Lahane and head of products/community Owen Garrett join Craig to discuss how to decide what to open and what to keep closed, and just how deep his fence needs to be. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 171, with Frederic Branczyk Ahmet Alp Balkan’s coffee beans French press Moka pot News of the week Go 1.18 released Go now with Google Cloud Continuous fuzzing in etcd Veritas says Kubernetes is an Achilles Heel in defense against ransomware attacks ARMO’s changelog for the NSA/CISA hardening guide KubeScape Cloud Native Developer Bootcamp Use the code K8SPC30 for 30% off, if it’s before April 19, 2022 when you read this Plural launches with $6m seed round Launch HN post Speed boost on Docker Desktop for Mac Track the Ever Forward Links from the interview Deepfence ThreatMapper: the open source project ThreatStryker: the commercial product A failed startup story Heartbleed Buffer overflow Address Sanitizer Intel SGX Chrome sandbox Intel MPX Spectre and Meltdown NGINX (the company) eBPF Forward secrecy Deepfence’s Series A announcement Shifting left Behind 2 proxies MITRE ATT&CK matrix Cyber Kill Chain ThreatMapper on GitHub What’s new in ThreatMapper 1.3.0? Sandeep Lahare and Owen Garrett on Twitter

The Argo project is a set of four tools to help “get stuff done” with Kubernetes: Workflows, CD, Rollouts and Events. Jesse Suen is a creator of the Argo project and co-founder and CTO of Akuity, a company set up to provide commercial support for it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Daylight saving time Container ship follow-up News of the week Backstage and in-toto join the CNCF Episode 136, with Lee Mills and Matt Clark Episode 155, with Priya Wadhwa Gloo Mesh 2.0 announced at SoloCon The New Stack coverage Linkerd failover operator cr8escape vulnerability in CRI-O GKE Autopilot vulnerabilities disclosed by Palo Alto Networks Updated Kubernetes hardening guide (PDF) KubeCon EU 2022 schedule Inside the numbers CNCF Observability micro-survey run:AI raises $75m Links from the interview Argo Project Argo (film) Jason and the Argonauts Applatix Pratik Wadher and Rahul Dhide Argo Workflows Applatix acquired by Intuit; Intuit acquired Applatix Marianna Tessel Alex Matyushentsev The archived Argo CI Argo CD Argo Rollouts GitOps Engine: Flux CD Argo and Flux joining forces First release of the GitOps Engine FAQ about why this didn’t work out Remote vs Core Argo Events Original BlackRock announcement Argo in the CNCF Akuity The many Aaron Court Motels App of Apps ApplicationSets Join the CNCF Slack Argo Workflows and CD community meetings Jesse Suen on Twitter

The fourth horseman of the apocalypse observability, according to Frederic Branczyk, is continuous profiling. Frederic is founder and CEO of Polar Signals and creator of the Parca open source project. He and Craig talk all things Cloud Native observability. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Bad news from Australia: Shane Warne died National emergency called over flooding Strange news Photoshopped fridge magnets Cookery books News of the week Knative accepted as a CNCF incubating project Google Cloud Managed Service for Prometheus is GA k8ssandra 2.0: operator boogaloo Merbridge: eBPF for Istio by DaoCloud New Kubernetes experience in New Relic CVE-2022-0492 coverage: Unit 42 by Palo Alto Networks Jordy Zomer Links from the interview Frederic Branczyk Over-engineering coffee: Niche Zero grinder Decent Espresso Prometheus Creation at SoundCloud Observing the Kubernetes stack: SIG Instrumentation kube-state-metrics Prometheus Operator Thanos Grafana Loki Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers Shades of blue are no joke when they make you $200m KubeCon EU 2019 Keynote: …What Does the Future Hold for Observability? - Tom Wilkie & Frederic Branczyk Polar Signals Parca Introducing Parca and getting funded Parca on GitHub Episode 163, with Thomas Dullien Flame graphs and icicle graphs PARCA: Program for Arctic Regional Climate Assessment Pyrra by Matthias Loibl Frederic Branczyk on Twitter

Six years after its creation, Kubernetes is the subject of its very own documentary film. Job platform Honeypot has released. Josiah McGarvie was Honeypot’s head of video, and the lead filmmaker for Kubernetes: The Documentary. Join us for the director’s commentary. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 21, with Ihor Dvoretski Ihor joins the army Donate to: Come Back Alive Ukrainian National Bank The International Committee of the Red Cross Red Cross Red Crescent News of the week Podman 4.0.0 Episode 164, with Daniel Walsh and Brent Baude Signadot announces public beta Okteto raises $15m Series A Episode 125, with Ramiro Berrelleza Platform9’s Enterprise Trends in Cloud Native report. Robin.io acquired by Rakuten Symphony TechCrunch coverage Superbowl ad Links from the interview Kubernetes: The Documentary Part 1 and Part 2 Honeypot What is Honeypot? Honeypot documentaries Elixir Ember GraphQL Vue.js Chad Torbin at Speakeasy Strategies Guillermo López Explaining Kubernetes to a child Bohemian Rhapsody (film) Docker’s 1-year anniversary Netflix Kanye West documentary Aspect ratios Some PHP source code Tim Hockin’s t-shirts A wild Kubernetes Podcast sticker Recommended on LinkedIn The Simpsons go to Australia Brisbane Documentary Company Josiah McGarvie on Twitter

Anna Belak learned about containers and security as a Gartner industry analyst. She is now the Director of Thought Leadership at Sysdig, who have just published their latest annual Cloud Native Security and Usage Report. Anna joins Craig to dicuss the report’s findings. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Chaos Mesh moves to Incubation in CNCF Episode 121, with Ed Huang Google raises payouts for Kubernetes vulnerabilities 2021 VRP roundup Sysdig teams up with Snyk, Snyk teams up with Sysdig $25m investment in KubeCost Episode 124, with Webb Brown Links from the interview Sysdig Cloud Native Security and Usage Report 2022 The last time we had a materials engineer on the show Tricking a rock into thinking Why Software is Eating The World Can analysis be worthwhile? Is the theater really dead? Industry analysts Anna Belak at Gartner Doge. Much wow Sysdig $2.5 billion valuation Beginnings Source code Episode 91, with Leonardo Di Donato Tectonic Summit, 2015 Loris Degioanni Episode 137, with Michael Gerstenhaber Sysdig’s changing reports: 2017 2018 2019 2020 2021 GKE Autopilot Are we human, or are we dancer? Anna Belak on Twitter

We’re back for 2022 with a look at Rancher Desktop, which recently hit 1.0. Its creator, Matt Farina, is today’s guest. Matt is a Distinguished Engineer at SUSE, was a founding chair of Kubernetes SIG Apps, and was recently appointed to the CNCF TOC. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes: The Documentary Sysdig Cloud Native Security and Usage Report Rancher Desktop 1.0 Microshift from Red Hat Docker’s second fiscal year Solo announces Bumblebee Istio 1.13 IstioCon announcement Google Cloud Deploy GA GKE Cost Optimization Insights GA Anthos Service Mesh on GKE Autopilot cluster OpenMetrics moves to Incubation phase Episode 37, with Richard Hartmann CNCF archives the OpenTracing project Kubernetes policy management paper CNCF 2021 survey results Links from the interview Matt Farina General Dynamics Land Systems Drupal Palintir (not that one) HP donates patents to support Linux HP acquires Stackato Cloud Foundry distribution CNCF Landscape Or not Helm SIG Apps Artifact Hub) What is the Artifact Hub? Rancher Labs acquired by SUSE Episode 57, with Darren Shepherd Open source from SUSE/Rancher Rio Longhorn Epinio Kubewarden Rancher Desktop Announcement 1.0 release Slashes kube-solo nerdctl k3s and k3d Matt Farina joins the CNCF TOC Cloud Native Podcast Episode 102, with Matt Butcher Matt Farina on Twitter

Learn all about what’s new in today’s Kubernetes 1.23 with its release team lead, Rey Lejano. Rey is a Field Engineer at SUSE/Rancher Labs, and a contributor to the Docs, Release and Security SIGs. Long time listener Adam also drops by to ask Craig what’s been happening with the hiatus. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Ted Lasso Filming locations Knative applies to become a CNCF project Links from the interview African clawed frog Cross-fertilization and structural comparison of egg extracellular matrix glycoproteins from Xenopus laevis and Xenopus tropicalis ITIL RX-M 1.18 release team 1.23 release team Kubernetes 1.23: The Next Frontier Odd numbered Star Trek movies Star Trek V: The Final Frontier SIG Release Charter Enhancements: Dual stack IPv4/IPv6 - Stable Pod security admission - Beta TTL After Finished Controller - Stable Auto delete PVCs created by StatefulSets - Alpha Skip Volume Ownership Change - Stable Generic Ephemeral Inline Volumes CronJobs Deprecation of FlexVolumes Deprecation of klog flags HorizontalPodAutoscaler v2 API - Stable Ephemeral containers - Beta kubectl events improvements - Alpha Kubelet CRI support - Beta 1.22 interview with Savitha Raghunathan 1.24 lead: James Laverack Kubernetes Contributor Celebration Rey Lejano on Twitter

We celebrate the launch of Knative 1.0 with Ville Aikas, who has been with the project since the beginning. He was also with the Kubernetes team at the beginning, and thus we cannot resist a Pete Best comparison. We also celebrate Jimmy’s last show as our guest host with a rapid-fire Kubernetes quiz. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Jimmy graduates! CNCF Landscape The menu at the Cheesecake Factory In-n-Out Secret Menu Links from the interview Important programmers from Finland Paddington Bear University of Washington Google Voice Google Cloud Storage Read-after-write consistency The Fifth Beatle Knative Serving Eventing Build, which became Tekton Pipelines Did we market Knative wrong? by Ahmet Alp Balkan Duck typing Rubber duck debugging Extending Knative for Fun and Profit, by Matt Moore & Ville Aikas Subresources Proposal for custom subresources for CRDs Google Cloud Run IBM Cloud Code Engine Knative steering committee and technical oversight committee Great artists steal Chainguard Episode 152, guest hosted by Dan Lorenc Episode 47, with Kim Lewandowski SLSA Sigstore Ville to present at Knative community meetup on November 17 Craig presented Knative at the Kubernetes Colorado meetup in July 2018 Seattle Kraken Ville Aikas on Twitter

Jasmine James is an Engineering Manager within the Engineering Effectiveness organization at Twitter, focused on their internal developer experience. She is also the latest co-chair of KubeCon + CloudNativeCon, starting with the North America event last week. Jasmine joins us to talk about being in the same room as other people - up to 3,000 of them - for the first time in a long while. The cover art for this show is courtesy of the CNCF and licensed under CC-BY. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the last wee while KubeCon NA 2021 Google Cloud Next ‘21 SREcon21 William Shatner’s words after touching the edge of the final frontier Adele to release a new album Common People Shatner’s new album “Bill” News of the recent past Google Cloud Next: Google Distributed Cloud Edge and Hosted BigQuery Omni is GA Anthos for VMs Managed Service for Prometheus VMworld VMware Tanzu Community Edition Cartographer for supply chain choreography KubeCon + CloudNativeCon CNCF announces record number of new silver members KCNA entry-level certification Cilium joins the CNCF Triggermesh becomes open source Codefresh replatforms on upstream Argo Cloud Native security microsurvey results Introducing Chainguard Episode 152, guest hosted by Dan Lorenc Episode 47, with Kim Lewandowski Kubernetes documentary trailer Links from the interview Atlanta AT&T Delta Air Lines Avoiding the weeds in the Cloud Native Landscape at KubeCon NA 2018 Q&A with Jasmine James, newest KubeCon co-chair The selection process for KubeCon NA 2021 Upcoming CNCF events Co-co-chairs: Episode 117, with Constance Caramanolis Episode 130, with Stephen Augustus Keynotes of note: Three Developer Experience keynotes from Constance, Jasmine, and Robert Duffy A Vulnerable Tale about Burnout by Julia Simon The Road to Multicluster by Kaslin Fields Episode 62, with Ricardo Rocha, Lukas Heinrch and Clemens Lange Interaction wristbands Horseback riding and fishing Jasmine James on Twitter

Red Hat maintains a full set of container tools and libraries, bringing their pedigree in security and operating system engineering. The most notable of those tools, Podman, has had a surge in popularity this month, after Docker announced changes in their subscription model. Daniel Walsh leads the Red Hat containers team, and Brent Baude is the architect and primary maintainer of Podman. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Ira Glass in the wardrobe News of the week Announcing Google Cloud Deploy DORA Accelerate State of DevOps 2021 report Mirantis Flow “reinvents the datacenter” Episode 110, with Adrian Ionel Deis Labs introduces Hippo Accelerating new features in Docker Desktop Distroless builds are now SLSA 2 Episode 155, with Priya Wadhwa CNCF DevSecOps radar Links from the interview Dan Walsh Brent Baude SELinux Stop Disabling SELinux SELinux Sandbox Project Atomic Red Hat patches for container registry rejected by Docker Docker client/server model Red Hat’s container suite: Podman CRI-O Buildah containers/storage containers/image Skopeo Open Container Initiative (OCI) Podman features: Drop-in Docker replacement play kube, run a pod from YAML generate kube, make YAML from local containers Running rootless systemd integration Socket activated services podman-compose Podman in Podman Podman in Kubernetes Builder in a Boston accent containerd, CRI-O and Docker in Kubernetes “Podman Desktop” Docker changes desktop subscription model Podman on Mac Podman on Windows with WSL2 Remote client Notes from the recent Podman Cabal meeting Quay GitHub discussion Daniel Walsh on Twitter Brent Baude on Twitter

Prodfiler is a new tool that provides fleet-wide full-system continuous profiling. It is in some ways the second act of its co-creator Thomas Dullien, who is an internationally-renowned reverse engineer and vulnerability researcher under the name Halvar Flake. Thomas joins us to discuss his career, what you should profile in a distributed system, and why you can’t sell something with a negative cost. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Container blocakges Container houses News of the week Crossplane moves to incubation in CNCF: CNCF coverage Crossplane coverage Episode 141, with Daniel Mangum Backup for GKE Google Cloud Next session catalog is live Register here Kubernetes multi-cluster panel on October 6 GKE updates: publishing with Private Service Connect, CSI driver for Filestore GA, SSL policies & HTTPS redirects for multi-cluster Ingress Azurescape: attack on Azure Container Instances by Unit 42 at Palo Alto Networks CVE-2021-25741 for subpath mount symlink attack (High) CVE-2020-8561 for webhook response logging (Medium) NCC Group weighs in on NSA guidance Snyk raises $530m Episode 140, with Kamil Potrec Sqlcommenter merges with OpenTelemetry Kubermatic 2.18 and KubeOne 1.3 Episode 109, with Sebastian Scheele Tanzu Kubernetes Grid 1.4 5 years of Envoy OSS Episode 33, with Matt Klein Links from the interview Thomas Dullien/Halvar Flake Mathematik, with a K Stages of life vs. maths ability required, by Pearls of Raw Nerdism Vicky the Viking TV show Assembly Language Masterclass GEOS copy protection by Michael Stiel Time travel debugging “German hacker denied entrance into US for Black Hat training” Zynamics acquired by Google BinDiff BinNavi Project Zero “For whom?”, asked R Morris Sr. optimyze.cloud’s original business model Introducing Prodfiler Profiling The Datacenter As A Computer: An Introduction to the Design of Warehouse-Scale Machines Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers Dapper, a Large-Scale Distributed Systems Tracing Infrastructure and Jaeger The mystery of Kubelet eating CPU and IOPS Fortran Web Framework: it’s not irrelevant, really! Halvar Flake on Twitter

The most popular Ingress controller for Kubernetes is ingress-nginx, created in 2015 by Alejandro de Brito Fontes. Alejandro stepped down earlier this year, and the project is now maintained by a team including Ricardo Katz. Learn the history and what’s in the new 1.0 release from a pair of South American self-proclaimed sysadmins. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Zealand cinema worker left red-faced after voicemail blooper Uncensored version on TikTok News of the week Amazon EKS Anywhere is GA and EKS Connector is in preview CNI 1.0.1 Red Kubes makes Otomi self-service features free of charge Scale down mode and custom policy for Microsoft AKS k8ssandra moves from Helm to operator API server tracing in Kubernetes 1.22 by David Ashpole Episode 113 How Docker Broke In Half, by Scott Carey] Episode 156, with Sebastien Pahl Episode 110, with Adrian Ionel Links from the interview ingress-nginx Early computing IBM PC/XT Windows 95 Pinball Flight simulator easter egg in Excel 97 Slackware Bible Foca Linux History of Ingress Ingress announced in Kubernetes 1.1 CoreOS Fleet Service loadbalancer kube-haproxy-router Kubernetes Ingress proposal issue ingress-gce ingress-nginx: Alejandro’s proposal for ingress-nginx Original PR Alejandro’s bare metal cluster - then and now Ricardo’s early contributions Note that NGINX Inc. have their own Ingress controller, for the open source or commercial versions of NGINX Their comparison of the two versions Supporting open source: Alejandro steps down as ingress-nginx maintainer He actually tried earlier, but no-one else stepped up! Core Infrastructure Initiative fund for supporting the Internet xkcd on internet dependencies Episode 116, with Alex Ellis The future: ingress-nginx 1.0.0 NGINX Inc. commits more to open source Gateway API IngressClass and upgrades to the v1 Ingress API ModSecurity and Curiefense Alejandro de Brito Fontes on Twitter Ricardo Katz on Twitter

Adevinta is an online classified ads company, operating many local brands. Daniel Megyesi is a DevOps engineer at Adevinta and maintainer of their central big data and Machine Learning platform, Unicron. Learn why they wanted to replace Mesos, how they aligned their engineering efforts to do so, and the choices that had to be made to provide an easy experience for their data engineers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Dolores Park The Garden at Buckingham Palace The fire at Windsor Castle Most currencies featuring the same individual News of the week Docker updates subscription plan Google commits $10 billion to advance cybersecurity Detail blog from previous guests Eric Brewer and Dan Lorenc Episode 155, with Priya Wadhwa ingress-nginx 1.0.0 NGINX Inc. commits to open source OpenTelemetry moves to Incubation phase IBM open sources Tornjak Tornjak dog SUSE Rancher 2.6 VMware announces Tanzu Application Platform Infoworld coverage Rafay Systems raises $25 million Grafana Labs raises $220 million Episode 122, with Torkel Ödegaard Links from the interview April Fools Proxy Adevinta, the world’s largest online classifieds group after acquiring eBay’s classifieds division Spark, Mesos, Chronos, AWS EMR Introducing Unicron, our big data and Machine Learning platform by Daniel Megyesi Not the logo Gardener GKE Autopilot Argo CD and Argo Workfloads Spark Operator and Luigi 1:8 scale model DeLorean 1:2 scale model Terminator Infrastructure Adventures, Daniel’s blog Daniel Megyesi on LinkedIn

KEDA, the Kubernetes Event-Driven Autoscaler, is a project that adds superpowers to the Kubernetes horizontal pod autoscaler, including zero-to-one scaling. Celebrate KEDA reaching Incubation in the CNCF by listening to an interview with maintainer Tom Kerkhove from Codit. But first, learn about Craig’s worst concert experience. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Correction to Episode 158: Mike Richards is no longer host of Jeopardy! Troy meets LeVar Burton The Chase (USA) The Chase (UK) The Judds Charlie Watts: Rolling Stones drummer dies at 80 The Rolling Stones: A Bigger Bang tour Moving stage News of the week KEDA moves to CNCF Incubation Kubescape from ARMO Security GKE adds OIDC identity provider and gVNIC support Gloo Mesh 1.1 Istio security announcement Envoy security announcement Cron jobs and timezones in Kubernetes Links from the interview KEDA: Kubernetes Event-Driven Autoscaling Bruges Codit Azure Service Fabric Azure Cloud Services Horizontal pod autoscaler Custom metrics in HPA (added in Kubernetes 1.6) Promitor: bridge between Azure Monitor and Prometheus KEDA announcement from Microsoft Scaling a deployment Scalers Microsoft moves KEDA to the CNCF Sandbox External scalers KEP for adding scale-to-zero to HPA Knative scale to zero CNCF Sandbox announcement Versions 1.0 and 2.0 Users KEDA on GitHub Tom Kerkhove on Twitter and his blog

Kubernetes lets us manage our infrastructure declaratively, so why do we still manage the underlying OS with a myriad of different text files? And why allow shell and SSH access to a machine that should be immutable? So asked Andrew Rynhard before creating Talos, a Linux distribution built for Kubernetes. He’s now CTO of Talos Systems, a company founded to take it to market. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 40 years of the IBM PC 5150 emulator and docs What was it like to use? Twitter thread about the cost of add-ons 41 years ago: the story of the creation of the PC DONKEY.BAS Play it on the 5150 emulator Learn about it Play it on the iPhone or Apple Watch Commodore 64 Wheel of Fortune Little Computer People C64 vs IBM advertising 6502 and derivative CPUs: the C64 used a 6510 Bender News of the week Litmus 2.0.0 Episode 56, with Evan Powell SPIRE security audit Episode 45, with Andrew Jessup Bovine by Nick Gerace Rust Cloud Native Verify GKE services are up with dedicated uptime checks LFX projects open for (Northern) Fall term Links from the interview Talos (the OS) Linux from Scratch Talos (the robot) COSI Comparing k3s to vanilla Kubernetes on Talos Talos announcement on Reddit and Hacker News Talos Systems Launch blog Brazilian jiu-jitsu COSI announcement from KubeCon EU 2021 Andrew Rynhard on Twitter

What is a telecommunications provider, if not a very distributed system? Kubernetes is becoming an important engine for the world’s telcos, especially as they roll out 5G. Vuk Gojnic leads the team rolling out Kubernetes across Deutsche Telekom (the parent company of T-Mobile), and he tells us how the worlds of telco and cloud have converged. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Jeopardy! hosts The Price Is Right Bob Barker in Happy Gilmore Spay and neuter your pets News of the week eBPF Foundation announcement Episode 91, with Leonardo Di Donato Episode 133, with Thomas Graf Istio 1.11 NSA & CISA release Kubernetes hardening guidance PDF link Google Cloud Service Discovery adds GKE auto-discovery Troubleshoot GKE faster with monitoring data in your logs Sysdig announces new Prometheus integrations Nirmata takes $4m in funding CNCF Survey, part 2 Links from the interview History of Montenegro Balkans region Postal, telegraph and telephone services Cafe del Montenegro “archeological remains” (archeological remains of original Cafe del Montenegro) CdM today Crnogorski Telekom Deutsche Telekom Crossbar switches O-RAN Software Community and source code Network function virtualization Natural selection Mobile base station DSLAM 5G Das blinkenlights Das Schiff Das Boot Cluster API Flux CD OpenStack Ironic mIRC Vuk Gojnic on Twitter

It’s Kubernetes release day! The team that launched v1.22 of everyone’s favourite cluster management software was led by Savitha Raghunathan, Senior Platform Engineer at MathWorks. Savitha joins host Craig Box to talk contribution, containers and cricket. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Life before smartphones Dark Sky, hyperlocal weather app Karl the Fog Universal Studios Kubeyland 2021 The Simpsons Ride News of the week Kubernetes 1.22 announcement Sign up for the 1.23 release team Linkerd graduates* in the CNCF Cosign 1.0 Episode 152, guest host Dan Lorenc Episode 155, with Priya Wadwha Cloud Native Rejekts CFP Episode 79, with Chris Kühl Introducing Koncrete by the Kalm team Nestybox adds Kubernetes support Curiefense adds NGINX support Replicated announces $50M Series C Episode 143, with Grant Miller Kubernetes platform updates: Deckhouse, by Flant, is GA Red Hat OpenShift 4.8 Rafay adds new features to Kubernetes Management Cloud Carvel Package Manager for Kubernetes Porter and seed funding announcement Links from the interview Chennai Super Kings Stephen Fleming; coach, A/C salesman and Yellow Wiggle Royal Challengers Bangalore MathWorks MATLAB Math vs maths? (Doesn’t actually matter; MATLAB is short for Matrix Laboratory) Savitha’s first contribution Kubernetes GitHub workflow and pull request guide Kubernetes 1.22 release announcement Release Team Loki and WandaVision Enhancements of note: Seccomp by default Rootless Kubelet Pod admission control Node swap support Windows privileged containers 1.21 release interview with Nabarun Pal Do, Delegate and Defer Release lead for 1.23: Rey Lejano In memoriam: Peeyush Gupta Donate to Peeyush’s Family Education Fund Coffee art Amigurumi Savitha’s cat Savitha Raghunathan on Twitter

Sebastien Pahl is a pioneer of container technology, building the predecessor to Docker as a co-founder of Dotcloud. After working at some big tech companies, he’s back to the startup life as co-founder of Opstrace, a fully open source observability distribution, built on top of the tools you know and love. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Pictograms Korea on Italy Pita Taufatofua, the oily Tongan Olympic drones Inclement weather: Tokyo New York City London News of the week Kubernetes 1.22 release candidates is out Episode 146, with Nabarun Pal Cloud Foundry Foundation releases v5 Episode 105, with Chip Childers Connaisseur 2.0.0 Episode 155, with Priya Wadwha Chaos Mesh 2.0.0 Episode 121, with Ed Huang Spectro Cloud raises $20m Series A Nominate yourself for the 1.23 Release Team Links from the interview EPITECH Solomon Hykes Departure blog Dotcloud Y Combinator $10m funding round Cloudflare Mesosphere HD-DVD and Betamax Operator Framework/Operator SDK Opstrace Prometheus Cortex Grafana Loki Grafana relicensing OpenMetrics and OpenTelemetry Matter, for smart home devices Opstrace on GitHub Sebastien Pahl on Twitter

The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Virgin Galactic launch NBC News BBC News Blue Origin launch NBC News BBC News Rocket scene from Austin Powers: The Spy Who Shagged Me The memes News of the week Google Cloud Container Security webinar Register for Google Cloud Next 2021 Google Cloud IDS Windows Server support for Anthos on-prem Multi-Cluster Ingress for GKE CVE-2021-22555: Kernel code execution through Netfilter bug CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding CVE-2021-32690: Helm repository credentials passed to alternate domain Attacks on Argo Workflows discovered by Intezer Sysdig acquires Apolicy; Apolicy acquired by Sysdig CockroachDB Operator for Kubernetes Automatic remediation of Kubernetes nodes at Cloudflare Sciuro Kured CNCF App Delivery TAG publishes operator whitepaper Links from the interview Software supply chain Know, Prevent, Fix Reproducible builds Debian Project SolarWinds hack US Executive Order on Improving the Nation’s Cybersecurity Binary Authorization Provenance, in art and software in-toto “Farm to table” sigstore Announcement blog cosign Announcement blog Dan Lorenc’s blog Connaisseur Rekor Fulcio Key signing ceremony: Dan Lorenc on Episode 152 Announcement blog Video Tekton Tekton Chains Announcement blog, by Priya & Dan SBOM (Software Bill of Materials) Open Source Insights Announcement blog Nine Inch Nails’ Year Zero ARG Scorecards Announcement blog v2 blog SLSA Announcement blog GitHub SupplyChainSecurityCon sigstore Slack channel Priya Wadhwa on Twitter

Gatekeeper is an open source project which lets you enforce policy in a Kubernetes cluster. It’s also the basis for Policy Controller, a hosted and managed version now available for all GKE users. Max Smythe, a senior SWE at Google, is a maintainer of Gatekeeper and the TL of Policy Controller. He joins us to talk constraints, config and Cruise. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week England loses Euro 2020 final It’s Coming Ohm: prediction on power usage Half time power spike Top 20 spikes The Thorn Birds The Superbowl Flush - debunked! Tokyo Olympic Games Opening Ceremonies Hedbanz News of the week APIs being removed in Kubernetes 1.22 ContainIQ launches Postgres Operator 5.0 NetworkServiceMesh 1.0.0 Google Cloud Certificate Authority Service GA and cert-manager integration Platform9 Managed KubeVirt InsightCloudSec from Rapid7 Sophos acquires Capsul8 Spring 2021 graduating class from CNCF-sponsored LFX Mentorship program Links from the interview Brian May Edge of Tomorrow The redemption thereof Chubby Riak Gatekeeper Anthos Config Management Config Sync Policy Controller Episode 101, with Tim Hinrichs and Torin Sandall PodSecurityPolicy is not going GA SIG Auth’s replacement proposal Using ACM constraints to enforce Pod security OPA Constraint framework Policy Controller: Creating constraints Writing a constraint template Structural schemas Design Patterns for Extendable, Scalable K8s Extensions by Rita Zhang and Max Smythe Max Smythe on Twitter

Debugging Kubernetes often involves correlating what happened just before something went bad. Itiel Shwartz is a co-founder of Komodor, a startup who builds a platform to help with exactly that. We talk Hebrew names, Hungarian dogs and German car crashes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Jimmy Moore steps out from behind the scenes Conan O’Brien Needs A Friend Revisionist History Letterman reads out Johnny’s jokes Mythic Quest News of the week Joint US/UK cybersecurity advisory saying Russia is using Kubernetes CNCF and FinOps Foundation survey Canonical Kubernetes usage survey CNCF End User Radar for multi-cluster tools runc 1.0.0 Buoyant Cloud Public Beta Sloth, by Xabier Larrakoetxea Links from the interview Komodor “Itiel” and “ETL” Rookout Forter Ben Ofiri Komodor team photo The Komondor (and image search) Man Who Looks Like His Dog Jack Tramiel, co-founder of Commodore International The story of the name “Commodore” Man Who Looks Like His Dog Single bit-flip renders certificate transparency log invalid $25 million funding with angel investors Itiel Shwartz and Komodor on Twitter

Steve McGhee worked as an SRE at Google for almost 10 years, then took a job outside the company. He was tasked with recreating “Google Production” and SRE practice from first principals, but with three books, modern cloud providers, and the entire Kubernetes ecosystem to help. How did he do? Learn about that which you can and can’t replace. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Dan’s recent work has come up in episodes 136, 142, and 151, to name but a few Episode 39, with Dan Lorenc Tekton CD Sigstore Dan’s Peter Jackson look Sigstore Root Key Ceremony IANA Key Signing Ceremonies and changes in the time of COVID News of the week GKE news: New Tau VMs on Google Cloud and GKE Committed use discounts for GKE Autopilot Cloud Onboard training for GKE with Kaslin Fields, on June 22 Stackrox/Red Hat State of Kubernetes Security blog post and report etcd 3.5 SLSA: Supply chain Levels for Software Artifacts Ensemble, by Tesera Harbor operator 1.0 Weave GitOps Core Episodes 144 and 145, with Alexis Richardson WSO2 launches Choreo and acquires Platformer KubeCon EU 2021 transparency report COVID vaccine required to attend fall 2021 Linux Foundation events Opinions on Knative positioning by Ahmet Alp Balkan Episode 66 Links from the interview LG Chocolate Phone and the Crazy Frog Good SRE is the inverse of the XKCD comic on Standards “Breaking Prod: More than once, I personally made it impossible to use google search from a phone (for a little bit). Like, for everyone on the planet.” San Luis Obispo, California (SLO) GIFEE, coined at CoreOS Rebuilding SRE, from Memory Ben Treynor Sloss Homer Simpson’s Car Postcards from the future and the crystal ball It is against the law to have a sleeping donkey in your bathtub after 7pm How To Avoid Huge Ships Prometheus Canary releases Canary deployments with Istio SLO Math, by Steve McGhee (SLOconf 2021) The SRE I Aspire To Be, by Yaniv Aknin (SREcon 2019) RAID. a Redundant Array of Inexpensive/Independent Disks Deployment Archetypes for Cloud Applications, by Brad Calder and Anna Berenberg Steve McGhee on Twitter

NVIDIA and Google have teamed up to bring the new Multi-Instance GPU feature, launched with the NVIDIA A100, to GKE. We speak to Kevin Klues from NVIDIA and Pradeep Venkatachalam from Google Cloud on how and why people use GPUs, optimising instance shapes for machine learning, and why less is often more. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 64, with Sarah D’Angelo and Patrick Flynn Catching up with Patrick in Episode 148 Winthrop, Washington Blackdown Hills, Devon News of the week Azure App Services now available for Azure Arc Azure Arc and App Service blog posts Other new AKS capbilities Virtualization Review coverage ECS Anywhere made GA by press release AWS App Runner Integrating Google Cloud DNS with GKE Istio 1.10 Terraform 1.0 Grafana 8.0 and Tempo 1.0 Argo Rollouts 1.0 Kubesphere 3.1.0 Cilium 1.10 OpenSLO spec launched at SLOConf Episode 147, with Brian Singer and Kit Merker Envoy GA on Windows Chaos Experimentation Framework for Envoy El Carro operator for Oracle Database from Google Cloud Moco operator for MySQL from Kintone PlanetScale GA Episode 81, with Jiten Vaidya and Sugu Sougoumarane FoundationDB paper from ACM SIG MOD DockerCon announcements Coverage of Development Environments from The Register Deps: Open Source Insights project from Google Graph for Kubernetes 1.0.0 Graph for Kubernetes 1.22.0-alpha.2 Verifiable Supply Chain Metadata with Tekton Chains Kubernetes CVEs: CVE-2021-25736 CVE-2021-25737 CVE-2021-25738 runc CVE-2021-30465 VS Code Plugin for Kubernetes CVE-2021-31938 Steve Smith says “GitOps is a placebo” in a blog post and Twitter thread Follow up from Vic Iglesias GitOpsDays Styra raises $40m Series B round Episode 101, with Tim Hinrichs and Torin Sandall Cloud Native community goes live with 10 shows on something called Twitch YouTube playlist for KubeCon EU 2021 Links from the interview Episode 92, with Pramod Ramarao Dogecoin Training and inference 12 things that prove Doom will run on literally anything “It runs Doom” subreddit CUDA vGPUs Multi-Instance GPUs GKE now supports multi-instance GPUs 7 core MacBook Air GPUs A100 GPU 16 A100 GPUs on a Google Cloud VM Running GPUs on GKE Node taints for scheduling NVIDIA Container Toolkit GCP NVIDIA GPU device plugin Kubernetes NVIDIA device plugin GTC 2021 talks: A Deep Dive on Supporting Multi-Instance GPUs in Containers and Kubernetes by Kevin and Pradeep Gain Competitive Advantage using ML Ops: Kubeflow and NVIDIA Merlin and Google Cloud by Andrew Stein and Maulin Patel (Google) and Davide Onofrio (NVIDIA) Kevin’s KubeCon talk and slides Kevin Klues on Twitter

Pixie Labs built an observabiity platform for Kubernetes, which uses eBPF to get telemetry without user intervention. They were recently acquired by New Relic, who open sourced the Pixie software. Co-founders Zain Asgar and Ishan Mukherjee join Craig Box to tell the story and talk about what’s next. Guest host Alex Ellis tends his garden. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 116, with Alex Ellis GrowLab Announcement blog Alex’s talk at the GIFEE Day Monty Don OpenFaaS in the RISC-V keynote New Kubernetes on Edge training course News of the week eBPF for Windows GKE Dataplane V2 is GA Confluent for Kubernetes GA VMware Tanzu SQL, with MySQL, for Kubernetes, 1.0 VMware Modern Apps Connectivity Solution Do the State of DevOps survey! Links from the interview Pixie Labs What is Pixie overview slides presented to CNCF Public beta launch and announcement of Series A funding TechCrunch coverage Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs A day in the life of a Kiva robot Recognition for Google Lens clothing recognition Dog or blueberry muffin? Episode 125, with Ramiro Berrelleza How Pixie Works New Relic goes all-in on OpenTelemetry and Open Source Pixie on GitHub Pixienauts community New Relic upgrades to Platinum member at CNCF Zain Asgar and Ishan Mukherjee on Twitter

A small army of community volunteers is necessary to host a KubeCon, but behind them is a professional events team. Colleen Mickey is Director of Event Services at the Linux Foundation and is responsible for KubeCon + CloudNativeCon, as well as other events like Hyperledger Global Forum and cdCon. She talks to us about hosting, feeding and watering 10,000 people, as well as the change to virtual events. We also bring the round-up of the KubeCon news, including our famous Lightning Round. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 29, with Janet Kuo Looking back at KubeCon Shanghai 2018 News of the week New Relic and Pixie Labs blogs on Pixie being open sourced New Relic joins CNCF as a Platinum Member Red Hat launches the Stackrox community at stackrox.io OpenShift GitOps and OpenShift Pipelines Snyk’s State of Cloud Native Application Security report announcement and results OCI Distribution Specification reaches 1.0 Prometheus to launch conformance program New CNCF sandbox projects: Vineyard, an in-memory immutable data manager WasmEdge Runtime, a WebAssembly Virtual Machine for cloud, AI, and blockchain applications ChaosBlade, an open-source version of Alibaba’s chaos tools Fluid, a data and storage abstraction for AI and cloud-native applications Submariner, a cross-cluster overlay of overlay networks Antrea, a Kubernetes CNI plugin Episode 128, with Antonin Bas CNCF Edge survey results and free Kubernetes on Edge Training Episode 116, with Alex Ellis Inclusive Naming Initiative receives Honorable Mention at Fast Company’s 2021 World Changing Ideas Awards ‘Master,’ ‘Slave’ and the Fight Over Offensive Terms in Computing by Kate Conger of the New York Times Episode 130, with Stephen Augustus Spotify wins CNCF Top End User Award Episode 50, with David Xia Episode 136, with Lee Mills and Matt Clarke. Lightning round Accuknox secured $4.6m in seed funding Accurics announced Terrascan integrates with Argo CD Ambassador introduced a Developer Control Plane Armory introduced mini-Spinnaker installation Minnaker, built on k3s Arrikto announced MiniKF 1.3 and Eenterprise Kubeflow for Azure Avesha launched Smart Application Cloud Framework Bridgecrew published security trends from analyzing Helm charts CAST AI announced Amazon EKS cost optimizer Civo launched K3s-as-a service to early adopters Cloudical introduced version 1.8 of VanillaStack DataStax announced that k8ssandra supports all distributions Dynatrace added the ability to ingest OpenTelemetry traces HAProxy launched version 1.6 Kubernetes ingress controller Kasten added ransomware protection with v4.0 of K10 Kubermatic Kubernetes Platform 2.17 Kubernative says that KubeOps is now a full-fledged Managed Kubernetes Framework Netdata has added Kubernetes monitoring features to their Cloud service Nirmata announced Nirmata Policy Manager, based on Kyverno OpenNebula released a new K3s Virtual Appliance for running Edge Clouds Portainer raised $6M in a Series A round to Accelerate their global expansion Portworx pre-announced PX-Backup 2.0 with support for external auth services Rancher launched a new Rancher Desktop tool in Alpha for Windows and Mac Rafay launched new features to its Kubernetes Management Cloud Splunk announced their Observability Cloud is Generally Available StackPulse announced a Kubernetes-centric operations center StorageOS version 2.4 brings encryption at rest and rapid application recovery StormForge introduced automatic scanning of in-cluster resources StreamNative open sourced Function Mesh for running Apache Pulsar functions Sysdig added runtime detection and response for AWS Fargate Tigera released Calico Enterprise 3.5 with Dynamic Service Graph and eBPF data plane Timescale raised $40m Series B for Postgres-based TSDB and Prometheus cloud Trilio announced Kubernetes Backup Monitoring for Velero users Vitess launched version 10, with support for the Ruby on Rails framework Wanclouds launched multi-cloud Disaster Recovery as a Service Weaveworks launched Weave Kubernetes Platform 2.5 with multi cluster observability platform Zebrium now automatically perform Root Cause Analysis with integration into Opsgenie Links from the interview The first KubeCon in 2015 KubeCon donated to the CNCF CNCF presents CloudNativeCon and hosts future KubeCon events (2016) Dreamforce brings in cruise ships KubeCon NA 2017 in Austin, TX Linux Foundation Climate Finance Foundation Diamond sponsor lottery Diversity and inclusion at KubeCon EU Sponsorship open for KubeCon NA 2021 Event platforms: Intrado MeetingPlay KubeCon + CloudNativeCon Europe 2021 KubeCon + CloudNativeCon North America 2021 GopherCon EU 2018 in Iceland Colleen Mickey on LinkedIn

Liqo is short for Liquid Computing. It’s a tool for extending Kubernetes onto others clusters, developed at the Polytechnic University of Turin. Research assistant and Liqo co-creator Alex Palesandro is our guest this week. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 64 with Sarah D’Angelo and Patrick Flynn Three years ago today James Strachan, James Rawlings and Dan Lorenc Jib reCAPTCHA News of the week Microsoft to acquire Kinvolk, Kinvolk to be acquired by Microsoft Episode 79 with Chris Kühl Red Hat Virtual Summit announcements Red Hat OpenShift Platform Plus Rackspace and Platform9 announce partnership Episode 88, with Madhura Maskasky Lens 5 Beta HYCU joins the Kubernetes backup party Sysdig joins the cloud security unicorns Episode 91, with Leonardo Di Donato GKE adds multi-instance GPUs and a new Gateway controller Kubernetes moves to three releases per year Links from the interview Alex Palesandro Politecnico di Torino Alex’s thesis Episode 141, with Daniel Mangum Episode 142, with Gianluca Arbezzano Fiat and Stellantis DAUIN, Department of Control and Computer Engineering Netgroup Crown Labs Blender Liqo Virtual Kubelet mDNS Kubernetes TLS bootstrapping Vint Cerf at 6UK launch in 2010 kubefed Liqo roadmap Liqo on GitHub Alex Palesandro on Twitter

Brian Singer co-founded Orbitera, which was acquired by Google in 2016. During that process he met Kit Merker, who was a PM on GKE and the GCP Marketplace, and the two are now working togther on relability engineering startup Nobl9. We talk about migrating Orbitera to GKE and Google’s SRE platform, and how many 9s are too many. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 94, with Richard Belleville The G in gRPC stands for: Gilded Guadalupe River Park Conservancy The Great British Bake Off? Not grey, just backlit! Much improved here News of the week Grafana relicensing to AGPLv3 Q&A on relicensing Google’s public ban on AGPL Amazon introduces OpenSerarch Pulumi v3.0 Episode 76, with Joe Duffy k8ssandra v1.1 Cassandra Kubernetes SIG picks Cass Operator Docker Desktop for Apple Silicon Macs is GA Zerto for Kubernetes Three different multi-tenancy models Loft Labs open sources Vcluster CVE-2021-20291 in CRI-O and Podman Kubernetes blog updates: Volume health monitoring Indexed Jobs Graceful node shutdown Defining Network Policy conformance for CNI providers Evolving Kubernetes networking with the Gateway API Links from the interview Orbitera in 2016 - acquired by Google Why Orbitera was migrated to GKE Site Reliability Engineering Service level objectives Error budgets and risk Being too reliable SLOs, SLAs, SLIs SLOs explained in 90 seconds video by Kit Merker Nobl9 SLO Platform SLOconf Fly to SLO Fly to Oslo Beyond Seattle SRE meetup Slash at Wembley Arena Brian Singer on Twitter Kit Merker on Twitter

Celebrate the release of Kubernetes 1.21 with release team lead Nabarun Pal from VMware. Nabarun talks about choosing between “hardware” and software, additions and removals from Kubernetes 1.21, and how the Kubernetes project has become more welcoming to people outside the USA. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Moscone Center vaccination site Monday morning weather in London Before and after haircut World record barbering News of the week Kubernetes 1.21 CronJobs are GA Local Storage features go Beta Suspended Jobs in Alpha kube-state-metrics v2.0 emissary-ingress joins the CNCF Shell Operator v1 for Kubernetes operators kubesploit, from CyberArk CVE-2021-25735: Validating Admission Webhook does not observe some previous fields on Node objects Kubegres Minio adds Kubernetes operator and console Scaling Kubernetes with assurance at Pinterest by Anson Qian SUSE sponsors 300 scholarships in cloud native education A reprieve for Apache Mesos Links from the interview Nabarun Pal IIT Roorkee Logo ABU Robocon Models and Robotics Section, IIT Roorkee Rorodata/Algoshelf PyCon India Building microservices with Firefly at PyCon India 2017 Conference talks Linux Users’ Group of Durgapur (DGPLUG) and FOSS training Kubernetes Bangalore meetup Nabarun’s journey in the Kubernetes release team Applications for Kubernetes 1.21 release team are open Episode 130 with Stephen Augustus Kubernetes 1.21 release blog Kubernetes Enhancement Proposals (KEPs) 1.21 release page PodSecurityPolicy deprecation and KEP Making sure features don’t languish in Beta Volume health monitoring Command metadata in kubectl headers Tweet from @dims bribing people to test Release Candidate builds Savitha Raghunathan is release lead for 1.21 Lewis Hamilton tied with Michael Schumacher Mick Schumacher joins F1 Nabarun Pal on Twitter

We conclude our two-part conversation with Weaveworks co-founder Alexis Richardson, picking up when the company received Series A investment in December 2014. Since then, they built projects like Scope, Cortex and Flux as well as SaaS offerings based on them. We also look at Alexis’s role in the founding of the CNCF. Please be sure to listen to the first part before this one! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Educational YouTubers: Film Riot Mental Floss Animator Island Infrastructure for Entertainment by Justin Garrison at KubeCon NA 2020 Episode 20, with Justin Garrison News of the week Kubernetes 1.21 PodSecurityPolicy deprecation KubeVela 1.0 Argo Workflows 3.0 and Argo CD 2.0 Cilium launches NetworkPolicy site IBM Cloud Code Engine is GA Tanzu Cloud Native Runtimes public beta New security offerings from Tanzu Cisco Intersight Kubernetes Service is GA Tetrate Service Bridge is also GA Updates to Azure Arc enabled Kubernetes and OpenServiceMesh add-on for Azure in Preview etcd project journey report published Single sign-on guide for Kubernetes by Ben Dixon Apache Mesos moving to the Attic Links from the interview Last week’s episode Weaveworks Weaveworks takes a $5m Series A round Weave Scope and its annoucement Cortex Flux CD and its announcement as a service routing layer Weave Cloud Docker Swarm Mode kubernetes-anywhere kubeadm How we made kubeadm Brandon Philips’ newsletter Launching eksctl The August 2017 post introducing GitOps Peter Bourgon and Michael Bridgen Kelsey Hightower talk at GitOpsDays Guide to GitOps Steam engine centrifugal governor Flux joins the CNCF Flagger Announcement about Argo and Flux joining forces Weaveworks is a founding member of the CNCF Alexis elected as TOC chair Battlestar Galactica Weave Kubernetes Platform Series C funding Alexis Richardson on Twitter

We’re trying something new! In Part 1 of a two-part conversation with Weaveworks co-founder Alexis Richardson, we have a wide ranging conversation about career choices, finance, founding and selling tech companies, and the dangers of being pigeon-holed based on the first project your company releases. Next week we’ll finish the conversation by talking about Weave projects like Flux and Cortex, as well as their SaaS offerings, the founding of the CNCF, and whether Weave built the platform they set out to build when they started 7 years ago. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Evergiven Everywhere “Reply all” at the State Department Evergreen truck blocks Chineses highway Little ship stuck in Littlehampton harbour Vote for the name of the Seattle Tunnel Boring Machine Sir Mix-a-Lot News of the week Outdated; a new open source project from Replicated Episode 143, with Grant Miller Kubestr by Kasten by Veeam, by golly The Aerospike Kubernetes Operator Tanzu Kubernetes Grid v1.3 Red Hat OpenShift on AWS is GA Quay.io is changing login methods Container vulnerability scanning from Sophos Kubecost raises $5.5m in funding Episode 124, with Webb Brown Security Updates in Docker by Itamar Turner-Trauring Links from the interview Mathematical logic at Oxford University Stewart Butterfield on philosophy Computer Literacy Project Jeremy Ruston’s BBC Micro Revealed and 80s hair Haskell, Orwell and Miranda OCaml and Standard ML 1998 Russian financial crisis Metalogic Oy Cohesive Networks AMQP RabbitMQ NZ Easter Bunny hunt Matthias Radestock Erlang ejabberd Matthew Sackman and Tony Garnock-Jones Open Telecom Platform (OTP) VMware acquires Rabbit Technologies SpringSource previously Interface21 Weaveworks Introductory blog “Zettio introduces Weave” Weave Net Alexis Richardson on Twitter

Grant Miller is the co-founder and CEO of Replicated, which helps operationalize and scale the delivery of Kubernetes-based apps into the enterprise. We look at what it means to be enterprise software in a SaaS world, and we also get some 2021 predictions from guest host Liz Rice. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 19, with Liz Rice Episode 133, with Thomas Graf Cilium talk at DockerCon 2017 Liz’s 2021 predictions from KubeCon NA (Virtual) 2020 Cheese exports are down Autonomous driving levels Prince Harry joins a startup Nick Clegg joins Facebook News of the week SoloCon announcements Mesh7 to be acquired by VMware GKE adds runtime configuration of pod subnets and larger Internal Load Balancer support Amazon reduces EKS cluster create time from “glacial” to “slow” NetApp launches Spot Wave CircleCI Server 3.0 Diamanti Spektra 3.2 Sonatype launches Nexus Container Davanum Srinivas elected to the CNCF TOC “Unironically Using Kubernetes for my Personal Blog” Links from the interview SparkPeople Marc Campbell look.io acquired by LivePerson Replicated Open source from Replicated kurl KOTS Troubleshoot SchemaHero Donated to the CNCF EnterpriseReady and the EnterpriseReady Podcast Kubelist and the Kubelist Podcast Replicants, replicators and gremlins Grant Miller and Replicated on Twitter

If you’d like something more tangible than a virtual cloud instance, there’s always (still!) bare metal. Tinkerbell is a project from Equinix Metal to manage bare metal servers at scale, and Gianluca Arbezzano is one of its maintainers. We talk stacks, racks and MACs. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 11, with Vic Iglesias Vic lives here, but not here Pokémon Go social distancing News of the week Flux moves to incubation in the CNCF NetApp Astra goes GA; more information Fairwinds introduces Saffire Cosign, by Dan Lorenc Episode 39 Komodor beta and swag offer Announcing Private Clusters on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) Linkerd 2.10 The Money Section, with thanks to David Pait, guest of Episode 127 Docker takes $23m in Series “B” funding to get ship done Aqua Security takes $135m in Series E at $1b valuation Snyk raises $300m in Series E valuing company at $4.7 billion Tetrate raises $40m Series B Is Crossplane the Infrastructure LLVM? by Daniel Mangum Episode 141 Links from the interview PHP. and PHP in 2020 Turin InfluxData Episode 91, with Leonardo Di Donato Dropbox’s exodus from Amazon Equinix Metal Packet acquired by Equinix Tinkerbell OpenCompute and Open19 Server terminology: Next Unit of Computing (NUC) Baseboard management controller (BMC) Preboot Execution Environment (PXE) Floppy disks DIY Board management control for an Intel NUC: power control Tinkerbell services: Tink Boots OSIE Hook Hegel PB&J OVH fire How Tinkerbell Got Its Wings, including joining the CNCF Tinkerbell community Episode 136: Backstage, with Lee Mills and Matt Clarke Gianluca Arbezzano on Twitter and on the web Tinkerbell on Twitter

Crossplane lets you automate creation of infrastructure using Kubernetes APIs. Daniel Mangum is a Crossplane maintainer working at its creator Upbound, a TL of Kubernetes SIG Release, and a YouTube streaming star. He chats about tech with host Craig Box, who is helped this week by returning guest Ken Massada from GKE’s Support team. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 18, with Ken Massada Things We Don’t Say podcast Glow in the dark sharks Earthquakes and tsunamis News of the week Microsoft Ignite news: Azure Arc for Kubernetes Azure Migrate app containerization service AKS release notes Microsoft Mesh Helm second security audit Meet Brigade v2 Harbor 2.2 and roadmap Google Summer of Code 2021 KubeCon EU 2021 schedule launched and the selection process explained Issue #100000 on kubernetes/kubernetes Links from the interview Visual Basic for Applications NYT article on retro computing Compiler Explorer Rich Code for Tiny Computers by Jason Turner Upbound Episode 36, with Jared Watts Crossplane Crossplane vs Terraform blog by Nic Cope Compositions and XRDs Crossplane vs Cloud Infrastructure Add-ons TBS episode with Matt Moore of Knative Helm provider July 2020: Crossplane joins the CNCF LFX mentorship program Dec 2020: v1.0 Mar 2021: v1.1 Kubernetes SIG Release doc.crds.dev Upcoming KubeCon talk: FPGK8s: Consumer-Grade FPGAs on Kubernetes Cutting GTA loading times by 70% and how YAML parsing can become quadratic Daniel’s current hirsuteness The Binding Status Flake-Finder Fridays Daniel Mangum on Twitter and on the web

Kamil Potrec is a Senior Security Engineer at Snyk, working on security around Kubernetes and cloud platforms. He joins the show to discuss how to think about securing your infrastructure, the different arts (and colors) of offensive and defensive security, and what not to lose sleep over. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 23, with Andrew Philips and Lars Wander A pile of mail and a bike News of the week Red Hat OpenShift 4.7 is GA Fairwinds Insights 3.0 Envoy zero-day patched Istio security bulletin Sysdig contributes Falco modules to the CNCF StorageOS raises $10m in Series B Platform9 raises $12.5m in Series D CNCF relaunches Kubernetes Community Day with KCD Africa and Bengaluru Links from the interview Offensive unit in American Football Hand-egg Red and blue teams Unreal Tournament Capture the flag Kubernetes secrets Design document Encrypting secrets at the application layer Antivirus software Tracer-tee SolarWinds attack Reflections on Trusting Trust by Ken Thompson left-pad deleted from NPM Snyk Open Source The open source parts Snyk vulnerability database MITRE CVE database Kubernetes security at Snyk Deploy only trusted containers to GKE Application threat modeling Kubernetes security best practices, including security context, AppArmor, gVisor etc CVE-2020-8554: man-in-the-middle attack using ExternalIP services CVE-2020-14386: packet socket vulnerability with user namespaces enabled Earlier related work: CVE-2017-7308 and CVE-2016-8655 Project Zero writeup Rewrite it in Rust! Kamil Potrec on LinkedIn

Today Google Cloud introduced GKE Autopilot, a new mode of operation where you no longer manage or configure nodes, and you pay per-pod, per-second. Craig talks Autopilot with GKE product manager Yochay Kiriaty. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 86, with Lin Sun Istio boat meetup at KubeCon NA 2019 IstioCon 2021 Craig and Lin’s session Jeff from Coupling Separated at birth? News of the week Google Cloud launches GKE Autopilot Dapr 1.0 Calico Cloud Gloo Mesh Enterprise goes GA Distroless FIPS-compliant Istio Red Hat closes acquisition of Stackrox Real load-aware scheduling in Kubernetes with Trimaran Kubernetes overlay networks with IPv6 Links from the interview Last week’s Star Wars show A selection of presentations wearing Darth Vader shirts Windows 7 Red Dog Google South Lake Union Seaplanes GKE Autopilot Launch blog Episode 49, wth Eric Brewer Virtual Kubelet Datadog Container Report Episode 137, with Michael Gerstenhaber

This week we talk multi-cluster services with Jeremy Olmsted-Thompson, co-chair of the Kubernetes Multicluster SIG, and tech lead on the Google Kubernetes Engine platform team. Guest host Tim Hockin shows us the way. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 41, with Tim Hockin The Machete Order John Boyega on Star Wars News of the week Istio 1.9 IstioCon 2021 - February 22-26 Mayadata spins out Chaos Native Cilium Network Policy editor Kubernetes network policy explained by Dominik Tornow Trend Micro write-up on container-escaping malware Dynatrace Cloud Automation and native log support Episode 119, with Alois Reitbauer Shipa 1.2 New GKE, EKS and AKS releases Tanzu Build Service 1.1 Kubernetes 101 Retrospective by Jeff Geerling CFP for the eight KubeCon EU pre-days Designing for SaaS on Kubernetes at Teleport by Virag Mody Comparing OPA/Gatekeeper and Kyverno by Chip Zoller Links from the interview Anthos on VMware SIG Multicluster Federation v2 update Multi-Cluster Services KEP Namespace sameness Gateway API (formerly known as Service APIs) Istio RFC Introducing GKE multi-cluster services Multi-cluster Ingress Cluster API Cluster ID KEP Jeremy Olmsted-Thompson on Twitter and GitHub

Michael Gerstenhaber is a Director of Product Management at Datadog, and the curator of their annual Container Report. He joins Craig to discuss why they release it, some recent trends, and how it helps people validate their assumptions about technology. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 103, with Saad Ali New TOC members Episode 62, with Ricardo Rocha, Lukas Heinrch and Clemens Lange Malaysian roti in London Elgin Marbles News of the week OPA graduates in the CNCF Episode 101, with Tim Hinrichs and Torin Sandall Docker Distribution donated to the CNCF Red Hat Quay 3.4 released CNCF proposal Hildegard malware writeup from Unit42 The original TeamTNT Attacking Kubernetes clusters using the Kubelet API by Eduardo Baitello Jetstack Secure Traefik Using Traefik as an ingress controller with Istio Kong Konnect is GA Kong raises $100M at a $1.4b valuation Get your KubeCon EU tickets early Buildpacks vs Dockerfiles by Genevieve L’Esperance Why Helm never felt like it belonged by Luka Skugor Links from the interview iOS and iOS The Happy Cloud Happy Cloud Taps the Cloud to Speed Up Video Game Downloads by Ryan Kim at GigaOM Datadog Live Container monitoring Live Process monitoring Golden signals Work metrics and resource metrics Datadog reports: Docker adoption 2015 2016 2017 2018 Container orchestration 2018 Container Report 2019 2020 KubeCon EU 2019 talk: 10 Ways to Shoot Yourself in the Foot with Kubernetes, #9 Will Surprise You by Laurent Bernaille & Robert Boll Autopilot: Workload Autoscaling at Google Scale Snow in NYC #17 on the all-time list by inches of snowfall Michael Gerstenhaber on Twitter

Backstage is a platform for building developer portals, powered by a centralized service catalog. It was built at Spotify and both open sourced and donated to the CNCF in 2020. A Kubernetes plugin was recently added. We talk to maintainers Lee Mills and Matt Clarke from Spotify. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 106, with John Belamaric Production Readiness Review News of the week Longhorn 1.1 Vitess 9 Sonobuoy adds reliability scanning Rapid7 acquires Alcide; Techcrunch reporting Armo comes out of stealth; VentureBeat reporting Scaling Kubernetes to 7,500 nodes at OpenAI Announcing the Linkerd steering committee The State of Cloud Native Release Orchestration; a report from Vamp Hunting for malware with Falco Episode 39, with Dan Lorenc Upgrading from Kubernetes 1.11 to 1.18 in a month by Jeff Wolski at WeTransfer Debugging CrashLoopBackOff by David Giffin from Release Jeff Brewer has passed Intuit CNCF case study Links from the interview Spotify engineering culture Microservices at Spotify Backstage Open source launch How Spotify uses Backstage GitHub repository Golden Paths Kubernetes plugin announcement Episode 50, with David Xia Donation to CNCF Sandbox Some backstage stories with David Pait in episode 127 Lee Mills and Matt Clarke on Twitter

Josh Bernstein has worked at a number of infrastructure roles before recently landing at Google. He talks about migrating Siri from AWS (pre-acqusition) to VMware to Mesos, and Dell EMC’s work building what would become the Container Storage Interface. Guest host Jasmine Jaksic talks with Craig about snowcreatures. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 15, with Dan Ciruli and Jasmine Jaksic Snowpeople and snowthings News of the week Multi-dimensional pod autoscaling in this week’s GKE release Hitachi: vacuum cleaners in the 1990s and Kubernetes today Garnet.ai kind 0.10 New Google Cloud Run networking features Don’t cross the streams Production Kubernetes from VMware Tanzu. Serverless for Everyone Else from Alex Ellis Episode 116 Chris Aniszczyk’s 2021 predictions Episode 134 Priyanka Sharma’s 2021 predictions Episode 107 14 LFX interns graduate Kubernetes honey tokens by Brad Geesaman Bad pods: privilege escalation by Seth Art The US Air Force are feeling supersonic Links from the interview Apple acquires Siri Xserve Siri public introduction Apple rebuilds Siri backend with Apache Mesos using the J.A.R.V.I.S. framework Dell EMC {code} community REX-Ray: announcement and docs CNCF Governing Board CI/CD startups to watch: Harness Armory Shipa Josh Bernstein on Twitter

After building the Eclipse IDE and Twitter’s Open Source office, Chris Aniszcyzk bootstrapped the CNCF, joining its parent the Linux Foundation in 2015. He’s now a VP of DevRel there, as well as CTO at the CNCF and Executive Director of the Open Container Initiative. Chris joins us to share his technology journey and Cloud Native predictions for 2021. And all that is now And all that is gone And all that’s to come And everything under the sun is in tune But the sun is eclipsed by the moon Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam on LinkedIn News of the week Otomi from RedKubes Nutanix now supports Anthos Tanzu Advanced is GA Pivotal Labs is Tanzu Labs VMware needs a new CEO New CSI driver for Google Kubernetes Engine Slim.ai announces seed funding Grafana Cloud introduces free tier Sysdig container security usage report (PDF) 63 node Kubernetes cluster using Firecracker by Álvaro Hernández The definitive guide to Vertical Pod Autoscaling by Povilas Versockas Links from the interview ZX Spectrum R-Type and Jet Pac GORILLA.BAS Gentoo Linux Java Virtual Machine (JVM) Eclipse Object Technology International Erich Gamma code9, Chris’s startup Backstage and Roadie Twitter OSS Pants Mesos twemproxy Linux Foundation, and its sub-projects CNCF and OCI Services for projects Linus Torvalds and Greg Kroah-Hartman Chris’s Cloud Native predictions for 2021 Developer experience: Gitpod, GitHub Codespaces or Google Cloud Shell Wasm in Envoy Wasi, the WebAssembly Systems Interface Chris Aniszcyzk on Twitter and on the web Canada Revenue Agency on Twitter

Thomas Graf is the inventor of Cilium and the co-founder of Isovalent. Cilium is a container networking plugin built on top of eBPF, bringing modern SDN technologies to accelerate your pods. Adam and Craig also discuss the many uses of Christmas trees. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Christmas trees: Keep clear (mostly) Culinary uses Discussed in episodes 104 and 111 News of the week Google grants $3m to the CNCF to run the Kubernetes infrastructure AWS Managed Grafana and Prometheus In partnership with Grafana Labs Red Hat acquires Stackrox Windows Containers GA in OpenShift 4.6 CNCF Annual Report KubeCon NA 2020 Transparency Report Rancher announces Harvester I’ll give you the key Kubernetes 1.20 feature deep-dives: Pod impersonation an short-lived volumes Third-party device metrics GA More granular control of storage permission Sonobuoy goes beyond conformance Project Contour security audit Pulse: stats from Envoy Mobile Crossplane 1.0 Project Karavi from Dell Technologies Cluster API provider for Microsoft Azure Vitess project journey report Tanzu Gemfire Kubernetes Security Essentials from the CNCF Links from the interview Chains and tables Berkeley Packet Filter eBPF Episode 91: eBPF and Falco, with Leonard Di Donato High level languages for kernel developers eBPF Summit 2020 Cilium Is it DNS? Is it a series of tubes? BGP Hubble Accelerating Envoy and Istio with Cilium Episode 128: Antrea, with Antonin Bas Bringing Cilium to GKE with Dataplane v2 Maglev load balancing connection scheduling Isovalent Notes on A16Z’s investment Thomas Graf on Twitter

Akri is a recent open source project launched by Microsoft to manage edge devices. Kate Goldenring is a software engineer in Microsoft’s Edge OS team and an Akri maintainer. She joins our final show of 2020 to talk about how to use Kubernetes to manage devices that can’t run Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Reventure Kurstin X Grohl Puppy for Hanukkah (and story of) Adam Sandler’s Hanukkah Song News of the week Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs Docker Enterprise is now Mirantis Kubernetes Engine Mirantis OpenStack for Kubernetes Lens 4.0 released CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs Volume Snapshot moves to GA in Kubernetes 1.20 Weaveworks takes $36.65M in Series C Trilio takes $15M Anthos for Telecom puts Google partners apps on the edge CircleCI Server 3.0 State of Software Delivery report New Microsoft AKS features Flink 1.12 Cross-region replication in AWS ECR Links from the interview Professor Kris Jordan Edge Computing Edge, computing Internet of Things Akri Announcement blog post MCU (Microcontroller unit) Discovery protocols ONVIF (Open Network Video Interface Forum) udev Zeroconf OPC UA TEE (Trusted Execution Environment) DevicePlugin API and deallocate #akri on Slack Akri on GitHub Proposals Moose Protocol Kate Goldrenring on Twitter

The final — and raddest — Kubernetes release of 2020 is 1.20. This week, Craig and Adam talk to its release team lead, Jeremy Rickard from VMware. Jeremy talks about migrating to newer Kubernetes versions, sooner or later; what was added, what was deprecated, and what that really means; and what happens when you Google your own nane. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Ready Player Two News of the week Kubernetes 1.20: Release Don’t panic about Docker Dockershim deprecation FAQ Mirantis will support the Dockershim etcd graduates in the CNCF Episode 95, with Xiang Li CNCF launchese Cloud Native Security Whitepaper Istio 1.8 Kuma 1.0 Linkerd doesn’t use Envoy AWS re:Invent: ECS Anywhere EKS Distro and EKS Anywhere EKS add-ons, console and spot instance support Lambda containers AWS Proton ECR Public Registry Anthos on bare metal is now GA IBM acquires Instana Opstrace public launch Weaveworks Kubernetes Platform (WKP) 2.4 Spectro Cloud anywhere Improving the Kubernetes API docs by Phillipe Martin Participate in the Chinese Cloud Native survey How David Anderson would reboot Kubernetes Episode 32, with David Anderson Links from the interview Episode 61, with Jeremy Rickard and Ralph Squillace Porter Jeremy’s beard Release team for 1.20 1.12, 1.17, 1.18 and 1.19 Enhancements sub-project The Raddest Release Enhancements sheet #1769: NUMA memory manager Up or out: the deprecation clock starts for Alpha/Beta features #1985: Dockershim deprecation KEP Kat Cosgrove’s Twitter thread Stephen Augustus’s issue in kubernetes/community Sitting this release out: Sidecar containers Not in 1.20: Distroless images 1.21 lead: Nabarun Pal Kubernetes on an F-16 jet Other Rickards: Matt Rickard (our guest on episode 6) Jeremy Rickard the mathematician Jeremy Rickard on Twitter

Join us for all the news from KubeCon NA 2020, and a conversation with conference co-chair Stephen Augustus. Stephen is a Senior Open Source Engineer on the VMware Tanzu team, a chair of Kubernetes’ SIG Release, and a leader in many other parts of the project, past and present. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The kākāpō wins Bird of the Year We’re off for 2 weeks. See you on December 8! News of the week Cisco acquires Banzai Cloud CNCF announces Cloud Native Survey 2020 results Red Hat: New edge features, industrial AI/ML blueprint and AWS launch CNCF End User Tech Radar for storage New End User benefits Envoy Mobile joins the CNCF New sandbox projects cert-manager cdk8s Kyverno OpenKruise Pravega SchemaHero Tinkerbell k8ssandra from Datastax Episode 98 with Sam Ramji k0s from Mirantis Solo.io announces Gloo Mesh Enterprise and rebrands products Episode 55, with Idit Levine Pinniped Shipa launches Ketch Kinvolk launches Headlamp The SPIFFE book “Solving The Bottom Turtle” Episode 45, with Andrew Jessup Anthos Developer Sandbox GKE ingress features Ambassador Labs takes in $18m and launches v1.9 Tanzu SQL: Postgres on Kubernetes Lightning round: Accurics extends Terrascan AWS adds containers to Lightsail Arrikto takes $10m in funding Brobridge releases Gravity CircleCI runner is GA Cloud66 for agencies and multiple database support Cloudflare Origin CA cert-manager plugin Cloudical Vanillastack Cloudify version 5.1 Codefresh launches GitOps 2.0 features Commvault backup-as-a-service Diamanti Spektra 3.1 and customer portal Dynatrace PurePath 4 Elastisys Compliant Kubernetes The Fairwinds Kubernetes Maturity Model Garden takes “seed” funding Gremlin adds soundproofing Humio Operator Instana adds observability tools on Kubernetes Intuit runs TurboTax on Kubernetes Kioxia announces a new storage offering Kubecost adds features for monitoring outside a cluster KubeMQ adds automatic network creation Kubermatic updates KubeOne to v1.1 Kubernative SINA Kublr 1.19 Lablup announced Backend.ai 20.09 RC Magalix launches KubeAdvisor 2.0 Mayadata launches Kubera Propel and Kubera Chaos Mirantis adds extensions to Lens Puppet Labs adds Relay to Puppet Enterprise Reblaze announces Curiefense to add WAF to Envoy Replicates wants to help you Troubleshoot Styra adds new editions to DAS Sysdig introduces Kubernetes-native network security (ZTNSK) and partners with IBM Cloud TrilioVault for Kubernetes v2.0 Zerto for Kubernetes Google Open Source Live Kubernetes Links from the interview KubeCon NA 2020 Episode 117, with Constance Caramanolis CNCF Twitch SIG Friday: ping Stephen for the current link Slack CNCF Slack Kubernetes Slack Hallway Track Kubernetes Podcast chat CoreOS CoreOS Tectonic CoreOS acquired by Red Hat Tectonic on Azure SIG Azure SIG Release SIG PM (retired) Kubernetes Enhancement Process Receipts process KEP Sidecar containers - KEP closed! Production readiness review Episode 10, with Josh Berkus and Tim Pepper Release managers Black Lives Matter announcement banner Better announcements Kubernetes Naming working group Inclusive Naming project Dan Kohn memorial Stephen Augustus on Twitter and on the web

Thomas Rampelberg is a software engineer with Buoyant, creators of Linkerd, and a core maintainer of that project. He is also a co-author of the Service Mesh Interface and co-creator of DC/OS. He joins Craig and Adam to talk about the two former, and pour one out for the latter. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The BBC on Sean Connery Noreen Malone on Alex Trebek Celebrity Jeopardy! highlights from Saturday Night Live Doomscrolling Potion Explosion: analog, or digital (Steam, Android, iOS) KerPlunk!: analog only News of the week Linkerd 2.9 AWS’s response to Dockerhub: a new service IBM adds Code Risk Analysis to Cloud CD Helm chart deprecation Episode 11, with Vic Iglesias CyberArk looks at threats to Kubernetes Links from the interview D2iQ retires DC/OS Kubernetes on Mesos in 2015 The monolith Buoyant Linkerd Finagle kube-proxy before iptables Conduit: a new mesh without the JVM, which became Linkerd 2 Linkerd 2-proxy: Under the hood of the Linkerd proxy Rust tokio runtnime and hyper HTTP libraries Heartbleed CNCF audit Architecting for Multicluster Kubernetes blog post Linkerd 2.9 Service Topology Gas station bathrooms Service Mesh Interface (SMI) NGINX Service Mesh Flagger Kiali Spec Istio WebAssembly support Kubernetes is a domain-specific database Tilt and Okteto Burning Man Thomas Rampelberg on Twitter

For pods to talk to each other in Kubernetes, you need a virtual network. Antonin Bas is a staff engineer at VMware and a maintainer of Project Antrea; a CNI plugin which provides such a network. He talks to Adam and Craig about encapsulation, virtualisation, and 10,000 year old Finnish artifacts. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Over the top Halloween light show Bird of the Year Click here to take the Audience Survey: thank you for helping us make a better show for you! News of the week An update on D2IQ’s support of Mesos Docker’s plan for Year 2 Google Cloud mitigates the impact of Docker’s Year 1 changes Quay and Harbor also KubeLinter from StackRox GitHub Hashicorp Nomad 1.0 Beta Vitess 8 GA gRPC in the real world: Container Runtime Interface by Bob Reselman RIP Dan Kohn Links from the interview Visual Basic Professor Nick McKeown, co-founder of Nicira Barefoot Networks P4, in the Open Networking Foundation Software-defined networking Virtual networking VLAN VXLAN The Kubernetes network model Network plugins: Flannel Weave Net Calico Cilium kubenet Antrea The Antrea Net Antrea, Finland; now Kamennogorsk, Russia Container Network Interface (CNI) veth pairs Open vSwitch (OVS) NodeIPAM Controller CNI plugin chaining Installing Antrea with other CNI plugins Antrea features: Network policy IPSEC between nodes Antrea on GitHub Antonin Bas on Twitter and GitHub

David Pait was a touring musician in pop punk band Sparks The Rescue. Now, he’s an SRE working on Kubernetes at an ad-tech company. How did he get there? And if you’re looking to change careers, how might you? Craig and Adam dig in. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Steam Digital Tabletop Fest Microsoft Surface (since renamed PixelSense) Similo Guess Who? Click here to take the Audience Survey: thank you for helping us make a better show for you! News of the week Cloud Foundry Doubles Down on Kubernetes cf-for-k8s 1.0 Ecosystem updates Episode 105, with Chip Childers Akri, from Microsoft kube-secret-syncer from Contentful Grafana Tempo OpenTelemetry Tracing Spec RC by Morgan McLean AWS Distro for OpenTelemetry AWS Load Balancer Controller Nydus container image service Robin.io Express, free for life Verizon Business adds Kubernetes which is powered by Rafay Links from the interview Netsertive Sparks the Rescue Vans Warped tour David on stage Munki for Mac software deployment A considered purchase Google’s SRE books eksctl Velero, fka Heptio Ark Fixing reuse-values in Helm Go listen to Hot Mulligan Or Taylor Swift, totally up to you David Pait on Twitter

Bob Killen is co-chair of Kubernetes’ SIG Contributor Experience and was last week elected to the project’s Steering Committee. He worked in academia for 15 years, latterly working on research projects using Kubernetes, with a focus on computer security. He’s now made the leap to working on Cloud Native full time at Google. Bob joins us to explain why Kubernetes twitter is occasionally full of cartoon geese. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Relive New Zealand’s General Election coverage - 57% of the electorate voted early! tl:dr; Jacinda won by a lot One NZ electorate had a 421 vote lead on the night Ballot box in Washington State Click here to take the Audience Survey: thank you for helping us make a better show for you! News of the week VMware Tanzu Kubernetes Grid 1.2 is GA Red Hat integrates Ansible and OpenShift Changes to the KubeCon EU Episode 107, with Priyanka Sharma Cloud Native in China survey results Introducing HA MicroK8s Episode 60, with Mark Shuttleworth Helm turns 5 Episode 102, with Mark Butcher Google Cloud Code adds support for 400+ CRDs A holiday gift from AKS Links from the interview University of Michigan Little Bobby Tables Another Bobby Tables! 2600 Beige boxes Red boxes Steve Jobs, Steve Wozniak and the Blue Box Jeff Sica ARC-TS: Advanced Research Computing — Technology Services Great Lakes, the UMich HPC cluster Kubernetes the New Research Platform - Lindsey Tulloch, Brock University & Bob Killen, University of Michigan kube-batch Volcano Orchestructure meet-up and Mario Loria SIG Contributor Experience Episode 74, with Jorge Castro Episode 100 with Paris Pittman Kubernetes Steering Committee 2020 Election Election results Travel support program HONK Untitled Goose Game /honk Ian Coldwater’s goose-themed talk from KubeCon NA 2019 honk.ci Announcement GitHub repo Challenges Walkthrough KubeCon NA events: SIG Honk AMA: Ian Coldwater, Duffie Cooley, Brad Geesaman, Rory McCune Having Cloud Native Fun with HonkCTL: Jeff Sica SIG Beard: see episode 46, with Aaron Crickenberger Bob Killen on Twitter

Ramiro Berrelleza is CEO and co-founder of Okteto, a company making developer tools which simplify development on Kubernetes. He joins Adam and Craig to discuss how the open source project and company came about, going through Y Combinator, and the best filling for a Mission burrito. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Hash browns Corn fritters Survey Click here to take the Audience Survey. Thank you for helping us make a better show for you! News of the week Rook graduates Episode 36 with Jared Watts Wasm is upstreamed in Envoy Helm moves to Artifact Hub DigitalOcean introduces DOAP and Apurva Joshi describes its stack IBM breaks itself in two Kubernetes Steering Committee election results OpenTelemetry Governance Committee election starting Introducing PipeCD by Le Van Nghia Anchore DevSecOps toolkit Rancher 2.5 Red Hat slashes OpenShift prices Kubernetes tested on U2 Dragon Lady aircraft Minecraft as a Kubernetes tool by Eric Jadi Links from the interview Okteto Excitebike Elasticbox, acquired by CenturyLink Y Combinator Okteto at YC W19 demo day Okteto on GitHub The name: Octeto: “byte” in Spanish Cindy Lopez Cindy Lauper El Farolito: cow tongue and Carne Asada Ramiro Berrelleza on Twitter Okteto on Twitter

When your infrastructure is effectively infinite, you may have to keep an eye on your credit card. Webb Brown started a project that does exactly that - Kubecost, which aims to reduce spend and prevent resource-based outages. He talks to Craig and Adam about the project and the company behind it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Kiwis abroad: please meddle in the election Clarke Gayford tweet Killer Queen Black Killer Queen News of the week VMworld announcements Bryan Liles’ promotion Episode 54, with Bryan Liles Pixie Labs TechCrunch coverage Cicada, by Jeremy Herzog Announcing Java support for cdk8s Good: Envoy on Windows Not so good: Envoy CVE-2020-25017 Kubenav 3.0.0 announced Cisco acquires Portshift Veeam acquires Kasten Solo.io acquires $23m Episode 55, with Idit Levine Links from the interview Kubecost Kubecost blog Cluster turndown Cost model Spot instances (AWS) and preemptible VMs (Google Cloud) DeepMind AI Reduces Google Data Centre Cooling Bill by 40% Managing your costs on Kubernetes by Karl Stoney at Autotrader Episode 52, with Russell Warman and Karl Stoney FinOps and the FinOps Foundation Shifting left Stackwatch Glacier National Park and Going-to-the-Sun Road Webb Brown on Twitter

Kubernetes makes it easy to run distributed workloads, but how do you make sure that replicas don’t conflict with one another? You elect one as the leader. Mike Danese, chair and TL of Kubernetes SIG Auth, joins a vegan and a carnivore to explain how Kubernetes implements leader election. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week What is a staycation? What is steak? Beefsteak, vegetarian/vegan restaurant Nachos News of the week Chaos Mesh 1.0 Azure news: AKS comes to Azure Stack HCI (Preview) AKS adds stopping/restarting clusters, Kubernetes 1.19, confidential compute nodes (Preview) Bridge to Kubernetes is GA Istio Steering Committee election results OpenServiceMesh joins the CNCF Sandbox Odo 2.0.0 GA Odo from Deep Space 9 Determined AI on Kubernetes Cloud Run for Anthos adds events KubeAcademy Pro from VMware KubeCon EU 2020 transparency report Scholarships for KubeCon NA 2020 are open for application Links from the interview Wet labs and dry labs Threads What is the difference between processes and threads? Mutex or lock What is a mutex? Critical section Compare-and-swap Gas station bathroom keys Futex Lock server: Chubby etcd Optimistic concurrency Resource versions Regional clusters in GKE Leader election Leader election client in Kubernetes’ client-go An example of using it by Carlos Becker The new Lease API Paxos and Raft Deadlock Split brain Mike Danese on Twitter and GitHub

Torkel Ödegaard is the creator and project lead of Grafana, and co-founder of Grafana Labs. Learn how Torkel went from modding video games to building a data visualization platform, and co-founding a company that is now offering a complete monitoring service built on Prometheus. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week On The Basis Of Sex RBG Star Trek: Picard News of the week CVE-2020-14386 gVisor: Containing a real vulnerability by Fabricio Voznika Announcing IBM Cloud Code Engine Docker Enterprise Container Cloud Mirantis rethinks Docker Swarm vs Kubernetes by Beth Pariseau Episode 110, with Adrian Ionel KubeEdge approved as CNCF incubating project kubeapply and Kubernetes configuration at Segment Introducing Grafana Metrics Enterprise Pure Storage to acquire Portworx Portworx acquired by Pure Storage Ionir exits stealth and promises instant data mobility NetApp Cloud Volumes Service powered by GKE AKS adds CSI driver for Files and Disks Red Hat OpenShift Container Storage 4.5 VMware Tanzu: Announcing vSphere with Tanzu One of four new editions vSAN Data Persistence Platform Mission Control expands policy management capabilities SentinelOne announce automated applicaiton control for containers 16 CNCF interns graduate from Google Summer of Code Building operators for cluster add-ons by Somtochi Onyekwere CFPs open for ServiceMeshCon and Cloud Native Security Day North America A Year of Kubernetes at GitLab Episode 89, with Marin Jankovski Links from the interview The 2001 dot-com crash Rocket Arena mod for Quake 3 Extreme ironing Tradera IT contracting The Mythical Man Month Graphite Kibana Grafana GitHub The history of Grafana UX Grafana Labs Team Kausal Cortex Loki Crystal Reports Interesting use cases: Beehive monitor Hospital queue visualisation Monitoring Art plugin A $50m Series B funding round Grafana Metrics Enterprise Recommended reading: Chasm City by Alastair Reynolds Torkel Ödegaard on Twitter

Ed Huang is co-founder and CTO of PingCAP, creators of the TiDB distributed database and the TiKV key value store. Ed worked on clustering Redis while at Wandou Labs, creating and open-sourcing a tool called Codis. Deciding to focus on this space, he created TiDB and then TiKV, and founded PingCAP. He shares the story behind the projects, bridging the gap between China and the West with open source, and his Desert Island Disc. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Sippee cup Tippee cup Coffee cup News of the week Lens 3.6.0 Security groups for Pods on AWS EKS CNCF End User Technology Radar for Observability Kotary by CA-GIP OnePanel and its docs WebAssembly OCI spec Episode 55, with Idit Levine Red Hat Marketplace by IBM Stackrox lands $25m in funding Introducing Nutanix Platform Services by Amit Jain Confidential Computing on GCP and GKE New Serverless training course by Alex Ellis Episode 116, with Alex Ellis Jetstack CNI migration notes by Josh Van Leeuwen Links from the interview Wandou Labs Codis clustering for Redis twemproxy Spanner and F1 papers from Google Research TiDB TiKV PingCAP CAP theorem Local Persistent Volumes in Kubernetes and beta launch blog explaining it TiKV’s CNCF journey: Sandbox Incubation PingCAP’s $50m funding round Graduation Chaos Mesh Wasm and Wasmer Dark Side of the Moon Ed Huang on Twitter

Melanie Cebula is a staff engineer at Airbnb, where she has built a scalable modern architecture on top of cloud native technologies. She regularly shares her knowledge in presentations focusing on cloud efficiency and usability, and today shares the story of Airbnb’s Kubernetes migration with hosts Adam and Craig. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Dr Horrible’s Sing-Along Blog River Otter River otter News of the week Five days of Kubernetes 1.19: Structured logs API server warning messages EndpointSlices Storage capacity tracking 1 year support TiKV graduates from CNCF incubation cert-manager 1.0 Episode 75, with James Munnelly Tanzu Build Service is GA State of Spring report AWS Bottlerocket is GA on EKS Kalm (keep Kalm and karry on) Developer thread on Reddit CRAFT from Salesforce (and its GitHub repo) Introducing Kubernetes CSI sidecar containers from HPE by long-time listener Michael “Data” Mattsson KubeCon EU Virtual YouTube playlist CNCF to provide another round of CommunityBridge mentorships Faster services: no CPU limits by Eric Khun Hacker News thread How GoJek upgrades Kubernetes on GKE by Tasdik Rahman Links from the interview Melanie Cebula Our second classically trained musician guest Early Airbnb architecture Charon Programming by toggling switches Smartstack Horizontal Pod Autoscaling: minReplicas Melanie’s talks: FutureStack 17: From Monolith to Microservices KubeCon NA 2018 keynote: Developing at Scale KubeCon NA 2019: 10 Weird Ways to Blow Up Your Kubernetes Melanie Cebula on Twitter

Keptn, a control plane for continuous delivery, came out of the need to install Dynatrace’s software at their customer’s environments. Alois Reitbauer is Chief Technical Strategist at Dynatrace, reponsible for open source, and a co-chair of the CNCF App Delivery SIG. He talks to your hosts about Keptn, observability after deployment, and how owning a 40 year old sports car is more “curation” than “operation”. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Loved: Thinking, Fast and Slow Unloved: a pile of Sex and the City News of the week Anthos Attached Clusters New Anthos pricing GKE on The Keyword Cloudian introduces operator Canonical introduces Kubernetes 1.19 Portainer CE 2.0 Kuberntes client comparison by Yolan Vloeberghs and Pieter Vincken Distributed tracing overview by Jonathan Gold Links from the interview Dynatrace OpenTelemetry OpenMetrics Keptn What it is, how it works, and how to get started Blogs by Alois: Micro operations — A new operations model for the micro services age How your delivery pipeline will become your next big legacy-code challenge Related CI/CD tools: Spinnaker Jenkins Argo Flux GitLab CD Foundation SIG Interoperability CNCF SIG App Delivery Alois’s car marque of choice Alois Reitbauer on Twitter

Taylor Dolezal is a senior Developer Advocate at Hashicorp and the Kubernetes 1.19 release lead. His desire to give talks and join the CNCF Ambassadors led him to the release team and to his new job. He talks to Adam and Craig about how a TI-83 calculator started him on the path. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The Moon Disaster deepfake Mayfield Lavender Farm News of the week Kubernetes 1.19 release - deferred 24 hours Istio 1.7 release! New Istio Steering Committee charter k3s to join the CNCF Sandbox New networking features in GKE Anthos announcements from Google Cloud Next Google Cloud Code updates Serverless Framework Knative component VMware vRealize Operations 8.2 Moving forward from Beta in Kubernetes Palinurus, from Mailchannels What’s new in Falco 0.25 AWS Controllers for Kubernetes GCP Config Connector Carvel Operator SDK reaches 1.0 Thanos and Cortex are both incubating in the CNCF The Kubernetes Handbook by Farhan Hasin Chowdhury Links from the interview TI-83 Plus Silver Edition Walt Disney Studios “Deployed my blog on Kubernetes” Hashicorp Terraform CNCF Ambassador 1.14 release team 1.18 release team Episode 96, with Jorge Alarcon 1.19 enhancement sheet Ingress goes stable 12 month release support cycle Lauri Apple, PgM for SIG Release Sidecar containers.. still Jeremy Rickard is 1.20 release team lead Episode 61 with Jeremy Rickard and Ralph Squillace Nomad, from Hashicorp Hashicorp joins the CNCF CNCF Cape, as modeled by Lachie Evenson Reading list: Working in Public: The Making and Maintenance of Open Source Software by Nadia Eghbal An Elegant Puzzle: Systems of Engineering Management by Will Larsen The Art of Doing Science and Engineering by Richard Hamming Defending Jacob Taylor Dolezal on Twitter

Constance Caramanolis is the co-chair of this week’s virtual KubeCon EU, and a principal software engineer at Splunk. Her introduction to Cloud Native came as an Envoy maintainer working at Lyft; she talks to Craig and Adam about communication: techmical, programmatic, in-person and online. We also summarise all the news from KubeCon. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week KubeCon EU #kubernetes-podcast on CNCF Slack Get an invite to Slack Hamilton (musical) Watch on Disney Plus News of the week Red Hat OpenShift Virtualization is GA Red Hat news summary from SiliconAngle 5 years of Google Kubernetes Engine Announcement post from 2015 GKE Dataplane v2 Docker changes registry pricing and retention Hacker News commentary IBM introduced POWER10 Introducing hierarchical namespaces by Adrian Ludwin OpenEBS 2.0.0 containerd 1.4.0 VMware Tanzu Mission Control integrates VMware Tanzu Observability by Wavefront Mirantis acquires Lens Episode 110, with Adrian Ionel Pulumi adds new Kubernetes features Links from the interview Envoy Omnition, acquired by Splunk Splunk acquires Omnition OpenTelemetry Collector Constance’s talks: KubeCon NA 2018: Envoy Intro (with Matt Klein) Velocity 2018: Leveraging Envoy when responding to high-severity incidents SYN-ACK Constance’s KubeCon EU keynote The Five Whys KubeCon EU agenda KubeCon NA 2019 puppies Corgis Invite a llama Episode 80, with Vicki Cheung Greek food: Galaktoboureko Loukoumades Stroopwafels Poutine Constance Caramanolis on Twitter

Alex Ellis created serverless framework OpenFaaS while working a day job. It’s used by some big companies, but he’s resisted the temptation to join one. Instead, he’s offering consulting and seeking sponsorships, building a business from the ground up. He explains the pros and cons of independence to Craig and Adam. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Microsoft launches OpenServiceMesh Including a bit from Linkerd Kong releases Kong Mesh Tanzu Application Service 2.10, formerly known as Pivotal Cloud Foundry KubeCarrier Cube carrier Episode 109, with Sebastian Scheele Nestybox releaases Sysbox (GitHub) Palo Alto Networks discloses and fixes fault in KataContainers JenkinsX plugin for Octant Backyards gets FIPS compliant StarlingX 4.0 New AKS features etcd security audit Episode 95, with Xiang Li New Code of Conduct Committee Members Links from the interview Alex Ellis ADP Payroll Docker Captains program Lord Birt Lord Ernie DockerCon 2016 Ben Firshman funker funker-dispatch by Alex Ellis FaaS OpenFaaS Moby’s Cool Hacks - closing keynote Joining VMware to work on OpenFaaS VMware blog VMware Dispatch Acquisition of Heptio VEBA Leaving VMware and Alex going out on his own OpenFaaS Ltd Alex’s 2020 mission The world’s first managed k3s service First year accounts and end-of-year party Inlets Inlets PRO k3sup Brown sauce Arkade 5 years of Raspberry Pi and robots Insiders Subscription Treasure Trove archive The Five Pressures of Leadership in OSS A bit of Istio before tea-time Cards Against Containers for Black Girls Code Alex Ellis on Twitter

Since we last spoke about Minikube 18 months ago, the project has gone 1.0, and made large performance and usability improvements. Thomas Strömberg is the manager of the Container DevEx team at Google and a maintainer of Minikube. He talks to Craig and Adam about why system administrators are the best code reviewers, the importance of surveying users, and building bikes made of bamboo. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Baking hot Baking: Mary Berry’s Banana Loaf Caramel Slice Washington State Voters Guide Lord Buckethead Monty Python’s Election Night Special News of the week OpenSSF launched Nova from Fairwinds: monitor Helm charts for new releases Lifebelt by Gustav Westling Chaos Mesh joins the CNCF Sandbox As does the Serverless Workflow spec Announcing Vitess 7 Spinnaker Operator is GA AKS 2020-07-27 release GKE r25 Server side encryption for ECR Project report: Jaeger Episode 97 with Yuri Shkuro How Dropbox migrated from NGINX to Envoy by Alexey Ivanov and Oleg Guba Links from the interview Thomas Strömberg Minikube Episode 39, with Dan Lorenc DiRT: Disaster Recovery Testing Wheel of Misfortune Timex Sinclair ZX81 Bringing Minikube to the next Billion Users: Thomas’s talk at KubeCon China 2019 The mini Minikube Survey Other similar tools: Microk8s k3d kind Knoppix Pausing Minikube Running multiple nodes Triage Party Slow Jam Space Jam Bamboo bicycles A finished example A work in progress Thomas Strömberg on Twitter

We finally scheduled some time to talk to David Oppenheimer. David, a software engininer at Google, has been working on scheduling there since 2007, including on both Borg and Omega. That experience naturally led to him working on the Kubernetes scheduler, as well as starting SIG Scheduling. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Last week’s discussion about ice cream pies Vegemite ice cream, and a friendly reminder that New Zealand is not Australia Mutton ice cream is not a thing A bear in the kiddie pool News of the week Google Traffic Director supports proxyless gRPC New Relic open sources its agents Lyft drops the Clutch Conftest joins the Open Policy Agent project Emissary, from GitHub VS Code Docker extension can now run containers in Azure Container Instances Debugging Incidents in Google’s Distributed Systems by Beth Cooper and Charisma Chan Hashicorp Consul Service on Azure is GA Gloo Federation for gloo’ing your Gloos together with gloo The AWS EKS CIS ben chm ark Changes to Aqua Wave and Aqua Enterprise Snyk’s developer-first prioritization capabilities Carbonetes launch PR Prevasio launch PR DOMA: domain-oriented microservices architecture at Uber by Adam Gluck Links from the interview Papers co-written by David: Large-scale cluster management at Google with Borg Borg, Omega and Kubernetes SIG Scheduling WG Multi-Tenancy App Engine Interviews with David’s colleagues on Borg and Omega: Episode 22, with Dawn Chen Episode 43, with Brian Grant Episode 111, with Wojciech Tyczynski Omega features: The Omlet Pod disruption budgets Taints and Tolerations Optimistic concurrency control Scheduler features Predicates and priorities Labels and selectors Node affinity and anti-affinity Pod affinity and anti-affinity Pod priority and preemption Disruption budgets Taints and tolerations Two level scheduling Mesos optimistic offers Kubernetes scheduler in Bash Firmament and integration in Kubernetes via Poseidon Configuration tools kpt kustomize David Oppenheimer on Twitter

Released on the same day as Kubernetes, cadvisor is a container monitoring daemon that collects metrics and serves them to monitoring tools. It’s built into the Kubelet, and underpins many components in Kubernetes, such as eviction and autoscaling. David Ashpole of Google Cloud is TL of Kubernetes SIG Instrumentation, and the maintainer of cadvisor; he joins Adam and Craig this week to explain where instrumentation fits in the stack, and what you should do as a Kubernetes maintainer vs. a cluster administrator. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week In Craig’s neighbourhood: Books More books Some less popular items Masks Archie the Mammoth National Ice Cream Day Carmel Caramel News of the week GKE Ingress features: BackendConfig CRD Cloud CDN Backend service timeout Connection draining timeout HTTP access logging Identity-Aware Proxy (IAP) Session affinity User-defined request headers Cloud Armor security policies (Beta) FrontendConfig CRD (Beta) Custom GCLB health checks (Beta) SSL policies (Beta) Exposing services on GKE OpenShift 4.5 OKD4 Spring Cloud Data Flow for Kubernetes from VMware; part of the Spring Runtime package k8spin.cloud is closing and making their code open source Review of k8spin from launch Custom Pod Autoscaler (and docs) by Jamie Thompson Envoy 1.15 round-up from Tetrate; release notes from the team Fluent Bit 1.5 summary at the CNCF k3d v3.0 and new web site Best practices for creating a highly available GKE cluster Recommended alerts for AKS Ingress support added to AWS App Mesh Platform9 adds new apps to their Managed Kubernetes Service Episode 88, with Madhura Maskasky CVE-2020-8557: Node disk DOS by writing to container /etc/hosts CVE-2020-8559: Privilege escalation from compromised node to cluster Alcide write-up Threat Alert: Attacker Building Malicious Images Directly on Your Host from Aqua Security Certified Kubernetes Security Specialist (CKS) coming in November Sign up for a free pass to Virtual KubeCon EU keynotes Diving Into Istio 1.6 Certificate Rotation by Christian Posta Links from the interview SIG Instrumentation inodes Eviction on inodes cgroups cadvisor Launched on the same day as Kubernetes Monitoring metrics with Prometheus Victor Marmol and Vish Kannan Episode 22, with Dawn Chen CRI Resource metrics pipeline Heapster Metrics Server kube-state-metrics Managing Your Costs on Kubernetes by Karl Stoney from Autotrader Episode 52, with Russell Warman and Karl Stoney Metrics Stability Framework Structured logging Distributed tracing in Kubernetes Node out of memory eviction Pod priority David Ashpole on Twitter

An open source license grants rights on copyright and patents, but not trademarks. Chris DiBona has some ideas on how to address that. He has spent his career in open source, including over 15 years running Google’s Open Source Programs Office, and is one of the directors of the new Open Usage Commons. It launched last week with three projects - Angular, Gerrit and Istio - transferring their trademarks. Chris joins Adam and Craig to talk about Google’s work in open source, and why a new organisation is needed. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Software defined radio POGSAG The fuzz Talking to the International Space Station Breaker breaker News of the week SUSE to acquire Rancher Episode 57, with Darren Shepherd Open Usage Commons: OUC Board announcement Google announcement Istio blog post IBM opinion Governance updates Operator Framework and Contour accepted into the CNCF BigQuery Omni Kubernetes has caught up with YARN according to Datamechanics Kubernetes networking: why is this so dang hard? by Tim Hockin Episode 41 Announcing Kustomize support for Pulumi Cinderella clusters from Soluble Google’s Anthos comes to HPE Greenlake AWS: AWS partners with Docker Docker partners with AWS AWS Copilot for ECS cdk8s-plus AKS adds console RBAC and policy integration Kublr adds in-place upgrades and external clusters D2iQ want to teach you Links from the interview Chris DiBona VA Linux San Mehat Google Search Appliance Maintainer of Git Author of Git Ping pong balls on a bus AMP joined OpenJS Foundation and has now graduated WASM became a W3C standard Google Summer of Code Melange Open Usage Commons Apache Software License v2 and GPL v3 Open Source Definition Angular, Gerrit and Istio OUC board members Debian Free Software Guidelines Google Contributor License Agreement Apache Contributor License Agreement Developer Certificate of Origin Istio governance: Steering Committee and TOC Silicon Valley Chris’s IMDB page Palo Alto fiber ring (and today) Chris DiBona on Twitter Open Source at Google

Before Kubernetes was launched, it could have at most 25 nodes in a cluster. At 1.0, the target was 100. Meanwhile, Borg, Omega and Mesos were all running away at 10,000. What did it take to get Kubernetes to this number, and above? SIG Scalability and GKE Tech Lead Wojciech Tyczynski tells us. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Follow-up: Chairs, from Episode 107 Christmas trees, from Episode 104 Kids music The duck song The duck joke Autotune the News The duck song goes viral on TikTok Walmart Yodeling Kid News of the week KubeCon US goes virtual PromCon schedule AWS App2Container Episode 48, with Issy Ben-Shaul GKE brings Node Local DNS cache to GA Episode 106, with John Belamaric Update kernel and Kubelet config on GKE nodes AKS brings 1.17 to GA; adds containerd and priority placement group support Diamanti Spektra 3.0 Kubernetes WG Naming Introducing Cloud Native Community Groups Updated CNCF Storage whitepaper Presslabs moves to Kubernetes Presslabs Stack and WordPress Operator Links from the interview Omega Episode 43, with Brian Grant Defining scalability Original SLOs API-responsiveness: 99% of all our API calls return in less than 1 second Pod startup time: 99% of pods (with pre-pulled images) start within 5 seconds Target SLO doc - 25 nodes Borg - ~10,000 nodes Sep 2015, Kubernetes 1.0 - 100 nodes “Kubernetes Has A Ways To Go To Scale Like Google, Mesos” by Timothy Prickett Morgan March 2016, Kubernetes 1.2 - 1,000 nodes July 2016, Kubernetes 1.3 - 2,000 nodes Work by Clayton Coleman, guest of Episode 85 March 2017, Kubernetes 1.6 - 5000 nodes etcd v3 improvements for web scale Scalability Envelope Today’s scalability numbers EndpointSlices Episode 104, with Bowei Du JD.com’s 10,000 node clusters Alibaba’s 10,000 node clusters Episode 95, with Xiang Li Google’s 15,000 node GKE clusters Twitter session at the upcoming Google Cloud Next by Reza Motamedi and Maciek Różacki Poseidon and Firmament Wojciech Tyczynski: GitHub LinkedIn

Over the past 20 years, Mirantis has grown from an outsourcing company for semiconductor engineers to a product company that is the new home of Docker Enterprise. Past and present CEO and “co-founder” Adrian Ionel oversaw Mirantis’s adoption of OpenStack and purchase of Docker’s enterprise business, and he joins the show to discuss them both. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Hello Kitty, not a cat The Toys That Made Us Istanbul Not Constantinople News of the week New CNCF projects: Announcement The Future of Sandbox Sandbox project list KUDO Episode 78, with Gerred Dillon Crossplane CNI-Genie Keptn Cloud Custodian Dex Litmus Episode 56, with Evan Powell ArtifactHub Kuma Parsec BFE jFrog ChartCenter KubeCon “EU” schedule Gloo 1.4 Episode 55 with Idit Levine Frigate by Jacob Tomlinson Checkov by Bridgecrew Contour 1.6 ACI and Docker integration now public gRPC-Web for .NET now GA Episode 94, with Richard Belleville HP Ezmeral Codefresh raises $27m Links from the interview Mirantis OpenStack At Mirantis Built by NASA and Rackspace Fuel from Mirantis Adrian leaves Mirantis in 2015 Dorsal Did anyone call John Sculley? Adrian returns in 2018 Infrastructure as Code Mirantis Bring-your-own Kubernetes and Kubernetes as a Service Mirantis acquires Docker Enterprise ..and pledges to keep Docker Swarm alive Docker Enterprise Kontena closes and the team joins Mirantis Mirantis joins Airship project First release of Docker Enterprise from the merged team The Mirantis Bear Adrian Ionel on Twitter

Last week Loodse, the makers of the Kubermatic Kubernetes Platform, made that platform open source, and rebranded their company to match. Co-founder Sebastian Scheele joins us to explain how the company and platform came about, why they’ve made their changes, and what exactly a Loodse was anyway. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Docker for the new Arm Macs Tick Tock Keep Talking and Nobody Explodes Spaceteam News of the week Kubermatic 2.14 now Open Source HashiCorp Cloud Platform and new versions of Nomad, Terraform and Consul Flagger 1.0 OpenMatch 1.0 Harbor graduates at the CNCF SPIFFE and SPIRE move to incubation level CNCF post GKE goes to 15,000 nodes with Bayer Crop Science Tsunami: extensible network scanning from Google AWS App Mesh controller for Kubernetes is GA Dell announces PowerScale storage Gocker: a mini Docker written in Go by Shuveb Hussain The Kubernetes Goat by Madhu Akula Storpool and Sardina launching Kubernetes-as-a-Service Kubernetes website adopts Docsy Getting started with Oracle 18c on Kubernetes by Ron Ekins Links from the interview Kubermatic (f.k.a. Loodse) SAP HANA Julian Hansert Hamburg and Munich Kubernetes meetups ContainerDays Kubermatic Kubernetes Platform SAP Gardener Leibnitz KubeOne Loodse rebrands to Kubermatic Kubermatic Kubernetes Platform on GitHub Sebastian Scheele on Twitter

Two years ago, Sarah Wells from the Financial Times gave a KubeCon EU keynote about how the company moved from monolith to microservices, and how her Content and Metadata platform team moved to Kubernetes specifically. She joins hosts Adam and Craig to recap that migration, and what life has been like since. As Sarah has moved to a broader role in charge of all observability for The FT, she also invited Dimitar Terziev, the current platform lead for the CM team, to the conversation. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Duck eggs Green onions News of the week kube2hadoop from LinkedIn Kubera from Mayadata Episode 56, with Evan Powell Linkerd 2.8 Multi-cluster with Ambassador Consul 1.8 Intro to Istio Ingress from Banzai Cloud Cloudflow 2.0.0 Not the shoe Google internships go virtual to help Open Source Introducing the CNCF Technology Radar CNCF SIG Observability Episode 37, with Richard Hartmann Loft (and Reddit thread) Jib 2.4 announcement and Jib extensions Zerto for Kubernetes AKS 2020-06-08 adds node image upgrade and application gateway ingress controller Cloudera Data Platform for Private Clouds Cloudbees introduces DoD compliant CI, now with a CtF to deploy into an environment with an ATO, which meets DISA STIG and NIST RMF security guidelines Episode 44, with Tracy Miranda Microsoft discovers cryptojacking in Kubeflow clusters on Azure Gokul Chandra writes up Anthos Links from the interview Financial Times The pink pages Subscriber stats Coronavirus coverage The latest figures John Burn-Murdoch Added 50,000 subscribers since COVID-19 FT Crossword KubeCon EU 2018 keynote: “Switching Horses Midstream: The Challenges of Migrating 150+ Microservices to Kubernetes” by Sarah Wells Schedule Video Slides Monzo microservices graph CoreOS Fleet Innovation tokens: Choose Boring Technology by Dan McKinley Dashing from Shopify Sarah and Dimitar on Twitter

After 5 years at the helm of the CNCF, executive director Dan Kohn is stepping down to launch a new Public Health initiative. The new General Manager of the CNCF is Priyanka Sharma, who joins our show today. Priyanka tells Craig and Adam what to expect, talks about virtual events, and gives some hints on how to rename projects. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Frog Leap Studios Tubthumping (originally by Chumbawamba) Hello (originally by Adele) News of the week Rancher Longhorn is GA Fairwinds Polaris is GA AKS does new networking things Kubecost’s cluster-turndown saves you money Solo Developer Portal for Istio CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements CVE-2020-8555: Half-Blind SSRF in kube-controller-manager Write-up from “Reeverzax” and “Hach” Ambassador 1.5 released Microk8s for Windows and Mac Finding your GKE logs by Rami Shalom and Charles Baer Business continuity with Anthos CNCF Cloud Engineer Bootcamp CKA program changes Lessons learned by Noah Kantrowitz of Ridecell Links from the interview Lightstep Ben Sigelman Ben Cronin “Spoons” Dapper Monarch OpenTracing Episode 97, with Yuri Shkuro GitLab Sid Sijbrandij CNCF Charter Governing Board members Priyanka joins as GM Dan Kohn Chris Aniszczyk On 4 years at the Linux Foundation Jim Zemlin End User Community Cheryl Hung Episode 35, with Dan Kohn LF Public Health Events: Cloud Native Summit Online KubeCon EU KubeCon Boston CNCF Technical Oversight Committee Charter Members CNCF Projects Other projects: Ollie Priyanka Sharma on Twitter

In a world where pods (and IP addresses) come and go, DNS is a critical component. John Belamaric is a Senior SWE at Google, a co-chair of Kubernetes SIG Architecture, a Core Maintainer of the CoreDNS project and author of the O’Reilly Media book Learning CoreDNS: Configuring DNS for Cloud Native Environments. He joins Craig and Adam to discuss CoreDNS, the evolution of DNS in Kubernetes, and how name resolution has been made more reliable in recent releases. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Death of George Floyd SpaceX Crew Demo 2 launch Sunniest Spring on record in the UK A small test rocket launch in Scotland UK spaceport (proposed) New Zealand spaceport (active) News of the week Priyanka Sharma replaces Dan Kohn at the CNCF Episode 35, with Dan Kohn Starboard, by Aqua Security Episode 19, with Liz Rice Docker Enterprise 3.1 from Mirantis Docker and Microsoft; Microsoft and Docker Velero v1.4 Agones v1.6 Episode 26, with Mark Mandel and Cyril Tovena Chef adds Windows container migration for GKE Red Hat adds Quarkus to Red Hat Runtimes AWS encrypts Fargate ephemeral disks in v1.4 PlanetScale open sources a Vitess operator Episode 81, with Jiten Vaidya and Sugu Sougoumarane Kubernetes provider for Hashicorp Terraform Google Vulnerability Reporting Program adds GKE Tools for debugging apps on Google Kubernetes Engine by Charles Baer and Xiang Shen How Migrate for Anthos helps modernize Java apps Helm project journey report Episode 102, with Matt Butcher Helm 3: the Good, the Bad and the Ugly by Sandor Guba of BanzaiCloud NIST deployment guidelines for proxy-based Service Mesh by Ramaswamy Chandramouli of NIST and Zack Butcher of Tetrate The World of kubectl Plugins: a YouTube series by Ahmet Alp Balkan Episode 66, with Ahmet Alp Balkan and Luk Burchard Links from the interview Domain Name System Root zone Authoritative name server Recursive and caching name server Infoblox Kubernetes Service DNS for Serivices and Pods Customizing DNS for Kubernetes CoreDNS; the default DNS server for Kubernetes since 1.11 Introduction slides KEP for CoreDNS in Kubernetes SkyDNS Miek Gieben; author of CoreDNS and SkyDNS version 2 Caddy: the HTTP server upon which CoreDNS is based Dnsmasq CoreDNS plugins Rewriting DNS with CoreDNS redisc plugin: enables a networked cache using Redis ens plugin: serve DNS records from Ethereum Name Service Node Local DNS cache and KEP BIND Unbound DNS resolver Explanatory blog posts: Understanding ndots in Kubernetes Racy conntrack and DNS lookup timeouts Learning CoreDNS: Configuring DNS for Cloud Native Environments by John Belamaric and Cricket Liu Cricket Liu and his books Book cover: a Comber fish Policy integration Episode 101, with Tim Hinrichs and Torin Sandall CoreDNS policy plugin coredns-opa SIG Architecture Production Readiness Review and KEP A DNS haiku John Belamaric on Twitter

Over the last 10 years, Cloud Foundry has grown from “open Heroku clone” to “software used at your bank”. The Cloud Foundry Foundation and the CNCF launched within a few months of each other in 2015, and the two worlds are now colliding as Cloud Foundry replatforms on top of Kubernetes. Our guest this week is the Executive Director of the Cloud Foundry Foundation, Chip Childers. He talks to Adam and Craig about foundations, the boredom of infrastructure, and the cost of every line of code you write. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Memorial Day Spring Bank Holiday Sundar Day Cracking the Cryptic: Sudoku solving and more 4 million views Craig’s favourite: watch Simon’s excitement Guardian article cheat3: Lego puzzle boxes News of the week Istio 1.6 released Multiple control planes WorkloadEntry Azure Arc for Kubernetes now in preview New AKS features GKE introduces Container Threat Detection in Beta TriggerMesh makes EveryBridge available to EveryOne in Preview Introducing KES from MinIO Updates to StackRox Kubernetes security platform OPA survey results Styra DAS adds microservices authorization Episode 101, with Tim Hinrichs and Torin Sandall Rancher Academy Understanding Anthos on Bare Metal from Google Cloud Snyk partners with Docker and Docker partners with Snyk Kubernetes Apply vs. Replace vs. Patch by David Dooling from Atomist Links from the interview DMTF and DTMF 17 year old kids asked to use a rotary phone Apache CloudStack Wikipedia, with history Apache Software Foundation Officers and Project VPs Cloud Foundry Announcement of formation GitHub Wikipedia Boeing B-29 plane Pivotal Software Linux Foundation Collaborative Projects Open Container Initiative April 2020: Chip Childers, CFF CTO, becomes Executive Director Episode 98, with Sam Ramji (the founding CEO/Executive Director of the CFF) Project Eirini: announced by IBM in April 2019 Old architecture: Diego and Garden KubeCF Created at SUSE GitHub cf-for-k8s GitHub Chip Childers on Twitter

SIG Network is completely rethinking the way you define groupings of applications (Service) and get traffic sent to them (Ingress) by building the Service APIs, a new set of primitives which are better suited to how different groups of users interact with them. Bowei Du is a Tech Lead on GKE and a member of SIG Network who is leading the design and implementation of these new APIs, as well as working on getting Ingress to GA in Kubernetes 1.19. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Christmas trees Magic Puzzles News of the week Google Cloud Next On Air Sign up now Harbor 2.0 Azure introduces 10c/hr uptime SLA and Kubernetes 1.18 in preview Red Hat announces Amazon Red Hat OpenShift Linode Kubernetes Engine is Generally Available VMware to acquire Octarine Venafi to acquire Jetstack cert-manager 0.15 and beyond Episode 75, with James Munnelly Maesh 1.2 Grafana 7.0 AWS CDK for Kubernetes (cdk8s) Call to participate in CNCF survey Load balancing algorithms in Envoy by Tony Allen Links from the interview Bowei’s PhD: CAP theorem TIER project: Technologies and Infrastructure for Emerging Regions Delay-tolerant networking (DTN) Service EndpointSlices Coming to Istio and Knative Health checks: Liveness and readiness at pod level Pod Ready++ Ingress cert-manager ingress-nginx TLS is only on port 443 2018 Ingress survey Conformance profile Episode 41, with Tim Hockin Ingress moving to GA in 1.19 Service APIs Evolving the Kubernetes Ingress API to GA and beyond by Bowei and Christopher Luciano from IBM A sketch of the API GatewayClass and StorageClass KEP for adding L4 Multi-Cluster Services API proposal Bowei Du on Twitter

More gripping than a crime scene in Las Vegas, the Container Storage Interface (CSI) lets vendors interface with Kubernetes. Saad Ali from Google led development of Kubernetes storage, including the CSI and volume subsystem. He joins hosts Adam and Craig for an in-depth look at how storage works in Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam’s puzzle How they made The Mandalorian Unreal Engine: Project Spotlight Fraggle Rock: Rock On! Lockdown music videos: Crowded House: Something So Strong Mostar Diving Club: Quiet Hands News of the week IBM Cloud Satellite Google Cloud Buildpacks Anthos for app modernisation via CI/CD and transforming legacy Java applications Azure Container Registry adds dedicated data endpoints Amazon ECR: multi-architecture containers Amazon Cloudwatch adds Prometheus metrics run:AI creates fractional GPU sharing for Kubernetes The State of Cloud Native Development: CNCF survey (PDF) VMware’s State of Kubernetes 2020 (PDF) Gatekeeper Policy Management from SIGHUP Episode 101, with Tim Hinrichs and Torin Sandall Datastax Astra on GCP and Sam Ramji’s blog Episode 98 with Sam Ramji Introducing PodTopologySpread by Aldo Culquicondor and Wei Huang Pod Security Policies at Square by Jason Price Introduction to OpenTelemetry by Ran Ribenzaft Episode 97, with Yuri Shkuro Kubernetes and Istio on the F-16 jet: CNCF case study GKE logging introduction by Charles Baer and Xiang Shen Helm and Kustomize, better together Helm, with Matt Butcher Kustomize, with Phillip Wittrock Links from the interview SIG Storage KubeCon keynote: Debunking the Myth: Kubernetes Storage is Hard Episode 41 with Tim Hockin Docker: Volumes Volumes Persistent Volumes In-tree volume plugins (deprecated) FlexVolume Container Storage Interface Kubernetes CSI docs Design doc CSI GA announcement CSI sidecar containers Ephemeral CSI volumes (Beta) Secrets Store CSI driver Local persistent volumes Data populators KEP CSI topology Topology-aware volume provisioning CSI for Persistent Memory GKE on AWS CSI TV theme songs The Who: Substitute Saad Ali on Twitter

In celebration of Helm graduating to a top-level CNCF project, Adam and Craig. talk to its creator and primary architect, Matt Butcher of the Deis Labs team at Microsoft Azure. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam talks about these baby wipes Craig talks about these baby wipes News of the week Red Hat Virtual Summit news: OpenShift 4.4 OpenShift Serverless OpenShift Virtualization Advanced Cluster Management for Kubernetes Azure Red Hat OpenShift upgraded to v4 OpenShift 4.3 on IBM Power Red Hat Marketplace More ways Red Hat are here to help Azure Kubernetes Service: Windows Server Containers, Private Clusters and Managed Identities now GA Windows Server Containers are GA on GKE too Episode 70, with Patrick Lang Ingress for Anthos Kaggle writes about using it for gRPC Explore Anthos with a sample deployment Celebrating Helm’s graduation The Safety Boat: Kubernetes and Rust by Taylor Thomas from Deis Labs Announcing Vitess 6 Couchbase Autonomous Operator 2.0 Kong for Kubernetes 0.8 Tern 2.0 KubeCon + CloudNativeCon Europe 2020 Alcide look at Kubernetes as a Service Anthos Service Mesh deep-dive GigaOm Radars, by Enrico Signoretti Data Storage for Kubernetes Hosted Kubernetes solutions Federated Kubernetes Links from the interview Matt Butcher Doctor of Philosphy Why One Philosopher Left Academia Celebrating Helm’s graduation Helm A floppy disk History of Helm Introducing Helm Why Kubernetes Needs Helm Deis In 2016 The Illustrated Childrens Guide to Kubernetes k8splace Deployment Manager for Kubernetes Skippbox Bitnami Helm 3 transition by Matt Fisher Upgrading from Windows 1.0 to 8.0 Helm charts and Helm Hub TUF and in-toto Is there a Helm and Operators showdown? Operators blog by Brandon Philips First Helm Summit Episode 43, with Brian Grant Swag Helm coffee cup Deis socks Printed copy of The Illustrated Childrens Guide Deis gift satchel Tide pen Deis acquired by Microsoft, 3 years ago CNAB, Brigade and Krustlet Techne and Sophia Matt Butcher on Twitter

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The cupboard was bare Marmite is not a satisfactory substitute for baking yeast 4D jigsaw puzzles (or a picture, if not for sale in your location) News of the week Anthos for AWS is now Generally Available TechCrunch coverage Eurosys ‘20: Autopilot paper Borg: The Next Generation paper Cluster traces Cloud Foundry becomes more Kubernetes-native with cf-for-k8s Paketo Buildpacks Everything you need to know about them How they fit into the Cloud Native landscape Changes to Kubernetes release cycles for 2020 Aqua Security announces Dynamic Threat Analysis RHEL 8.2 adds new container tools Red Hat product life cycle changes Flatcar Linux now supported on VSphere Episode 79 with Chris Kühl sKan from Alcide kubeletctl from CyberArk xls-kubectl by Daniele Polencic of Learnk8s Microsoft’s new reverse proxy YARP Running decades-old games in containers by Misha Brukman TorchServe and TorchElastic for Kubernetes by Facebook and AWS Controller code Project Astra from NetApp Launch video Styra adds mutating webhooks to Declarative Authorization Service Simulating clock skew by PingCAP Links from the interview Open Policy Agent Styra Episode 42 with John Murray Plate smashing OASIS XACML OPA is… “easier” The origin of Open Policy Agent and Rego Founded in 2015: first commit Donated to the CNCF Sandbox in 2018 and moved to incubation in 2019 Rego configuration language Running as a Go API Bundles Admission controllers in Kubernetes Existing Kubernetes policies NetworkPolicy LimitRange OPA Gatekeeper: Policy and Governance for Kubernetes OPA and WebAssembly Hooli examples Tim Hinrichs and Torin Sandall on Twitter

To celebrate our 100th episode we welcome back our first ever guest, Paris Pittman, open source program manager at Google Cloud and member of the Kubernetes steering committee - among many other roles. Along with hosts Adam and Craig, Paris looks at how the community has changed and how it has stayed the same, and how other projects are able to adopt learnings from Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 100 episodes! Our introductory blog Our introductory KubeCon keynote News of the week New Tanzu announcements Surge upgrades for GKE Spot and system/user node pools on Azure Kubernetes Service Portworx Essentials OpenShift Container Storage 4.3 Magicpak by Hiromi Ogawa Pluto from Fairwinds Trow featured in the New Stack Using Apache SkyWalking to fix the blind spot of distributed tracing Lyft takes Envoy Mobile to production gRPC and Kotlin Episode 94 with Richard Belleville Gloo 1.3 Envoy Wasm filters at Banzai Cloud faasd by Alex Ellis Kubernetes Fury Distribution 1.1 NeuVector adds Vulnerability and Compliance Explorer Infra.app adds Linux support Node Local DNS cache by Povilas Versockas Cheeky Monkey by Rich Stokes Anthos: Under The Hood by the Google Cloud Developer Advocacy team Kubernetes Operators by Jason Dobies and Joshua Wood of Red Hat Cloud Foundry Platform Certification includes Kubernetes Announcing the Kubernetes Contributor Communications team How to join Lachlan Evenson joins the Kubernetes steering committee CFP opens for KubeCon US Fluentd project journey report Seven CNCF interns graduate the CommunityBridge program with more to come Links from the interview Episode 1, also with Paris Pittman! Kubernetes Slack Guidelines and Code of Conduct Moderator team SIGs and Working Groups Code of Conduct Committee Product Security Committee SIG Working Group Lifecycle doc SIG PM retirement Chairs and TL roles Not much love to go round? Subprojects - they rule everything around Paris CNCF Contributor Strategy SIG CNCF Observability SIG Kubernetes Community communication guidelines Zoom guidelines Kubernetes upstream marketing - Contributor Communications team YouTube PE Charter: Ethos and guidelines API conventions doc The Art of Community by Jono Bacon O’Reilly Linux Pocket Guide by Daniel Barrett Oh, The Places You’ll Go! by Dr Seuss Episode 74, with Jorge Castro Animal Crossing: New Horizons Find the games on Twitter Paris Pittman on Twitter

kpt (“kept”) is a new open-source tool for Kubernetes packaging built by Google Cloud. Morten Torkildsen is an engineer at Google, focusing on configuration management and the workloads APIs, and he worked on Kpt. He explains it to Adam, while Craig fills his mind with penguins. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The Easter Bunny is an Essential Worker in New Zealand From the archives: Dragon research (discussed in Episode 53) Keepers are letting the penguins run loose at Oregon Zoo Visiting the Beluga Whale at Shedd Aquarium News of the week CNCF projects: Volcano joins the Sandbox Dragonfly moves to incubation Argo moves to incubation Argo CVEs by Matt Hamilton of Soluble Docker announces Compose specification Nautilus: a tool for visualising Docker Compose files Show HN post Deis Labs introduces Krustlet: Introduction Why Rust? The Microsoft take Tekton now in Beta Episode 44, with Tracy Miranda Episode 47, with Kim Lewandowski Microsoft publishes attack matrix for Kubernetes Detecting a large-scale cryptocurrency mining attack Huawei announces Mindspore deep learning framework Service Mesh Hub from Solo Technical overview Mixerless Telemetry in Istio by Zsolt Varga of Banzai Cloud Amazon launches Fargate platform v1.4.0 Version primer Data plane, under the hood Elastic File Server (NFS) support Rook 1.3 Write-up by Vanilla Kola Red Hat: OpenShift Commons Gathering, April 27 Istio on OpenShift in 2020 Be careful when pulling images by short name Canonical launches managed apps When to use Helm and when to use Operators by Matt Butcher Controlling outbound traffic from Kubernetes by Jack Kleeman and Chongyang Shi at Monzo API Priority and Fairness Alpha by Min Kim, Mike Spreitzer and Daniel Smith Hubspot moves Zookeeper to Kubernetes Graceful shutdown in Kubernetes is not always trivial by Ilya Andreev from Flant Open Container Initiative icons Kubernetes Workshop in a Box by Pascal Widdershoven Links from the interview kpt Announcement What does it stand for? Kubernetes Resource Model helm template command kpt apply vs kubectl apply Configuration as Code Brian Grant Twitter thread on kpt kpt Setters Domain-specific languages Examples and Kubernetes examples you can use with kpt kpt functions Installing kpt kpt on GitHub Morten Torkildsen on Twitter

Apache Cassandra, a scale-out datastore, is becoming more Kubernetes-native. Sam Ramji is Chief Strategy Officer at DataStax, a company that builds Cassandra-based products. He explains how DataStax has pivoted back towards supporting upstream Cassandra, and how they’re making it easier to manage on Kubernetes. As always, we also cover the news of the week, and we look at what is and is not a dinosaur. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The return of the brontosaurus We’re going on a bear hunt News of the week kpt: Announcement Site Contributors: Episode 7, with Phillip Wittrock Episode 11, with Vic Iglesias Episode 29, with Janet Kuo Episode 43, with Brian Grant Possible meanings, thanks to Daniel Roth and Blender Fox What does it really stand for? Please tweet us at @kubernetespod. Wrong answers only! Kubernetes 1.18 deep-dives: Topology Manager Server-side Apply Ingress CSI: Redmond New GitLab features Episode 89, with Marin Jankovski Rancher 2.4 Episode 57, with Darren Shepherd Sidekick, from Minio Cortex 1.0 Kubernetes CVE-2019-11254 Kubernetes Kapsule: managed clusters from Scaleway Build your own Kubernetes controller by Nicolas Fränkel Kubie, by Simon Bernier St-Pierre Serving repository move from Google to community control mkit from Darkbit oneinfra by Rafael Fernández López Cost savings with Kubernetes by Henning Jacobs Episode 38 Planetscale goes multi-cloud Episode 81, with Jiten Vaidya and Sugu Sougoumarane 30 days of free training from Google Cloud Critical vulnerabilty in HAProxy Well-being tips from the CNCF Links from the interview Chief Strategy Officer Sam at Microsoft The West Wing Apache Cassandra Based on the Bigtable paper Created at Facebook in 2008 Paper published in 2009 A top-level Apache project since 2010 Wide columnar data store and NoSQL CAP theorem - Cassandra is AP, eventually consistent ACID and BASE NewSQL The road to Cassandra 4.0 by Patrick McFadin DataStax Riptano raising money becoming DataStax and losing the rhino DataStax Enterprise Cassandra Operator and Management API Announcement blog DataStax Astra 501c3 and 501c6 US organizations Cloud Foundry Foundation Cassandra Enhancement Proposals (CEP) Pluggable storage engines Instagram’s “Rocksandra” Cassandra fork and Amazon’s Rocksandra fork Sam Ramji on Twitter

Jaeger is a distributed tracing platform built at Uber, and open-sourced in 2016. It traces its evolution from a Google paper on distributed tracing, the OpenZipkin project, and the OpenTracing libraries. Yuri Shkuro, creator of Jaeger and author of Mastering Distributed Tracing, joins Craig and Adam to tell the story, and explain the hows and whys of distributed tracing. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Music from Home: Brian May Neil Finn You Don’t Know Jack Galaxy Trucker Free books from the Sesame Workshop Google Play Amazon Barnes and Noble Kobo The Monster At The End Of This Book News of the week Update on the update on the update on KubeCon EU: now 13 to 16 August, and possibly online. Virtual Rejekts on 1 April Datastax Cassandra Operator and Management API Announcement blog PromCat: Prometheus Catalog from Sysdig Evaluating Predictive Autoscaling in Kubernetes by Jamie Thompson Provision a certificate and key for an application without Istio sidecars by Lei Wang How to Secure Your Kubernetes Cluster on GKE by Lewis Marshall Upcoming changes to IP assignment for EKS Managed Node Groups and De-mystifying EKS networking by Nathan Taber Updated EKS SLA Ops tips by Ciro S. Costa: Quality of Service and OOM, and Kubernetes Secrets Google upgrades to Platinum membership of Cloud Foundry Foundation CNCF Case Study: Vodafone Links from the interview Yuri Shkuro Open Source at Uber Episode 84: Monitoring, Metrics and M3, with Martin Mao and Rob Skillington - another open source project from Uber Mastering Distributed Tracing - Yuri’s book Service-Oriented Architecture: Scaling the Uber Engineering Codebase As We Grow by Einas Haddad What is Distributed Tracing? Evolving Distributed Tracing at Uber Engineering - Yuri’s blog post OpenZipkin TChannel OpenTracing Towards Turnkey Distributed Tracing by Ben Sigelman Jaeger Get started in one container Deploying to Kubernetes gRPC OpenTracing library Jaeger agent and collectors Storage backends Jaeger in Istio and trace context propagation OpenTelemetry: merging OpenTracing and OpenCensus A Brief History of Tracing (So Far) by Ben Sigelman and Morgan McLean Jaeger and OpenTelemetry Now officially in Beta! Google Dapper paper OpenTracing joined CNCF in 2016 What is a jaeger? The logo Red Hat Hawkular Jaeger joins the CNCF in 2017 and graduates in 2019 Jaeger Analytics Yuri Shkuro on Twitter

Kubernetes 1.18 is out - almost! A bug has pushed it back a day. While you’re waiting, release team lead Jorge Alarcon will tell you all about the fit and finish you can expect in the release when it’s out tomorrow. Adam and Craig bring you the other community news of the week, as well as some podcast follow-up. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Shoe Dog What the fox really says News of the week Kubernetes 1.18 is out! Well, not quite yet: this regression is being fixed Enhancement tracker Windows features: containerd kubeadm RuntimeClass GMSA Ingress API kubectl diff and APIServer dry-run kubectl debug CNCF SIG Contributor Strategy Kong ingress controller and Istio service mesh by Kevin Chen KubeCF becomes a Cloud Foundry Foundation incubation project Platform9 adds two new tiers And adds free JFrog Private Container Registry Backyards 1.2 Red Hat adds support for installing OpenShift on top of RHV Google Cloud Game Servers Kubei, a new open source runtime vulnerabilty scanner by Portshift Azure Container Registry adds customer managed keys AKS adds Ubuntu 18.04 Kubernetes security announcements CVE-2020-8551 - kublet CVE-2020-8552 - API server Using Inspektor Gadget to add network policies okteto push D2iQ changes CEOs Spectro Cloud comes out of stealth Links from the interview Kubernetes 1.18 release blog 1.18.0 announcement e-mail Computational biology and folding proteins Data for Democracy Kubernetes Up and Running by Joe Beda, Kelsey Hightower, and “the other guy” The Kubernetes Slack Searchable.ai A bit about them Home slice Episode 72, with Lachlan Evenson Emeritus Adviser Release logo Sidecar containers Tim Hockin’s thoughts on Sidecar Containers not making 1.18 1.19 release lead: Taylor Dolezal Jorge on Twitter and alejandrox1 on the Kubernetes Slack

If you’re running Kubernetes, you’re running etcd. The distributed key-value store was started as an intern project at CoreOS by Xiang Li, who is still maintaining it but now working on infrastructure at Alibaba. Xiang joins your hosts to discuss. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Getting toilet paper be like So, stay at home and play with free synth apps! Korg Kaossilator: download for Android or iOS MiniMoog Model D: download for iOS iSongs on YouTube News of the week vSphere 7 and VMware Tanzu announcements Docker announces new strategy and roadmap Hitachi Vantara acquires Containership’s assets Containership’s since-removed “goodbye” post Lens, now from Lakend Labs KEDA and SMI join the CNCF Sandbox AWS Bottlerocket blog post and GitHub repo Enable encryption on App Mesh with custom or ACM certs EKS supports Kubernetes 1.15 Firecracker thread by Micah Hausler gVisor thread by Ian Lewis Kublr adds rolling upgrades Google Cloud moves to its own ACME certificate provider GKE Workload Identity is GA Analysis of Redis operators by Flant Bank Vaults 1.0 and HSM support by Banzai Cloud CNCF joins Google Summer of Code Lifemiles case study Rancher Labs raises $40m Episode 57, with Darren Shepherd Links from the interview etcd etcd on GitHub How Kubernetes uses etcd The history of etcd, including the famous garage Built to handle upgrading CoreOS Container Linux nodes Prior art: Zookeeper: too much JVM Doozer: not enough community Chubby: too private to Google Paxos The paper Paxos Made Live - An Engineering Perspective Multi-Paxos raft The paper Announcing etcd Ben and Blake etcd3 moved from a tree keyspace to flat keyspace Latest version: etcd 3.4 etcd and Kubernetes at Alibaba: Demystifying Kubernetes as a Service – How Alibaba Cloud Manages 10,000s of Kubernetes Clusters Performance optimization of etcd in web scale data scenario The first etcd operator created by Xiang Jepsen tests of 0.4.1 and 3.4.3 CNCF to host etcd in December 2018 etcd roadmap Xiang Li on GitHub Xiang Li on Twitter

Richard Belleville works at Google on gRPC, a high-performance, universal RPC framework. Richard used gRPC before joining Google to work on it; he talks to the hosts about its history and derivation from Google’s internal Stubby, how it works, and how it differs from other RPC and messaging systems. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Castlevania series 3 on Netflix Discussed in Episode 27 Bad video game adaptations Pac-Man (TV series) Super Mario Bros (film) Doom (film) Hitchhiker’s Guide to the Galaxy - 42nd anniversary Upcoming Hulu TV series News of the week Istio 1.5: Release announcement 2020 roadmap Extensibility through WebAssembly in Envoy and the Proxy-Wasm ABI Solo.io’s WebAssemblyHub Google Cloud’s new strategy for the telecommunications industry Managed Kubernetes pricing comparison HPE Container Platform is Generally Available Contour 1.2 and Velero 1.3 Case studies: HelloFresh running Istio in production Kudos on moving to Kubernetes A survey of Istio’s network security features by Jack Leadford at NCC Group TIKV security audit Adrian Colyer looks at the Firecracker paper EKS adds AWS Encryption Provider 2019 CNCF Survey results Sidecar containers not in 1.19 after all KubeCon EU not on in Mar/Apr after all Links from the interview gRPC What is gRPC? gRPC Basics meetup video: a recent presentation by Richard at the Orchestructure meetup RPC vs messaging What does the G stand for? NASA Robotic Mining Challenge Protocol Buffers Stubby became gRPC Abseil: an open source collection of C++ libraries drawn from the most fundamental pieces of Google’s internal codebase Chubby lock services (the inspiration for etcd) Bidirectional streaming Head-of-line blocking Polling engines Swagger/OpenAPI gRPC + JSON by Carl Mastrangelo HTTP/2 Supported languages gRPC Core gRPC-web HTTP/2 trailers Users Graduating the CNCF Richard Belleville on Twitter

Kubeflow, the Machine Learning toolkit for Kubernetes, has hit 1.0. Google software engineer Jeremy Lewi is a core contributor to Kubeflow and was a founder of the project. He joins the show to discuss what Kubeflow does, and what it means to have hit 1.0. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Over the Road Over The Top and its amazing poster 13 Minutes to the Moon With soundtrack by Hans Zimmer We love our theme music, but its composer has fewer Academy Awards. News of the week KubeCon Novel Coronavirus update Schedules announced for day 0 events Kubeflow 1.0 is out Google Cloud blog Kubernetes 1.18-beta.1 1.18 features list Poor unloved Sidecar Containers Screwdriver joins CD Foundation Episode 44, with Tracy Miranda Introducing Arkade by Alistair Hey Install Kubernetes to your Raspberry Pi in 15 minutes by Alex Ellis Weathervane 2.0 from VMware AKS: Spot node pools and container scanning Vulnerable Containers API by Jerry Gamblin Advanced Persistence Threats: The Future of Kubernetes Attacks by Ian Coldwater and Brad Geesaman Episode 65, with Ian Coldwater Everyone might be Cluster Admin in your Kubernetes cluster by Jeff Geerling Mirantis acquires Kontena Episode 31, with Jari Kolehmainen CSI driver for Google Cloud Storage by Ofek Lev Bring your ideas to the world with kubectl plugins by Cornelius Weig Optimizing I/O intensive containers by Jay Huang Links from the interview Kubeflow Episode 2, with David Aronchick About Use cases Jupyter and its use in Kubeflow kfserving 1.0 release Enabling GPUs and TPUs Community Member organisations MNIST tutorial Kubeflow on GitHub and on Twitter Jeremy Lewi on Twitter

GPUs do more than move shapes on a gamer’s screen - they increasingly move self-driving cars and 5G packets, running on Kubernetes. Pramod Ramarao is a Product Manager at NVIDIA, and joins your hosts to talk about accelerators, containers, drivers, machine learning and more. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Printer networking HP JetDirect USB Type B The mess that is USB Type-C The solution Adam wants software-defined faucets Glowing LED faucet - where does the electricity come from? Faucet, a SDN controller News of the week Google Cloud launches Application Manager for GKE in Beta GKE Surge Upgrades GA GKE Node Locations GA Anthos Ready Storage qualification Kafka disaster recovery with Supertubes from Banzai Cloud Episode 59, with Janos Matyas StackRox’s State of Container and Kubernetes Security report Cilium 1.7 Last week’s ode to eBPF, with Leonardo Di Donato Convox launches multi-cloud Pangolin, an experimental Kubernetes autoscaler by Damian Peckett Damian’s Reddit post Bang-bang control theory Bang-bang chicken Dell/EMC rack-in-a-box Jack-in-the-box The Hooli Box Platform9 now distributed by Promark But not Primark Episode 88, with Madhura Maskasky GKE security updates & defense-in-depth strategies Best practices for enterprise multi-tenancy with GKE Andrew Allbright contributes to Minikube Kubernetes Contributor Summit schedule announced That discount code again again again: KCEUGKP15 Links from the interview NVIDIA Graphics Processing Unit (GPU) Differences between CPU and GPU The math co-processor General-purpose computing on GPUs (commonly known as GPGPU) CUDA, with a C NVIDIA CUDA Zone CUDA C++ OpenGL and Vulkan, with a K Kubernetes on NVIDIA GPUs NVIDIA on Google Cloud Platform Device plugins for Kubernetes and scheduling GPUs NVIDIA device plugin Kubernetes on NVIDIA GPU documentation NDC Hub for drivers and containers NVIDIA EGX for Edge computing with Kubernetes Pramod’s announcement blog Deep Learning Training vs Inferencing NVIDIA GPU operator Pramod Ramarao

We dive into the Linux kernel this week with guest Leonardo Di Donato, Open Source engineer at Sysdig. Leonardo works full-time on the Falco project, a runtime security engine that listens to the Linux kernel using eBPF - the extended Berkeley Packet Filter. Leonardo tells the hosts about the architecture of eBPF, how he has used it before and now, and what’s coming up for Falco. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week University Challenge: can you guess the computer? Golf Peaks (Google Play, App Store) Desert Golfing News of the week Apache Flink v1.10 Linkerd v2.7 Azure Container Registry to require TLS 1.2 CPU limits and aggressive throttling in Kubernetes - Omio Engineering by Fayiz Musthafa from Omio Kiosk Reddit thread with Lukas Gentele Docker donates the cnab-to-oci library to cnab.io How-to Guide: Debugging a Kubernetes Application Nutanix Karbon 2.0 Childcare and COVID-19 at KubeCon EU That discount code again again: KCEUGKP15 Red Hat OpenShift is now available for IBM Z and LinuxONE Why Kubernetes on VMs? by Chip Zoller Securely Access AWS Services from Google Kubernetes Engine (GKE) Carbon Relay raises $63 million Links from the interview Traditional Linux tracing tools: perf and strace BPF and eBPF BPF paper by Steven McCanne and Van Jacobson eBPF: Alexei Starovoitov added the ’e’ Express Data Path (XDP) bpftrace InfluxDB Cloud kubectl-trace The IO Visor project Sysdig Loris Degioanni, co-founder, CTO, and author of Wireshark Falco Sysdig and Falco now powered by eBPF Falco joins CNCF Sandbox and moves to incubation Upcoming KubeCon EU talks by Leonardo: Going beyond CI/CD with Prow Designing a gRPC interface for kernel tracing with eBPF Falco community: GitHub Docs Mailing list Notes about community calls Community call recordings Slack Leonardo Di Donato on Twitter

Peter Mattis is a creator of the CockroachDB open source database and co-founder and CTO of Cockroach Labs. His history in open source goes back to the creation of the GIMP image editor and UI toolkit Gtk at university in 1995, and his history at Google saw him work on storage and build systems. Hosts Craig and Adam ask him about all of the above. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Storm Ciara: Trampoline Leaves Big jets News of the week Docker Index Apache Aurora: Proposal to archive Summary from Stephan Erb New GitHub repo announcement containerd Project Journey Report Episode 71, with Derek McGowan CoreOS End-of-Life Fedora CoreOS Flatcar Linux Episode 79, with Chris Kühl Developing in Production by Will Sargent at Terse Systems Thanos Operator from BanzaiCloud Kubernetes sidecars in 1.18 Clear Linux OS now Certified Kubernetes Helm 3 in Real Life by Dawid Ziolkowski Kubernetes storage patterns by Nitish Tiwari Integrate Cloud Foundry with Kubernetes using the cf-operator and kubecf kubecf Deploying External OpenStack Cloud Provider with Kubeadm Frame.io Falco case study Supporting developers as they scale: a free Kubernetes eBook from DigitalOcean Register Now: KubeCon + CloudNativeCon EU Day Zero Events That discount code again again: KCEUGKP15 Links from the interview GIMP, the GNU Image Manipulation Program Pre-history GTK, the GIMP Toolkit Inktomi Episode 49, with Eric Brewer Colossus Bazel Square Acquires Ex-Googler Team Behind Viewfinder To Help Grow Its NYC Presence CockroachDB article Spanner and F1 papers CAP theorem Google Cloud Spanner Ticktock Networks and the HUYGENS paper Cockroach Labs Orchestration with Kubernetes Relicensing CockroachDB Business Source License Geospatial indexing CockroachDB on GitHub Peter Mattis on Twitter

GitLab is a single application DevOps platform, including source code management and CI/CD tools for targets including Kubernetes. The application itself runs on Kubernetes, including in its largest installation, the SaaS version at gitlab.com. Marin Jankovski is an Engineering Manager at GitLab, where he was Employee #1. He joins Craig and Adam to talk about migrating to Kubernetes, remaining a monolith, and the company value of radical transparency. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Little Free Libraries Original discussion Simon Weckert’s Google Maps hack The canonical hand-cart Google responds News of the week CNCF TOC election results HPE acquires Scytale Episode 45, with Andrew Jessup CNCF announces KubeCon EU schedule The actual schedule That discount code again: KCEUGKP15 Run Windows Server Containers on GKE Episode 70, with Patrick Lang New Google Cloud certifications address the cloud skills gap Cisco Hyper-Accelerates Applications in a Hybrid Multicloud Hyper-World Updates to Google’s partnership with Cisco AKS 2020-01-27 release AWS Container Security Survey by Michael Hausenblas Infra.app A bit of Istio before tea-time by Alex Ellis Loan a cloud IP to your minikube cluster Building containers without Docker Building a Linux Desktop for Cloud Native Development The Long Dark Tea-Time of the Soul etcd blog on being tested by Jepsen Jepsen blog on testing etcd How Fluentd collects Kubernetes metadata by Brady Zuo Troubleshooting Kubernetes OOM by Carlos Arilla DNS Lookups in Kubernetes by Karan Sharma Community collaboration on Notary v2 by Justin Cormack CNCF Speaker’s Bureau: a great resource MayaData raises $26m Episode 56, with Evan Powell Links from the interview Marin Jankovski’s README GitLab Product features All remote company Radical transparency Postmortem of 2017 database outage Advantages of a single application Community and Enterprise Editions GitLab Open Source GitLab’s unconventional journey to CI/CD and Kubernetes Deployment to Kubernetes added in 2016 GitLab’s journey to GCP GitLab Serverless Tanuki logo The old logo was.. “threatening” Crossplane integration with GitLab Marin on GitLab

Madhura Maskasky is co-founder and VP of Product at Platform9, a company who manage both OpenStack and Kubernetes. She talks to Adam and Craig about the transition from VMs to containers, why OpenStack is still relevant, and what they have to do to be able to offer a 99.9% SLA on cloud-native applications. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Bad news from both Australia Day and Chinese New Year Schitt’s Creek News of the week VMware: Introducing Project Nautilus VMware Fusion on GitHub Google Cloud Config Connector Octarine open-sources the Kubernetes Common Configuration Scoring System (KCCSS) and kube-scan KubeNav, by Rico Berger Permission Manager by SIGHUP KubeInvaders: gamified chaos engineering Whack-a-Pod Kubernetes DOOM CSI inline ephemeral volumes Reviewing 2019 in Kubernetes docs Episode 5, with Zach Corleissen and Jared Bhatti CSI driver support for Dell/EMC Isilon CNCF annual report Sign up for KubeCon EU and get 15% off with discount code KCEUGKP15 TriggerMesh receives $3m seed funding Episode 28, with Sebastien Goasguen AWS lowers EKS price Links from the interview Platform9 Managed Kubernetes Managed OpenStack kubevirt Webinar recording: KubeVirt – Beyond Containers: Coming full circle back to VMs! OpenStack Ironic Cluster API Thick Edge and thin Edge Managed Apps with 99.9% SLA Kubernetes in Production: Operating etcd with etcdadm etcdadm etcd Operator 6 Enterprise Kubernetes Takeaways from KubeCon 2019, San Diego, and 5 from Barcelona before it Platform 9 and 3/4 Platform9 on Twitter Madhura Maskasky on Twitter

Self-driving cars need self-driving backend infrastructure. Karl Isenberg is the tech lead & manager of the platform team at Cruise, a self-driving car company backed by GM and Honda. He joins hosts Craig and Adam to discuss two years of running multitenant Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers Interpretive meme version Support for Windows 7 has ended: don’t use it for internet banking Stefanie Stuber’s uncommon The Voice performance News of the week Kubernetes bug bounty announcement, funded by the CNCF GKE CIS Benchmarks deliver security best practices Octopus: how Kyma does integration testing in Kubernetes Elastic Cloud on Kubernetes (ECK) now GA Red Hat OpenShift v4.3 now almost GA Fedora CoreOS now GA Istio as an Example of When Not to Do Microservices by Christian Posta Backyards 1.1 from Banzai Cloud k3c from Darren Shepherd at Rancher Labs Episode 57, with Darren Shepherd Continuous GitOps by Arun Ramakani Werf 1.0 by Flant New Anthos training from Google Cloud Dauntless case study KubeDR by Catalogic Kubernetes on MIPS by Inspur Links from the interview Cruise We Need To Move Beyond The Car, by CEO Dan Ammann Lombard St Karl’s KubeCon talk Slides Video Managing Kubernetes RBAC Groups by Stephen Day RBACSync on GitHub Open-Sourcing Isopod: An Expressive DSL Framework for Kubernetes Configuration by Charles Xu and Dmitry Ilyevskiy Isopod on GitHub Building a container platform at Cruise: Part 1: Overview by Karl Part 2: Security by Karl and Mike Ruth Part 3: Networking by Karl and Buck Wallander Cruise’s blog Karl Isenberg on Twitter

What do you do next when you have over 150 patents to your name? Write a book, of course! Lin Sun is a Senior Technical Staff Member and Master Inventor at IBM, where she has spent the past 14 years doing software engineering in areas including cloud and open technologies. She has worked on the Istio service mesh since 2017, and is on the Istio steering and technical oversight committees. Lin joins Adam and Craig to discuss invention, making Istio easier to use, and how being a mother has impacted both. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Snow in Seattle News of the week Tanka, from Grafana Hacker News commentary Jsonnet ksonnet archived Configula, from Brendan Burns Caligula, from Rome Falco moves to the CNCF incubator Falco’s biggest hit, Rock Me Amadeus CKAD is now valid for 3 years Contour 1.1.0 Getting serious about open-source security by Dan Lorenc Episode 39, with Dan Lorenc Designing and Building HA Kubernetes on Bare-Metal AKS Latency and performance/availability issues due to IO saturation and throttling under load Kubernetes Networking Demystified by Karen Bruner at StackRox How to Give Developers Access to Kubernetes During Development by Daniel Thiry How to deal with computing resource cost for Kubernetes-based development Key metrics for monitoring Istio from Datadog Deploying multiple Istio Ingress Gateways by Peter Jausovec Big Prometheus by Clay Smith from Monitoring Monitoring Breaking Changes in Helm 3 (and How to Fix Them) by Jack Morris Security advantages of pull-based CD pipelines by Alex Kaskasoli Zero touch authentication on Kubernetes by Peter Wilcsinszky at BanzaiCloud Vault replication across multiple datacenters on Kubernetes by Nandor Kracser OpenStack’s Complicated Kubernetes Relationship by Mike Vizard of ContainerJournal Kubernetes 1.15 security changes in GKE KubeCon + CloudNativeCon NA 2019 Transparency Report Zendesk case study Links from the interview IBM Master Inventor Lin’s patents Her favorites: Analyzing email content to determine potential intended recipients Ensuring a desired distribution of content in a multimedia document for different demographic groups utilizing demographic information Istio announcement blog and GlueCon talk from 2017 Lin at the IBM Cloud CTO Office IBM Research IBM Cloud, formerly known as Bluemix Bluemix Service Proxy Amalgam8 Envoy Istio 1.1, the “9 months” release The Sidecar resource, which lets you scope which services are known by a given sidecar to reduce resource usage Release cadence Istio 1.4 Mutual TLS New 1.4 features: Auto-mutual TLS client-go library istioctl analyze Requirement to declare containerPort removed in 1.3, automatic protocol selection added User Experience working group istioctl add-to-mesh istioctl describe-pod istioctl install Steering committee Technical oversight committee istiod Istio as an Example of When Not to Do Microservices by Christian Posta Minion cluster mode Istio Explained, by Lin and Dan Berg kui and iter8 Lin Sun on Twitter

Five years ago, Clayton Coleman took a bet on a new open source project that Google was about to announce. He became the first external contributor to Kubernetes, and the architect of Red Hat’s reinvention of OpenShift from PaaS to “enterprise Kubernetes”. Hosts Adam Glick and Craig Box return for 2020 with the story of OpenShift, and their picks for Game of the Holidays. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Arrods Minesweeper Kaboom Simon Tatham’s Mines Snake NIBBLES.BAS AI playing Snake News of the week Google describe its BeyondProd cloud native security paradigm: BeyondProd: How Google moved from perimeter-based to cloud-native security BeyondProd whitepaper Protecting programmatic access to user data with Binary Authorization for Borg Binary Authorization for Borg whitepaper Episode 8 with Maya Kaczorowski VMware completes acquisition of Pivotal Coverage at SiliconAngle and ContainerJournal Chaos Mesh from PingCap Episode 82 with Ana Medina Global access for internal load balancers now available on GKE Calico 3.11 CrunchyData Postgres Operator 4.2 kubectl tree Episode 66 with Ahmet Alp Balkan and Luk Burchard kubelive Consistent OIDC authentication across multiple EKS clusters Operating your BBQ meat smoker or your Christmas tree with Kubernetes Vendors make a splash in 2019 service mesh implementation rush 2019 Kubernetes certificate outage by Victor Adossi The poor state of Kubernetes horizontal pod autoscaling according to Wander Hillen Predictions and looks-back: opensource.com: 5 predictions for Kubernetes in 2020 SDXCentral: Kubernetes Opportunities, Challenges Escalated in 2019 DataCenterKnowledge: A Hyperconvergence Progress Report: Has Kubernetes Stolen the Show? IDG Connect: Kubernetes: the tech to take centre stage in 2020 SiliconAngle: Predictions 2020: Cloud, Kubernetes and cybersecurity will rule Forbes contributor: What Do Customers Want From The Kubernetes Ecosystem In 2020 The Enterprisers’ Project: 5 Kubernetes trends to watch in 2020 TechRepublic: Cloud computing in 2020: Predictions about security, AI, Kubernetes, more Christopher Tozzi: 4 ways Kubernetes could be improved Farewell from Kontena Links from the interview Red Hat OpenShift Why Red Hat chose Kubenretes for OpenShift by Joe Fernandes Early history of OpenShift Comparing OpenShift v2 and v3 Health checks OpenShift differences from Kubernetes: DeploymentConfig Builds Docker registry Routes Don’t turn off SELinux! CoreOS Clayton in his CoreOS t-shirt Tectonic The Operator model CoreOS acquired by Red Hat What’s new in OpenShift v4 Operator Framework and operator-lifecycle-manager Red Hat acquired by IBM Linux at IBM in the 90s The blonde kid PowerLinux PodDisruptionBudget Clayton Coleman on Twitter

Martin Mao and Rob Skillington are co-founders of Chronosphere; CEO and CTO respectively. They both worked on the monitoring team at Uber, where they created M3: a metrics platform with an open source time-series database built for scale. They join Craig and Adam to talk about monitoring, metrics and M3 on the last episode of 2019. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Test message from Delta Airlines News of the week CSI migration and CSI volume snapshots AKS Private Clusters in preview GKE maintenance Windows and exclusions is GA Google Cloud E2 VMs: introduction and understanding dynamic resource management New features in Cloud Run for Anthos Best practices for performing forensics on containers Infrastructure at Cliqz, and introducing Hydra Envoy CVEs Istio security bulletin The Top 3 Service Mesh Developments in 2019 by Zack Jory Istio Service Mesh Explained in 5 Minutes by Ram Vennam Ambassador Edge Stack Solo.io WebAssembly Hub Episode 55, with Idit Levine Kafka Envoy Protocol Filter Talos 0.3 beta AutoTiKV tuning OpenPolicyAgent’s KubeCon recap Episode 42, with John Murray A first look at Antrea from Alex Brand TODO: read this article by Patrick DeVivo Does Testing Kubernetes Conformance Leave You in the Dark? Get Progress Updates as Tests Run by John Schnake Demystifying Kubernetes as a Service – How Alibaba Cloud Manages 10,000s of Kubernetes Clusters How Jaeger Helped Grafana Labs Improve Query Performance and Root Out Tough Bugs Adopting Kubernetes at Quora by Taylor Barrella, CNCF announces schedule for Bengaluru/Delhi Forums Links from the interview M3 website M3: Uber’s Open Source, Large-scale Metrics Platform for Prometheus Before: Graphite and its Whisper database Prometheus Why pull rather than push? AlertManager PromQL RRDtool M3 on GitHub: open source from the start Chronosphere Rob’s 2019 KubeCon’s talks: EU: M3 and Prometheus, Monitoring at Planet Scale for Everyone NA: Deep Linking Metrics and Traces with OpenTelemetry, OpenMetrics and M3 Twitter: Rob Skillington Martin Mao M3 Chronosphere

Hop on the release train for the fourth and final Kubernetes release for 2019. Release manager Guinevere Saenger joins Adam and Craig. to discuss how a classically trained pianist has a second act as a Kubernetes release team lead. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Craig plays the Oculus Quest: Superhot Epic Roller Coasters Beat Saber Keep Talking and Nobody Explodes Adam sees a play Six News of the week Kubernetes 1.17 is out! Volume snapshot in Beta EKS on Fargate now generally available Tech thread from Onur Filiz Interview with AWS CEO Andy Jassy CNCF DevStats Azure Application Gateway ingress controller launched CloudBees CI/CD SaaS in preview Anthos is CRN’s Hybrid Cloud product of the year Troubleshooting Deployments by Daniele Polencic UNIVAC schematics Building large Kubernetes clusters at LINE CNCF TOC structure and elections uSwitch case study Making audit logging a viable practice again by Nitzan Niv Links from the interview Collaborative piano Ada Developers Academy (The LSAT is the Law School Admission Test) Ruby on Rails Samsung SDS Cloud Native Computing Team Kubernetes at GitHub GitHub Metal Cloud #hugops SIG Contributor Experience Episode 46, with Aaron Crickenberger Guinevere speaking at KubeCon about new contributions “Complaning about how hard it was to contribute” led to the Contributors Guide Episode 10, with Josh Berkus and Tim Pepper Kubernetes 1.17 enhancement tracking sheet Dual-stack IPv4 and IPv6 What happened to IPv5? Poor old sidecar containers slipped again KubeCon 2019 NA Contributors’ Summit Hats 1.17 release team 1.18 leads have been announced Release team shadow program Release engineering Guinevere Saenger on Twitter

Chaos Engineering is the discipline of experimenting in identifying potential areas of failure before they express themselves in outages. Ana Margarita Medina is a Chaos Engineer and Developer Advocate at Gremlin, a chaos-as-a-service vendor that recently added Kubernetes support. She talks to Adam and Craig about the discipline, and her journey to it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Shopify’s Black Friday Craig’s Black Friday News of the week AWS announcements: Managed node groups EventBridge support in ECR Sagemaker operators for Kubernetes Eirini 1.0 is here Security considerations for GKE by Maya Kaczorowski Episode 8. with Maya Kaczorowski Managing a multi-site Cassandra cluster on multiple Kubernetes with CassKop / MultiCassKop by Seb Allamand Run Ansible Tower or AWX in Kubernetes or OpenShift with the Tower Operator by Jeff Geerling Everything I know about Kubernetes I learned from a cluster of Raspberry Pis by Jeff Geerling Prometheus OpenMetrics Integration Develop a Kubernetes controller in Java by Min Kim and Tony Ado Running Kubernetes locally on Linux with Microk8s by Ihor Dvoretskyi and Carmine Rimi Episode 21, with Ihor Dvoretski Episode 60, with Mark Shuttleworth Linux Foundation Cyber Monday sale Barrons says Kubernetes is the future of computing by Tae Kim Links from the interview Chaos Engineering Chaos Engineering: the history, principles, and practice Chaos Monkey Netflix Simian Army Fuzzing Site reliability engineering Google DiRT testing Video: 10 years of crashing Google by Kripa Krishnan Ana’s re:Invent talk Reggaetón #hugops Chaos Engineering Slack Gremlin Gremlin Free What is a Gremlin? The Gremlins (Roald Dahl book) Gremlins (1984 film) Ana Margarita Medina on Twitter

Vitess is a cloud native database clustering system for horizontal scaling of MySQL. It was built for YouTube, open sourced, and has recently graduated from the CNCF. Two members of the team who wrote and ran Vitess at YouTube, Jiten Vaidya and Sugu Sougoumarane, are CEO and CTO of PlanetScale; a company they founded to support Vitess commercially. They join Craig and Adam to talk databases. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Our meetup at KubeCon The WeWork booth at KubeCon You Must Build A Boat You Have To Win The Game News of the week Anthos news from Next UK Multi-cluster management with Anthos GitLab Serverless with Cloud Run for Anthos Project Antrea from VMware Managed Istio GA on IBM Kubernetes Service IBM open sources developer tools Kui and iter8 Episode 47 with Kim Lewandowski Solo.io introduces Autopilot Hubble, from Cilium ByteBuilders introduces Kubeform Cloudbees adds Jenkins X UI to their community distribution Juniper updates Contrail Slack Vitess case study Debugging network stalls on Kubernetes by Theo Julienne at GitHub Volterra’s control plane for distributed PaaS Gravitational takes $25m investment Datadog’s 2019 container report Aqua Security acquires Cloudsploit CNCF 2019 award winners Episode 72 with Lachlan Evenson Episode 77 with Katharine Berry Links from the interview Vitess About Jiten and Sugu Graduated from the CNCF Database shards Vitess history YouTube acquired by Google in 2006 Go; 10 years old Google storage systems: Bigtable Colossus Scaling MySQL in the cloud with Vitess and Kubernetes and Cloud Native MySQL Sharding with Vitess and Kubernetes by Anthony Yeh, Google Cloud Case studies: Stich Labs, Hubspot, JD.com Vitess at KubeCon: Vitess: Stateless Storage in the Cloud by Sugu Sougoumarane Geo-partitioning with Vitess by Deepthi Sigireddi and Jiten Vaidya How to Migrate a MySQL Database to Vitess by Sugu Sougoumarane & Morgan Tocker Gone in 60 Minutes: Migrating 20 TB from AKS to GKE in an Hour with Vitess by Derek Perkins from Nozzle Postgres support PlanetScale Announcing PlanetScale’s CNDb The name Voltron Strong Bad’s advice on naming things Jiten Vaidya and Sugu Sougoumarane on Twitter

Catch all the news (and there is a lot of it!) from KubeCon NA 2019 in this week’s show. We then talk to Vicki Cheung, the conference co-chair, and an Engineering Manager running Kubernetes infrastructure at Lyft. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Docker sells its enterprise business: Mirantis press release Docker press release New Google Kubernetes Engine features: Preemptible VMs support is GA Node auto-provisioning is GA Vertical Pod Autoscaling is GA Batch on GKE is in Beta Surge upgrades are in Beta Google Cloud Run is GA Microsoft news: Secure enclave support in AKS Engine Azure Container Registry adds repository scoped permissions Kubernetes Event-Driven Autoscaling (KEDA) is 1.0 GitHub Actions for CNAB bundles & CNAB controller for Kubernetes Episode 61, with Jeremy Rickard and Ralph Squillace Helm 3 released, for real! Istio 1.4 released GitHub Octoverse Top and Trending Projects Kubernetes Security Announcement: CSI sidecar vulnerability Red Hat open-sources Quay and launches CodeReady Workspaces v2 VMware launches Crash Recovery and Enterprise PKS v1.6 CNCF announcements: 500 members New Platinum members: Arm, NetApp and Palo Alto Networks New Gold members: Equinix and Fidelity Investments Over 100 certified Kubernetes distributions Announcement of CNCF jobs board Datadog: Introducing Network Performance Monitoring 2019 Container Report What’s next for monitoring in Kubernetes? Gremlin launches chaos engineering for Kubernetes O’Reilly acquires Katacoda Kubernetes.io interactive training Mayadata adds Mayastor engine to OpenEBS PlanetScale launches CNDb Rancher announces k3s GA and Rio is in Beta Episode 57, with Darren Shepherd Cloud Native Security Hub from Sysdig Pipeline 2.0 Tech Preview from Banzai Cloud Episode 59, with Janos Matyas Clustered Microk8s from Ubuntu Episode 60, with Mark Shuttleworth Weave Flux and Argo CD join forces Portworx launches PX-Backup and PX-Autopilot Pulumi launches Crosswalk for Kubernetes, kx and .NET Core support Episode 76, with Joe Duffy Snyk Container Gloo 1.0 from Solo.io Episode 55, with Idit Levine Clusterman from Yelp adds Kubernetes Building Secure Reliable Systems book, new from Google Cloud A-Z Round: A10 Networks announced a Blueprint for automation of the Polynimbus secure application service Agile Stacks announced KubeFlex to aid in deploying and managing Kubernetes clusters in data centers and at the edge Alibaba Cloud released version alpha2 of the Open App Model Altinity announced their production-ready Kubernetes operator for ClickHouse data warehouses Aporeto launched new identity federation capabilities for Kubernetes and Istio Arrikto announced that MiniKF is now available on the GCP Marketplace Amazon has published a cost optimization guide for Kubernetes on AWS Buoyant launched Dive, a SaaS “team control plane” for Kubernetes clusters Chronosphere added tracing capabilities Containous launched a new Ambassador Program to reward and support Traefik community members Datawire announced a tool for automatic HTTPS for Kubernetes Ingress in Ambassador DeployHub announced the release of version 9.0 of their publishing and configuration offering DigitalOcean announced a Container Registry and a Kubernetes section in their 1-click apps market Fairwinds launched a new open source-as-a-service platform Insights, and Astro, a product for managing monitors in a dynamic environment Hammerspace announced a persistent data protection offering for Kubernetes Humio added streaming log management capabilities to their IBM Cloud Pak Hyscale has announced the open-sourcing of their app deployment tool Instana added support for Rancher Kublr announced Multi-Site Orchestration in Kublr 2.0 is now in Private Preview LINBIT announced Piraeus Datastore, a Software-Defined Storage offering for Kubernetes Maestro, from Cloud66, released a Kubernetes management tool for multi-cluster management Mattermost introduced ChatOps, an open source projects for real-time DevOps NetFoundry announced a programmable networking platform for apps at the edge NeuVector announced a Security Policy as Code tool for Kubernetes NS1 expanded their suite of integrations Opsani AI announced precision tuning for autoscalers Oracle announced Oracle API Gateway, Oracle Logging, and Kafka Compatibility for Oracle Streaming Redis Labs introduced RedisInsight Rookout announced a hybrid Kubernetes debugger for DevOps teams SignalFX announced Kubernetes Navigator to provide AI-driven insights StorageOS announced the release of version 1.5 Styra announced new features for their Compliance for Kubernetes tool Trilio announced support for TrilioVault on OpenShift Turbonomic announced Lemur, a New, Free, Observability Tool for developers Wallarm launched support for Envoy proxy and Envoy API protection with their SaaS Security product WhiteSource announced native integrations for top container registries Yugabyte announced YugabyteDB will be available as a self-managed database service on Crossplane Kubernetes clusters Zebrium announced that no-touch log monitoring for Kubernetes is now in private beta Links from the interview Duolingo OpenAI Lyft Engineering Episode 33: Envoy, with Matt Klein KubeCon NA 2019 Program co-chairs Episode 54: Tech, Life and KubeCon EU, with Bryan Liles Vicki Cheung on Twitter

Due to overwhelming submission numbers, 85% of talks proposed to KubeCon are rejected. Cloud Native Rejekts, a two-day community conference immediately before KubeCon, gives a second chance to some of those talks. Chris Kühl is CEO and co-founder of Kinvolk, a Berlin-based Linux company, who organise events including Cloud Native Rejekts. Hosts Adam and Craig ask him about this, and somehow the discussion includes both Pearl Jam and Mötley Crüe. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Listener meetup at KubeCon: 1.30pm at the Google Cloud Lounge Pineapple Lumps and Jaffas Adam’s TV recommendation of the week: The Expanse News of the week Skaffold is now GA Episode 6 with Matt Rickard VMware Tanzu updates from VMworld Europe Chronosphere founded with $11m investment to commercialise M3 Vitess graduates CNCF and releases v4.0 Azure Monitor Prometheus integration is now GA Quarkus 1.0rc Knative v0.10 Pachyderm Hub: ‘Kubernetes as a Service’ as a Service D2iQ Kommander Cruise releases security tool k-rail Kasten K10 v2.0 Helm security audit results Kubernetes: Grokkin’ the Docs Rancher releases container industry survey results Prometheus: CNCF project journey report Tim Hockin draws the kube-proxy iptables stack (direct link) Episode 41, with Tim Hockin Monzo builds network isolation for 1,500 services CFP for Google Cloud Next Links from the interview GNOME Planet GNOME gnome-system-monitor Kinvolk rkt CoreOS Container Linux Flatcar Container Linux Kinvolk announcement CoreOS acquired by Red Hat Kinvolk offer support for Flatcar Container Linux Omaha and Nebraska CoreRoller Cloud Native Rejekts B-side conferences Rejects.JS A- and B-side Yellow Ledbetter A look back at the first Cloud Native Rejekts in Barcelona All Systems Go conference 40 talks at this week’s Cloud Native Rejekts Get a ticket See Tim Hockin’s talk: “We’ve Made Quite a Mesh” Rock dots Chris Kühl on Twitter

KUDO is the Kubernetes Universal Declarative Operator, a toolkit for writing operators for Kubernetes. Gerred Dillon works on KUDO at D2IQ, formerly Mesosphere, and joins Craig and Adam to discuss KUDO, how Mesos frameworks relate to Kubernetes operators, and taking care of chickens. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Little Free Libraries Top moments of 50 years of the Internet by Vint Cert Television network news in NZ 50 years old History of TV in NZ News of the week Sysdig container usage report Longhorn donates to the CNCF Crossplane 0.4 Helm v3.0.0-rc.2 Episode 11 with Vic Iglesias CloudEvents reaches 1.0 Data Center Knowledge: What service meshes are, and why Istio is leading the pack Backyards 1.0 Contour 1.0 Envoy 1.12 New encryption options for Google Kubernetes Engine Azure services now run anywhere with new hybrid capabilities: Announcing Azure Arc ZDNet and TechCrunch coverage Brendan Burns’ explainer videos CNCF news: AlphaSense case study TiKV on building a distributed storage system CNCF meetup program SIG Docs survey results Better Kubernetes networking with Knative by Ahmet Alp Balkan Episode 66, with Luk Burchard and Ahmet Alp Balkan Why you don’t have to be afraid of Kubernetes by Scott McCarty Brad Childs has passed away Links from the interview D2IQ (formerly Mesosphere) Apache Mesos Mesos frameworks Marathon DC/OS DC/OS Commons KUDO Controllers Operator pattern Kubebuilder Operator SDK Omakase: Japanese for “I will leave that up to you” Tasks Getting started with KUDO Metacontroller Proposal to move under Kubebuilder Vitess operator Tekton Helm D2IQ’s Konvoy distribution of Kubernetes Operators using KUDO: Kafka Cassandra Spark OpenEBS operator Lightbend templates for Akka KUDO proposed to the CNCF CNCF SIG Application Delivery Gerred’s KUDO webinar for the CNCF Contributing to KUDO KUDO Slack Gerred’s bio Dry brining a chicken Gerred Dillon on GitHub

Katharine Berry works in the Engineering Productivity team at Google Cloud, and works in SIG Testing on the Kubernetes project. She joins Adam and Craig to discuss Prow, Pebble and ponies. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week SkyCity Convention Centre Fire A nice dinner out after a conference England knock NZ out of the Rugby World Cup Cards Against Humanity to open a restaurant The Holiday Hole News of the week GKE Release Channels are in Beta GKE usage metering is GA: use it to combat over-provisioning Episode 40 with Madhu Yennamani A new guide for PCI-DSS compliance on GKE Exploring container security: Vulnerability management in open-source Kubernetes Episode 34 with Jordan Liggitt Episode 17 with Jon Pulsifer HPE are set to deliver a Kubernetes platform for data analytics and ML How to bulid a kubectl plugin by Jonas-Taha El Sesiy Episode 66, with Luk Burchard and Ahmet Alp Balkan NVIDIA Aerial framework Red Hat partnership GPU Operator Red Hat releases OpenShift Container Storage 4.2 Kontena Lens 2.3 released New Octant.dev website and v0.8.0 Zoho Catalyst and coverage from Container Journal Links from the interview Pebble smartwatch Original $10m Kickstarter Sold to Fitbit Rebble Web Services and the Rebble Alliance What Rebble replaces How Pebble Users Are Keeping the Smartwatch Alive 3 Years After It Supposedly Died Google Engineering Productivity Kubernetes SIG Testing Prow The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience by Aaron Crickenberger and Ben Elder Prow: Keeping Kubernetes CI/CD Above Water Now in Jenkins-X Tests are moving to kind Episode 69 with Ben Elder The Kubernetes Prow instance Spyglass Flaky tests Automating away the test-infra role Episode 72 with Lachlan Evenson Testgrid Automating Slack Episode 74 with Jorge Castro Closed due to attacks Tempelis SIG Testing on Slack The pink pony Generative adversarial network AI generated ponies Katharine Berry on Twitter Katharine’s web site

Joe Duffy is the founder and CEO of Pulumi, an open-source cloud development platform. He joins Adam and Craig to explain why a general purpose programming language is a better tool for cloud infrastructure than a domain-specific language (or YAML), and how you can use Pulumi to provision cloud infrastructure and Kubernetes resources alike. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week DevOpsDays Auckland Craig’s talk In which 32 bit apps don’t work on macOS Catalina News of the week Dapr, OAM and Rudr Announcing Dapr, the Distributed Application Runtime Dapr homepage Announcing the Open Application Model Open App Model Ship without a Rudr’s like a ship without a Rudr’s like a ship without a Rudr Red Hat introduces OpenShift 4.2 Goldilocks from Fairwinds Ubuntu 19.10 Episode 60 with Mark Shuttleworth Introducing SPIRE 0.8.2 Episode 45 with Andrew Jessup Istio performance improvements noted by Pablo Moncada Isla Graboid: first cryptojacking worm for Docker found by Unit42 Analysis of two Kubernetes vulnerabiltiies by Palo Alto Networks Harbor 1.9 CNCF announces schedules for Forums in Seoul and Sydney Container Platform Networking at Cruise by Karl Isenberg and Buck Wallander Sugarkube and cattle clusters Links from the interview Pulumi Joe Duffy’s blog: Hello, Pulumi! Journey to Pulumi 1.0 WPF (Avalon) and WCF 10 Years of DevOpsDays Comparisons of Pulumi vs other platforms TypeScript Dark programming language Three business models of Open Source by Peter Levine and Jennifer Li $ for enterprises and free community edition AWS and Elasticsearch Inc. Pulumi on GitHub Joe Duffy and Pulumi on Twitter

cert-manager is a certificate management toolkit for Kubernetes, commonly used to get TLS certificates from Let’s Encrypt. Project founder James Munnelly of Jetstack joins hosts Craig and Adam to explain how how certificates are issued and managed, and how cert-manager automates it all. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Fast food-themed entertainment: Wendy’s Feast of Legends role-playing game KFC dating simulator Burger King Games M.C. Kids Taco Bell’s Tasty Temple Challenge The McDonalds board game KFC virtual escape room training Soda-themed entertainment: Cool Spot Pepsi Invaders Mad Mix: The Pepsi Challenge Stranger Things 3: The Game News of the week Rancher 2.3 released Episode 57, with Darren Shepherd Windows container support and Rancher 2.3 Amazon EKS now has Windows containers generally available Episode 70, with Patrick Lang New on DigitalOcean Kubernetes Service: cluster autoscaling Elastic Cloud on Kubernetes v1.0.0-beta1 released MuleSoft releases AnyPoint Service Mesh Container Journal interview Linkerd 2.6 A guide to distributed tracing with Linkerd Trackman, open source step-workflow tool from Cloud 66 Puppet announces public beta of Project Nebula KubeCon NA 2019 contributor summit schedule announced Kubernetes patterns for capacity planning by Mohamed Ahmed How Booz Allen Hamilton is helping modernize the Federal Government with Kubernetes Flant.com compares 11 ingress controllers for Kubernetes How Zalando manages over 140 Kubernetes clusters by Henning Jacobs Cluster API Simplifies Execution and Powers Projet Pacific at VMware Grant Shipley moves from Red Hat/IBM to VMware Kubernetes Wild West video game SUSE moves on from OpenStack and doubles down on Kubernetes SAP to make HANA database available on Kubernetes Links from the interview Jetstack The two Matts: founders Matt Bates and Matt Barker James’s Jetstack bio cert-manager Docs Co-evolved with kube-lego by Christian Simon How TLS encryption works: x509 for public key certificates Chains of trust Certificate authorities and root certificates Episode 60, with Mark Shuttleworth, founder of Thawte LetsEncrypt How it works ACME protocol HTTP-01 and DNS-01 validation cert-manager concepts: Issuers and Certificates Self-signing issuers Kubernetes and webhooks: Validating webhooks require TLS Kubebuilder supports cert-manager Chicken-and-egg problem for validating webhooks Conversion webhooks Mirror/static pods Kubernetes ingress quick-start tutorial Different solver types The ingress-shim controller Other issuer options: Vault, internal CA, CertificateRequests Lets Encrypt is blocking old cert-manager versions Edge cases where retry looping would start v0.11 release notes Upgrading to v0.11 Getting involved: cert-manager and cert-manager-dev Slack channel Bi-weekly community call cert-manager on GitHub James Munnelly on Twitter

Jorge Castro is a community manager employed by VMware to help keep the Kubernetes project running smoothly. He joins Adam and Craig to talk about the programs run by SIG Contributor Experience, the difference between supporting contributors and end users, and the recent steering committee election. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The Jordan Luck Band The Exponents Snippets from Who Loves Who The Most, Victoria and Why Does Love Do This To Me News of the week Kubernetes Steering Committee election results Envoy proxy journey report October updates to the StackRox Security Platform Protecting Kubernetes against a Billion Laughs attack by Stackrox Billion laughs attack on Wikipedia Open Source in VMware Tanzu Project Contour moves IngressRoute to HTTPProxy Sloop from Salesforce Kontena Lens: free desktop app GKE master on-prem routing AKS managed identity Envoy proxy perforamcne on Kubernetes by Ambassador Announcing Kubernetes Community Days WeaveWorks GitOps Manager and WKSctl Transmogrify Kubernetes APIs by David Young Links from the interview About Jorge Castro 11th Armored Cavalry Regiment John Wick horse scene (Ok, Bradley Fighting Vehicles, not horses) From Ubuntu to Heptio Community episodes & community managers: Episode 27 with Sarah Novotny Episode 1 with Paris Pittman Kubernetes Slack bot Contributor Experience properties: YouTube Office hours (and calendar) Meet our Contributors Kubernetes subreddit Kubernetes Users mailing list - now archived discuss.kubernetes.io Ask Ubuntu SIG Contributor Experience End user content: KEP for setting up discuss.kubernetes.io Proposal with steering for end user committee Kubernetes Failure Stories Kubernetes tag on Stack Overflow Bots fixing bugs, merging and celebrating with no humans needed Humans Need Not Apply WG Kubernetes Infrastructure Kubernetes Steering Committee 2019 Steering committee election Election process: no electioneering Condorcet method Three “chop wood/carry water” winners were elected Jorge himself was also a recipient! Self-organised community: “Kubeyland” Disneyland trip Cloud Native Rejekts Jorge and his many friends all hang out on #sig-contribex on Slack and the kubernetes-sig-contribex mailing list Jorge Castro on Twitter

Daniel Smith is co-Chair and co-TL of SIG API Machinery, as well as TL of the corresponding Google team. Daniel has been working on Kubernetes since before it was open sourced, and is one of the top overall contributors to the codebase. He joins Adam and Craig to discuss CRDs and extensibility. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Old Man’s Journey Rocketman Funeral For A Friend/Love Lies Bleeding Aladdin (2019) Aladdin (1992) News of the week Kubevirt joins the CNCF KubeCon San Diego Contributor Summit ServiceMeshCon 2019 schedule announced GKE Intranode Visibility #KUBE100; hosted k3s from Civo k8s vs k3s by Andy Jeffries Docker: Designing your first application on Kubernetes Docker raising funds IBM launches Apache CouchDB operator 90% of all PaaS and SaaS on IBM Cloud is on Kubernetes Kubecost: Requests and Limits by Webb Brown Kubeadvisor 1.0 from Magalix Kubernetes Liveness Probes are Dangerous! by Henning Jacobs Links from the interview DevStats says Daniel is number 2 or number 3 contributor to Kubernetes, in either case just behind Tim Hockin from Episode 41 Either way, someone is wrong on the Internet! Carina star constellation and having to rename it from that The Kubernetes API API Machinery First proposal for API plugins - issue 991! Third party resources (deprecated in 1.7) Operator packaging Custom Resources Moving TPRs to CRDs by Nikhita Raghunath API Aggregator Extension via webhooks 1.15 release blog talks about CRD extensibility Daniel’s KubeCon talks: Life of an API Request (slides) The hand-drawn trilogy: Kubernetes-Style APIs of the Future (slides) A Vision For API Machinery: Coming to Terms with the Platform We Built (slides) The Kubernetes Control Plane for Busy People Who Like Pictures (slides) The Nut That Ties Everything Together Daniel Smith on Twitter

Kubernetes 1.16 is out, and our guest this week is its release manager, Lachlan Evenson. Lachie is a Principal Program Manager at Microsoft and an Australian living in the US; Craig and Adam are therefore method-interviewing, being this week in those two countries respectively. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Zealand: man brings clown to redundancy meeting Cloud Summit Sydney and APIdays Melbourne News of the week Kubernetes 1.16 is released Traefik 2.0 Announcing .NET Core 3.0 gRPC on .NET Core GKE Container Native Load Balancing now GA Google makes €3 billion of data center investment CloudARK’s 5 takeaways from the Helm Summit Crossplane 0.3 Agones 1.0.0 Episode 26 with Cyril Tovena and Mark Mandel Spire TPM plugin from Bloomberg Episode 45 with Andrew Jessup Azure: EKS now GA in Government regions Egress lockdown now GA AKS Periscope open source released Monitor your Google Anthos clusters with the Sumo Logic Istio app Google Cloud Build named a Leader for Continuous Integration in the Forrester Wave Banzai Cloud updates Logging Operator and Istio Operator The problem with Cloud Native by Quentin Hardy of Google Cloud Citrix integrates its ADC portfolio with Istio ContainerShip shuts down Links from the interview Prison England Lithium Technologies Kubernetes 1.0 launch roster CrashLoopBackOff Helm Classic Deis acquired by Microsoft Deis Labs Episode 61, with Jeremy Rickard and Ralph Squillace Phippy and Captain Kube Childrens Illustrated Guide to Kubernetes 1.16 release blog What Lachie is excited about: Dual stack IPv4/IPv6 Endpoint slices What he’s looking at in Alpha: Ephemeral containers Distroless What slipped: Sidecar containers Breaking old APIs in Kubernetes 1.16 Deprecation policy 1.16 release team Emeritus Advisors KubeCon San Diego session on shadowing in releases Kubernetes 1.17: run by women Removing the Test-Infra release role Release notes from annotated PRs Community retrospective Release mascots: 1.16 Release patch 1.11 1.14 Olive Garden When you’re here, you’re family History of the breadstick Cutting people off from unlimited breadsticks 2019 Steering Committee elections are happening Lachlan Evenson on Twitter

containerd was born from community desire for a core, standalone runtime to act as a piece of plumbing that applications like Kubernetes could use. It sits between command line tools like Docker, which it was spun out from, and lower-level runtimes like runC or gVisor, which execute the container’s code. This week’s guest is Derek McGowan, a Software Engineer at Docker and a containerd maintainer-d. Along with the news of the week, Adam and Craig discuss the many Vancouvers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Vancouver, Vancouver, and George Vancouver South Bend, North Bend, and Bend Cosmpolis “50 Year Sensation: the Dave McMacken Retrospective” (album art show in Astoria, Oregon) News of the week Istio 1.3 is out Google’s Anthos now incudes Anthos Service Mesh, Cloud Run for Anthos and more Cloud Native Application Bundles hit 1.0 Episode 61 with Ralph Squillace and Jeremy Rickard Nominations for the annual CNCF Community Awards Bloomberg hits 90% utilization with Kubernetes Mistakes that “cost” thousands by Gajus Kuizinas Kubernetes Edge working group publishes whitepaper Isopod, by Cruise Pulumi 1.0 5 RBAC mistakes you must avoid (number 4 will shock you) OpenShift 4.2 disconnected install Red Hat Quay 3.1 Microsoft AKS brings Scale Sets and Standard LB to GA Upstream kernel bugs Amazom EKS adds cluster tagging and IAM roles for service accounts Deep dive into AWS Fargate by Abhisheck Ray from Amazon Kong introduces Kuma, “universal service mesh” Google introduces Cloud Dataproc for Kubernetes Apache Flink operator from Google Cloud Container runtime security bypasses on Falco by Mark “Antitree” Manning Rafay Systems lands $8m in Series A funding Links from the interview containerd Original announcement The many meanings of ‘container runtime’ kubelet and Container Runtime Interfaces runC, gVisor, Kata Containers, and the Windows Host Compute Service (HCS) ctr debug tool containerd’s graduation from the CNCF containerd shim API gVisor shim Firecracker containerd integration Kata Containers shim Windows Container shim rkt announced in 2014 with appC spec Open Container Initiative libcontainer, which became runC Web Assembly (WASM) BuildKit 1.3.0 releases are coming Contribution opportunities: Reporting issues Plugin ecosystem Derek McGowan and containerd on Twitter

Patrick Lang is the co-chair of the Kubernetes Windows SIG. He is a Senior Software Engineer at Microsoft, developing Kubernetes and related open-source projects supporting Windows Server Containers. Patrick joins Adam and Craig to tell the story of how containers came to Windows. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Getting to the Peak Tram News of the week KubeCon 2019 schedule Tim Hockin and Kal Henidak on dual stack IPv4 Building a 5G network live on stage GKE Shielded VM Nodes Mæsh Project Contour 0.15 Contour on Kind TechCrunch video: How Kubernetes Changed Everything Aaron Roydhouse reverse engineers release schedules as 1.15 hits Preview on Azure and Rapid Channel on GKE GKE Scalability best practices The Kubernetes scalability hypercube Cloud Foundry Networking Team Update Building a Continuous Delivery Pipeline for Symphony by Ivan Babenko The Cult of Kubernetes and Hacker News discussion Links from the interview Windows Server containers Windows Server Core and Nano Server Sessions on Windows Docker and Windows partnership announced in 2014 Active Directory Group Managed Service Accounts (GMSA) GMSAs for Windows containers Windows network namespaces Host Networking Service and Virtual Filtering Platform GMSA integration with Kubernetes GPU acceleration in Windows Containers Batch files! Patching: Patch Tuesday Windows base OS images on Docker Hub Windows container version compatibility Hyper-V isolation Docker for Windows Get started with Windows containers Windows Server Containers in preview on AKS, EKS or GKE SIG Windows and their Slack channel Patrick Lang on GitHub

kind stands for Kubernetes in Docker. Originally built for continuous integration (CI) and testing of Kubernetes itself, kind has found many uses, including acting as a cluster for bootstrapping other clusters. Original author Ben Elder from Google Cloud joins Craig and Adam to talk about it. Want to see Adam’s puzzles? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam’s new Seattle office building Example Quick Cryptic from The Times Example USA Today crossword New York Times crossword puzzle case study The NYT mini crossword Craig’s record is 13 seconds! Times for the Times solver blog A puzzle in a tweet The answer Code Golf News of the week Introducing Kubernetes Academy Brought To You By VMware Kubernetes Academy Brought To You By VMware Knative serverless Kubernetes bypasses FaaS to revive PaaS Helm 3 Beta To Helm or not to Helm? by Stepan Stipl Announcing etcd 3.4 by Gyuho Lee and Jingyi Hu Blocking old Cert Manager versions from Lets Encrypt Linux Namespaces by Ifeanyi Ubah How kubectl exec works by Erkan Erol Announcing the CNCF Kubernetes Project Journey Report The report Adopting Istio for a multi-tenant kubernetes cluster in Production by Vishal Banthia StackRox 2.5 Platform9 raises $25m in Series D The first managed Kubernetes service on VMware? Dell previews data protection software for Kubernetes DNS spoofing in Kubernetes clusters by Daniel Sagi Dynamic Kubernetes informers by Robert Ross What’s next for Vault and Kubernetes? Consul 1.6 is now GA Kubernetes security audit: What GKE and Anthos users need to know Managed AD now in Beta on Google Cloud Introducing Red Hat OpenShift 4.2 in Developer Preview; releasing nightly builds Developer Preview now available on GCP Operational Insights for Containers and Containerized Applications Deploying GitOps with Weave Flux and Amazon EKS Links from the interview Ben’s GSoC proposal and first Kubernetes project: use iptables for proxying instead of userspace kind webpage Documentation kind on GitHub Privileged containers kubernetes CI Cluster API IPv6 on kind End to end testing Running Kubernetes in a CI pipeline by Loodse Cluster API logo - it’s turtles all the way down kubeadm cluster-api-provider-docker Other tools: kinder kindest Shoutouts to: Antonio Ojea from SUSE James Munnelly from JetStack SIG Cluster Lifecycle Ben Elder on Twitter

Container Camp is a series of independent conferences, spanning three continents and in their fifth year. “Camp mother” Angie Maguire is the co-organiser, and is also the founder of Ladies of Code. She joins Adam, who is yet to attend a Camp, but actually goes camping, and Craig, who has spoken at Camps in London and Sydney, and prefers hotels. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The mound is moving The traffic isn’t News of the week VMware buys: Pivotal Carbon Black Intrinsic Greenland VMworld news: Introducing Project Pacific Project Pacific technical overview Reintroducing Project Bonneville? Joe Beda’s take Tanzu, VMware’s approach to modern applications Tanzu Mission Control Splunk acquires SignalFX 2019 Accelerate State of DevOps report Red Hat OpenShift Service Mesh is GA Maistra, the upstream of the operators Cilium 1.6 is out E2E Kubernetes testing with GitHub Actions Why does developing on Kubernetes suck? Hacker News says it doesn’t CNCF Google Summer of Code projects Links from the interview Container Camp Ladies of Code Women Who Code Black Girls Code Container Camp videos on YouTube Craig’s talk from London in 2016 Kaggle talk from San Francisco in 2016 IPFS Camp Digital nomads Angie’s Netflix recommendations: Blown Away Mindhunter When They See Us Ava DuVernay Container Camp and Angie Maguire on Twitter

Kubernetes and Docker might not seem the obvious choice for managing virtual macOS instances on hosted Apple hardware. Learn how they were used to build Orka - Orchestration for Kubernetes on Apple - a virtualisation layer for Mac build infrastructure offered by hosting company MacStadium. Craig and Adam ask MacStadium SVP of Software Chris Chapman about Orka, and how Kubernetes is useful in places you might not expect. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Letterboxing Geocaching Orienteering News of the week HTTP/2 security bulletin from Netflix New releases for: Kubernetes Istio Envoy gRPC NGINX And others CNCF archives the rkt project GitHub Actions is now a CI/CD service Announcing preview of GitHub Actions for Azure Kubernetes web UIs in 2019 and Kubernetes Web View by Henning Jacobs Episode 38: Kubernetes Failure Stories, with Henning Jacobs k3sup by Alex Ellis Episode 57: Rancher Labs, with Darren Shepherd Evolving Istio’s APIs, by Sandeep Parikh and Louis Ryan Episode 58: Istio 1.2, with Louis Ryan Istio 1.3 release branch cut Intel GPU Plugin for Kubernetes by Brian Carey Kubernetes Gated Deployments at GoDaddy CNCF now has 100 end user members VMware, Pivotal and Dell: VMware in talks to acquire Pivotal Pivotal CTO: Kubernetes means we’re all distributed systems programmers now Kubernetes is set to take over VMworld 2019 AT&T brings Dell into the Airship program Helm Summit EU 2019 Links from the interview MacStadium Orka Conference presentation videos from Chris: macOS in a Docker container for development - MacADUK 2019 Announcing Orka - AltConf 2019 Mac OS X Lion supports running additional OS X instances (up to two) 10.7 EULA (PDF) Device test labs Docker for Mac Virtual Command, Chris’s prior company acquired by MacStadium The orca kubevirt Mac hardware: Mac Pro (2013) - the “trashcan” The MacStadium sled Mac Pro 2019 - the return of the “cheesegrater” T2 security chip MacStadium in WWDC 2018 keynote Inside the MacStadium data center JenkinsWorld 2019 Orka plugin for Jenkins Docker for Mac in macOS on Docker Yo dawg, I hear you like Docker Spinning top Turducken MacStadium on Twitter

No matter how you say it, you probably use kubectl all the time. Did you know you can extend it with plugins? Did you know you can find and install those plugins using krew, a plugin manager for kubectl? krew was built by Luk Burchard, a student at TUBerlin, as an intern project. He was supervised by Ahmet Alp Balkan at Google Cloud, and they both join Craig and Adam to discuss it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Pluots Fox evidence News of the week “Open sourcing” the Kubernetes security audit CyberArk’s penetration testing methodology Docker reverse shells and making it rain shells in Kubernetes by Rory McCune Google Cloud Security Scanner: web application vulnerability scanner for GKE Knative 0.8 release notes Building a Kubernetes platform at Pinterest Octant by VMware Call to participate in the CNCF Survey Direct link Reannouncing the Kubernetes Forum Links from the interview kubectl overview Extend kubectl with plugins Sample CLI plugin Write your own kubectl subcommands and The case for a kubectl plugin manager by Ahmet Alp Balkan kustomize becoming a kubectl sub-command kubectl access-matrix (a.k.a. rakkess, as a stand-alone binary) krew krew plugin index Ahmet’s recruitment tweet Luk’s first day at Google Ahmet Alp Balkan: Web Twitter Luk Burchard: Web Twitter

Ian Coldwater specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. A pre-eminent voice in the Kubernetes security community, they are currently a Lead Platform Security Engineer at Heroku. Ian joins Adam and Craig to talk about the offensive and defensive arts. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Black Hat USA DEFCON Scavenger hunts An example of Spot the Fed An example of the Mystery Challenge News of the week Mesosphere becomes D2iQ Google Cloud launches Migrate for Anthos in Beta Google Cloud Game Servers coming soon Episode 26: Agones, with Mark Mandel and Cyril Tovena Announcing Kubernetes Summits in Seoul and Sydney Security updates of the week CVE-2019-11247: API server allows access to custom resources via wrong scope CVE-2019-11249: kubectl cp (round 3!) IBM and Red Hat: OpenShift on IBM Cloud OpenShift coming to Z Series and LinuxONE Cloud Paks and services Cisco Container Platform now supports Microsoft AKS Helm deployments at the Kubedex How Kubernetes can be used for genetic analysis by Mu Huan and Eric Li Alibaba Cloud Announcing CloudBees Jenkins X Distribution Episode 44, Continuous Delivery Foundation, with Tracy Miranda TiDB Operator now Generally Available Links from the interview Red teams and penetration testing Fuzzing Attacking Helm’s Tiller Black-box and white-box testing DevSecOps: guard rails, not gates OWASP - the Open Web Application Security Project The math behind calculating security risk CVSS score etcd: encrypt it at rest! Admission control Technologies for isolation: AppArmor Seccomp gVisor Firecracker (not yet supported with Kubernetes) “Kubernetes is powerful, and it’s insecure by design” Ian and Duffie Cooley’s BlackHat talk Cloud doesn’t make it better! Threat modelling hostpath - “a powerful escape hatch” Trail of Bits blog: understanding Docker container escapes Recommended watching: Ship of Fools by Ian Coldwater (slides) Hacking and Hardening Kubernetes by Example by Brad Geesaman (slides) A Hackers Guide to Kubernetes and the Cloud by Rory McCune (and his upcoming Black Hat training) DIY Pen Testing for your Kubernetes Cluster by Liz Rice (our guest on episode 19) Ian Coldwater on Twitter

Cloud Code provides everything you need to write, debug, and deploy Kubernetes applications, including extensions to IDEs such as Visual Studio Code and IntelliJ. Joining Craig and Adam are Sarah D’Angelo, a UX Researcher, and Patrick Flynn, an engineering lead, both on the Cloud Code team at Google. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week All-meat diet (do not try this at home) Warmest UK day on record News of the week Happy first birthday Knative! Episode 14, with Oren Teich Episode 47, with Kim Lewandowski Episode 44, with Tracy Miranda Grafana Labs: How a production outage was caused using Kubernetes pod priorities Episode 38 with Henning Jacobs Banzai Cloud: Kafka on Istio performance Docker Enteprise 3.0 is GA, and their new Technology Partner program Tim Hockin on reconcilation Episode 41, with Tim Hockin Fairwinds Polaris Container platform security with Cruise YuniKorn KubeCon China transparency report Kazuhm Kubernetes as a Service Morpheus v4 Links from the interview Cloud Code IntelliJ VS Code Skaffold Episode 6, with Matt Rickard Jib GitHub issues: IntelliJ VS Code Sign up for a Cloud Code research study

Owen Rogers is a Research Vice President at 451 Research, co-leading the cloud team. He gained a PhD in the economics of cloud computing in 2013. Owen joins Craig and Adam to discuss the economics of cloud computing generally, and Kubernetes specifically. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Apollo Guidance Computer Restoration Summary from Wall Street Journal CyberSquirrel1 global threat map Jellyfish attach power station News of the week IBM launches Kabanero Pivotal launches PAS for Kubernetes Weave Flux joins the CNCF Windows Container Unconference on Friday July 26th: Sign up Leave questions if you can’t attend Spinnaker for GCP launched Linkerd 2.4 Architecting with GKE course, free for podcast listeners! Deep dive into Virtual Kubelet by Brian Goff SIG Usability forming Google group GitHub Slack Cloud Provider SIGs moving to sub-projects Azure Monitor for containers adds Prometheus support Kubernetes API deprecations in 1.16 Links from the interview Owen Rogers 451 Research Cloud Price Index StackOverflow’s old scale-up strategy (2009) Large Scale Complex IT Systems Owen Rogers on Twitter

Back in 2012, CERN announced one of its most important achievements; the discovery of the Higgs boson. This work led to the 2013 Nobel Prize in Physics. Ricardo Rocha, Lukas Heinrich and Clemens Lang of CERN redid the data analysis on top of Kubernetes this year, which Ricardo and Lukas demonstrated at a keynote at KubeCon EU. All three join Adam and Craig for a short physics lesson and a view into computing at the largest scale, for particles at the smallest. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 50th anniversary of the launch of Apollo 11 by NASA’s Astronomy Picture of the Day, and as reported by CBS News in real time LEGO Saturn V - mid-completion 47th annual Seafair Milk Carton Derby Adam’s pictures, including the Saturn V rocket News of the week IBM announced it has closed its acquisition of Red Hat Hashicorp Consul 1.6 Benchmarking best practices for Istio by Megan O’Keefe, Mandar Jog and John Howard IPv6 enhancement proposal for Kubernetes Now passing tests! Architecting with Google Kubernetes Engine specialization Weave Ignite Cloud Native CI/CD with OpenShift Pipelines k3v Avoid time-of-measurement bias with Prometheus Prometheus client tracer for Ruby Links from the interview CERN LHC Computing Grid ATLAS experiment CMS experiment Standard model of particle physics Cosmos: A Spacetime Odyssey, with Neil deGrasse Tyson Dark Matter is a misnomer Baryonic matter Dark matter History of computing at CERN Where the web was born Large Hadron Collider Higgs boson Discovery of the Higgs boson Servicing the first web server - Tim Berners-Lee’s NeXT cube CERN Program Library (FORTRAN) KubeCon EU keynote: Reperforming a Nobel Prize Discovery on Kubernetes Slides YouTube video CERN openlab partnership ROOT Data Analysis Framework Particle physics is embarassingly parallel Kubeflow Spark Operator on Kubernetes Open Data Initiative Find a Higgs boson in LHC public data Clemens’ shirt Our guests on Twitter: Ricardo Rocha Lukas Heinrich Clemens Lange

The Cloud Native Application Bundle is a spec for packaging distributed apps, developed by Microsoft with support from Docker and Pivotal. Jeremy Rickard, a senior software engineer at Microsoft Azure, and Ralph Squillace, principal PM for open source/developer user experience at Microsoft Azure, join Craig and Adam to discuss it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Bloons TD 6 - made in New Zealand! Full Throttle Remastered News of the week Kiali 1.0 (and 1.1!) released Dockerfile best practices by Tibor Vaas Managed CockroachDB on Kubernetes by Josh Imhoff To run or not to run a database on Kubernetes: what to consider, by Benjamin Good Backyards: Istio multi-cluster, the easy way by Banzai Cloud Episode 59 with Janos Matyas KubeCon EU Transparency Report Links from the interview Cloud Native Application Bundles The spec Bundle descriptor The invocation image Chris Crone’s “intro to CNAB” talk MSI, aka Windows Installer Duffle (and on GitHub) Example VM driver Libraries cnab-go pycnab by Gareth Rushgrove libcnab-rust Porter (and on GitHub) Docker apps and Application in Docker Enteprise Helm and Helm 3 Deis Labs Unexpected uses: Adding extra verbs by Darren Pulsipher CNAB bundle for WSL distros by Nuno do Carmo Twitter: CNAB Jeremy Rickard Ralph Squillace

Mark Shuttleworth is the founder of Ubuntu and CEO of its parent company Canonical. Ubuntu is the Linux distribution of the Cloud. You can use it inside your containers, or you can use it as your node OS. Canonical packages Kubernetes for both the edge (MicroK8s) and the server (Charmed Kubernetes). Oh, and aside from that, Mark was the first African in space, spending 8 days on the International Space Station in 2002. Craig and Adam ask Mark about how this all happened, and how it has changed his perspective on technology. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Wicked, the musical +LIVE+, the band Craig’s video clips: All Over You, Run To The Water, Lightning Crashes News of the week KubeCon + CloudNativeCon China 2019 Linus Torvalds sees hardware headaches ahead DiDi wins Top End User award CKA and courses now in Chinese Introducing Workload Identity for GKE Keyless Entry: Securely Access GCP Services From Kubernetes (Cloud Next ‘19) Knative 0.7.0 Introducing Deep Learning Containers: Consistent and portable environments Launching Talos Systems Kubernetes Managed Apps from Platform9 Istio CVE in JWT handling AKS now supports Standard Load Balancing Links from the interview Mark Shuttleworth Blog Wikipedia The Shuttleworth Foundation Thawte Soyuz TM-34 mission to the International Space Station Ubuntu Wikipedia no-name-yet.com: Mark announces his intention to launch a Linux distribution at EuroPython 2004 Getting Ubuntu down to 30mb Snaps MicroK8s Charmed Kubernetes for larger-scale deployments OpenEBS, and Episode 56 with Evan Powell Anthos Sunrise and sunset from the ISS Mark Shuttleworth on Twitter

Banzai Cloud is a cloud-native software company that builds Pipeline, a managed Cloud Native application and devops platform, featuring tools for managing multi- and hybrid-cloud Kubernetes deployments. Pipeline is open source, and Banzai Cloud has many other interesting open-source projects, including a Kubernetes distribution, and operators for things like Vault, Kafka and Istio. Adam and Craig talk to its co-founder and CTO, Janos Matyas, who is based in Budapest, but is spiritually of Oahu, Hawaii. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Is this what childrens music has become? Atom and his Package Parry Grip Baby Shark, Trap Remix Koo Koo Kanga Roo Dogs That Look Like Their Owners Runner-up Winner News of the week Kubernetes 1.15 is released Announcing Envoy Mobile kubectl cp vulnerability Kontena Pharos 2.4 Episode 31, with Jari Kolehmainen CNCF announces SIGs Aqua Security 4.2 Mitigating container image vulnerabilities Scytale Enteprise 1.0 Episode 45, with Andrew Jessup Diamanti 2019 Container Survey (PDF) Fast key-value stores: An idea whose time has come and gone Slicer Ringpop Links from the interview Banzai Cloud Pipeline GitHub Cloud pricing info Telescopes Banzai PKE for Azure and AWS Operators: CoreOS’ Operator Framework and SDK Bank-Vaults and source Logging Operator and source Kafka Operator and source Istio Operator and source The Banzai Pipeline surf spot Not related to the art of small trees Telescopes surf spot Janos Matyas on Twitter

Istio 1.2 has been released. Louis Ryan is a core contributor to Istio and a member of its Technical Oversight Committee, in his role as Principal Engineer at Google Cloud. He talks to Craig and Adam about his history with API infrastructure and the service mesh, and the history and future of the Istio project. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam goes to the Northwest Garlic Festival Anthropomorphic garlic cloves Pineapple Garlic Jelly Craig goes to Fleetwood Mac News of the week Istio 1.2 HAProxy 2.0 New Docker Desktop for Windows with WSL 2 coming Facebook peels the lid off Tupperware Wind River adds Docker and Kubernetes support for the edge Banzai Cloud adds Istio to Pipeline Apple joins the CNCF as a Platinum member Modernize IT 2019 digital conference from Google Cloud Links from the interview Istio service mesh Louis Ryan’s talk at QCon gRPC Sidecar pattern Core features of Istio amalgam8 from IBM in 2016 What is a service mesh? Envoy Proxy Istio 1.2 release notes Snow Leopard: 0 new features The original announcement of Istio 0.1 The upcoming Istio operator Common misconceptions: Design goals Community Weekly community meeting Working groups discuss.istio.io Related episodes: SPIFFE, with Andrew Jessup Envoy, with Matt Klein Istio at 1.0, with Dan Ciruli and Jasmine Jaksic Louis Ryan on Twitter

Darren Shepherd builds the Cloud at Rancher Labs, a company making entirely open source Kubernetes tooling, from the enterprise to the edge. This week Craig and Adam will finally learn how to pronounce ‘k3s’ and ‘k3OS’. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Day of the Tentacle at The Digital Antiquarian Remastered, on sale at gog.com Vigil Files (Android) News of the week Reflections on the Fifth Anniversary of Kubernetes Happy birthday from Mum and Dad I’m Tim Hockin, a top level Kubernetes maintainer. AMA! Orka, from MacStadium Introductory video from AltConf Five enterprise takeaways from KubeCon EU by Platform9: number 4, the SOA Tikka Masala, will shock you 11 salary statistics for Kubernetes jobs from The Enterpriser’s Project Want to work for Google? E-mail us! Links from the interview Rancher Labs Series A announcement, pre-Kubernetes Original Rancher 1.x beta annoucement Rancher 2.0 announcement RKE Longhorn OpenEBS used to be based on Longhorn Darren’s Rancher shirt k3s - “Lightweight Kubernetes. 5 less than k8s.” How do you pronounce the “k3s”? k3OS RancherOS Huevos rancheros k3d The Kaiser Chiefs Rio Announcement Knative Knative build templates Dancing on the sand Darren Shepherd on Twitter

Evan Powell is the CEO and chairman of MayaData, the corporate sponsor of OpenEBS, which has just joined the CNCF Sandbox. He talks to Adam and Craig about Cloud Native storage, chaos engineering for stateful workloads, and the stubbornness of hybrid clouds. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Cricket and rugby on the same day Poseidon’s Anchor bass Black Mirror and The Rain Don’t go out in the pouring rain News of the week Docker bug allows reading/writing host files Advisory by Aleksa Sarai Duo Security writeup Kubernetes bug allows containers to run as root Security advisory GitHub issue GKE security bulletin Palo Alto Networks announces intention to buy Twistlock TechCrunch coverage CVEs found by Twistlock Labs Kubernetes Node.js client library 0.9.0 List of client libraries NVIDIA EGX CKA now valid for 3 years Microsoft news: AKS available in South Africa North OCI types and Helm 3 charts in Azure Container Registry Azure Monitor supports Windows Server nodes Links from the interview OpenEBS On GitHub Now a CNCF Sandbox project TOC issue: Propose OpenEBS into CNCF Sandbox OpenEBS accepted into CNCF and OpenEBS 0.9 released OpenEBS Project Update and whats coming in v1.0 A year later: updating Container Attached Storage by Evan Powell MayaData KUBEMOVE (and on GitHub) NDM, the Node Disk Manager Evan’s talk at SDC 2017 with Homer Simpson references New storage technologies: Optane/3D XPoint for DRAM-like storage NVME over Fabrics SPDK Fast fabrics Litmus (and on GitHub) Chaos Monkey and Simian Army Weave Scope The mule logo: OpenEBS, MayaData

Solo.io was founded in 2017 by this week’s guest, Idit Levine. She talks to Craig and Adam about API gateways, service meshes, and lots of project names with two O’s in them. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Casa Battlo Picasso Museum Dali Museum and Theatre in Figueres MoPOP in Seattle The “Beaker Sane” t-shirt A bottle of Sortilege whisky Gifted to us by Francois LeMessier Shared with the community at KubeCon News of the week Announcing SMI SMI Spec website CNAB and Virtual Kubelet updates from Microsoft Banzai Cloud Kafka Operator Razee: multi-cloud CD from IBM Couchbase Autonomous Kubernetes Operator 1.2 Rio, a MicroPaaS from Rancher Labs Atlassian Software for Kubernetes from Praqma Kyma goes 1.0 Intuit win the CNCF End User Award CapitalOne make their Kubernetes platform available Links from the interview Solo.io Gloo Envoy Proxy SuperGloo SMI GlooShot Service Mesh Hub Flagger by Weaveworks Chaos Debugging talk from KubeCon EU; discussing Loop Knative Using Gloo in Knative Idit Levine on Twitter

Bryan Liles is a Senior Staff Engineer at VMware, the program co-chair for this week’s KubeCon EU, a sought-after speaker, and a minority in an industry with few people who look like him. He shares his story with Craig and Adam, who also bring you the week’s news from KubeCon EU and beyond. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week KubeCon EU! Fox cubs! News of the week VMware acquires Bitnami and Bitnami is acquired by VMware Bitnami’s application catalog Knative 0.6 is out New API proposal GKE Sandbox: bring defense in depth to your pods Stackdriver Kubernetes Monitoring is GA Helm 3 preview Episode 11 with Vic Iglesias GKE announces Release Channels Docs Windows Server containers in Preview: Announced for Azure Kuberntes Service But not in Canada Announced for Google Kubernetes Engine But not for another week or so Bring your own subnet to AKS Lyft bug bounty program Velero 1.0 Digital Ocean Kubernetes is GA Kubernetes apps on GCP Marketplace Terraform Cloud Remote State Management CNCF adds 42 new members Cloud Native Logging with Fluentd OpenTracing + OpenCensus = OpenTelemetry OpenEBS joins the CNCF Lightning round: Harbor 1.8 Supergiant Kubernetes Toolkit 2.1.0 Ambassador 0.7 Mirantis BYOD MiniKF from Arrikto Gravity 6.0 Cloud 66 Maestro k8up from VSHN Links from the interview Early tech: Tandy CoCo 3 Tandy 1000 TL The Sound Blaster CIDR: how big is a /12? The Darker Side of Tech Giving away oscilloscopes Capital One vikings Kubernetes contributions in the last quarter Ksonnet Now archived Joe Beda in Episode 12 Kustomize, with a K Brian Grant on declarative application management Janet Kuo in Episode 29 George Hotz Bryan Liles on Twitter Bryan’s blog

Dan Dyer is Senior Vice President of Technical Product Management at Optiva, a provider of business support services to the telecommunications industry. Optiva have been moving services to Kubernetes, and with the help of Kyle Bassett and team from Arctiq, a cloud-native consultancy, kicking the tyres of Anthos and GKE On-Prem. Adam and Craig learn about this journey from Dan and Kyle, and discuss dragons and foxes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Baby foxes Aaron Crickenberger interview on the Kubernetes blog Dragon research News of the week Red Hat: RHEL 8 and the Universal Base Image OpenShift 4 Operators all the way down Microsoft Azure OpenHat US DoJ approves IBM’s acqusition of Red Hat F5 closes its acquisition of NGINX Docker CEO Steve Singh steps down Alpine Linux root escalation: CVE-2019-5021 Go Distroless! Introducing GitHub Package Registry VS Code extension for Kubernetes goes 1.0 (changelog) WSL 2 brings Linux to Windows Gravitational: AWS vs Colo? and Hacker News debate k8s.af with Kubernetes failure stories Google Cloud launches GKE in Osaka, Tokyo KubeCon US 2019 CFP opens Railyard: Training ML models on Kubernetes at Stripe KubeOne from Loodse Kubedex: Kubernetes operating systems Akrobateo, a general-purpose load balancer for Kubernetes from Kontena Optimization of etcd at web-scale by Xingyu Chen Links from the interview Optiva Arctiq Kyle Bassett on Twitter

AutoTrader UK were an early adopter of Istio. Adopting it to meet GDPR requirements for encrypted traffic, Head of Infrastructure and Operations Russell Warman and lead engineer Karl Stoney have gone on to use it to reduce resource usage, and thus cost, as well as uncover bugs in their applications. They talk to Craig about it, while Adam serves his country. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Microsoft and Red Hat announce KEDA ZDNet coverage Updates from Microsoft: AKS virtual nodes GA, DevSpaces GA, Policy in Preview AKS 1.9 end-of-life Banzai Cloud: PKE on Azure Banzai’s Chart Repository Service Remote development with VS Code DockerCon: Docker Enterprise 3.0 Docker Foundation Monzo Response: GitHub Chris Evans presenting at DevOps Exchange London Music: Response Velero v1.0.0-beta.1 is out Grafana dashboards for Kubernetes administrators by Povilas Versockas KubeCon EU Diversity Lunch and Hack Red Hat Quay v3 Rook 1.0 Episode 36 with Jared Watts 5G Depends on Kubernetes in the Cloud, according to Steven J. Vaughan-Nichols He also says Airship 1.0 marries Kubernetes and OpenStack for 5G’s good Airship 1.0 release notes Links from the interview Autotrader UK Craig, Russell and Karl in the studio Craig’s 1993 Vauxhall Cavalier GCP Case study Auto Trader UK cuts IT resource use through Google Cloud, Kubernetes and Istio adoption How Auto Trader UK, the UK’s largest automotive marketplace, uses Istio and Google Kubernetes Engine to drive change Russell on theCUBE at Google Cloud Next Mutual TLS encryption in Istio Onramp to Istio: An Adoption Story Google Cloud Next session with Dan Ciruli, Russell Warman and Karl Stoney Managing your costs on Kubernetes: Karl’s blog post Istio 1.1 feature: Sidecar resources Reduced CPU cycles by 90% 15,000 releases per year Russell Warman and Karl Stoney on Twitter

Gabe Jaynes is a DevOps Architect at KeyBank, an American retail bank. KeyBank were an early adopter of containers, and Gabe talks about the reasons they undertook this transformation. Craig and Adam also celebrate our first birthday and spoil the concept of spoilers. Please say hello and 🎂🎁! twitter: @kubernetespod mail: kubernetespodcast@google.com Chatter of the week Avengers: Endgame easter egg in Google search (no spoilers) The spoilers that Craig beeped out Throne of Games (no spoilers) Gorogoa “I desire a conversation. Will you talk to me?” News of the week DockerHub breached: change your password k3os, the Kubernetes Operating System Rancher OS Multi-cluster service mesh overview by Andrew Jenkins Containing our enthusiasm: All the Kubernetes security news from Google Cloud Next ‘19 by Maya Kaczorowski and Anne Bertucio Episode 008 How You Can Help Localize Kubernetes Docs by Zach Corleissen Episode 005 Hardware Accelerated SSL/TLS Termination in Ingress Controllers using Kubernetes Device Plugins and RuntimeClass by Mikko Ylinen EmpowHER Reception Renamed EmpowerUs For KubeCon + CloudNativeCon Europe 2019 Links from the interview KeyBank Cleveland, OH GKE On-Prem Anthos

Spotify were early adopters of Docker, and wrote their own deployment tool to run it in production. David Xia from the Spotify platform team talks about Spotify’s engineering, challenges, how Helios worked, and migrating from it to Kubernetes. Adam and Craig also give a round up of the week’s news, in the form of a question. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week James Holzhauer cleans the board on Jeopardy! Chihuly at Kew Gardens News of the week Introducing GKE Advanced Managed certs on GKE Ingress Linkerd 2.3 PodSecurityPolicy support on AKS Berglas from Google Cloud Platform kubernetes-external-secrets from GoDaddy Platform9 open-sources KlusterKit CNCF and Alibaba offer free Cloud Native training to Chinese developers Tinder’s move to Kubernetes kube-iptables-tailer The future of Cloud Providers in Kubernetes Pod priority and preemption Istio observability with Go and gRPC/protobuf microservices Beating JSON performance with protobuf Links from the interview Spotify This podcast on Spotify Spotify open source utilities on GitHub Helios 2014 introduction video with Rohan Singh Apollo: Java libraries for microservices GKE Usage Metering: Whose line item is it anyway? with Madhu Yennamani and Yang Guan from Google, and David Xia from Spotify Episode 40 with Madhu Yennamani GCP Firewall Enforcer David Xia on Twitter

Live from Google Cloud Next ‘19 the KPfG team presents a fireside chat with Eric Brewer, our first guest with their own Wikipedia page. Eric devised the CAP theorem for distributed systems, based on his work at early search company Inktomi and UC Berkeley. He was the person who announced Kubernetes to the world almost 5 years ago, and has been working on Google’s cluster and compute infrastructure since 2011. How did you like the live show format? Please let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Anthos: Everything You Want To Know About Anthos - Google’s Hybrid And Multi-Cloud Platform by Janakiram MSV New Google Cloud Service’s Key Selling Point: It Works Great With AWS and Azure by Jonathan Vanian Google Cloud makes some strong moves to differentiate itself from AWS and Microsoft by Ron Miller Fluentd graduates to top level project in CNCF Speakers for KubeCon China ‘19 announced AKS to South Central, South and Central The Fargate Illusion, by Lee Briggs Fargate and EKS roadmap OpenStack Stein launches with improved Kubernetes support New GKE features from Next session videos: GKE Sandbox Workload Identity GCP Config Connector Process ID limiting for stability improvements in Kubernetes 1.14 Links from the interview Eric Brewer: Wikipedia Twitter UCB Inktomi DEC SRC, working on AltaVista Inktomi’s wild ride: A Personal View of the Internet Bubble - Eric presenting at the Computer History Museum in 2008 CAP theorem Cat theorem Spanner, TrueTime and the CAP theorem Application Modernization and the Decoupling of Infrastructure, Services and Teams Our revised title President Clinton with Eric Eric’s interview on theCUBE at Next

Anthos (previously known as Cloud Services Platform) has just gone GA at Google Cloud Next. One of its new features is Anthos Migrate, a tool for migrating monolithic apps directly to containers. Issy Ben-Shaul is a Director of Software Engineering at Google Cloud and led the team building Anthos Migrate. He talks to Craig and Adam about it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam enjoyed: Umbrella Academy on TV Hearthstone on the computers Jarrod Alonge in his ears Death metal in water wings Craig enjoyed: Saturday 2/3 of “On The Basis Of Sex” News of the week Anthos from Google Cloud Launch announcement Launch keynote What’s in the box? Cloud Run and Cloud Run on GKE Project Eirini updates bring Kubernetes to Cloud Foundry OPA graduates to the CNCF incubator CRI-O joins the CNCF incubator Buildpacks: defense against the Docker arts Local persistent volumes in Kubernetes - PVC pipes! Istio 1.1.2 out for the Envoy CVEs: NUL parsing bug Path normalisation bug Why Rainforest moved from Heroku to GKE Enabling RBAC for Groups in GKE Metalkube 🤘 Krew moves to SIG-CLI New gVisor website Links from the interview Anthos Migrate & Velostrata Next sessions: Anthos Migrate: On-Prem to Cloud-Native on GKE Real World Customer Migration with Cardinal Health and Atos Anthos Issy Ben-Shaul on Twitter

Tekton brings Kubernetes-style resources for declaring CI/CD-style pipelines. Kim Lewandowski is the Google Cloud product manager who recently announced it. She talks to Adam about the project while Craig sneaks in some vacation at the cafes of New Zealand. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Register for the Kubernetes Podcast from Google Cloud Live session! Craig has a lovely afternoon at the Cable Bay Cafe Auckland Kubernetes Meetup - thanks everyone! Adam reads Origin by Dan Brown Renowned Author Dan Brown, one of Craig’s favourite newspaper columns of all time News of the week Minikube releases v1.0.0 Episode 39, with Dan Lorenc Running Kubernetes locally on Linux with Minikube by Ihor Dvoretski Uber open-sources Peloton Square build a service mesh with Envoy and gRPC AWS App Mesh is GA Tetrate Q Star Trek Q The Service Mesh Era: Istio’s role in hybrid and multi-cloud by Megan O’Keefe Merging OpenTracing and OpenCensus kubectl cp vulnerability and CSI portmap vulnerability Brigade 1.0 from Deis & Microsoft Debugging an intermittent connection reset in kube-proxy by Yongkun Gui Register for the Kubernetes 1.14 webinar Meet the Ambassador: Paris Pittman Four key tips on how to do massive scale with Kubernetes by Reda Benzair Links from the interview Tekton Open Source Leadership Summit A tektōn is a Greek artisan or craftsman Formerly known as Knative Pipeline GitHub repo Triggermesh Aktion In Defense of YAML Continuous Delivery Foundation Contributing to Tekton Kim Lewandowski on Twitter

Kubernetes 1.14 is out! Your hosts talk to release manager Aaron Crickenberger of Google Cloud about the release process, working with Kubernetes Enhancement Proposals (KEPs), cat t-shirts, and being bearded on face vs. at heart. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week MySpace “loses” 12 years of music Peel Forest and The Green Man Cafe Kubernetes Podcast from Google Cloud Next Live Eric Brewer DockerCon 2014 keynote Sign up for free tickets to Google Cloud Next! News of the week Kubernetes 1.14 released Maybe you don’t need Kubernetes? (Spoiler: you do.) Gravity 5.5 with Helm chart support How a cryptocurrency miner made its way onto Kubernetes clusters at JW Player A guide to Kubernetes admission controllers Automated testing for Helm charts with Terratest Kubernetes End-to-End Testing for Everyone To Russia with Love: deploying Kubernetes in foreign locations Links from the interview Aaron Crickenberger Co-founder of SIG Testing Member of the Kubernetes steering committee Blackhawk flight simulator but it’s in a container Aaron’s soundcloud page Hugh Pagdham Release lead CI Signal playbook 1.13 release shadow Groundhog Day Aaron’s podcast recording cat t-shirt Episode 10, with Josh Berkus and Tim Pepper New in 1.14: Kubernetes Enhancement Proposals (KEPs) Code slush removed Windows containers GA Runtime gates GA Pod priority and preemption GA Durable local volumes GA LTS Working Group Cryptonomicon by Neal Stephenson: the suit and the beard Aaron Crickenberger on Twitter

SPIFFE is the Secure Production Identity Framework for Everyone. Craig hates the name. Andrew Jessup, co-founder and VP of Product at Scytale (with a C) tells him and Adam why they should look past that and how Jason Bourne fits into the world of Cloud Native. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Victim Support Official Page: Christchurch Shooting Victims’ Fund The Small Screw Phenomenon from The Book of Ultimate Truths by Robert Rankin News of the week Istio 1.1 is out! NGINX acquired by F5 Tetrate raises $12.1 million Buoyant raises less KubeCon EU schedule is live Rancher releases Submariner Takeaways from the Google Cloud Security Summit CNCF hits 375 members CNCF TOC for 2019 Kubernetes: AWS vs GCP vs Azure vs DigitalOcean VS Code updates for Kubernetes NetEase: 30,000 nodes in a cluster Music in Ancient Greece Links from the interview SPIFFE Scytale The scytale Joe Beda’s Gluecon talk Application Layer Transport Security, which Andrew and Joe refer to as “LOAS” The Bourne Identity Istio Citadel Scytale Enterprise Andrew Jessup on Twitter

Today Google and CloudBees, along with 20 other companies, launch the Continuous Delivery Foundation (CDF). Tracy Miranda is the Director of Open Source Community at CloudBees, who coordinated donating Jenkins and Jenkins X to the CDF. She talks to Adam and Craig about why it the CDF been formed, and what to expect in this space in the future. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week John Wilkes’ series of simulations Kubernetes Podcast from Google Cloud Next - live show at Google Cloud Next! News of the week Continuous Delivery Foundation Tekton Red Hat introduces Quarkus Web site and GitHub GraalVM Give-me-Gin-and-Tonic The service mesh era: Using Istio and Stackdriver to build an SRE service How Red Hat are changing deployment topology in OpenShift 4 Quickfire container security news: StackRox won an award for Best Emerging Technology from SC Media Alcide won the Breakout Cloud Security infosec award from Cyber Defense Magazine Capsule8 made it into the RSA innovation sandbox Aqua 4.0 now does function vulnerability scanning Twistlock 19.03 adds host forensics and runtime self-protection functionality for VMs SSH.com extended their tech to manage SSH keys for containers CNCF joins Google Summer of Code Fill out the State of DevOps Report Read last year’s results Links from the interview CloudBees Kohsuke Kawaguchi The population of Greece Jenkins Jenkins X Throwing an X Throwing an axe Tekton Spinnaker Continuous Delivery Summit at KubeCon EU in May CDF members Fastlane, continuous delivery for mobile, is on Tracy’s wishlist Tracy Miranda on Twitter or at tracymiranda.com

Brian Grant joined the Borg team in 2009, and went on to co-found both Omega and Kubernetes. He is co-Technical Lead of Google Kubernetes Engine, co-Chair of Kubernetes SIG Architecture, a Kubernetes API approver, a Kubernetes Steering Committee member, and a CNCF Technical Oversight Committee member, where he’s sponsored 11 CNCF projects. Your hosts talk to him about all those things. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Sunset from Mauao (Mount Maunganui) Russian Doll on Netflix Edge of Tomorrow sequel back on News of the week Rancher introduces k3s Didn’t they launch it 5 months ago? k3s.io VMware launches VMware Essential PKS Istio Operator from BanzaiCloud CVE-2019-1002100 containerd graduates at the CNCF Scytale announces $5m funding and Scytale Enterprise SPIFFE and SPIRE Automate operations on your cluster with OperatorHub.io OperatorHub website RightScale State of the Cloud 2019 Links from the interview Borg, Omega and Kubernetes Borg paper Omega paper Issue 831: implement Image volumes and container volumes in Kubernetes Chubby key-value store paper IP per Pod LMCTFY CNCF TOC Updated 2018 mission for the CNCF SIG and Working Group List Devstats PR 1325: create kubectl Brian Grant on Twitter PR 607

Kubernetes has a number of mechanisms to enforce policy: some built-in, like quota and NetworkPolicy; some extensions or add-ons like OPA. John Murray, a product manager at Google Cloud, joins Craig and Adam to talk about policy and configuration, and introduce the new CSP Config Management tool launched to Beta along with the new Cloud Services Platform. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam is in the news! Cat Lady Craig’s Oscar prediction and Rami Malek’s incident News of the week Google brings Cloud Services Platform to Beta Application Modernization and the Decoupling of Infrastructure Services and Teams by Eric Brewer and Jennifer Lin Developer preview of OpenShift v4 Knative v0.4 Update to Azure DevOps Projects support for Azure Kubernetes Service The service mesh era: Securing your environment with Istio by Samrat Ray of Google Cloud Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus Get it free* from NGINX All new Reddit services run on Kubernetes Breaking Docker via runC by Yuval Avrahami of Twistlock Secure Kubernetes with Vault by Bjorn Wenzel Migrating from Heroku to GKE How to prepare for a Kubernetes interview Adding “containers” to Linux Links from the interview ResourceQuota, PodSecurityPolicy and NetworkPolicy Open Policy Agent Kubernetes integration CSP Config Management Take control of your clusters with CSP Config Management (blog post) John Murray on Twitter

The history of Borg influences the history of Kubernetes in many ways: Google has different teams handle “get traffic to a cluster” and “serve traffic”, so Kubernetes has a conceptual split here too. Tim Hockin, Kubernetes co-founder, Google principal engineer and former Borg/Omega team leader, joins Adam and Craig to explain the history and future of the Ingress API, why it’s taken so long to get to v1, and how it might evolve in the future. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Intelligence Squared: Can an AI change your mind? Robot or Not: Is your AI a robot? News of the Week Arm joins the CNCF Cilium 1.4 is released Installing on GKE Lightboard: week Managed Knative on IBM Kubernetes Service Brendan Burns’ videos for Microsoft Azure New EKS regions New EKS CNI plugin Kubernetes Day India schedule announced Liz Rice on episode 19 The Information on Kubernetes (subscription or e-mail address required) Links from the interview Hello, my name is Tim Hockin, and I pronounce “kubectl” as “kubectl” lmctfy, Google’s open source container tool Episode 22 with Dawn Chen Kubernetes network concepts: Service and Ingress Annotations NGINX ingress Google Cloud BackendConfig Heptio Contour IngressRoute Istio v1alpha3 API KEP to move Ingress to v1 (GA) T-shirt logos Tim’s favourites: Brushstrokes and Pixels Craig’s favourite is the paint splash Tim Hockin on Twitter

The new GKE Usage Metering feature lets you find out how much your tenants or applications cost to run. Your hosts talk to Madhu Yennamani, product manager at Google Cloud, about usage metering, and how new GKE features are implemented. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the Week Weather in Seattle Weather in London News of the week runc vulnerability: Open source disclosure Write up from the patch author GKE bulletin Kubernetes blog post Infoworld names Kubernetes a Technology of the Year Encrypting GKE secrets with Google Cloud KMS Build containers faster with Google Cloud Build and Kaniko Jib 1.0.0 GA Red Hat CodeReady Workspaces Heptio open source project changes Platform9 VMware Kubernetes managed service ClearDATA launches Kubernetes solution for healthcare KubeCon diversity scholarships Poseidon Firmament scheduler Firmanent Links from the interview GKE usage metering: Whose line item is it anyway? Enable GKE usage metering BigQuery Google Data Studio Madhu Yennamani on LinkedIn

Minikube is a tool that makes it easy to run Kubernetes locally, by running a single-node Kubernetes cluster inside a VM on your desktop or laptop. Craig and Adam talk to author and maintainer Dan Lorenc from Google Cloud, and in the wake of the Super Bowl, discuss how “football” means something different to each of them. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam watched the Super Bowl Craig watched some Superb Owls Outside the UK, you can watch them here You can watch some ads But not the ad for Blue Origin, which was pulled Snow day in Seattle! Jeff Bezos at the Super Bowl The Daily Mail is not really news Jeff Bezos’s earnings per minute News of the week Spark Operator for Kubernetes now in Beta IBM Cloud Databases report on the Operator Pattern New members in the CNCF TOC Alexis Richardson from Weaveworks Brendan Burns from Microsoft Joe Beda from VMware Matt Klein from Lyft Xiang Li from Alibaba Kelsey Hightower from Google Google Kubernetes Engine usage metering Advanced application deployments and traffic management with Istio on GKE GitHub repo Megan’s development workflow for Kubernetes Ambassador 0.5.0 API Gateways are going through an identity crisis Kubernetes as an API standard; looking toward a Rust implementation Links from the interview Dan leads a team working on: Minikube Skaffold Kaniko Knative Build Minikube was helped in the early days by Localkube from RedSpread, who were acquired by CoreOS (who were acquired by Red Hat, who were acquired by IBM) There was also Boot2docker, but Kubernetes didn’t like Docker-in-Docker much back then Guide for developing Minikube Other similar projects: Microk8s Docker Desktop Things it was hard to get working: Load balancers; solved via tunneling Persistent volume provisioning, solved with a custom hostpath provisioner Minikube Roadmap Dan Lorenc on GitHub and on the web

You learn so much more from failure than success. Henning Jacobs, head of Developer Productivity at Zalando, joins Adam and Craig to share his own stories of failure, and talk about what he has learned by reading stories from others. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week A Normal Lost Phone Neil and Liam Finn News of the week CoreDNS graduates Intel introduces Nauta; enterprise Kubeflow Interview with David Aronchick in Episode 2 Ian Lewis’s blog posts on container runtimes Istio blog intro by Megan O’Keefe Interview with Dan Ciruli and Jasmine Jaksic in Episode 15 Kubinception: Using Kubernetes to run Kubernetes at OVH Why OVH Managed Kubernetes Giant Swarm and SAP GKE Jenkins Plugin and source code Deploying to Kubernetes from GitHub Actions Mortar; the manifest shooter for Kubernetes It’s a good time to be working in Kubernetes Links from the interview Kubernetes Failure Stories blog post GitHub repo Hacker News post Zalando A Million Ways to Crash Your Cluster Original version of the talk from the Dusseldorf meetup Tacoma Narrows Bridge collapse Nordstrom talk at KubeCon NA 2017 Serverless Failure Stories Startup scripts used to just kill the Docker daemon 90 days of EKS in production: configuration options you need to set CPU throttling Facebook oomd John Wilkes: only make new mistakes Henning Jacobs on Twitter

Richard Hartmann is a member of the Prometheus Team and the founder of the OpenMetrics project, which aims to replace SNMP with a modern format for transmitting metrics. He joins your hosts to discuss both projects, and how Cloud Native technology can improve the datacenter. No soup for you! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Lego collecting delivers huge and uncorrelated market returns News of the week Knative 0.3 released Service Mesh Day; March 28-29, San Francisco FoundationDB Record Layer Tumblr open sources Kubernetes tools gVisor presentation by Adin Scannel Aleksa Sarai on tar in oci Detect overspending by measuring idle Kubernetes resources Karl Stoney’s post on managing costs on Kubernetes SQL Server on GKE and AlwaysOn Availability Groups Namely’s Crash Course in Running Istio Kubernetes failure stories Zalando Target 9 security best practices Google remains the top contributor to CNCF projects, even if you were to remove Kubernetes! Links from the interview Space.net Swiss Army Chainsaw Prometheus Built by ex-Googlers at Soundcloud Better than MRTG and rrdtool Cortex, Thanos, InfluxData for persisting Prometheus data long-term Manage multiple DCs Grafana for visualising data Variables for templating PromQL OpenMetrics A new Lingua Franca for monitoring and tracing that isn’t SNMP Export SNMP to Prometheus format Transforming the Prometheus Exposition Format into a Global Standard; Richard’s PromCon talk End goal: write an RFC GitHub repo Prometheus 2.5 has experimental OpenMetrics support QUIC becomes HTTP/3 Get involved with the Prometheus community Richard Hartmann on Twitter

Rook is a cloud native storage orchestrator and a controller for storage systems such as Ceph. Jared Watts has been working on Rook since the start, first at Quantum, and then at Upbound. He talks to Craig and Adam about storage, chess, and premium-rate telephone numbers. Does anyone actually read the show notes? Turns out a few of you do. Thank you for listening and reading! web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Tabletop Simulator (a computer game) Happy (a televisual programme) News of the week Kubernetes Day India from the CNCF Vertical Pod Autoscaling in GKE in Beta Vertical Pod Autoscaler in OSS Announcing TriggerMesh Knative Lambda Runtime (KLR) Episode 28 with Sebastien Goasguen krew, the package manager for kubectl plugins Monitoring Kubernetes, by Sean Porter of Sensu on the CNCF Blog Istio 1.1 update Episode 15 with Jasmine Jaksic and Dan Ciruli Kubernetes authorization via Open Policy Agent by Stefan Bueringer Links from the interview Symform; Jared’s first startup, peer-to-peer cloud storage Totally unlike KaZaA Where Jared first met open source, through the Mono project Acquired by Quantum Craig explicitly remembers owning a Quantum Bigfoot (though that one wasn’t his first hard drive) Rook, a cloud native storage orcestrator SIG Storage and the Volume abstraction Started with support for Ceph Also now supports CockroachDB, Minio, NFS, Apache Cassandra But not Gluster - for now at least Added to the CNCF Sandbox in January 2018, and moved to incubating in August Upbound; founded by Bassam Tabbara Container Storage Interface 1.0.0 Rook on GitHub Queen Storage Jared Watts on Twitter and the Rook blog Why you might have had to pay 90c per minute to tweet Jared

The Cloud Native Computing Foundation was formed to create a vendor-neutral home for Kubernetes. Now with over 30 projects, we kick off 2019 by talking to Dan Kohn, Executive Director of the CNCF, and hearing his views on projects, licenses and conferences. Please reach out and say hello: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Platform9’s KubeCon survey Security notices: Dashboard custom certificates API server proxying Links from the interview Cloud Native Computing Foundation Dan Kohn Linux Foundation Jim Zemlin Other projects: Lets Encrypt, Hyperledger, Node.js Foundation Fellows: Linus Torvalds and Greg Kroah-Hartman CNCF members and Governing Board Getting people on board with Open Source Crossing the Chasm (a book by Geoffrey A. Moore) Why Software Is Eating The World (an article by Marc Andreessen) CNCF projects Project list Interactive landscape and trail map Licenses Why Dan (& the CNCF) Recommnds Apache 2.0 “Shared source”: Redis and the Commons Clause; MongoDB and the Server Side Public Licence What would Dan like to see in the CNCF? Istio and Knative Technical Oversight Committee Principles say it’s OK for overlapping projects Certification For people: Certified Kubernetes Administrator and Certified Kubernetes Application Developer; curriculum For distributions: Software Conformance KubeCon + CloudNativeCon China Based on the End User Conference in 2017 Co-hosted with the Open Source Summit in 2019 US 27 co-located events Dan Kohn on Twitter

Adam and Craig end the year by talking to Jordan Liggitt, the member of the Kubernetes Product Security Team who fixed the recent critical security vulnerability in the Kubernetes API server. We also take a look at the news from KubeCon. This is our last episode for 2018. Thank you for your support this year, and we’ll be back on the 8th of January! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week etcd donated to the CNCF Chubby paper Raft paper Blog post on the relationship between Kubernetes and etcd by Gyuho Lee and Joe Betz Istio: Geekwire: Has Istio become the new cloud-native darling? Google launches Istio on GKE VMware NSX Service Mesh Aspen Mesh open beta In other service mesh news: A10 Secure Service Mesh Knative: Knative: bringing serverless to Kubernetes everywhere SAP: Extensibility on cloud-native stack Red Hat to deliver hybrid serverless workloads to the enterprise Pivotal launches Function Service GitLab and TriggerMesh announce GitLab Serverless Oracle Cloud Native Framework Microsoft: Osiris Azure Monitor for Containers is GA Phippy Goes To The Zoo Phippy, Captain Kube and friends now in the CNCF Digital Ocean Kubernetes now open to everyone Linode Kubernetes CLI Terraform scripts VMware closes its acquisition of Heptio For $550M Dell will go public again Quickfire Kubernetes security news NeuVector announced containerd and CRI-O runtime support in their container firewall Aqua’s Container Security Platform is now certified to cover the Kubernetes CIS benchmarks Lacework announced their configuration scanning platform covers Kubernetes Sysdig released Sysdig Secure 2.2, which adds Kubernetes audit events, and the ability to block deployments using Kubernetes admission controllers Twistlock released 18.11, which “introduces security visualization for Kubernetes, and compliance and security configuration checks for Istio, including new alerting integrations with PagerDuty, and cloud services Grafana Loki Thanos: Prometheus at scale Maestro – A declarative, no-code approach to Kubernetes Day 2 Operators rbacsync PlanetScale announces funding TechCrunch article Links from the interview Jordan’s suggested KubeCon talks to watch: Kelsey Hightower’s keynote, “Kubernetes and the path to serverless” Julia Evans’ keynote, “High Reliability Infrastructure Migrations” OpenShift before Kubernetes in 2014 Kubernetes Product Security Team CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections Listing in the National Vulnerability Database Originally filed as a bug against Rancher Rancher blog post How to report a vulnerability Proof of concept (third party) How it was fixed Distributor’s list Client certificate vulnerability in Kubernetes in 2016 Answering questions on Stack Overflow Jordan Liggitt on Twitter, GitHub, Slack or Stack Overflow

The Envoy proxy, a universal data plane for Cloud Native, has just graduated as the third top-level project in the CNCF. Craig and Adam talk to its author, Matt Klein from Lyft, about modern load balancing for microservices and pragmatically avoiding “second system” syndrome. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections Gravitational write up Proof of concept More cryptocurrency mining with exploited Kubernetes clusters Microsoft Connect(); AKS virtual nodes are in preview Virtual Kubelet joins CNCF GPU support for ACI ACS to be retired in favour of AKS Cloud Native Application Bundle Microsoft and Docker introduce Cloud Native Application Bundle CNAB spec Duffle DockerCon EU 2018: Docker releases Compose operator for Kubernetes Available on GitHub Docker Desktop Enterprise Hashicorp Vault 1.0 Upbound introduce Crossplane Available on GitHub GitLab moving to GKE Rook 0.9.0 — available you-guessed-where MicroK8s from Canonical: Announc4t Project p2e Available on G5b Links from the interview Envoy Recently graduated to top-level project at the CNCF Built at Lyft Replaces libraries like Finagle and Hystrix Introduction to modern network load balancing and proxying Envoy contributors Istio, built on Envoy Turning down the VC money: Why Matt isn’t starting an Envoy company Service mesh data plane vs. control plane Matt Klein on Twitter Matt’s blog

If you’re running on-prem, and you say set up a Service type=LoadBalancer, what happens? Does your cluster call your NOC and have them order you a Juniper router? MetalLB is a popular answer to that question. Your hosts discuss load balancing with MetalLB’s author, Google Cloud SRE David Anderson. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes 1.13 released Critical vulnerability in all Kubernetes versions Kubernetes is the most popular skill in tech, according to Indeed’s Hiring Lab Envoy graduates to a full CNCF project AWS re:Invent Firecracker MicroVM Integration with containerd Instructions for running on GCE with nested virtualisation AWS App Mesh In-place EKS upgrades! Windows support! (Citation needed) Istio on GKE released Agones 0.6.0 released Episode 26 with Mark Mandel and Cyril Tovena Links from the interview MetalLB BGP and OSPF Katran, a load balancer from Facebook David Anderson on Twitter

Kontena Pharos is a Kubernetes distribution which “just works”, even on bare metal. Adam and Craig talk to Kontena’s CTO, Jari Kolehmainen on the decisions required to distribute Kubernetes and heating your house with bare metal. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Wayne The Batman of China Dive Weave Scope releases 1.10 KubeCon US waitlist containerd Beta in GKE Cyber Monday savings on Kubernetes courses and certification from the Linux Foundation Links from the interview Kontena About Kontena Pharos 2.0 release announcement CoreOS Matchbox for PXE boot Heating houses with nerd power Jari Kolehmainen on Twitter

In some ways, China has a parallel Internet to the West. Is that Internet powered by Kubernetes? Of course! Joe Zou, PaaS Product Center Director at Tencent Cloud, talks to Craig and Adam about Kubernetes in China. Thanks to our translator, Rae Wang. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Container Storage Interface 1.0.0 Harbor moves to Incubator in CNCF JD.com wins CNCF Top End User award Google Cloud introduces Kubeflow Pipelines Submit a proposal to KubeCon EU 2019 Episode 19 with 2018 co-chair Liz Rice Episode 29 with 2019 co-chair Janet Kuo Rookout debugging for Kubernetes Stackdriver Debugger Scalyr adds more Kubernetes logging support CNCF Asia usage survey Links from the interview Tencent Products and Services Tencent Open Source TARS RPC framework Tencent Cloud Tencent Kubernetes Engine PUBG

On the eve of the first KubeCon in China, your hosts talk to co-chair and Google software engineer Janet Kuo about the program, and her work with SIG Apps. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week VMware acquires Heptio: VMware blog Heptio blog Madrona blog (one of their investors) Pivotal blog Cisco integrates on-prem Kubernetes with Amazon Web Services Kontena launches Pharos 2.0 Nabla Containers v0.2 The Kubernetes API Server by Dominik Tornow and Andrew Chen CNI Plugins for Kubernetes by Steven Acreman The Beginners Guide to the CNCF Landscape IceCubeCon from Mesosphere Tweet us your puns! Links from the interview SIG Apps Workloads API goes GA Garbage collection Application CRD KubeCon China 2018 Episode 19 with co-chair Liz Rice Talks on genetics and bicycles Janet Kuo on Twitter

TriggerMesh is a new serverless management platform built on top of Knative. Co-founder Sebastien Goasguen joins Adam and Craig to discuss serverless, and potential trips to space. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week James Acaster: Live or on Netflix Card game Gloom PC game Grim Fandango We’re on Spotify! Peter Benjamin’s list of Kubernetes resources News of the week TriggerMesh announced Istio 1.0.3 Contour 0.7.0 Peloton from Uber GSoC 2018: Building a Conditional Name Server Identifier for CoreDNS Azure news: Azure retiring old Kubernetes versions Azure launches OPA controller Kubernetes Dashboard via Azure Cloud Shell AKS now available in UK West, South India and East Asia are next Links from the interview Sebastien’s books: CloudStack, Docker, and Kubernetes Cookbooks Background: Computational science and Maxwell’s Equations Grid computing and Beowulf clusters Cloudstack European astronaut selection Kubeless, built with Nguyen Anh-Tu Other projects: Fission, Riff, Nuclio Knative Knative Build system Istio TriggerMesh The Triggerfish tm Knative client Runtime for OpenFaaS functions Runtime for Azure Functions Early Access Program signup Sebastien Goasguen on Twitter

Sarah Novotny is Head of Open Source Strategy at Google Cloud and a board member of the Linux Foundation (the parent of the CNCF). She joins Craig and Adam to talk about the evolution of the Kubernetes community, governance models and Codes of Conduct, and how nascent open source communities can learn from it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Cake! Lord’s Cricket Ground Tour The Play That Goes Wrong Bohemian Rhapsody Mr Robot (no link provided!) Castlevania and its video game News of the week IBM enters into agreement to acquire Red Hat: Joint press release IBM blog post Red Hat blog post OpenShift Container Platform 3.11 Introducing Red Hat OpenShift Container Engine IBM Container Service now available in Milan, Italy Mirantis Cloud Platform Edge Mesosphere Kubernetes Engine Kubedex On-Prem and Dolos gRPC-Web has gone GA Whose Pod Is It Anyway? FoundationDB Summit announced CNCF planning “Global South” outreach Links from the interview OSCON Announcement of Kubernetes 1.0 Announcement of the CNCF Raven Rock - a book Sarah read while setting up the CNCF Conway’s Law Paxos and Byzantine Generals CNCF Code of Conduct We Don’t Do That Here by Aja Hammerly Sarah’s 2017 KubeCon NA talk Hiding behind a Viewmaster Julian Cash, photographer Find Sarah: at KubeCon China or Kubecon NA as sarahnovotny on Twitter or LinkedIn

Ubisoft and Google Cloud have extended Kubernetes to support dedicated game servers. Cyril Tovena, a Technical Lead from Ubisoft in Montreal, and Mark Mandel a Developer Advocate at Google Cloud, lead the project. They talk to Adam and Craig about what they had to do, the Agones community, and how you can apply it to your Enterprise Software. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Pub quiz success News of the week Kubernetes v2 Provider for Spinnaker Episode 23: Spinnaker, with Steven Kim Episode 24: Continuous Integration and Continuous Delivery, with Andrew Philips and Lars Wander Spinnaker 1.10 Codelab: Continuous Delivery to Kubernetes Using Spinnaker KubeCon NA Contributor Summit The Forrester New Wave™: Enterprise Container Platform Software Suites, Q4 2018 Kubernetes Steering Committee election resutls Kubernetes High Availability, by Dominik Tornow from SAP and Andrew Chen from Google Cloud Kubernetes Deep Dive by Nigel Poulton on A Cloud Guru, from listener mail 1.12 Release Retrospective by Tim Pepper from VMware Admiralty’s Multicluster Controller The Lord High Admiral Best practices for building Kubernetes Operators and stateful apps by Palak Bhatia and Jun Xiang Tee from Google Cloud Pulumi raises $15M Links from the interview Agones website Agones on Twitter Ubisoft Montreal Mark’s blog Proper pronunciation Elbow Kubernetes Cluster Registry OpenMatch Joe Beda’s TGIK on writing a controller Mark and Cyril on Twitter

GKE container-native load balancing enables Google Cloud load balancers to target Pods directly, rather than the VMs that host them, and to evenly distribute their traffic. Product manager Ines Envid and staff software engineer Neha Pattan explain how. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam meets Orlando Craig meets a Banksy News of the week GKE Private Clusters are GA Announcing Cloud NAT and Container-Native Load Balancing Amazon Elastic Container Service for Kubernetes now supports dynamic admission controllers Fast Kubernetes development with Skaffold 0.16.0 New Cloud Foundry support for Kubernetes Managing Kubernetes from O’Reilly; sign up for a free e-book version courtesy of Heptio Days of Kubernetes 1.12 Past: Volume snapshots, RuntimeClass and topology-aware volume provisioning Kubedex: GKE vs EKS vs AKS vs IKS vs ACCSK New Relic acquires Coscale Links from the interview GKE container-native load balancing: Launch blog post Documentation Configuring services with an annotation to preserve source IP VPC-native clusters with Alias IPs Network Endpoint Groups

Steven Kim is an engineering manager at Google, based in New York City, working on the Spinnaker project. In a companion piece to last week’s episode about CI and CD, Steven talks to Craig and Adam about how Spinnaker evolved from VMs to Kubernetes and support for other cloud native technologies. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Evoland 2 Stickers on the fridge Seat entertainment on Air New Zealand Link Last Week Tonight on the NZ flag Craig and Sir John Key News of the week Kubernetes for personal projects For - Caleb Doxsey and Hacker News discussion Against - Carlos Rodriguez and Hacker News discussion A developer onramp to Kubernetes with GKE Cloud Native Buildpacks enter the CNCF Sandbox AWS Service Operator for Kubernetes Limited availability of DigitalOcean Kubernetes etcdadm from Platform9 Introducing the Kubernetes Non-Code Contributors Guide Episode 21 interview with author Ihor Dvoretskyi Episode 5 on writing documentation Episode 11 on releases Pulumi explores how Kubernetes deployments work Health checking gRPC services in Kubernetes with grpc-health-probe Teleport v3 adds Kubernetes support Links from the interview Steven Kim on Twitter Spinnaker Slack Forums, please don’t troll Spinnaker Summit

Andrew Phillips (PM) and Lars Wander (Software Engineer) from Google Cloud talk to Adam and Craig about the difference between CI and CD, and how to apply these processes to your release and rollout processes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Scott Pilgrim vs. the World News of the week Kubernetes 1.12 released Google’s summary blog Kubecon NA 2018 schedule announced Rook moves to CNCF Incubator GSoC: Extending fuzzing coverage of Envoy News from Microsoft Ignite: Kubernetes support as the #1 networking feature of the upcoming Windows Server 2019 SQL Server 2019 Preview for Helm charts in Azure Container Registry Preview for OCI image formats Links from the interview The New Stack suggests the best CI/CD tool for Kubernetes doesn’t exist Weaveworks named the category of GitOps Jenkins X; Kubernetes-friendly Jenkins Spinnaker Kubernetes v2: Manifest support Spinnaker Slack Lars Wander Andrew Phillips

Dawn Chen, TL for SIG-Node and the Google Kubernetes Engine node team, joins Craig and Adam this week. She has worked on containers and container schedulers since 2007 - not a typo. We also bring you the news, in part from the echo chamber of Google Cloud Summit in Sydney. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Stickers! Google Cloud Summit in Hong Kong Google Cloud Next in London Gartner Symposium Orlando KubeCon Shanghai News of the week NetApp acquires StackPointCloud Cloud news: Sandbox pods on GKE Signup form Kubernetes tools for Azure Stack EKS can generate kubeconfig files! GSoC: katacontainer support in containerd, by Jian Liu linkerd 2.0 is GA Thomas Rampelberg tells you how to use it Cortex added to the CNCF sandbox Red Hat OpenShift Service Mesh, based on Istio Microservice observability with Istio at Trulia Contour 0.6 from Heptio Links from the interview Dawn Chen on GitHub The Borg paper Process containers (later ‘cgroups’): The first submission of containers to the Linux kernel Early coverage of process containers Paul Menage’s 2007 paper “Adding Generic Process Containers to the Linux Kernel” Dawn’s first job: tracking processes. Each job had its own GID - she would use netlink connection tracking to map processes and threads to GIDs, and, using procfs, figure out CPU and memory usage. Dawn’s second job: adjusting CPU usage using nice Today we just use memcg Fake NUMA - cut a machine into big chunks and assign them to groups of processes. Linux Plumbers Conference Tim Hockin’s presentation at the Linux Plumbers Conference in 2011, talking about the work Dawn’s team were doing lmctfy - Let Me Contain That For You In case you don’t get the joke It’s like runc and containerd SIG Node Node and lifecycle management Application management Container runtimes and kubelet Node problem detection Resource management GPU & TPU Security isolation gVisor and Sandbox Pods Logging and monitoring Was SIG Node the first SIG? Tied with SIG API Machinery How did we get to CRI? rktnetes was released with Kubernetes 1.3 Hyper_ containers (now Kata Containers) LXC and LXD kubevirt for running VMs instead of containers OCI CRI was released with Kubernetes 1.5 containerd and CRI-O Container RuntimeHandler, so some pods can run with one runtime and some with another

This week, your hosts talk to Ihor Dvoretskyi, Developer Advocate at the Cloud Native Computing Foundation, about SIG-PM, the Special Interest Group for Kubernetes Program, Product and Project Management. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter The Toto Washlet “Africa”, by Toto “Africa”, by Weezer feat. Weird Al Yankovic News of the week Tensor Processing Units (TPUs for short) are now available in Beta from Google Kubernetes Engine Tom Gallacher’s heart rate admission controller CNCF case study on Northwest Mutual Bank Pulumi released their Cloud Native SDK Join the Kubernetes 1.13 release team! Episode 10, on what the release team does Run Akka Cluster in Kubernetes Antony is trading in his Chevy for a Cadillac-ac-ac-ac-ac Elliot Forbes’ See-CAD notes Advanced health check patterns by Ahmet Alp Balkan Was Craig was referring to this, or this? Sysdig raises $68.5M Links from the interview Ihor Dvoretskyi on Twitter or GitHub SIG-PM - Program, Product and Project Management SIG-PM Intro Talk from KubeCon EU 2018

Justin Garrison is both a student and a teacher. A senior systems engineer in the media industry, he has boiled his experience and wisdom, as well as that of his co-author Kris Nova, into the book Cloud Native Infrastructure. He talks to Craig and Adam about the Kubernetes community and the process of writing. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter KubeCon NA ‘17 keynote: Your Philips Hue Light Bulbs Are Turned On By Kubernetes by Mark van Straten Philips Lighting case study on Google Cloud News of the week Cisco Hybrid Cloud Platform for Google Cloud is now generally available Enter the Cisco & Google Cloud Challenge! Win things! Consul + Kubernetes from Hashicorp Open Match announced by Google Cloud and Unity Agones 0.4.0 released Couchbase Autonomous Operator Amazon EKS now available in Ireland Google Cloud now available in Finland Platform9 introduces spot instance arbitrage External DNS 0.5.6 released Red Hat on Kubernetes and application servers Links from the interview mintCast, which featured Justin a long time ago Cloud Native Infrastructure book: website and O’Reilly The Economics of Writing a Technical Book Justin’s last KubeCon talk: Let’s Build Kubernetes, With a Spreadsheet and Volunteers! Justin Garrison on Twitter and GitHub Dashiell, rothgar/v2 Justin’s blog

Liz Rice from Aqua Security builds penetration testing tools for Kubernetes by day, and runs the KubeCon program by night. Adam and Craig dig into both topics. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam went to Battle Ground Lake State Park Adam and Craig are both going to Google Cloud Next in Tokyo (September 19-20) Craig is also going to Google Cloud Summits in Singapore (September 13), Sydney (September 26) and Hong Kong (October 10) News of the week Google Cloud grants $9M in credits for the operation of the Kubernetes project The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience CNCF to host TiKV in the Sandbox New CNCF members CNCF Survey Istio 1.0.1 Forbes contributor Janakiram MSV on Cloud Native TriggerMesh Amazon adds support for Horizontal Pod Autoscaler Kontena 1.3.0 Links from the interview Aqua Security kube-bench kube-hunter: GitHub Launch blog post Introduction video KubeCon & CloudNativeCon: Europe: Copenhagen, May China: Shanghai, November North America: Seattle, December

What does it take to support Kubernetes for other users? Kenneth Massada, a lead for GKE support at Google Cloud, tells Craig and Adam his story. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam lives in Seattle, which is on fire Craig baked some tasty cookies Using this recipe But not using Vegemite, British Marmite or New Zealand Marmite, which are three totally separate things. Only one of which is nice. Hint: it’s the last one News of the week 2018 Kubernetes Steering Committee Elections Binary Authorization on Google Kubernetes Engine kube-hunter from Aqua Security Video Blog Kubernetes issues and solutions from Alexander Lukyanchenko at Avito Cilium 1.2 released Accelerating Envoy with the Linux Kernel James Lee’s blogs on Kubernetes networking Amazon EKS supports GPU-Enabled EC2 instances Links from the interview etcd is hard: Configuration flags OpenAI suggestions on scaling Kubernetes to 2,500 nodes includes a separate events database Kubernetes docs on configuring and upgrading etcd Tina and Fred from Google SRE also discussed etcd on Episode 9 (Or use GKE, where we do it all for you) Other hard concepts: apiVersion: is hard spec: is hard Liveliness and readiness probes - don’t make them the same! Joe Beda thinks of YAML as machine code in Episode 12 What would Ken like to see changed in Kubernetes? Affinity and anti-affinity rules and topology keys Kenneth Massada on Twitter Or summon him with a GCP support case!

Jon Pulsifer is a Production Security Engineer at Shopify, and Canada’s biggest Kubernetes fan. Adam and Craig dig into why, and what Adam’s new mode of transport is going to be. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Sling TV using Kubernetes Tesla using Kubernetes? MITMproxy, Charles and Fiddler Intercept HTTP traffic exiting a docker container Adam has a lot of EconoLodge points Not as many as Software Defined Talk hosts Matt Ray and Michael Coté Craig thinks he should spend them on the Pepsi jet as seen in this wonderful video News of the week Service Networking in a Hybrid Infrastructure by Praveen Shukla from GoJek KubeCon and CloudNativeCon China Craig’s session 7 best practices for operating containers by Théo Chamley from Google Cloud kustomize on Homebrew for macOS Understanding the Container Storage Interface (CSI) by Anoop Vijayan Maniankara The Istio 1.0 Release Stream or jump straight to the part with Dan Ciruli from episode 15 Links from the interview Royal Canadian Navy - Canadian Forces NOC SANS institute and instructors Jon Pulsifer is a Production Security Engineer at Shopify Why Shopify Moved to The Production Engineering Model Production Engineering from Facebook SRE from Google They’re hiring! Shopify’s adopting Kubernetes and Google Cloud The evolution of Kubernetes security Before RBAC, you used to have to mount an empty directory over the service account to disable access to it seccomp and AppArmor RBAC PodSecurityPolicy gVisor and Kata Containers Planning for Secure Container Isolation in Kubernetes RuntimeClass enhancement proposal Binary Authorization Launch blog post Kritis - open source reference implementation of Binary Authorization (the judge) Grafaes - API spec for Container Analysis API Shopify Voucher, a tool that creates attestations for Binary Authorization and prevents the deployment of images that don’t meet Shopify’s security requirements. Jon’s talk on Binary Authorization at Google Cloud Next: Securing the Software Supply Chain Shopify’s $25,000 Kubernetes bug bounty payout What is a server-side request forgery? Getting started with security by reading kubesec.io Around Ottawa Kubernetes Ottawa meetup GDG Cloud Ottawa Jon’s car Jon Pulsifer on Twitter

Tim Kelton is co-founder and cloud architect for Descartes Labs. Prior to starting Descartes Labs, he was a R&D engineer for 15 years at Los Alamos National Laboratory, working on problem areas such as deep learning, space systems, nuclear non-proliferation, and counterterrorism. Tim talks to Craig and Adam about the use of Kubernetes and Istio in geopolitics, machine learning and food supply. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Cloud Native Computing Foundation Announces Prometheus Graduation OpenMetrics project accepted into CNCF Sandbox An Exciting New Direction for the Kubic project Demystifying RBAC in Kubernetes Kubebuilder 1.0 scaffolds (with a C) Kubernetes APIs and operators Getting Started GitHub Operator Lifecycle Management - it’s operators all the way down Links from the interview Descartes Labs Climate Change and Rising Food Prices Heightened Arab Spring Why DARPA Funded a Farm Tech Startup Announcing our $30M Series B Global-scale water monitoring in the cloud Beowulf clusters (a Slashdot meme) Omega and Borg papers Mountain biking in Sedona Descartes Labs Python client SRE books: Site Reliability Engineering The Site Reliability Workbook - free until August 23 Descartes Labs talks from Cloud Next ‘18: SRE Quality Operations for Your Services Using the Istio Service Mesh & Stackdriver - with Tim Kelton and Jay Judkowitz from Stackdriver Service Monitoring How Computers See the Earth: A ML Approach to Understanding Satellite Imagery with Kyle Story Building Multi-Tenancy ML Applications with GKE and Istio to Better Understand the Earth with Tim Kelton and Sam Skillman Descartes Labs GeoVisual Search - find the squares on the globe that look most like a given square Tim Kelton on Twitter

Istio has hit 1.0, and there’s no-one better to tell you about it than Jasmine Jaksic and Dan Ciruli from Google Cloud. Adam and Craig bring you this, as well as the news from the ecosystem. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes now in Docker Desktop Harbor enters the CNCF sandbox Azure Metrics Adapter CloudBees Core GA on AKS Red Hat OpenShift Container Platform 3.10 3.11 Codefresh Enterprise Synchronizing Kubernetes secrets with LastPass at Upside Istio nightly on EKS at Tetrate Links from the interview Announcing Istio 1.0 SRE Quality Operations for Your Services Using the Istio Service Mesh and Google Stackdriver, featuring Tim Kelton from Descartes Labs (who presented at the Toronto event two years ago, and has been using Istio in production since 0.2) Google’s Cloud Services Platform Kubernetes Podcast episode 13 on Cloud Services Platform with Aparna Sinha (It’s Dan’s favorite episode so far) Istio à la carte; a presentation by Dan Istio and the future of service meshes; an article by Jasmine The Istio project: The URL (The IP address is 104.198.14.52) Community page, listing Google Groups Rocket Chat for users Twitter Jasmine Jaksic and Dan Ciruli on Twitter

One of the most interesting announcements from Google Cloud Next was Knative, a framework for building serverless products on top of Kubernetes. Craig and Adam talk to Google Director of Product Management, Oren Teich, about the launch. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Google’s Cloud Services Platform: Recapping GKE On-Prem and Knative Cloud Services Platform session video with Chen Goldberg and Aparna Sinha Google Cloud Build GitHub integration Knative analysis: Joe Beda’s TGI Kubernetes on Knative Using the Knative build system by itself Visual descriptions: Kubernetes: the theme park analogy The Kubernetes Comic Kubernetes blog posts: KubeVirt: Extending Kubernetes with CRDs for Virtualized Workloads Feature highlight: CPU Manager Links from the interview Oren Teich on Twitter About Knative: Launch blog post Knative page at Google Cloud GitHub Slack Google Cloud Next videos: Serverless at Google Cloud, with Oren Teich High-level video intro to GKE Serverless add-on and Knative, with DeWitt Clinton and Ryan Gregg Request early access to the Serverless add-on for GKE Developer video intro to Knative, with Ville “Fifth Beatle” Aikas and Mark Chmarny Mark’s Knative samples IBM “Zed Series”

Learn about the announcements from Google Cloud Next, including GKE On-Prem, Cloud Services Platform, and Istio 1.0. Google’s product management lead for Kubernetes and CNCF governing board member Aparna Sinha joins Adam and Craig to discuss what’s new. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Rugby Sevens World Cup Kubernetes wins the OSCON award for most impactful Open Source project When Does Kubernetes Become Invisible And Ubiquitous? Links from the interview Aparna Sinha on Twitter Google Power Women Of The Cloud Cloud Services Platform: Launch blog Web site GKE On-Prem Knative Cloud Build Bringing the best of serverless to you Next OnAir

Joe Beda, Craig McLuckie and Brendan Burns are considered the “co-founders” of Kubernetes; working with the cluster management teams at Google, they made the case that their implementation of the Borg and Omega patterns should become a proper product. Joe and Craig now run Heptio, a company working to bring Kubernetes to the enterprise. Your hosts talk to Joe Beda about the history of Kubernetes, creating a diverse company, and what exactly is wrong with YAML. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Minimal Ubuntu Sysdig security blog series Why Red Hat think Kubernetes is the new application server Deep dive blog posts for Kubernetes 1.11: IPVS-Based in cluster load balancing CoreDNS for Kubernetes Cluster DNS Resizing Persistent Volumes Dynamic Kubelet configuration Interview transcript blog post for Episode 10 with Josh Berkus and Tim Pepper Elastifile announce Kubernetes and Tensorflow integration Heptio Ark v0.9.0 Links from the interview Joe Beda on Twitter Heptio Heptio Blog 4 years of Kubernetes blog post Heptio open source projects: ksonnet Heptio Ark Heptio Sonobuoy Heptio Contour Heptio Gimbal What’s wrong with YAML? YAML as machine language Metaparticle kustomize TGI Kubernetes video series

Helm and its Charts help you manage Kubernetes applications. Vic Iglesias, a Solutions Architect at Google Cloud, is a maintainer of the Helm charts repository. He talks to Craig and Adam about how people are using Helm, and where the project is going. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Google announces Jib, for building Java containers Jib on GitHub MongoDB operator for Kubernetes OpenFaaS Operator Pivotal PKS 1.1 released VMware’s take OpenSDS releases their first release, Aruba Codefresh raises $8M Series B round for its container-centric CI/CD platform What the funding means to Codefresh Links from the interview Helm website Helm docs Helm GitHub repo Helm Twitter Helm Slack channel Helm Blog Vic Iglesias’s Twitter

A special extended episode going deep on the process of releasing Kubernetes, and this week’s 1.11 release in particular. Hear from Josh Berkus from Red Hat and Tim Pepper from VMware, release manager and shadow release manager for Kubernetes 1.11, on how a release team is put together, the good and the bad of 1.11, and how Kubernetes is like a pastry oven. Don’t you think it’s about time you said hello? web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes 1.11 released Google’s summary of Kubernetes 1.11 VMware Kubernetes Engine Google Cloud Filestore, for hosted NFS on GKE Apply for early access The plan for Helm 3 Consul Connect service mesh Links from the interview SIG-Release 1.11 Release Team 1.12 Release Team Release calendar for 1.11 Feature branches SIG-Scalability Performance tests CI Signal role Breaking changes in release notes Priority and preemption enabled by default JSON decoders should be case sensitive Bug triage lead Growing In Your Contributor Role from Tim at KubeCon EU Last Week in Kubernetes Development from Josh Josh Berkus Twitter GitHub Blog Pottery & baking Tim Pepper Twitter GitHub Portland Timbers and Portland Thorns

Craig and Adam from the Kubernetes Podcast talk to Tina and Fred from Google Cloud Site Reliability Engineering (SRE) about managing GKE and what lessons you can take to your own clusters. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Paul Ingles on standardising on Kubernetes GPUs as a service with Kubernetes Engine are now generally available Rackspace and HPE announce private Kubernetes as a service GitLab: 11.0 released Moving to GCP Interview with the CEO SUSE CaaS Platform 3 Announcing Fedora CoreOS Lacework study finds 300 unsecured container orchestration dashboards Google and Unity announcement 19 new CNCF members Links from the interview Stories from the Playbook, Tina and Fred’s talk from KubeCon Copenhagen The Google SRE Book

On this week’s Kubernetes Podcast, your hosts talk to Maya Kaczorowski from Google Cloud about Kubernetes security, and look at announcements from Microsoft, Docker, Cisco and Spotify. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Microsoft Azure Kubernetes Service goes GA IBM launch multi-zone clusters Dockercon: Federated application management Extending Kubernetes to Windows Server with Docker Enterprise Edition Design applications in Docker Desktop Cisco Live announcement on CCP, Kuberenetes, and Cloud partnership How Spotify is migrating from an in-house Docker orchestration platform to Kubernetes Links from the interview Kromtech article on cryptojacking Security scanning tools: Clair MicroScanner Kubernetes secrets Use an KMS provider for data protection Hashicorp Vault and Kubernetes Cluster hardening guides: GKE Security Overview GKE cluster hardening Kubernetes.io docs on cluster security Exploring Container Security blog series Overview by Maya Kaczorowski Node and container operating systemes by Aditya Kal and Dan Lorenc Digging into Grafeas container image metadata by Felix Glaser and Wendy Dembowski Protecting and defending your Kubernetes Engine network, by Manjot Pahwa, Ahmet Alp Balkan and Bowei Du Running a tight ship with Kubernetes Engine 1.10 by Aaron Small and Vic Iglesias Using Cloud Security Command Center (and five partner tools) to detect and manage an attack by Maya Kaczorowski and Andy Chang Isolation at different layers of the Kubernetes stack by Tim Allclair and Maya Kaczorowski @MayaKaczorowski on Twitter

This week on the Kubernetes Podcast from Google, Craig and Adam give you the low down on new GKE features and talk to Phillip Wittrock about Kustomize. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Regional clusters in Google Kubernetes Engine are now generally available How to deploy geographically distributed services on Kubernetes Engine with kubemci Kubernetes tools for Visual Studio Helm becomes a CNCF hosted project Deploying to Google Kubernetes Engine Amazon EKS is now generally available Kubernetes Best Practices: Upgrading clusters with zero downtime Links from the interview Kustomize Phillip Wittrock and Jeff Regan on GitHub

On this weeks Kubernetes Podcast, Adam and Craig talk to Matt Rickard about Skaffold. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Microsoft to acquire GitHub for $7.5bnby New CEO is Nat Friedman, previously of Ximian and Xamarin Huge uptick in GitLab migrations - over 100,000 repositories migrated Istio 0.8 released New traffic management model Multiple clusters in the same Istio mesh Envoy v2 APIs VPC native clusters in Google Kubernetes Engine Kustomize: Launch blog post Kustomize on GitHub How to get your talk accepted at KubeCon Shanghai CFP Seattle CFP Links from the interview Skaffold GitHub page Announcement blog Matt Rickard on Twitter

This week, Craig and Adam bring the news from Google Kubernetes Engine and elsewhere, and talk to SIG-Docs leads Zach Corleissen (from the CNCF) and Jared Bhatti (from Google). Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Google Cloud has updated Kubernetes Engine to bring Kubernetes 1.10 to General Availability Google Cloud releases Regional Persistent Disks in Beta for Kubernetes Engine to increase availability Beyond CPU: horizontal pod autoscaling comes to GKE container-dee’s new 1.1 release is now generally available for use in Kubernetes New CNCF Sandbox projects: Cloud Events Launch blog post Telepresence Launch blog post Namely video talking about using Istio with Telepresence SAP launches “Gardener”, an open source tool for managing and updating multiple Kubernetes clusters Happy Birthday Istio! Burndown for 0.8 issues CloudOps joins the Kubernetes Training Partner program Links from the interview Guests: Jared Bhatti Zach Corleissen Links: Kubernetes documentation Docs Special Interest Group (SIG) Slack

On this weeks Kubernetes Podcast, your hosts talk to JD Velasquez from Google Cloud about Stackdriver Kubernetes Monitoring; a new product that brings first-class Kubernetes monitoring and Prometheus support to the Stackdriver monitoring and observability suite. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Rackspace announced Kubernetes-as-a-Service Cisco patches for their Digital Network Architecture Center eSecurityPlanet interview with Brandon Philips, about how Kubernetes responds to security threats Kubernetes The Hard Way updated for Kubernetes 1.10 Kiali, observability for Istio: GitHub Presented at Red Hat Summit Overview video by Heiko Rupp Demoed at the Istio Community Meeting Links from the interview Stackdriver Kubernetes Monitoring: Product page Documentation Announcement blog

On this weeks Kubernetes Podcast, Adam and Craig talk to Nicolas Lacasse and Yoshi Tamura from Google Cloud about gVisor, a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It provides an isolation boundary between the application and the host kernel and integrates with Docker and Kubernetes, making it simple to run sandboxed containers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Microsoft announced four new features to AKS Microsoft and Red Hat announced the upcoming Managed OpenShift on Azure. Red Hat announced roadmap for CoreOS integration. Mirantis has announced “Virtlet”, which enables customers to run VMs as pods in a Kubernetes cluster. Kubernetes Ingress Controller is now available for Kong Techcrunch took a look at how Kubernetes is creating a broad ecosystem for startups. Links from the interview gVisor: GitHub Mailing list Announcement blog

Craig and Adam bring you the news from KubeCon and an interview with Kubeflow product manager David Aronchick from Google. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Certified Kubernetes Application Developer from CNCF Kubernetes Training Partners from CNCF Red Hat’s CoreOS team launch the Operator Framework Kafka operator from Confluent Digital Ocean’s new Kubernetes service Craig’s KubeCon keynote video with Google’s announcements Open sourcing gVisor, a sandboxed container runtime Announcing Stackdriver Kubernetes Monitoring: Comprehensive Kubernetes observability from the start Datadog container map view Upbound emerges from stealth, raises $9M from GV to build a multicloud platform on Kubernetes Links from the interview Kubeflow: GitHub Slack Twitter Mailing list David Aronchick on Twitter

In this first episode your hosts introduce the show, give an update to the news of the week, and interview Kubernetes community manager Paris Pittman. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Introducing Heptio Gimbal: Bridging cloud native and traditional infrastructure Gimbal coverage at VentureBeat Docker enables Kubernetes support in Enterprise Edition 2.0 Kubernetes best practices: How and why to build small container images EKS certified Kubernetes Links from the interview Kubernetes Community on GitHub List of SIGs and Working Groups Community calendar Kubernetes Slack Stack Overflow Paris Pittman