The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Virgin Galactic launch NBC News BBC News Blue Origin launch NBC News BBC News Rocket scene from Austin Powers: The Spy Who Shagged Me The memes News of the week Google Cloud Container Security webinar Register for Google Cloud Next 2021 Google Cloud IDS Windows Server support for Anthos on-prem Multi-Cluster Ingress for GKE CVE-2021-22555: Kernel code execution through Netfilter bug CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding CVE-2021-32690: Helm repository credentials passed to alternate domain Attacks on Argo Workflows discovered by Intezer Sysdig acquires Apolicy; Apolicy acquired by Sysdig CockroachDB Operator for Kubernetes Automatic remediation of Kubernetes nodes at Cloudflare Sciuro Kured CNCF App Delivery TAG publishes operator whitepaper Links from the interview Software supply chain Know, Prevent, Fix Reproducible builds Debian Project SolarWinds hack US Executive Order on Improving the Nation’s Cybersecurity Binary Authorization Provenance, in art and software in-toto “Farm to table” sigstore Announcement blog cosign Announcement blog Dan Lorenc’s blog Connaisseur Rekor Fulcio Key signing ceremony: Dan Lorenc on Episode 152 Announcement blog Video Tekton Tekton Chains Announcement blog, by Priya & Dan SBOM (Software Bill of Materials) Open Source Insights Announcement blog Nine Inch Nails' Year Zero ARG Scorecards Announcement blog v2 blog SLSA Announcement blog GitHub SupplyChainSecurityCon sigstore Slack channel Priya Wadhwa on Twitter

Gatekeeper is an open source project which lets you enforce policy in a Kubernetes cluster. It’s also the basis for Policy Controller, a hosted and managed version now available for all GKE users. Max Smythe, a senior SWE at Google, is a maintainer of Gatekeeper and the TL of Policy Controller. He joins us to talk constraints, config and Cruise.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week England loses Euro 2020 final It’s Coming Ohm: prediction on power usage Half time power spike Top 20 spikes The Thorn Birds The Superbowl Flush - debunked! Tokyo Olympic Games Opening Ceremonies Hedbanz News of the week APIs being removed in Kubernetes 1.22 ContainIQ launches Postgres Operator 5.0 NetworkServiceMesh 1.0.0 Google Cloud Certificate Authority Service GA and cert-manager integration Platform9 Managed KubeVirt InsightCloudSec from Rapid7 Sophos acquires Capsul8 Spring 2021 graduating class from CNCF-sponsored LFX Mentorship program Links from the interview Brian May Edge of Tomorrow The redemption thereof Chubby Riak Gatekeeper Anthos Config Management Config Sync Policy Controller Episode 101, with Tim Hinrichs and Torin Sandall PodSecurityPolicy is not going GA SIG Auth’s replacement proposal Using ACM constraints to enforce Pod security OPA Constraint framework Policy Controller: Creating constraints Writing a constraint template Structural schemas Design Patterns for Extendable, Scalable K8s Extensions by Rita Zhang and Max Smythe Max Smythe on Twitter

Debugging Kubernetes often involves correlating what happened just before something went bad. Itiel Shwartz is a co-founder of Komodor, a startup who builds a platform to help with exactly that. We talk Hebrew names, Hungarian dogs and German car crashes.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Jimmy Moore steps out from behind the scenes Conan O’Brien Needs A Friend Revisionist History Letterman reads out Johnny’s jokes Mythic Quest News of the week Joint US/UK cybersecurity advisory saying Russia is using Kubernetes CNCF and FinOps Foundation survey Canonical Kubernetes usage survey CNCF End User Radar for multi-cluster tools runc 1.0.0 Buoyant Cloud Public Beta Sloth, by Xabier Larrakoetxea Links from the interview Komodor “Itiel” and “ETL” Rookout Forter Ben Ofiri Komodor team photo The Komondor (and image search) Man Who Looks Like His Dog Jack Tramiel, co-founder of Commodore International The story of the name “Commodore” Man Who Looks Like His Dog Single bit-flip renders certificate transparency log invalid $25 million funding with angel investors Itiel Shwartz and Komodor on Twitter

Steve McGhee worked as an SRE at Google for almost 10 years, then took a job outside the company. He was tasked with recreating “Google Production” and SRE practice from first principals, but with three books, modern cloud providers, and the entire Kubernetes ecosystem to help. How did he do? Learn about that which you can and can’t replace.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Dan’s recent work has come up in episodes 136, 142, and 151, to name but a few Episode 39, with Dan Lorenc Tekton CD Sigstore Dan’s Peter Jackson look Sigstore Root Key Ceremony IANA Key Signing Ceremonies and changes in the time of COVID News of the week GKE news: New Tau VMs on Google Cloud and GKE Committed use discounts for GKE Autopilot Cloud Onboard training for GKE with Kaslin Fields, on June 22 Stackrox/Red Hat State of Kubernetes Security blog post and report etcd 3.5 SLSA: Supply chain Levels for Software Artifacts Ensemble, by Tesera Harbor operator 1.0 Weave GitOps Core Episodes 144 and 145, with Alexis Richardson WSO2 launches Choreo and acquires Platformer KubeCon EU 2021 transparency report COVID vaccine required to attend fall 2021 Linux Foundation events Opinions on Knative positioning by Ahmet Alp Balkan Episode 66 Links from the interview LG Chocolate Phone and the Crazy Frog Good SRE is the inverse of the XKCD comic on Standards “Breaking Prod: More than once, I personally made it impossible to use google search from a phone (for a little bit). Like, for everyone on the planet.” San Luis Obispo, California (SLO) GIFEE, coined at CoreOS Rebuilding SRE, from Memory Ben Treynor Sloss Homer Simpson’s Car Postcards from the future and the crystal ball It is against the law to have a sleeping donkey in your bathtub after 7pm How To Avoid Huge Ships Prometheus Canary releases Canary deployments with Istio SLO Math, by Steve McGhee (SLOconf 2021) The SRE I Aspire To Be, by Yaniv Aknin (SREcon 2019) RAID. a Redundant Array of Inexpensive/Independent Disks Deployment Archetypes for Cloud Applications, by Brad Calder and Anna Berenberg Steve McGhee on Twitter

NVIDIA and Google have teamed up to bring the new Multi-Instance GPU feature, launched with the NVIDIA A100, to GKE. We speak to Kevin Klues from NVIDIA and Pradeep Venkatachalam from Google Cloud on how and why people use GPUs, optimising instance shapes for machine learning, and why less is often more.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 64, with Sarah D’Angelo and Patrick Flynn Catching up with Patrick in Episode 148 Winthrop, Washington Blackdown Hills, Devon News of the week Azure App Services now available for Azure Arc Azure Arc and App Service blog posts Other new AKS capbilities Virtualization Review coverage ECS Anywhere made GA by press release AWS App Runner Integrating Google Cloud DNS with GKE Istio 1.10 Terraform 1.0 Grafana 8.0 and Tempo 1.0 Argo Rollouts 1.0 Kubesphere 3.1.0 Cilium 1.10 OpenSLO spec launched at SLOConf Episode 147, with Brian Singer and Kit Merker Envoy GA on Windows Chaos Experimentation Framework for Envoy El Carro operator for Oracle Database from Google Cloud Moco operator for MySQL from Kintone PlanetScale GA Episode 81, with Jiten Vaidya and Sugu Sougoumarane FoundationDB paper from ACM SIG MOD DockerCon announcements Coverage of Development Environments from The Register Deps: Open Source Insights project from Google Graph for Kubernetes 1.0.0 Graph for Kubernetes 1.22.0-alpha.2 Verifiable Supply Chain Metadata with Tekton Chains Kubernetes CVEs: CVE-2021-25736 CVE-2021-25737 CVE-2021-25738 runc CVE-2021-30465 VS Code Plugin for Kubernetes CVE-2021-31938 Steve Smith says “GitOps is a placebo” in a blog post and Twitter thread Follow up from Vic Iglesias GitOpsDays Styra raises $40m Series B round Episode 101, with Tim Hinrichs and Torin Sandall Cloud Native community goes live with 10 shows on something called Twitch YouTube playlist for KubeCon EU 2021 Links from the interview Episode 92, with Pramod Ramarao Dogecoin Training and inference 12 things that prove Doom will run on literally anything “It runs Doom” subreddit CUDA vGPUs Multi-Instance GPUs GKE now supports multi-instance GPUs 7 core MacBook Air GPUs A100 GPU 16 A100 GPUs on a Google Cloud VM Running GPUs on GKE Node taints for scheduling NVIDIA Container Toolkit GCP NVIDIA GPU device plugin Kubernetes NVIDIA device plugin GTC 2021 talks: A Deep Dive on Supporting Multi-Instance GPUs in Containers and Kubernetes by Kevin and Pradeep Gain Competitive Advantage using ML Ops: Kubeflow and NVIDIA Merlin and Google Cloud by Andrew Stein and Maulin Patel (Google) and Davide Onofrio (NVIDIA) Kevin’s KubeCon talk and slides Kevin Klues on Twitter

Pixie Labs built an observabiity platform for Kubernetes, which uses eBPF to get telemetry without user intervention. They were recently acquired by New Relic, who open sourced the Pixie software. Co-founders Zain Asgar and Ishan Mukherjee join Craig Box to tell the story and talk about what’s next. Guest host Alex Ellis tends his garden.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 116, with Alex Ellis GrowLab Announcement blog Alex’s talk at the GIFEE Day Monty Don OpenFaaS in the RISC-V keynote New Kubernetes on Edge training course News of the week eBPF for Windows GKE Dataplane V2 is GA Confluent for Kubernetes GA VMware Tanzu SQL, with MySQL, for Kubernetes, 1.0 VMware Modern Apps?Connectivity?Solution Do the State of DevOps survey! Links from the interview Pixie Labs What is Pixie overview slides presented to CNCF Public beta launch and announcement of Series A funding TechCrunch coverage Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs A day in the life of a Kiva robot Recognition for Google Lens clothing recognition Dog or blueberry muffin? Episode 125, with Ramiro Berrelleza How Pixie Works New Relic goes all-in on OpenTelemetry and Open Source Pixie on GitHub Pixienauts community New Relic upgrades to Platinum member at CNCF Zain Asgar and Ishan Mukherjee on Twitter

A small army of community volunteers is necessary to host a KubeCon, but behind them is a professional events team. Colleen Mickey is Director of Event Services at the Linux Foundation and is responsible for KubeCon + CloudNativeCon, as well as other events like Hyperledger Global Forum and cdCon. She talks to us about hosting, feeding and watering 10,000 people, as well as the change to virtual events.

We also bring the round-up of the KubeCon news, including our famous Lightning Round.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 29, with Janet Kuo Looking back at KubeCon Shanghai 2018 News of the week New Relic and Pixie Labs blogs on Pixie being open sourced New Relic joins CNCF as a Platinum Member Red Hat launches the Stackrox community at stackrox.io OpenShift GitOps and OpenShift Pipelines Snyk’s State of Cloud Native Application Security report announcement and results OCI Distribution Specification reaches 1.0 Prometheus to launch conformance program New CNCF sandbox projects: Vineyard, an in-memory immutable data manager WasmEdge Runtime, a WebAssembly Virtual Machine for cloud, AI, and blockchain applications ChaosBlade, an open-source version of Alibaba’s chaos tools Fluid, a data and storage abstraction for AI and cloud-native applications Submariner, a cross-cluster overlay of overlay networks Antrea, a Kubernetes CNI plugin Episode 128, with Antonin Bas CNCF Edge survey results and free Kubernetes on Edge Training Episode 116, with Alex Ellis Inclusive Naming Initiative receives Honorable Mention at Fast Company?s 2021 World Changing Ideas Awards ?Master,? ?Slave? and the Fight Over Offensive Terms in Computing by Kate Conger of the New York Times Episode 130, with Stephen Augustus Spotify wins CNCF Top End User Award Episode 50, with David Xia Episode 136, with Lee Mills and Matt Clarke. Lightning round Accuknox secured $4.6m in seed funding Accurics announced Terrascan integrates with Argo CD Ambassador introduced a Developer Control Plane Armory introduced mini-Spinnaker installation Minnaker, built on k3s Arrikto announced MiniKF 1.3 and Eenterprise Kubeflow for Azure Avesha launched Smart Application Cloud Framework Bridgecrew published security trends from analyzing Helm charts CAST AI announced Amazon EKS cost optimizer Civo launched K3s-as-a service to early adopters Cloudical introduced version 1.8 of VanillaStack DataStax announced that k8ssandra supports all distributions Dynatrace added the ability to ingest OpenTelemetry traces HAProxy launched version 1.6 Kubernetes ingress controller Kasten added ransomware protection with v4.0 of K10 Kubermatic Kubernetes Platform 2.17 Kubernative says that KubeOps is now a full-fledged Managed Kubernetes Framework Netdata has added Kubernetes monitoring features to their Cloud service Nirmata announced Nirmata Policy Manager, based on Kyverno OpenNebula released a new K3s Virtual Appliance for running Edge Clouds Portainer raised $6M in a Series A round to Accelerate their global expansion Portworx pre-announced PX-Backup 2.0 with support for external auth services Rancher launched a new Rancher Desktop tool in Alpha for Windows and Mac Rafay launched new features to its Kubernetes Management Cloud Splunk announced their Observability Cloud is Generally Available StackPulse announced a Kubernetes-centric operations center StorageOS version 2.4 brings encryption at rest and rapid application recovery StormForge introduced automatic scanning of in-cluster resources StreamNative open sourced Function Mesh for running Apache Pulsar functions Sysdig added runtime detection and response for AWS Fargate Tigera released Calico Enterprise 3.5 with Dynamic Service Graph and eBPF data plane Timescale raised $40m Series B for Postgres-based TSDB and Prometheus cloud Trilio announced Kubernetes Backup Monitoring for Velero users Vitess launched version 10, with support for the Ruby on Rails framework Wanclouds launched multi-cloud Disaster Recovery as a Service Weaveworks launched Weave Kubernetes Platform 2.5 with multi cluster observability platform Zebrium now automatically perform Root Cause Analysis with integration into Opsgenie Links from the interview The first KubeCon in 2015 KubeCon donated to the CNCF CNCF presents CloudNativeCon and hosts future KubeCon events (2016) Dreamforce brings in cruise ships KubeCon NA 2017 in Austin, TX Linux Foundation Climate Finance Foundation Diamond sponsor lottery Diversity and inclusion at KubeCon EU Sponsorship open for KubeCon NA 2021 Event platforms: Intrado MeetingPlay KubeCon + CloudNativeCon Europe 2021 KubeCon + CloudNativeCon North America 2021 GopherCon EU 2018 in Iceland Colleen Mickey on LinkedIn

Liqo is short for Liquid Computing. It’s a tool for extending Kubernetes onto others clusters, developed at the Polytechnic University of Turin. Research assistant and Liqo co-creator Alex Palesandro is our guest this week.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 64 with Sarah D’Angelo and Patrick Flynn Three years ago today James Strachan, James Rawlings and Dan Lorenc Jib reCAPTCHA News of the week Microsoft to acquire Kinvolk, Kinvolk to be acquired by Microsoft Episode 79 with Chris Kühl Red Hat Virtual Summit announcements Red Hat OpenShift Platform Plus Rackspace and Platform9 announce partnership Episode 88, with Madhura Maskasky Lens 5 Beta HYCU joins the Kubernetes backup party Sysdig joins the cloud security unicorns Episode 91, with Leonardo Di Donato GKE adds multi-instance GPUs and a new Gateway controller Kubernetes moves to three releases per year Links from the interview Alex Palesandro Politecnico di Torino Alex’s thesis Episode 141, with Daniel Mangum Episode 142, with Gianluca Arbezzano Fiat and Stellantis DAUIN, Department of Control and Computer Engineering Netgroup Crown Labs Blender Liqo Virtual Kubelet mDNS Kubernetes TLS bootstrapping Vint Cerf at 6UK launch in 2010 kubefed Liqo roadmap Liqo on GitHub Alex Palesandro on Twitter

Brian Singer co-founded Orbitera, which was acquired by Google in 2016. During that process he met Kit Merker, who was a PM on GKE and the GCP Marketplace, and the two are now working togther on relability engineering startup Nobl9. We talk about migrating Orbitera to GKE and Google’s SRE platform, and how many 9s are too many.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 94, with Richard Belleville The G in gRPC stands for: Gilded Guadalupe River Park Conservancy The Great British Bake Off? Not grey, just backlit! Much improved here News of the week Grafana relicensing to AGPLv3 Q&A on relicensing Google’s public ban on AGPL Amazon introduces OpenSerarch Pulumi v3.0 Episode 76, with Joe Duffy k8ssandra v1.1 Cassandra Kubernetes SIG picks Cass Operator Docker Desktop for Apple Silicon Macs is GA Zerto for Kubernetes Three different multi-tenancy models Loft Labs open sources Vcluster CVE-2021-20291 in CRI-O and Podman Kubernetes blog updates: Volume health monitoring Indexed Jobs Graceful node shutdown Defining Network Policy conformance for CNI providers Evolving Kubernetes networking with the Gateway API Links from the interview Orbitera in 2016 - acquired by Google Why Orbitera was migrated to GKE Site Reliability Engineering Service level objectives Error budgets and risk Being too reliable SLOs, SLAs, SLIs SLOs explained in 90 seconds video by Kit Merker Nobl9 SLO Platform SLOconf Fly to SLO Fly to Oslo Beyond Seattle SRE meetup Slash at Wembley Arena Brian Singer on Twitter Kit Merker on Twitter

Celebrate the release of Kubernetes 1.21 with release team lead Nabarun Pal from VMware. Nabarun talks about choosing between “hardware” and software, additions and removals from Kubernetes 1.21, and how the Kubernetes project has become more welcoming to people outside the USA.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Moscone Center vaccination site Monday morning weather in London Before and after haircut World record barbering News of the week Kubernetes 1.21 CronJobs are GA Local Storage features go Beta Suspended Jobs in Alpha kube-state-metrics v2.0 emissary-ingress joins the CNCF Shell Operator v1 for Kubernetes operators kubesploit, from CyberArk CVE-2021-25735: Validating Admission Webhook does not observe some previous fields on Node objects Kubegres Minio adds Kubernetes operator and console Scaling Kubernetes with assurance at Pinterest by Anson Qian SUSE sponsors 300 scholarships in cloud native education A reprieve for Apache Mesos Links from the interview Nabarun Pal IIT Roorkee Logo ABU Robocon Models and Robotics Section, IIT Roorkee Rorodata/Algoshelf PyCon India Building microservices with Firefly at PyCon India 2017 Conference talks Linux Users' Group of Durgapur (DGPLUG) and FOSS training Kubernetes Bangalore meetup Nabarun’s journey in the Kubernetes release team Applications for Kubernetes 1.21 release team are open Episode 130 with Stephen Augustus Kubernetes 1.21 release blog Kubernetes Enhancement Proposals (KEPs) 1.21 release page PodSecurityPolicy deprecation and KEP Making sure features don’t languish in Beta Volume health monitoring Command metadata in kubectl headers Tweet from @dims bribing people to test Release Candidate builds Savitha Raghunathan is release lead for 1.21 Lewis Hamilton tied with Michael Schumacher Mick Schumacher joins F1 Nabarun Pal on Twitter

We conclude our two-part conversation with Weaveworks co-founder Alexis Richardson, picking up when the company received Series A investment in December 2014. Since then, they built projects like Scope, Cortex and Flux as well as SaaS offerings based on them. We also look at Alexis’s role in the founding of the CNCF.

Please be sure to listen to the first part before this one!

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Educational YouTubers: Film Riot Mental Floss Animator Island Infrastructure for Entertainment by Justin Garrison at KubeCon NA 2020 Episode 20, with Justin Garrison News of the week Kubernetes 1.21 PodSecurityPolicy deprecation KubeVela 1.0 Argo Workflows 3.0 and Argo CD 2.0 Cilium launches NetworkPolicy site IBM Cloud Code Engine is GA Tanzu Cloud Native Runtimes public beta New security offerings from Tanzu Cisco Intersight Kubernetes Service is GA Tetrate Service Bridge is also GA Updates to Azure Arc enabled Kubernetes and OpenServiceMesh add-on for Azure in Preview etcd project journey report published Single sign-on guide for Kubernetes by Ben Dixon Apache Mesos moving to the Attic Links from the interview Last week’s episode Weaveworks Weaveworks takes a $5m Series A round Weave Scope and its annoucement Cortex Flux CD and its announcement as a service routing layer Weave Cloud Docker Swarm Mode kubernetes-anywhere kubeadm How we made kubeadm Brandon Philips' newsletter Launching eksctl The August 2017 post introducing GitOps Peter Bourgon and Michael Bridgen Kelsey Hightower talk at GitOpsDays Guide to GitOps Steam engine centrifugal governor Flux joins the CNCF Flagger Announcement about Argo and Flux joining forces Weaveworks is a founding member of the CNCF Alexis elected as TOC chair Battlestar Galactica Weave Kubernetes Platform Series C funding Alexis Richardson on Twitter

We’re trying something new!

In Part 1 of a two-part conversation with Weaveworks co-founder Alexis Richardson, we have a wide ranging conversation about career choices, finance, founding and selling tech companies, and the dangers of being pigeon-holed based on the first project your company releases.

Next week we’ll finish the conversation by talking about Weave projects like Flux and Cortex, as well as their SaaS offerings, the founding of the CNCF, and whether Weave built the platform they set out to build when they started 7 years ago.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Evergiven Everywhere “Reply all” at the State Department Evergreen truck blocks Chineses highway Little ship stuck in Littlehampton harbour Vote for the name of the Seattle Tunnel Boring Machine Sir Mix-a-Lot News of the week Outdated; a new open source project from Replicated Episode 143, with Grant Miller Kubestr by Kasten by Veeam, by golly The Aerospike Kubernetes Operator Tanzu Kubernetes Grid v1.3 Red Hat OpenShift on AWS is GA Quay.io is changing login methods Container vulnerability scanning from Sophos Kubecost raises $5.5m in funding Episode 124, with Webb Brown Security Updates in Docker by Itamar Turner-Trauring Links from the interview Mathematical logic at Oxford University Stewart Butterfield on philosophy Computer Literacy Project Jeremy Ruston’s BBC Micro Revealed and 80s hair Haskell, Orwell and Miranda OCaml and Standard ML 1998 Russian financial crisis Metalogic Oy Cohesive Networks AMQP RabbitMQ NZ Easter Bunny hunt Matthias Radestock Erlang ejabberd Matthew Sackman and Tony Garnock-Jones Open Telecom Platform (OTP) VMware acquires Rabbit Technologies SpringSource previously Interface21 Weaveworks Introductory blog “Zettio introduces Weave” Weave Net Alexis Richardson on Twitter

Grant Miller is the co-founder and CEO of Replicated, which helps operationalize and scale the delivery of Kubernetes-based apps into the enterprise. We look at what it means to be enterprise software in a SaaS world, and we also get some 2021 predictions from guest host Liz Rice.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 19, with Liz Rice Episode 133, with Thomas Graf Cilium talk at DockerCon 2017 Liz’s 2021 predictions from KubeCon NA (Virtual) 2020 Cheese exports are down Autonomous driving levels Prince Harry joins a startup Nick Clegg joins Facebook News of the week SoloCon announcements Mesh7 to be acquired by VMware GKE adds runtime configuration of pod subnets and larger Internal Load Balancer support Amazon reduces EKS cluster create time from “glacial” to “slow” NetApp launches Spot Wave CircleCI Server 3.0 Diamanti Spektra 3.2 Sonatype launches Nexus Container Davanum Srinivas elected to the CNCF TOC “Unironically Using Kubernetes for my Personal Blog” Links from the interview SparkPeople Marc Campbell look.io acquired by LivePerson Replicated Open source from Replicated kurl KOTS Troubleshoot SchemaHero Donated to the CNCF EnterpriseReady and the EnterpriseReady Podcast Kubelist and the Kubelist Podcast Replicants, replicators and gremlins Grant Miller and Replicated on Twitter

If you’d like something more tangible than a virtual cloud instance, there’s always (still!) bare metal. Tinkerbell is a project from Equinix Metal to manage bare metal servers at scale, and Gianluca Arbezzano is one of its maintainers. We talk stacks, racks and MACs.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 11, with Vic Iglesias Vic lives here, but not here Pokémon Go social distancing News of the week Flux moves to incubation in the CNCF NetApp Astra goes GA; more information Fairwinds introduces Saffire Cosign, by Dan Lorenc Episode 39 Komodor beta and swag offer Announcing Private Clusters on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) Linkerd 2.10 The Money Section, with thanks to David Pait, guest of Episode 127 Docker takes $23m in Series “B” funding to get ship done Aqua Security takes $135m in Series E at $1b valuation Snyk raises $300m in Series E valuing company at $4.7 billion Tetrate raises $40m Series B Is Crossplane the Infrastructure LLVM? by Daniel Mangum Episode 141 Links from the interview PHP. and PHP in 2020 Turin InfluxData Episode 91, with Leonardo Di Donato Dropbox’s exodus from Amazon Equinix Metal Packet acquired by Equinix Tinkerbell OpenCompute and Open19 Server terminology: Next Unit of Computing (NUC) Baseboard management controller (BMC) Preboot Execution Environment (PXE) Floppy disks DIY Board management control for an Intel NUC: power control Tinkerbell services: Tink Boots OSIE Hook Hegel PB&J OVH fire How Tinkerbell Got Its Wings, including joining the CNCF Tinkerbell community Episode 136: Backstage, with Lee Mills and Matt Clarke Gianluca Arbezzano on Twitter and on the web Tinkerbell on Twitter

Crossplane lets you automate creation of infrastructure using Kubernetes APIs. Daniel Mangum is a Crossplane maintainer working at its creator Upbound, a TL of Kubernetes SIG Release, and a YouTube streaming star. He chats about tech with host Craig Box, who is helped this week by returning guest Ken Massada from GKE’s Support team.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 18, with Ken Massada Things We Don’t Say podcast Glow in the dark sharks Earthquakes and tsunamis News of the week Microsoft Ignite news: Azure Arc for Kubernetes Azure Migrate app containerization service AKS release notes Microsoft Mesh Helm second security audit Meet Brigade v2 Harbor 2.2 and roadmap Google Summer of Code 2021 KubeCon EU 2021 schedule launched and the selection process explained Issue #100000 on kubernetes/kubernetes Links from the interview Visual Basic for Applications NYT article on retro computing Compiler Explorer Rich Code for Tiny Computers by Jason Turner Upbound Episode 36, with Jared Watts Crossplane Crossplane vs Terraform blog by Nic Cope Compositions and XRDs Crossplane vs Cloud Infrastructure Add-ons TBS episode with Matt Moore of Knative Helm provider July 2020: Crossplane joins the CNCF LFX mentorship program Dec 2020: v1.0 Mar 2021: v1.1 Kubernetes SIG Release doc.crds.dev Upcoming KubeCon talk: FPGK8s: Consumer-Grade FPGAs on Kubernetes Cutting GTA loading times by 70% and how YAML parsing can become quadratic Daniel’s current hirsuteness The Binding Status Flake-Finder Fridays Daniel Mangum on Twitter and on the web

Kamil Potrec is a Senior Security Engineer at Snyk, working on security around Kubernetes and cloud platforms. He joins the show to discuss how to think about securing your infrastructure, the different arts (and colors) of offensive and defensive security, and what not to lose sleep over.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 23, with Andrew Philips and Lars Wander A pile of mail and a bike News of the week Red Hat OpenShift 4.7 is GA Fairwinds Insights 3.0 Envoy zero-day patched Istio security bulletin Sysdig contributes Falco modules to the CNCF StorageOS raises $10m in Series B Platform9 raises $12.5m in Series D CNCF relaunches Kubernetes Community Day with KCD Africa and Bengaluru Links from the interview Offensive unit in American Football Hand-egg Red and blue teams Unreal Tournament Capture the flag Kubernetes secrets Design document Encrypting secrets at the application layer Antivirus software Tracer-tee SolarWinds attack Reflections on Trusting Trust by Ken Thompson left-pad deleted from NPM Snyk Open Source The open source parts Snyk vulnerability database MITRE CVE database Kubernetes security at Snyk Deploy only trusted containers to GKE Application threat modeling Kubernetes security best practices, including security context, AppArmor, gVisor etc CVE-2020-8554: man-in-the-middle attack using ExternalIP services CVE-2020-14386: packet socket vulnerability with user namespaces enabled Earlier related work: CVE-2017-7308 and CVE-2016-8655 Project Zero writeup Rewrite it in Rust! Kamil Potrec on LinkedIn

Today Google Cloud introduced GKE Autopilot, a new mode of operation where you no longer manage or configure nodes, and you pay per-pod, per-second. Craig talks Autopilot with GKE product manager Yochay Kiriaty.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 86, with Lin Sun Istio boat meetup at KubeCon NA 2019 IstioCon 2021 Craig and Lin’s session Jeff from Coupling Separated at birth? News of the week Google Cloud launches GKE Autopilot Dapr 1.0 Calico Cloud Gloo Mesh Enterprise goes GA Distroless FIPS-compliant Istio Red Hat closes acquisition of Stackrox Real load-aware scheduling in Kubernetes with Trimaran Kubernetes overlay networks with IPv6 Links from the interview Last week’s Star Wars show A selection of presentations wearing Darth Vader shirts Windows 7 Red Dog Google South Lake Union Seaplanes GKE Autopilot Launch blog Episode 49, wth Eric Brewer Virtual Kubelet Datadog Container Report Episode 137, with Michael Gerstenhaber

This week we talk multi-cluster services with Jeremy Olmsted-Thompson, co-chair of the Kubernetes Multicluster SIG, and tech lead on the Google Kubernetes Engine platform team. Guest host Tim Hockin shows us the way.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 41, with Tim Hockin The Machete Order John Boyega on Star Wars News of the week Istio 1.9 IstioCon 2021 - February 22-26 Mayadata spins out Chaos Native Cilium Network Policy editor Kubernetes network policy explained by Dominik Tornow Trend Micro write-up on container-escaping malware Dynatrace Cloud Automation and native log support Episode 119, with Alois Reitbauer Shipa 1.2 New GKE, EKS and AKS releases Tanzu Build Service 1.1 Kubernetes 101 Retrospective by Jeff Geerling CFP for the eight KubeCon EU pre-days Designing for SaaS on Kubernetes at Teleport by Virag Mody Comparing OPA/Gatekeeper and Kyverno by Chip Zoller Links from the interview Anthos on VMware SIG Multicluster Federation v2 update Multi-Cluster Services KEP Namespace sameness Gateway API (formerly known as Service APIs) Istio RFC Introducing GKE multi-cluster services Multi-cluster Ingress Cluster API Cluster ID KEP Jeremy Olmsted-Thompson on Twitter and GitHub

Michael Gerstenhaber is a Director of Product Management at Datadog, and the curator of their annual Container Report. He joins Craig to discuss why they release it, some recent trends, and how it helps people validate their assumptions about technology.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 103, with Saad Ali New TOC members Episode 62, with Ricardo Rocha, Lukas Heinrch and Clemens Lange Malaysian roti in London Elgin Marbles News of the week OPA graduates in the CNCF Episode 101, with Tim Hinrichs and Torin Sandall Docker Distribution donated to the CNCF Red Hat Quay 3.4 released CNCF proposal Hildegard malware writeup from Unit42 The original TeamTNT Attacking Kubernetes clusters using the Kubelet API by Eduardo Baitello Jetstack Secure Traefik Using Traefik as an ingress controller with Istio Kong Konnect is GA Kong raises $100M at a $1.4b valuation Get your KubeCon EU tickets early Buildpacks vs Dockerfiles by Genevieve L’Esperance Why Helm never felt like it belonged by Luka Skugor Links from the interview iOS and iOS The Happy Cloud Happy Cloud Taps the Cloud to Speed Up Video Game Downloads by Ryan Kim at GigaOM Datadog Live Container monitoring Live Process monitoring Golden signals Work metrics and resource metrics Datadog reports: Docker adoption 2015 2016 2017 2018 Container orchestration 2018 Container Report 2019 2020 KubeCon EU 2019 talk: 10 Ways to Shoot Yourself in the Foot with Kubernetes, #9 Will Surprise You by Laurent Bernaille & Robert Boll Autopilot: Workload Autoscaling at Google Scale Snow in NYC #17 on the all-time list by inches of snowfall Michael Gerstenhaber on Twitter

Backstage is a platform for building developer portals, powered by a centralized service catalog. It was built at Spotify and both open sourced and donated to the CNCF in 2020. A Kubernetes plugin was recently added. We talk to maintainers Lee Mills and Matt Clarke from Spotify.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 106, with John Belamaric Production Readiness Review News of the week Longhorn 1.1 Vitess 9 Sonobuoy adds reliability scanning Rapid7 acquires Alcide; Techcrunch reporting Armo comes out of stealth; VentureBeat reporting Scaling Kubernetes to 7,500 nodes at OpenAI Announcing the Linkerd steering committee The State of Cloud Native Release Orchestration; a report from Vamp Hunting for malware with Falco Episode 39, with Dan Lorenc Upgrading from Kubernetes 1.11 to 1.18 in a month by Jeff Wolski at WeTransfer Debugging CrashLoopBackOff by David Giffin from Release Jeff Brewer has passed Intuit CNCF case study Links from the interview Spotify engineering culture Microservices at Spotify Backstage Open source launch How Spotify uses Backstage GitHub repository Golden Paths Kubernetes plugin announcement Episode 50, with David Xia Donation to CNCF Sandbox Some backstage stories with David Pait in episode 127 Lee Mills and Matt Clarke on Twitter

Josh Bernstein has worked at a number of infrastructure roles before recently landing at Google. He talks about migrating Siri from AWS (pre-acqusition) to VMware to Mesos, and Dell EMC’s work building what would become the Container Storage Interface. Guest host Jasmine Jaksic talks with Craig about snowcreatures.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Episode 15, with Dan Ciruli and Jasmine Jaksic Snowpeople and snowthings News of the week Multi-dimensional pod autoscaling in this week’s GKE release Hitachi: vacuum cleaners in the 1990s and Kubernetes today Garnet.ai kind 0.10 New Google Cloud Run networking features Don’t cross the streams Production Kubernetes from VMware Tanzu. Serverless for Everyone Else from Alex Ellis Episode 116 Chris Aniszczyk’s 2021 predictions Episode 134 Priyanka Sharma’s 2021 predictions Episode 107 14 LFX interns graduate Kubernetes honey tokens by Brad Geesaman Bad pods: privilege escalation by Seth Art The US Air Force are feeling supersonic Links from the interview Apple acquires Siri Xserve Siri public introduction Apple rebuilds Siri backend with Apache Mesos using the J.A.R.V.I.S. framework Dell EMC {code} community REX-Ray: announcement and docs CNCF Governing Board CI/CD startups to watch: Harness Armory Shipa Josh Bernstein on Twitter

After building the Eclipse IDE and Twitter’s Open Source office, Chris Aniszcyzk bootstrapped the CNCF, joining its parent the Linux Foundation in 2015. He’s now a VP of DevRel there, as well as CTO at the CNCF and Executive Director of the Open Container Initiative. Chris joins us to share his technology journey and Cloud Native predictions for 2021.

And all that is now
And all that is gone
And all that’s to come
And everything under the sun is in tune
But the sun is eclipsed by the moon

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam on LinkedIn News of the week Otomi from RedKubes Nutanix now supports Anthos Tanzu Advanced is GA Pivotal Labs is Tanzu Labs VMware needs a new CEO New CSI driver for Google Kubernetes Engine Slim.ai announces seed funding Grafana Cloud introduces free tier Sysdig container security usage report (PDF) 63 node Kubernetes cluster using Firecracker by Álvaro Hernández The definitive guide to Vertical Pod Autoscaling by Povilas Versockas Links from the interview

ZX Spectrum

R-Type and Jet Pac

GORILLA.BAS

Gentoo Linux

Java Virtual Machine (JVM)

Eclipse

Object Technology International Erich Gamma code9, Chris’s startup

Backstage and Roadie

Twitter OSS

Pants Mesos twemproxy

Linux Foundation, and its sub-projects CNCF and OCI

Services for projects Linus Torvalds and Greg Kroah-Hartman

Chris’s Cloud Native predictions for 2021

Developer experience: Gitpod, GitHub Codespaces or Google Cloud Shell Wasm in Envoy Wasi, the WebAssembly Systems Interface

Chris Aniszcyzk on Twitter and on the web

Canada Revenue Agency on Twitter

Thomas Graf is the inventor of Cilium and the co-founder of Isovalent. Cilium is a container networking plugin built on top of eBPF, bringing modern SDN technologies to accelerate your pods. Adam and Craig also discuss the many uses of Christmas trees.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Christmas trees: Keep clear (mostly) Culinary uses Discussed in episodes 104 and 111 News of the week Google grants $3m to the CNCF to run the Kubernetes infrastructure AWS Managed Grafana and Prometheus In partnership with Grafana Labs Red Hat acquires Stackrox Windows Containers GA in OpenShift 4.6 CNCF Annual Report KubeCon NA 2020 Transparency Report Rancher announces Harvester I’ll give you the key Kubernetes 1.20 feature deep-dives: Pod impersonation an short-lived volumes Third-party device metrics GA More granular control of storage permission Sonobuoy goes beyond conformance Project Contour security audit Pulse: stats from Envoy Mobile Crossplane 1.0 Project Karavi from Dell Technologies Cluster API provider for Microsoft Azure Vitess project journey report Tanzu Gemfire Kubernetes Security Essentials from the CNCF Links from the interview Chains and tables Berkeley Packet Filter eBPF Episode 91: eBPF and Falco, with Leonard Di Donato High level languages for kernel developers eBPF Summit 2020 Cilium Is it DNS? Is it a series of tubes? BGP Hubble Accelerating Envoy and Istio with Cilium Episode 128: Antrea, with Antonin Bas Bringing Cilium to GKE with Dataplane v2 Maglev load balancing connection scheduling Isovalent Notes on A16Z’s investment Thomas Graf on Twitter

Akri is a recent open source project launched by Microsoft to manage edge devices. Kate Goldenring is a software engineer in Microsoft’s Edge OS team and an Akri maintainer. She joins our final show of 2020 to talk about how to use Kubernetes to manage devices that can’t run Kubernetes.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Reventure Kurstin X Grohl Puppy for Hanukkah (and story of) Adam Sandler’s Hanukkah Song News of the week Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs Docker Enterprise is now Mirantis Kubernetes Engine Mirantis OpenStack for Kubernetes Lens 4.0 released CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs Volume Snapshot moves to GA in Kubernetes 1.20 Weaveworks takes $36.65M in Series C Trilio takes $15M Anthos for Telecom puts Google partners apps on the edge CircleCI Server 3.0 State of Software Delivery report New Microsoft AKS features Flink 1.12 Cross-region replication in AWS ECR Links from the interview Professor Kris Jordan Edge Computing Edge, computing Internet of Things Akri Announcement blog post MCU (Microcontroller unit) Discovery protocols ONVIF (Open Network Video Interface Forum) udev Zeroconf OPC UA TEE (Trusted Execution Environment) DevicePlugin API and deallocate #akri on Slack Akri on GitHub Proposals Moose Protocol Kate Goldrenring on Twitter

The final ? and raddest ? Kubernetes release of 2020 is 1.20. This week, Craig and Adam talk to its release team lead, Jeremy Rickard from VMware. Jeremy talks about migrating to newer Kubernetes versions, sooner or later; what was added, what was deprecated, and what that really means; and what happens when you Google your own nane.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Ready Player Two News of the week Kubernetes 1.20: Release Don’t panic about Docker Dockershim deprecation FAQ Mirantis will support the Dockershim etcd graduates in the CNCF Episode 95, with Xiang Li CNCF launchese Cloud Native Security Whitepaper Istio 1.8 Kuma 1.0 Linkerd doesn’t use Envoy AWS re:Invent: ECS Anywhere EKS Distro and EKS Anywhere EKS add-ons, console and spot instance support Lambda containers AWS Proton ECR Public Registry Anthos on bare metal is now GA IBM acquires Instana Opstrace public launch Weaveworks Kubernetes Platform (WKP) 2.4 Spectro Cloud anywhere Improving the Kubernetes API docs by Phillipe Martin Participate in the Chinese Cloud Native survey How David Anderson would reboot Kubernetes Episode 32, with David Anderson Links from the interview Episode 61, with Jeremy Rickard and Ralph Squillace Porter Jeremy’s beard Release team for 1.20 1.12, 1.17, 1.18 and 1.19 Enhancements sub-project The Raddest Release Enhancements sheet #1769: NUMA memory manager Up or out: the deprecation clock starts for Alpha/Beta features #1985: Dockershim deprecation KEP Kat Cosgrove’s Twitter thread Stephen Augustus’s issue in kubernetes/community Sitting this release out: Sidecar containers Not in 1.20: Distroless images 1.21 lead: Nabarun Pal Kubernetes on an F-16 jet Other Rickards: Matt Rickard (our guest on episode 6) Jeremy Rickard the mathematician Jeremy Rickard on Twitter

Join us for all the news from KubeCon NA 2020, and a conversation with conference co-chair Stephen Augustus. Stephen is a Senior Open Source Engineer on the VMware Tanzu team, a chair of Kubernetes' SIG Release, and a leader in many other parts of the project, past and present.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The k?k?p? wins Bird of the Year We’re off for 2 weeks. See you on December 8! News of the week Cisco acquires Banzai Cloud CNCF announces Cloud Native Survey 2020 results Red Hat: New edge features, industrial AI/ML blueprint and AWS launch CNCF End User Tech Radar for storage New End User benefits Envoy Mobile joins the CNCF New sandbox projects cert-manager cdk8s Kyverno OpenKruise Pravega SchemaHero Tinkerbell k8ssandra from Datastax Episode 98 with Sam Ramji k0s from Mirantis Solo.io announces Gloo Mesh Enterprise and rebrands products Episode 55, with Idit Levine Pinniped Shipa launches Ketch Kinvolk launches Headlamp The SPIFFE book “Solving The Bottom Turtle” Episode 45, with Andrew Jessup Anthos Developer Sandbox GKE ingress features Ambassador Labs takes in $18m and launches v1.9 Tanzu SQL: Postgres on Kubernetes Lightning round: Accurics extends Terrascan AWS adds containers to Lightsail Arrikto takes $10m in funding Brobridge releases Gravity CircleCI runner is GA Cloud66 for agencies and multiple database support Cloudflare Origin CA cert-manager plugin Cloudical Vanillastack Cloudify version 5.1 Codefresh launches GitOps 2.0 features Commvault backup-as-a-service Diamanti Spektra 3.1 and customer portal Dynatrace PurePath 4 Elastisys Compliant Kubernetes The Fairwinds Kubernetes Maturity Model Garden takes “seed” funding Gremlin adds soundproofing Humio Operator Instana adds observability tools on Kubernetes Intuit runs TurboTax on Kubernetes Kioxia announces a new storage offering Kubecost adds features for monitoring outside a cluster KubeMQ adds automatic network creation Kubermatic updates KubeOne to v1.1 Kubernative SINA Kublr 1.19 Lablup announced Backend.ai 20.09 RC Magalix launches KubeAdvisor 2.0 Mayadata launches Kubera Propel and Kubera Chaos Mirantis adds extensions to Lens Puppet Labs adds Relay to Puppet Enterprise Reblaze announces Curiefense to add WAF to Envoy Replicates wants to help you Troubleshoot Styra adds new editions to DAS Sysdig introduces Kubernetes-native network security (ZTNSK) and partners with IBM Cloud TrilioVault for Kubernetes v2.0 Zerto for Kubernetes Google Open Source Live Kubernetes Links from the interview KubeCon NA 2020 Episode 117, with Constance Caramanolis CNCF Twitch SIG Friday: ping Stephen for the current link Slack CNCF Slack Kubernetes Slack Hallway Track Kubernetes Podcast chat CoreOS CoreOS Tectonic CoreOS acquired by Red Hat Tectonic on Azure SIG Azure SIG Release SIG PM (retired) Kubernetes Enhancement Process Receipts process KEP Sidecar containers - KEP closed! Production readiness review Episode 10, with Josh Berkus and Tim Pepper Release managers Black Lives Matter announcement banner Better announcements Kubernetes Naming working group Inclusive Naming project Dan Kohn memorial Stephen Augustus on Twitter and on the web

Thomas Rampelberg is a software engineer with Buoyant, creators of Linkerd, and a core maintainer of that project. He is also a co-author of the Service Mesh Interface and co-creator of DC/OS. He joins Craig and Adam to talk about the two former, and pour one out for the latter.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The BBC on Sean Connery Noreen Malone on Alex Trebek Celebrity Jeopardy! highlights from Saturday Night Live Doomscrolling Potion Explosion: analog, or digital (Steam, Android, iOS) KerPlunk!: analog only News of the week Linkerd 2.9 AWS’s response to Dockerhub: a new service IBM adds Code Risk Analysis to Cloud CD Helm chart deprecation Episode 11, with Vic Iglesias CyberArk looks at threats to Kubernetes Links from the interview D2iQ retires DC/OS Kubernetes on Mesos in 2015 The monolith Buoyant Linkerd Finagle kube-proxy before iptables Conduit: a new mesh without the JVM, which became Linkerd 2 Linkerd 2-proxy: Under the hood of the Linkerd proxy Rust tokio runtnime and hyper HTTP libraries Heartbleed CNCF audit Architecting for Multicluster Kubernetes blog post Linkerd 2.9 Service Topology Gas station bathrooms Service Mesh Interface (SMI) NGINX Service Mesh Flagger Kiali Spec Istio WebAssembly support Kubernetes is a domain-specific database Tilt and Okteto Burning Man Thomas Rampelberg on Twitter

For pods to talk to each other in Kubernetes, you need a virtual network. Antonin Bas is a staff engineer at VMware and a maintainer of Project Antrea; a CNI plugin which provides such a network. He talks to Adam and Craig about encapsulation, virtualisation, and 10,000 year old Finnish artifacts.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Over the top Halloween light show Bird of the Year Click here to take the Audience Survey: thank you for helping us make a better show for you! News of the week An update on D2IQ’s support of Mesos Docker’s plan for Year 2 Google Cloud mitigates the impact of Docker’s Year 1 changes Quay and Harbor also KubeLinter from StackRox GitHub Hashicorp Nomad 1.0 Beta Vitess 8 GA gRPC in the real world: Container Runtime Interface by Bob Reselman RIP Dan Kohn Links from the interview Visual Basic Professor Nick McKeown, co-founder of Nicira Barefoot Networks P4, in the Open Networking Foundation Software-defined networking Virtual networking VLAN VXLAN The Kubernetes network model Network plugins: Flannel Weave Net Calico Cilium kubenet Antrea The Antrea Net Antrea, Finland; now Kamennogorsk, Russia Container Network Interface (CNI) veth pairs Open vSwitch (OVS) NodeIPAM Controller CNI plugin chaining Installing Antrea with other CNI plugins Antrea features: Network policy IPSEC between nodes Antrea on GitHub Antonin Bas on Twitter and GitHub

David Pait was a touring musician in pop punk band Sparks The Rescue. Now, he’s an SRE working on Kubernetes at an ad-tech company. How did he get there? And if you’re looking to change careers, how might you? Craig and Adam dig in.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Steam Digital Tabletop Fest Microsoft Surface (since renamed PixelSense) Similo Guess Who? Click here to take the Audience Survey: thank you for helping us make a better show for you! News of the week Cloud Foundry Doubles Down on Kubernetes cf-for-k8s 1.0 Ecosystem updates Episode 105, with Chip Childers Akri, from Microsoft kube-secret-syncer from Contentful Grafana Tempo OpenTelemetry Tracing Spec RC by Morgan McLean AWS Distro for OpenTelemetry AWS Load Balancer Controller Nydus container image service Robin.io Express, free for life Verizon Business adds Kubernetes which is powered by Rafay Links from the interview Netsertive Sparks the Rescue Vans Warped tour David on stage Munki for Mac software deployment A considered purchase Google’s SRE books eksctl Velero, fka Heptio Ark Fixing reuse-values in Helm Go listen to Hot Mulligan Or Taylor Swift, totally up to you David Pait on Twitter

Bob Killen is co-chair of Kubernetes' SIG Contributor Experience and was last week elected to the project’s Steering Committee. He worked in academia for 15 years, latterly working on research projects using Kubernetes, with a focus on computer security. He’s now made the leap to working on Cloud Native full time at Google. Bob joins us to explain why Kubernetes twitter is occasionally full of cartoon geese.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Relive New Zealand’s General Election coverage - 57% of the electorate voted early! tl:dr; Jacinda won by a lot One NZ electorate had a 421 vote lead on the night Ballot box in Washington State Click here to take the Audience Survey: thank you for helping us make a better show for you! News of the week VMware Tanzu Kubernetes Grid 1.2 is GA Red Hat integrates Ansible and OpenShift Changes to the KubeCon EU Episode 107, with Priyanka Sharma Cloud Native in China survey results Introducing HA MicroK8s Episode 60, with Mark Shuttleworth Helm turns 5 Episode 102, with Mark Butcher Google Cloud Code adds support for 400+ CRDs A holiday gift from AKS Links from the interview University of Michigan Little Bobby Tables Another Bobby Tables! 2600 Beige boxes Red boxes Steve Jobs, Steve Wozniak and the Blue Box Jeff Sica ARC-TS: Advanced Research Computing ? Technology Services Great Lakes, the UMich HPC cluster Kubernetes the New Research Platform - Lindsey Tulloch, Brock University & Bob Killen, University of Michigan kube-batch Volcano Orchestructure meet-up and Mario Loria SIG Contributor Experience Episode 74, with Jorge Castro Episode 100 with Paris Pittman Kubernetes Steering Committee 2020 Election Election results Travel support program HONK Untitled Goose Game /honk Ian Coldwater’s goose-themed talk from KubeCon NA 2019 honk.ci Announcement GitHub repo Challenges Walkthrough KubeCon NA events: SIG Honk AMA: Ian Coldwater, Duffie Cooley, Brad Geesaman, Rory McCune Having Cloud Native Fun with HonkCTL: Jeff Sica SIG Beard: see episode 46, with Aaron Crickenberger Bob Killen on Twitter

Ramiro Berrelleza is CEO and co-founder of Okteto, a company making developer tools which simplify development on Kubernetes. He joins Adam and Craig to discuss how the open source project and company came about, going through Y Combinator, and the best filling for a Mission burrito.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Hash browns Corn fritters Survey Click here to take the Audience Survey. Thank you for helping us make a better show for you! News of the week Rook graduates Episode 36 with Jared Watts Wasm is upstreamed in Envoy Helm moves to Artifact Hub DigitalOcean introduces DOAP and Apurva Joshi describes its stack IBM breaks itself in two Kubernetes Steering Committee election results OpenTelemetry Governance Committee election starting Introducing PipeCD by Le Van Nghia Anchore DevSecOps toolkit Rancher 2.5 Red Hat slashes OpenShift prices Kubernetes tested on U2 Dragon Lady aircraft Minecraft as a Kubernetes tool by Eric Jadi Links from the interview Okteto Excitebike Elasticbox, acquired by CenturyLink Y Combinator Okteto at YC W19 demo day Okteto on GitHub The name: Octeto: “byte” in Spanish Cindy Lopez Cindy Lauper El Farolito: cow tongue and Carne Asada Ramiro Berrelleza on Twitter Okteto on Twitter

When your infrastructure is effectively infinite, you may have to keep an eye on your credit card. Webb Brown started a project that does exactly that - Kubecost, which aims to reduce spend and prevent resource-based outages. He talks to Craig and Adam about the project and the company behind it.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Kiwis abroad: please meddle in the election Clarke Gayford tweet Killer Queen Black Killer Queen News of the week VMworld announcements Bryan Liles' promotion Episode 54, with Bryan Liles Pixie Labs TechCrunch coverage Cicada, by Jeremy Herzog Announcing Java support for cdk8s Good: Envoy on Windows Not so good: Envoy CVE-2020-25017 Kubenav 3.0.0 announced Cisco acquires Portshift Veeam acquires Kasten Solo.io acquires $23m Episode 55, with Idit Levine Links from the interview Kubecost Kubecost blog Cluster turndown Cost model Spot instances (AWS) and preemptible VMs (Google Cloud) DeepMind AI Reduces Google Data Centre Cooling Bill by 40% Managing your costs on Kubernetes by Karl Stoney at Autotrader Episode 52, with Russell Warman and Karl Stoney FinOps and the FinOps Foundation Shifting left Stackwatch Glacier National Park and Going-to-the-Sun Road Webb Brown on Twitter

Kubernetes makes it easy to run distributed workloads, but how do you make sure that replicas don’t conflict with one another? You elect one as the leader. Mike Danese, chair and TL of Kubernetes SIG Auth, joins a vegan and a carnivore to explain how Kubernetes implements leader election.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week What is a staycation? What is steak? Beefsteak, vegetarian/vegan restaurant Nachos News of the week Chaos Mesh 1.0 Azure news: AKS comes to Azure Stack HCI (Preview) AKS adds stopping/restarting clusters, Kubernetes 1.19, confidential compute nodes (Preview) Bridge to Kubernetes is GA Istio Steering Committee election results OpenServiceMesh joins the CNCF Sandbox Odo 2.0.0 GA Odo from Deep Space 9 Determined AI on Kubernetes Cloud Run for Anthos adds events KubeAcademy Pro from VMware KubeCon EU 2020 transparency report Scholarships for KubeCon NA 2020 are open for application Links from the interview Wet labs and dry labs Threads What is the difference between processes and threads? Mutex or lock What is a mutex? Critical section Compare-and-swap Gas station bathroom keys Futex Lock server: Chubby etcd Optimistic concurrency Resource versions Regional clusters in GKE Leader election Leader election client in Kubernetes' client-go An example of using it by Carlos Becker The new Lease API Paxos and Raft Deadlock Split brain Mike Danese on Twitter and GitHub

Torkel Ödegaard is the creator and project lead of Grafana, and co-founder of Grafana Labs. Learn how Torkel went from modding video games to building a data visualization platform, and co-founding a company that is now offering a complete monitoring service built on Prometheus.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week On The Basis Of Sex RBG Star Trek: Picard News of the week CVE-2020-14386 gVisor: Containing a real vulnerability by Fabricio Voznika Announcing IBM Cloud Code Engine Docker Enterprise Container Cloud Mirantis rethinks Docker Swarm vs Kubernetes by Beth Pariseau Episode 110, with Adrian Ionel KubeEdge approved as CNCF incubating project kubeapply and Kubernetes configuration at Segment Introducing Grafana Metrics Enterprise Pure Storage to acquire Portworx Portworx acquired by Pure Storage Ionir exits stealth and promises instant data mobility NetApp Cloud Volumes Service powered by GKE AKS adds CSI driver for Files and Disks Red Hat OpenShift Container Storage 4.5 VMware Tanzu: Announcing vSphere with Tanzu One of four new editions vSAN Data Persistence Platform Mission Control expands policy management capabilities SentinelOne announce automated applicaiton control for containers 16 CNCF interns graduate from Google Summer of Code Building operators for cluster add-ons by Somtochi Onyekwere CFPs open for ServiceMeshCon and Cloud Native Security Day North America A Year of Kubernetes at GitLab Episode 89, with Marin Jankovski Links from the interview The 2001 dot-com crash Rocket Arena mod for Quake 3 Extreme ironing Tradera IT contracting The Mythical Man Month Graphite Kibana Grafana GitHub The history of Grafana UX Grafana Labs Team Kausal Cortex Loki Crystal Reports Interesting use cases: Beehive monitor Hospital queue visualisation Monitoring Art plugin A $50m Series B funding round Grafana Metrics Enterprise Recommended reading: Chasm City by Alastair Reynolds Torkel Ödegaard on Twitter

Ed Huang is co-founder and CTO of PingCAP, creators of the TiDB distributed database and the TiKV key value store. Ed worked on clustering Redis while at Wandou Labs, creating and open-sourcing a tool called Codis. Deciding to focus on this space, he created TiDB and then TiKV, and founded PingCAP. He shares the story behind the projects, bridging the gap between China and the West with open source, and his Desert Island Disc.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Sippee cup Tippee cup Coffee cup News of the week Lens 3.6.0 Security groups for Pods on AWS EKS CNCF End User Technology Radar for Observability Kotary by CA-GIP OnePanel and its docs WebAssembly OCI spec Episode 55, with Idit Levine Red Hat Marketplace by IBM Stackrox lands $25m in funding Introducing Nutanix Platform Services by Amit Jain Confidential Computing on GCP and GKE New Serverless training course by Alex Ellis Episode 116, with Alex Ellis Jetstack CNI migration notes by Josh Van Leeuwen Links from the interview Wandou Labs Codis clustering for Redis twemproxy Spanner and F1 papers from Google Research TiDB TiKV PingCAP CAP theorem Local Persistent Volumes in Kubernetes and beta launch blog explaining it TiKV’s CNCF journey: Sandbox Incubation PingCAP’s $50m funding round Graduation Chaos Mesh Wasm and Wasmer Dark Side of the Moon Ed Huang on Twitter

Melanie Cebula is a staff engineer at Airbnb, where she has built a scalable modern architecture on top of cloud native technologies. She regularly shares her knowledge in presentations focusing on cloud efficiency and usability, and today shares the story of Airbnb’s Kubernetes migration with hosts Adam and Craig.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Dr Horrible’s Sing-Along Blog River Otter River otter News of the week Five days of Kubernetes 1.19: Structured logs API server warning messages EndpointSlices Storage capacity tracking 1 year support TiKV graduates from CNCF incubation cert-manager 1.0 Episode 75, with James Munnelly Tanzu Build Service is GA State of Spring report AWS Bottlerocket is GA on EKS Kalm (keep Kalm and karry on) Developer thread on Reddit CRAFT from Salesforce (and its GitHub repo) Introducing Kubernetes CSI sidecar containers from HPE by long-time listener Michael “Data” Mattsson KubeCon EU Virtual YouTube playlist CNCF to provide another round of CommunityBridge mentorships Faster services: no CPU limits by Eric Khun Hacker News thread How GoJek upgrades Kubernetes on GKE by Tasdik Rahman Links from the interview Melanie Cebula Our second classically trained musician guest Early Airbnb architecture Charon Programming by toggling switches Smartstack Horizontal Pod Autoscaling: minReplicas Melanie’s talks: FutureStack 17: From Monolith to Microservices KubeCon NA 2018 keynote: Developing at Scale KubeCon NA 2019: 10 Weird Ways to Blow Up Your Kubernetes Melanie Cebula on Twitter

Keptn, a control plane for continuous delivery, came out of the need to install Dynatrace’s software at their customer’s environments. Alois Reitbauer is Chief Technical Strategist at Dynatrace, reponsible for open source, and a co-chair of the CNCF App Delivery SIG. He talks to your hosts about Keptn, observability after deployment, and how owning a 40 year old sports car is more “curation” than “operation”.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Loved: Thinking, Fast and Slow Unloved: a pile of Sex and the City News of the week Anthos Attached Clusters New Anthos pricing GKE on The Keyword Cloudian introduces operator Canonical introduces Kubernetes 1.19 Portainer CE 2.0 Kuberntes client comparison by Yolan Vloeberghs and Pieter Vincken Distributed tracing overview by Jonathan Gold Links from the interview Dynatrace OpenTelemetry OpenMetrics Keptn What it is, how it works, and how to get started Blogs by Alois: Micro operations ? A new operations model for the micro services age How your delivery pipeline will become your next big legacy-code challenge Related CI/CD tools: Spinnaker Jenkins Argo Flux GitLab CD Foundation SIG Interoperability CNCF SIG App Delivery Alois’s car marque of choice Alois Reitbauer on Twitter

Taylor Dolezal is a senior Developer Advocate at Hashicorp and the Kubernetes 1.19 release lead. His desire to give talks and join the CNCF Ambassadors led him to the release team and to his new job. He talks to Adam and Craig about how a TI-83 calculator started him on the path.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The Moon Disaster deepfake Mayfield Lavender Farm News of the week Kubernetes 1.19 release - deferred 24 hours Istio 1.7 release! New Istio Steering Committee charter k3s to join the CNCF Sandbox New networking features in GKE Anthos announcements from Google Cloud Next Google Cloud Code updates Serverless Framework Knative component VMware vRealize Operations 8.2 Moving forward from Beta in Kubernetes Palinurus, from Mailchannels What’s new in Falco 0.25 AWS Controllers for Kubernetes GCP Config Connector Carvel Operator SDK reaches 1.0 Thanos and Cortex are both incubating in the CNCF The Kubernetes Handbook by Farhan Hasin Chowdhury Links from the interview TI-83 Plus Silver Edition Walt Disney Studios “Deployed my blog on Kubernetes” Hashicorp Terraform CNCF Ambassador 1.14 release team 1.18 release team Episode 96, with Jorge Alarcon 1.19 enhancement sheet Ingress goes stable 12 month release support cycle Lauri Apple, PgM for SIG Release Sidecar containers.. still Jeremy Rickard is 1.20 release team lead Episode 61 with Jeremy Rickard and Ralph Squillace Nomad, from Hashicorp Hashicorp joins the CNCF CNCF Cape, as modeled by Lachie Evenson Reading list: Working in Public: The Making and Maintenance of Open Source Software by Nadia Eghbal An Elegant Puzzle: Systems of Engineering Management by Will Larsen The Art of Doing Science and Engineering by Richard Hamming Defending Jacob Taylor Dolezal on Twitter

Constance Caramanolis is the co-chair of this week’s virtual KubeCon EU, and a principal software engineer at Splunk. Her introduction to Cloud Native came as an Envoy maintainer working at Lyft; she talks to Craig and Adam about communication: techmical, programmatic, in-person and online. We also summarise all the news from KubeCon.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week KubeCon EU #kubernetes-podcast on CNCF Slack Get an invite to Slack Hamilton (musical) Watch on Disney Plus News of the week Red Hat OpenShift Virtualization is GA Red Hat news summary from SiliconAngle 5 years of Google Kubernetes Engine Announcement post from 2015 GKE Dataplane v2 Docker changes registry pricing and retention Hacker News commentary IBM introduced POWER10 Introducing hierarchical namespaces by Adrian Ludwin OpenEBS 2.0.0 containerd 1.4.0 VMware Tanzu Mission Control integrates VMware Tanzu Observability by Wavefront Mirantis acquires Lens Episode 110, with Adrian Ionel Pulumi adds new Kubernetes features Links from the interview Envoy Omnition, acquired by Splunk Splunk acquires Omnition OpenTelemetry Collector Constance’s talks: KubeCon NA 2018: Envoy Intro (with Matt Klein) Velocity 2018: Leveraging Envoy when responding to high-severity incidents SYN-ACK Constance’s KubeCon EU keynote The Five Whys KubeCon EU agenda KubeCon NA 2019 puppies Corgis Invite a llama Episode 80, with Vicki Cheung Greek food: Galaktoboureko Loukoumades Stroopwafels Poutine Constance Caramanolis on Twitter

Alex Ellis created serverless framework OpenFaaS while working a day job. It’s used by some big companies, but he’s resisted the temptation to join one. Instead, he’s offering consulting and seeking sponsorships, building a business from the ground up. He explains the pros and cons of independence to Craig and Adam.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Microsoft launches OpenServiceMesh Including a bit from Linkerd Kong releases Kong Mesh Tanzu Application Service 2.10, formerly known as Pivotal Cloud Foundry KubeCarrier Cube carrier Episode 109, with Sebastian Scheele Nestybox releaases Sysbox (GitHub) Palo Alto Networks discloses and fixes fault in KataContainers JenkinsX plugin for Octant Backyards gets FIPS compliant StarlingX 4.0 New AKS features etcd security audit Episode 95, with Xiang Li New Code of Conduct Committee Members Links from the interview Alex Ellis ADP Payroll Docker Captains program Lord Birt Lord Ernie DockerCon 2016 Ben Firshman funker funker-dispatch by Alex Ellis FaaS OpenFaaS Moby’s Cool Hacks - closing keynote Joining VMware to work on OpenFaaS VMware blog VMware Dispatch Acquisition of Heptio VEBA Leaving VMware and Alex going out on his own OpenFaaS Ltd Alex’s 2020 mission The world’s first managed k3s service First year accounts and end-of-year party Inlets Inlets PRO k3sup Brown sauce Arkade 5 years of Raspberry Pi and robots Insiders Subscription Treasure Trove archive The Five Pressures of Leadership in OSS A bit of Istio before tea-time Cards Against Containers for Black Girls Code Alex Ellis on Twitter

Since we last spoke about Minikube 18 months ago, the project has gone 1.0, and made large performance and usability improvements. Thomas Strömberg is the manager of the Container DevEx team at Google and a maintainer of Minikube. He talks to Craig and Adam about why system administrators are the best code reviewers, the importance of surveying users, and building bikes made of bamboo.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Baking hot Baking: Mary Berry’s Banana Loaf Caramel Slice Washington State Voters Guide Lord Buckethead Monty Python’s Election Night Special News of the week OpenSSF launched Nova from Fairwinds: monitor Helm charts for new releases Lifebelt by Gustav Westling Chaos Mesh joins the CNCF Sandbox As does the Serverless Workflow spec Announcing Vitess 7 Spinnaker Operator is GA AKS 2020-07-27 release GKE r25 Server side encryption for ECR Project report: Jaeger Episode 97 with Yuri Shkuro How Dropbox migrated from NGINX to Envoy by Alexey Ivanov and Oleg Guba Links from the interview Thomas Strömberg Minikube Episode 39, with Dan Lorenc DiRT: Disaster Recovery Testing Wheel of Misfortune Timex Sinclair ZX81 Bringing Minikube to the next Billion Users: Thomas’s talk at KubeCon China 2019 The mini Minikube Survey Other similar tools: Microk8s k3d kind Knoppix Pausing Minikube Running multiple nodes Triage Party Slow Jam Space Jam Bamboo bicycles A finished example A work in progress Thomas Strömberg on Twitter

We finally scheduled some time to talk to David Oppenheimer. David, a software engininer at Google, has been working on scheduling there since 2007, including on both Borg and Omega. That experience naturally led to him working on the Kubernetes scheduler, as well as starting SIG Scheduling.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Last week’s discussion about ice cream pies Vegemite ice cream, and a friendly reminder that New Zealand is not Australia Mutton ice cream is not a thing A bear in the kiddie pool News of the week Google Traffic Director supports proxyless gRPC New Relic open sources its agents Lyft drops the Clutch Conftest joins the Open Policy Agent project Emissary, from GitHub VS Code Docker extension can now run containers in Azure Container Instances Debugging Incidents in Google’s Distributed Systems by Beth Cooper and Charisma Chan Hashicorp Consul Service on Azure is GA Gloo Federation for gloo’ing your Gloos together with gloo The AWS EKS CIS ben chm ark Changes to Aqua Wave and Aqua Enterprise Snyk’s developer-first prioritization capabilities Carbonetes launch PR Prevasio launch PR DOMA: domain-oriented microservices architecture at Uber by Adam Gluck Links from the interview Papers co-written by David: Large-scale cluster management at Google with Borg Borg, Omega and Kubernetes SIG Scheduling WG Multi-Tenancy App Engine Interviews with David’s colleagues on Borg and Omega: Episode 22, with Dawn Chen Episode 43, with Brian Grant Episode 111, with Wojciech Tyczynski Omega features: The Omlet Pod disruption budgets Taints and Tolerations Optimistic concurrency control Scheduler features Predicates and priorities Labels and selectors Node affinity and anti-affinity Pod affinity and anti-affinity Pod priority and preemption Disruption budgets Taints and tolerations Two level scheduling Mesos optimistic offers Kubernetes scheduler in Bash Firmament and integration in Kubernetes via Poseidon Configuration tools kpt kustomize David Oppenheimer on Twitter

Released on the same day as Kubernetes, cadvisor is a container monitoring daemon that collects metrics and serves them to monitoring tools. It’s built into the Kubelet, and underpins many components in Kubernetes, such as eviction and autoscaling. David Ashpole of Google Cloud is TL of Kubernetes SIG Instrumentation, and the maintainer of cadvisor; he joins Adam and Craig this week to explain where instrumentation fits in the stack, and what you should do as a Kubernetes maintainer vs. a cluster administrator.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week In Craig’s neighbourhood: Books More books Some less popular items Masks Archie the Mammoth National Ice Cream Day Carmel Caramel News of the week GKE Ingress features: BackendConfig CRD Cloud CDN Backend service timeout Connection draining timeout HTTP access logging Identity-Aware Proxy (IAP) Session affinity User-defined request headers Cloud Armor security policies (Beta) FrontendConfig CRD (Beta) Custom GCLB health checks (Beta) SSL policies (Beta) Exposing services on GKE OpenShift 4.5 OKD4 Spring Cloud Data Flow for Kubernetes from VMware; part of the Spring Runtime package k8spin.cloud is closing and making their code open source Review of k8spin from launch Custom Pod Autoscaler (and docs) by Jamie Thompson Envoy 1.15 round-up from Tetrate; release notes from the team Fluent Bit 1.5 summary at the CNCF k3d v3.0 and new web site Best practices for creating a highly available GKE cluster Recommended alerts for AKS Ingress support added to AWS App Mesh Platform9 adds new apps to their Managed Kubernetes Service Episode 88, with Madhura Maskasky CVE-2020-8557: Node disk DOS by writing to container /etc/hosts CVE-2020-8559: Privilege escalation from compromised node to cluster Alcide write-up Threat Alert: Attacker Building Malicious Images Directly on Your Host from Aqua Security Certified Kubernetes Security Specialist (CKS) coming in November Sign up for a free pass to Virtual KubeCon EU keynotes Diving Into Istio 1.6 Certificate Rotation by Christian Posta Links from the interview SIG Instrumentation inodes Eviction on inodes cgroups cadvisor Launched on the same day as Kubernetes Monitoring metrics with Prometheus Victor Marmol and Vish Kannan Episode 22, with Dawn Chen CRI Resource metrics pipeline Heapster Metrics Server kube-state-metrics Managing Your Costs on Kubernetes by Karl Stoney from Autotrader Episode 52, with Russell Warman and Karl Stoney Metrics Stability Framework Structured logging Distributed tracing in Kubernetes Node out of memory eviction Pod priority David Ashpole on Twitter

An open source license grants rights on copyright and patents, but not trademarks. Chris DiBona has some ideas on how to address that. He has spent his career in open source, including over 15 years running Google’s Open Source Programs Office, and is one of the directors of the new Open Usage Commons. It launched last week with three projects - Angular, Gerrit and Istio - transferring their trademarks. Chris joins Adam and Craig to talk about Google’s work in open source, and why a new organisation is needed.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Software defined radio POGSAG The fuzz Talking to the International Space Station Breaker breaker News of the week SUSE to acquire Rancher Episode 57, with Darren Shepherd Open Usage Commons: OUC Board announcement Google announcement Istio blog post IBM opinion Governance updates Operator Framework and Contour accepted into the CNCF BigQuery Omni Kubernetes has caught up with YARN according to Datamechanics Kubernetes networking: why is this so dang hard? by Tim Hockin Episode 41 Announcing Kustomize support for Pulumi Cinderella clusters from Soluble Google’s Anthos comes to HPE Greenlake AWS: AWS partners with Docker Docker partners with AWS AWS Copilot for ECS cdk8s-plus AKS adds console RBAC and policy integration Kublr adds in-place upgrades and external clusters D2iQ want to teach you Links from the interview Chris DiBona VA Linux San Mehat Google Search Appliance Maintainer of Git Author of Git Ping pong balls on a bus AMP joined OpenJS Foundation and has now graduated WASM became a W3C standard Google Summer of Code Melange Open Usage Commons Apache Software License v2 and GPL v3 Open Source Definition Angular, Gerrit and Istio OUC board members Debian Free Software Guidelines Google Contributor License Agreement Apache Contributor License Agreement Developer Certificate of Origin Istio governance: Steering Committee and TOC Silicon Valley Chris’s IMDB page Palo Alto fiber ring (and today) Chris DiBona on Twitter Open Source at Google

Before Kubernetes was launched, it could have at most 25 nodes in a cluster. At 1.0, the target was 100. Meanwhile, Borg, Omega and Mesos were all running away at 10,000. What did it take to get Kubernetes to this number, and above? SIG Scalability and GKE Tech Lead Wojciech Tyczynski tells us.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Follow-up: Chairs, from Episode 107 Christmas trees, from Episode 104 Kids music The duck song The duck joke Autotune the News The duck song goes viral on TikTok Walmart Yodeling Kid News of the week KubeCon US goes virtual PromCon schedule AWS App2Container Episode 48, with Issy Ben-Shaul GKE brings Node Local DNS cache to GA Episode 106, with John Belamaric Update kernel and Kubelet config on GKE nodes AKS brings 1.17 to GA; adds containerd and priority placement group support Diamanti Spektra 3.0 Kubernetes WG Naming Introducing Cloud Native Community Groups Updated CNCF Storage whitepaper Presslabs moves to Kubernetes Presslabs Stack and WordPress Operator Links from the interview Omega Episode 43, with Brian Grant Defining scalability Original SLOs API-responsiveness: 99% of all our API calls return in less than 1 second Pod startup time: 99% of pods (with pre-pulled images) start within 5 seconds Target SLO doc - 25 nodes Borg - ~10,000 nodes Sep 2015, Kubernetes 1.0 - 100 nodes “Kubernetes Has A Ways To Go To Scale Like Google, Mesos” by Timothy Prickett Morgan March 2016, Kubernetes 1.2 - 1,000 nodes July 2016, Kubernetes 1.3 - 2,000 nodes Work by Clayton Coleman, guest of Episode 85 March 2017, Kubernetes 1.6 - 5000 nodes etcd v3 improvements for web scale Scalability Envelope Today’s scalability numbers EndpointSlices Episode 104, with Bowei Du JD.com’s 10,000 node clusters Alibaba’s 10,000 node clusters Episode 95, with Xiang Li Google’s 15,000 node GKE clusters Twitter session at the upcoming Google Cloud Next by Reza Motamedi and Maciek Ró?acki Poseidon and Firmament Wojciech Tyczynski: GitHub LinkedIn

Over the past 20 years, Mirantis has grown from an outsourcing company for semiconductor engineers to a product company that is the new home of Docker Enterprise. Past and present CEO and “co-founder” Adrian Ionel oversaw Mirantis’s adoption of OpenStack and purchase of Docker’s enterprise business, and he joins the show to discuss them both.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Hello Kitty, not a cat The Toys That Made Us Istanbul Not Constantinople News of the week New CNCF projects: Announcement The Future of Sandbox Sandbox project list KUDO Episode 78, with Gerred Dillon Crossplane CNI-Genie Keptn Cloud Custodian Dex Litmus Episode 56, with Evan Powell ArtifactHub Kuma Parsec BFE jFrog ChartCenter KubeCon “EU” schedule Gloo 1.4 Episode 55 with Idit Levine Frigate by Jacob Tomlinson Checkov by Bridgecrew Contour 1.6 ACI and Docker integration now public gRPC-Web for .NET now GA Episode 94, with Richard Belleville HP Ezmeral Codefresh raises $27m Links from the interview Mirantis OpenStack At Mirantis Built by NASA and Rackspace Fuel from Mirantis Adrian leaves Mirantis in 2015 Dorsal Did anyone call John Sculley? Adrian returns in 2018 Infrastructure as Code Mirantis Bring-your-own Kubernetes and Kubernetes as a Service Mirantis acquires Docker Enterprise ..and pledges to keep Docker Swarm alive Docker Enterprise Kontena closes and the team joins Mirantis Mirantis joins Airship project First release of Docker Enterprise from the merged team The Mirantis Bear Adrian Ionel on Twitter

Last week Loodse, the makers of the Kubermatic Kubernetes Platform, made that platform open source, and rebranded their company to match. Co-founder Sebastian Scheele joins us to explain how the company and platform came about, why they’ve made their changes, and what exactly a Loodse was anyway.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Docker for the new Arm Macs Tick Tock Keep Talking and Nobody Explodes Spaceteam News of the week Kubermatic 2.14 now Open Source HashiCorp Cloud Platform and new versions of Nomad, Terraform and Consul Flagger 1.0 OpenMatch 1.0 Harbor graduates at the CNCF SPIFFE and SPIRE move to incubation level CNCF post GKE goes to 15,000 nodes with Bayer Crop Science Tsunami: extensible network scanning from Google AWS App Mesh controller for Kubernetes is GA Dell announces PowerScale storage Gocker: a mini Docker written in Go by Shuveb Hussain The Kubernetes Goat by Madhu Akula Storpool and Sardina launching Kubernetes-as-a-Service Kubernetes website adopts Docsy Getting started with Oracle 18c on Kubernetes by Ron Ekins Links from the interview Kubermatic (f.k.a. Loodse) SAP HANA Julian Hansert Hamburg and Munich Kubernetes meetups ContainerDays Kubermatic Kubernetes Platform SAP Gardener Leibnitz KubeOne Loodse rebrands to Kubermatic Kubermatic Kubernetes Platform on GitHub Sebastian Scheele on Twitter

Two years ago, Sarah Wells from the Financial Times gave a KubeCon EU keynote about how the company moved from monolith to microservices, and how her Content and Metadata platform team moved to Kubernetes specifically. She joins hosts Adam and Craig to recap that migration, and what life has been like since. As Sarah has moved to a broader role in charge of all observability for The FT, she also invited Dimitar Terziev, the current platform lead for the CM team, to the conversation.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Duck eggs Green onions News of the week kube2hadoop from LinkedIn Kubera from Mayadata Episode 56, with Evan Powell Linkerd 2.8 Multi-cluster with Ambassador Consul 1.8 Intro to Istio Ingress from Banzai Cloud Cloudflow 2.0.0 Not the shoe Google internships go virtual to help Open Source Introducing the CNCF Technology Radar CNCF SIG Observability Episode 37, with Richard Hartmann Loft (and Reddit thread) Jib 2.4 announcement and Jib extensions Zerto for Kubernetes AKS 2020-06-08 adds node image upgrade and application gateway ingress controller Cloudera Data Platform for Private Clouds Cloudbees introduces DoD compliant CI, now with a CtF to deploy into an environment with an ATO, which meets DISA STIG and NIST RMF security guidelines Episode 44, with Tracy Miranda Microsoft discovers cryptojacking in Kubeflow clusters on Azure Gokul Chandra writes up Anthos Links from the interview Financial Times The pink pages Subscriber stats Coronavirus coverage The latest figures John Burn-Murdoch Added 50,000 subscribers since COVID-19 FT Crossword KubeCon EU 2018 keynote: “Switching Horses Midstream: The Challenges of Migrating 150+ Microservices to Kubernetes” by Sarah Wells Schedule Video Slides Monzo microservices graph CoreOS Fleet Innovation tokens: Choose Boring Technology by Dan McKinley Dashing from Shopify Sarah and Dimitar on Twitter

After 5 years at the helm of the CNCF, executive director Dan Kohn is stepping down to launch a new Public Health initiative. The new General Manager of the CNCF is Priyanka Sharma, who joins our show today. Priyanka tells Craig and Adam what to expect, talks about virtual events, and gives some hints on how to rename projects.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Frog Leap Studios Tubthumping (originally by Chumbawamba) Hello (originally by Adele) News of the week Rancher Longhorn is GA Fairwinds Polaris is GA AKS does new networking things Kubecost’s cluster-turndown saves you money Solo Developer Portal for Istio CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements CVE-2020-8555: Half-Blind SSRF in kube-controller-manager Write-up from “Reeverzax” and “Hach” Ambassador 1.5 released Microk8s for Windows and Mac Finding your GKE logs by Rami Shalom and Charles Baer Business continuity with Anthos CNCF Cloud Engineer Bootcamp CKA program changes Lessons learned by Noah Kantrowitz of Ridecell Links from the interview Lightstep Ben Sigelman Ben Cronin “Spoons” Dapper Monarch OpenTracing Episode 97, with Yuri Shkuro GitLab Sid Sijbrandij CNCF Charter Governing Board members Priyanka joins as GM Dan Kohn Chris Aniszczyk On 4 years at the Linux Foundation Jim Zemlin End User Community Cheryl Hung Episode 35, with Dan Kohn LF Public Health Events: Cloud Native Summit Online KubeCon EU KubeCon Boston CNCF Technical Oversight Committee Charter Members CNCF Projects Other projects: Ollie Priyanka Sharma on Twitter

In a world where pods (and IP addresses) come and go, DNS is a critical component. John Belamaric is a Senior SWE at Google, a co-chair of Kubernetes SIG Architecture, a Core Maintainer of the CoreDNS project and author of the O?Reilly Media book Learning CoreDNS: Configuring DNS for Cloud Native Environments. He joins Craig and Adam to discuss CoreDNS, the evolution of DNS in Kubernetes, and how name resolution has been made more reliable in recent releases.

Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Death of George Floyd SpaceX Crew Demo 2 launch Sunniest Spring on record in the UK A small test rocket launch in Scotland UK spaceport (proposed) New Zealand spaceport (active) News of the week Priyanka Sharma replaces Dan Kohn at the CNCF Episode 35, with Dan Kohn Starboard, by Aqua Security Episode 19, with Liz Rice Docker Enterprise 3.1 from Mirantis Docker and Microsoft; Microsoft and Docker Velero v1.4 Agones v1.6 Episode 26, with Mark Mandel and Cyril Tovena Chef adds Windows container migration for GKE Red Hat adds Quarkus to Red Hat Runtimes AWS encrypts Fargate ephemeral disks in v1.4 PlanetScale open sources a Vitess operator Episode 81, with Jiten Vaidya and Sugu Sougoumarane Kubernetes provider for Hashicorp Terraform Google Vulnerability Reporting Program adds GKE Tools for debugging apps on Google Kubernetes Engine by Charles Baer and Xiang Shen How Migrate for Anthos helps modernize Java apps Helm project journey report Episode 102, with Matt Butcher Helm 3: the Good, the Bad and the Ugly by Sandor Guba of BanzaiCloud NIST deployment guidelines for proxy-based Service Mesh by Ramaswamy Chandramouli of NIST and Zack Butcher of Tetrate The World of kubectl Plugins: a YouTube series by Ahmet Alp Balkan Episode 66, with Ahmet Alp Balkan and Luk Burchard Links from the interview Domain Name System Root zone Authoritative name server Recursive and caching name server Infoblox Kubernetes Service DNS for Serivices and Pods Customizing DNS for Kubernetes CoreDNS; the default DNS server for Kubernetes since 1.11 Introduction slides KEP for CoreDNS in Kubernetes SkyDNS Miek Gieben; author of CoreDNS and SkyDNS version 2 Caddy: the HTTP server upon which CoreDNS is based Dnsmasq CoreDNS plugins Rewriting DNS with CoreDNS redisc plugin: enables a networked cache using Redis ens plugin: serve DNS records from Ethereum Name Service Node Local DNS cache and KEP BIND Unbound DNS resolver Explanatory blog posts: Understanding ndots in Kubernetes Racy conntrack and DNS lookup timeouts Learning CoreDNS: Configuring DNS for Cloud Native Environments by John Belamaric and Cricket Liu Cricket Liu and his books Book cover: a Comber fish Policy integration Episode 101, with Tim Hinrichs and Torin Sandall CoreDNS policy plugin coredns-opa SIG Architecture Production Readiness Review and KEP A DNS haiku John Belamaric on Twitter