Kubernetes Podcast from Google

Kubernetes lets us manage our infrastructure declaratively, so why do we still manage the underlying OS with a myriad of different text files? And why allow shell and SSH access to a machine that should be immutable? So asked Andrew Rynhard before creating Talos, a Linux distribution built for Kubernetes. He’s now CTO of Talos Systems, a company founded to take it to market. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 40 years of the IBM PC 5150 emulator and docs What was it like to use? Twitter thread about the cost of add-ons 41 years ago: the story of the creation of the PC DONKEY.BAS Play it on the 5150 emulator Learn about it Play it on the iPhone or Apple Watch Commodore 64 Wheel of Fortune Little Computer People C64 vs IBM advertising 6502 and derivative CPUs: the C64 used a 6510 Bender News of the week Litmus 2.0.0 Episode 56, with Evan Powell SPIRE security audit Episode 45, with Andrew Jessup Bovine by Nick Gerace Rust Cloud Native Verify GKE services are up with dedicated uptime checks LFX projects open for (Northern) Fall term Links from the interview Talos (the OS) Linux from Scratch Talos (the robot) COSI Comparing k3s to vanilla Kubernetes on Talos Talos announcement on Reddit and Hacker News Talos Systems Launch blog Brazilian jiu-jitsu COSI announcement from KubeCon EU 2021 Andrew Rynhard on Twitter

What is a telecommunications provider, if not a very distributed system? Kubernetes is becoming an important engine for the world’s telcos, especially as they roll out 5G. Vuk Gojnic leads the team rolling out Kubernetes across Deutsche Telekom (the parent company of T-Mobile), and he tells us how the worlds of telco and cloud have converged. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Jeopardy! hosts The Price Is Right Bob Barker in Happy Gilmore Spay and neuter your pets News of the week eBPF Foundation announcement Episode 91, with Leonardo Di Donato Episode 133, with Thomas Graf Istio 1.11 NSA & CISA release Kubernetes hardening guidance PDF link Google Cloud Service Discovery adds GKE auto-discovery Troubleshoot GKE faster with monitoring data in your logs Sysdig announces new Prometheus integrations Nirmata takes $4m in funding CNCF Survey, part 2 Links from the interview History of Montenegro Balkans region Postal, telegraph and telephone services Cafe del Montenegro “archeological remains” (archeological remains of original Cafe del Montenegro) CdM today Crnogorski Telekom Deutsche Telekom Crossbar switches O-RAN Software Community and source code Network function virtualization Natural selection Mobile base station DSLAM 5G Das blinkenlights Das Schiff Das Boot Cluster API Flux CD OpenStack Ironic mIRC Vuk Gojnic on Twitter

It’s Kubernetes release day! The team that launched v1.22 of everyone’s favourite cluster management software was led by Savitha Raghunathan, Senior Platform Engineer at MathWorks. Savitha joins host Craig Box to talk contribution, containers and cricket. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Life before smartphones Dark Sky, hyperlocal weather app Karl the Fog Universal Studios Kubeyland 2021 The Simpsons Ride News of the week Kubernetes 1.22 announcement Sign up for the 1.23 release team Linkerd graduates* in the CNCF Cosign 1.0 Episode 152, guest host Dan Lorenc Episode 155, with Priya Wadwha Cloud Native Rejekts CFP Episode 79, with Chris Kühl Introducing Koncrete by the Kalm team Nestybox adds Kubernetes support Curiefense adds NGINX support Replicated announces $50M Series C Episode 143, with Grant Miller Kubernetes platform updates: Deckhouse, by Flant, is GA Red Hat OpenShift 4.8 Rafay adds new features to Kubernetes Management Cloud Carvel Package Manager for Kubernetes Porter and seed funding announcement Links from the interview Chennai Super Kings Stephen Fleming; coach, A/C salesman and Yellow Wiggle Royal Challengers Bangalore MathWorks MATLAB Math vs maths? (Doesn’t actually matter; MATLAB is short for Matrix Laboratory) Savitha’s first contribution Kubernetes GitHub workflow and pull request guide Kubernetes 1.22 release announcement Release Team Loki and WandaVision Enhancements of note: Seccomp by default Rootless Kubelet Pod admission control Node swap support Windows privileged containers 1.21 release interview with Nabarun Pal Do, Delegate and Defer Release lead for 1.23: Rey Lejano In memoriam: Peeyush Gupta Donate to Peeyush’s Family Education Fund Coffee art Amigurumi Savitha’s cat Savitha Raghunathan on Twitter

Sebastien Pahl is a pioneer of container technology, building the predecessor to Docker as a co-founder of Dotcloud. After working at some big tech companies, he’s back to the startup life as co-founder of Opstrace, a fully open source observability distribution, built on top of the tools you know and love. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Pictograms Korea on Italy Pita Taufatofua, the oily Tongan Olympic drones Inclement weather: Tokyo New York City London News of the week Kubernetes 1.22 release candidates is out Episode 146, with Nabarun Pal Cloud Foundry Foundation releases v5 Episode 105, with Chip Childers Connaisseur 2.0.0 Episode 155, with Priya Wadwha Chaos Mesh 2.0.0 Episode 121, with Ed Huang Spectro Cloud raises $20m Series A Nominate yourself for the 1.23 Release Team Links from the interview EPITECH Solomon Hykes Departure blog Dotcloud Y Combinator $10m funding round Cloudflare Mesosphere HD-DVD and Betamax Operator Framework/Operator SDK Opstrace Prometheus Cortex Grafana Loki Grafana relicensing OpenMetrics and OpenTelemetry Matter, for smart home devices Opstrace on GitHub Sebastien Pahl on Twitter

The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Virgin Galactic launch NBC News BBC News Blue Origin launch NBC News BBC News Rocket scene from Austin Powers: The Spy Who Shagged Me The memes News of the week Google Cloud Container Security webinar Register for Google Cloud Next 2021 Google Cloud IDS Windows Server support for Anthos on-prem Multi-Cluster Ingress for GKE CVE-2021-22555: Kernel code execution through Netfilter bug CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding CVE-2021-32690: Helm repository credentials passed to alternate domain Attacks on Argo Workflows discovered by Intezer Sysdig acquires Apolicy; Apolicy acquired by Sysdig CockroachDB Operator for Kubernetes Automatic remediation of Kubernetes nodes at Cloudflare Sciuro Kured CNCF App Delivery TAG publishes operator whitepaper Links from the interview Software supply chain Know, Prevent, Fix Reproducible builds Debian Project SolarWinds hack US Executive Order on Improving the Nation’s Cybersecurity Binary Authorization Provenance, in art and software in-toto “Farm to table” sigstore Announcement blog cosign Announcement blog Dan Lorenc’s blog Connaisseur Rekor Fulcio Key signing ceremony: Dan Lorenc on Episode 152 Announcement blog Video Tekton Tekton Chains Announcement blog, by Priya & Dan SBOM (Software Bill of Materials) Open Source Insights Announcement blog Nine Inch Nails’ Year Zero ARG Scorecards Announcement blog v2 blog SLSA Announcement blog GitHub SupplyChainSecurityCon sigstore Slack channel Priya Wadhwa on Twitter

Gatekeeper is an open source project which lets you enforce policy in a Kubernetes cluster. It’s also the basis for Policy Controller, a hosted and managed version now available for all GKE users. Max Smythe, a senior SWE at Google, is a maintainer of Gatekeeper and the TL of Policy Controller. He joins us to talk constraints, config and Cruise. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week England loses Euro 2020 final It’s Coming Ohm: prediction on power usage Half time power spike Top 20 spikes The Thorn Birds The Superbowl Flush - debunked! Tokyo Olympic Games Opening Ceremonies Hedbanz News of the week APIs being removed in Kubernetes 1.22 ContainIQ launches Postgres Operator 5.0 NetworkServiceMesh 1.0.0 Google Cloud Certificate Authority Service GA and cert-manager integration Platform9 Managed KubeVirt InsightCloudSec from Rapid7 Sophos acquires Capsul8 Spring 2021 graduating class from CNCF-sponsored LFX Mentorship program Links from the interview Brian May Edge of Tomorrow The redemption thereof Chubby Riak Gatekeeper Anthos Config Management Config Sync Policy Controller Episode 101, with Tim Hinrichs and Torin Sandall PodSecurityPolicy is not going GA SIG Auth’s replacement proposal Using ACM constraints to enforce Pod security OPA Constraint framework Policy Controller: Creating constraints Writing a constraint template Structural schemas Design Patterns for Extendable, Scalable K8s Extensions by Rita Zhang and Max Smythe Max Smythe on Twitter

Debugging Kubernetes often involves correlating what happened just before something went bad. Itiel Shwartz is a co-founder of Komodor, a startup who builds a platform to help with exactly that. We talk Hebrew names, Hungarian dogs and German car crashes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Jimmy Moore steps out from behind the scenes Conan O’Brien Needs A Friend Revisionist History Letterman reads out Johnny’s jokes Mythic Quest News of the week Joint US/UK cybersecurity advisory saying Russia is using Kubernetes CNCF and FinOps Foundation survey Canonical Kubernetes usage survey CNCF End User Radar for multi-cluster tools runc 1.0.0 Buoyant Cloud Public Beta Sloth, by Xabier Larrakoetxea Links from the interview Komodor “Itiel” and “ETL” Rookout Forter Ben Ofiri Komodor team photo The Komondor (and image search) Man Who Looks Like His Dog Jack Tramiel, co-founder of Commodore International The story of the name “Commodore” Man Who Looks Like His Dog Single bit-flip renders certificate transparency log invalid $25 million funding with angel investors Itiel Shwartz and Komodor on Twitter

Steve McGhee worked as an SRE at Google for almost 10 years, then took a job outside the company. He was tasked with recreating “Google Production” and SRE practice from first principals, but with three books, modern cloud providers, and the entire Kubernetes ecosystem to help. How did he do? Learn about that which you can and can’t replace. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Dan’s recent work has come up in episodes 136, 142, and 151, to name but a few Episode 39, with Dan Lorenc Tekton CD Sigstore Dan’s Peter Jackson look Sigstore Root Key Ceremony IANA Key Signing Ceremonies and changes in the time of COVID News of the week GKE news: New Tau VMs on Google Cloud and GKE Committed use discounts for GKE Autopilot Cloud Onboard training for GKE with Kaslin Fields, on June 22 Stackrox/Red Hat State of Kubernetes Security blog post and report etcd 3.5 SLSA: Supply chain Levels for Software Artifacts Ensemble, by Tesera Harbor operator 1.0 Weave GitOps Core Episodes 144 and 145, with Alexis Richardson WSO2 launches Choreo and acquires Platformer KubeCon EU 2021 transparency report COVID vaccine required to attend fall 2021 Linux Foundation events Opinions on Knative positioning by Ahmet Alp Balkan Episode 66 Links from the interview LG Chocolate Phone and the Crazy Frog Good SRE is the inverse of the XKCD comic on Standards “Breaking Prod: More than once, I personally made it impossible to use google search from a phone (for a little bit). Like, for everyone on the planet.” San Luis Obispo, California (SLO) GIFEE, coined at CoreOS Rebuilding SRE, from Memory Ben Treynor Sloss Homer Simpson’s Car Postcards from the future and the crystal ball It is against the law to have a sleeping donkey in your bathtub after 7pm How To Avoid Huge Ships Prometheus Canary releases Canary deployments with Istio SLO Math, by Steve McGhee (SLOconf 2021) The SRE I Aspire To Be, by Yaniv Aknin (SREcon 2019) RAID. a Redundant Array of Inexpensive/Independent Disks Deployment Archetypes for Cloud Applications, by Brad Calder and Anna Berenberg Steve McGhee on Twitter

NVIDIA and Google have teamed up to bring the new Multi-Instance GPU feature, launched with the NVIDIA A100, to GKE. We speak to Kevin Klues from NVIDIA and Pradeep Venkatachalam from Google Cloud on how and why people use GPUs, optimising instance shapes for machine learning, and why less is often more. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 64, with Sarah D’Angelo and Patrick Flynn Catching up with Patrick in Episode 148 Winthrop, Washington Blackdown Hills, Devon News of the week Azure App Services now available for Azure Arc Azure Arc and App Service blog posts Other new AKS capbilities Virtualization Review coverage ECS Anywhere made GA by press release AWS App Runner Integrating Google Cloud DNS with GKE Istio 1.10 Terraform 1.0 Grafana 8.0 and Tempo 1.0 Argo Rollouts 1.0 Kubesphere 3.1.0 Cilium 1.10 OpenSLO spec launched at SLOConf Episode 147, with Brian Singer and Kit Merker Envoy GA on Windows Chaos Experimentation Framework for Envoy El Carro operator for Oracle Database from Google Cloud Moco operator for MySQL from Kintone PlanetScale GA Episode 81, with Jiten Vaidya and Sugu Sougoumarane FoundationDB paper from ACM SIG MOD DockerCon announcements Coverage of Development Environments from The Register Deps: Open Source Insights project from Google Graph for Kubernetes 1.0.0 Graph for Kubernetes 1.22.0-alpha.2 Verifiable Supply Chain Metadata with Tekton Chains Kubernetes CVEs: CVE-2021-25736 CVE-2021-25737 CVE-2021-25738 runc CVE-2021-30465 VS Code Plugin for Kubernetes CVE-2021-31938 Steve Smith says “GitOps is a placebo” in a blog post and Twitter thread Follow up from Vic Iglesias GitOpsDays Styra raises $40m Series B round Episode 101, with Tim Hinrichs and Torin Sandall Cloud Native community goes live with 10 shows on something called Twitch YouTube playlist for KubeCon EU 2021 Links from the interview Episode 92, with Pramod Ramarao Dogecoin Training and inference 12 things that prove Doom will run on literally anything “It runs Doom” subreddit CUDA vGPUs Multi-Instance GPUs GKE now supports multi-instance GPUs 7 core MacBook Air GPUs A100 GPU 16 A100 GPUs on a Google Cloud VM Running GPUs on GKE Node taints for scheduling NVIDIA Container Toolkit GCP NVIDIA GPU device plugin Kubernetes NVIDIA device plugin GTC 2021 talks: A Deep Dive on Supporting Multi-Instance GPUs in Containers and Kubernetes by Kevin and Pradeep Gain Competitive Advantage using ML Ops: Kubeflow and NVIDIA Merlin and Google Cloud by Andrew Stein and Maulin Patel (Google) and Davide Onofrio (NVIDIA) Kevin’s KubeCon talk and slides Kevin Klues on Twitter

Pixie Labs built an observabiity platform for Kubernetes, which uses eBPF to get telemetry without user intervention. They were recently acquired by New Relic, who open sourced the Pixie software. Co-founders Zain Asgar and Ishan Mukherjee join Craig Box to tell the story and talk about what’s next. Guest host Alex Ellis tends his garden. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 116, with Alex Ellis GrowLab Announcement blog Alex’s talk at the GIFEE Day Monty Don OpenFaaS in the RISC-V keynote New Kubernetes on Edge training course News of the week eBPF for Windows GKE Dataplane V2 is GA Confluent for Kubernetes GA VMware Tanzu SQL, with MySQL, for Kubernetes, 1.0 VMware Modern Apps Connectivity Solution Do the State of DevOps survey! Links from the interview Pixie Labs What is Pixie overview slides presented to CNCF Public beta launch and announcement of Series A funding TechCrunch coverage Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs A day in the life of a Kiva robot Recognition for Google Lens clothing recognition Dog or blueberry muffin? Episode 125, with Ramiro Berrelleza How Pixie Works New Relic goes all-in on OpenTelemetry and Open Source Pixie on GitHub Pixienauts community New Relic upgrades to Platinum member at CNCF Zain Asgar and Ishan Mukherjee on Twitter