Kubernetes Podcast from Google

A small army of community volunteers is necessary to host a KubeCon, but behind them is a professional events team. Colleen Mickey is Director of Event Services at the Linux Foundation and is responsible for KubeCon + CloudNativeCon, as well as other events like Hyperledger Global Forum and cdCon. She talks to us about hosting, feeding and watering 10,000 people, as well as the change to virtual events. We also bring the round-up of the KubeCon news, including our famous Lightning Round. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 29, with Janet Kuo Looking back at KubeCon Shanghai 2018 News of the week New Relic and Pixie Labs blogs on Pixie being open sourced New Relic joins CNCF as a Platinum Member Red Hat launches the Stackrox community at stackrox.io OpenShift GitOps and OpenShift Pipelines Snyk’s State of Cloud Native Application Security report announcement and results OCI Distribution Specification reaches 1.0 Prometheus to launch conformance program New CNCF sandbox projects: Vineyard, an in-memory immutable data manager WasmEdge Runtime, a WebAssembly Virtual Machine for cloud, AI, and blockchain applications ChaosBlade, an open-source version of Alibaba’s chaos tools Fluid, a data and storage abstraction for AI and cloud-native applications Submariner, a cross-cluster overlay of overlay networks Antrea, a Kubernetes CNI plugin Episode 128, with Antonin Bas CNCF Edge survey results and free Kubernetes on Edge Training Episode 116, with Alex Ellis Inclusive Naming Initiative receives Honorable Mention at Fast Company’s 2021 World Changing Ideas Awards ‘Master,’ ‘Slave’ and the Fight Over Offensive Terms in Computing by Kate Conger of the New York Times Episode 130, with Stephen Augustus Spotify wins CNCF Top End User Award Episode 50, with David Xia Episode 136, with Lee Mills and Matt Clarke. Lightning round Accuknox secured $4.6m in seed funding Accurics announced Terrascan integrates with Argo CD Ambassador introduced a Developer Control Plane Armory introduced mini-Spinnaker installation Minnaker, built on k3s Arrikto announced MiniKF 1.3 and Eenterprise Kubeflow for Azure Avesha launched Smart Application Cloud Framework Bridgecrew published security trends from analyzing Helm charts CAST AI announced Amazon EKS cost optimizer Civo launched K3s-as-a service to early adopters Cloudical introduced version 1.8 of VanillaStack DataStax announced that k8ssandra supports all distributions Dynatrace added the ability to ingest OpenTelemetry traces HAProxy launched version 1.6 Kubernetes ingress controller Kasten added ransomware protection with v4.0 of K10 Kubermatic Kubernetes Platform 2.17 Kubernative says that KubeOps is now a full-fledged Managed Kubernetes Framework Netdata has added Kubernetes monitoring features to their Cloud service Nirmata announced Nirmata Policy Manager, based on Kyverno OpenNebula released a new K3s Virtual Appliance for running Edge Clouds Portainer raised $6M in a Series A round to Accelerate their global expansion Portworx pre-announced PX-Backup 2.0 with support for external auth services Rancher launched a new Rancher Desktop tool in Alpha for Windows and Mac Rafay launched new features to its Kubernetes Management Cloud Splunk announced their Observability Cloud is Generally Available StackPulse announced a Kubernetes-centric operations center StorageOS version 2.4 brings encryption at rest and rapid application recovery StormForge introduced automatic scanning of in-cluster resources StreamNative open sourced Function Mesh for running Apache Pulsar functions Sysdig added runtime detection and response for AWS Fargate Tigera released Calico Enterprise 3.5 with Dynamic Service Graph and eBPF data plane Timescale raised $40m Series B for Postgres-based TSDB and Prometheus cloud Trilio announced Kubernetes Backup Monitoring for Velero users Vitess launched version 10, with support for the Ruby on Rails framework Wanclouds launched multi-cloud Disaster Recovery as a Service Weaveworks launched Weave Kubernetes Platform 2.5 with multi cluster observability platform Zebrium now automatically perform Root Cause Analysis with integration into Opsgenie Links from the interview The first KubeCon in 2015 KubeCon donated to the CNCF CNCF presents CloudNativeCon and hosts future KubeCon events (2016) Dreamforce brings in cruise ships KubeCon NA 2017 in Austin, TX Linux Foundation Climate Finance Foundation Diamond sponsor lottery Diversity and inclusion at KubeCon EU Sponsorship open for KubeCon NA 2021 Event platforms: Intrado MeetingPlay KubeCon + CloudNativeCon Europe 2021 KubeCon + CloudNativeCon North America 2021 GopherCon EU 2018 in Iceland Colleen Mickey on LinkedIn

Liqo is short for Liquid Computing. It’s a tool for extending Kubernetes onto others clusters, developed at the Polytechnic University of Turin. Research assistant and Liqo co-creator Alex Palesandro is our guest this week. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 64 with Sarah D’Angelo and Patrick Flynn Three years ago today James Strachan, James Rawlings and Dan Lorenc Jib reCAPTCHA News of the week Microsoft to acquire Kinvolk, Kinvolk to be acquired by Microsoft Episode 79 with Chris Kühl Red Hat Virtual Summit announcements Red Hat OpenShift Platform Plus Rackspace and Platform9 announce partnership Episode 88, with Madhura Maskasky Lens 5 Beta HYCU joins the Kubernetes backup party Sysdig joins the cloud security unicorns Episode 91, with Leonardo Di Donato GKE adds multi-instance GPUs and a new Gateway controller Kubernetes moves to three releases per year Links from the interview Alex Palesandro Politecnico di Torino Alex’s thesis Episode 141, with Daniel Mangum Episode 142, with Gianluca Arbezzano Fiat and Stellantis DAUIN, Department of Control and Computer Engineering Netgroup Crown Labs Blender Liqo Virtual Kubelet mDNS Kubernetes TLS bootstrapping Vint Cerf at 6UK launch in 2010 kubefed Liqo roadmap Liqo on GitHub Alex Palesandro on Twitter

Brian Singer co-founded Orbitera, which was acquired by Google in 2016. During that process he met Kit Merker, who was a PM on GKE and the GCP Marketplace, and the two are now working togther on relability engineering startup Nobl9. We talk about migrating Orbitera to GKE and Google’s SRE platform, and how many 9s are too many. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 94, with Richard Belleville The G in gRPC stands for: Gilded Guadalupe River Park Conservancy The Great British Bake Off? Not grey, just backlit! Much improved here News of the week Grafana relicensing to AGPLv3 Q&A on relicensing Google’s public ban on AGPL Amazon introduces OpenSerarch Pulumi v3.0 Episode 76, with Joe Duffy k8ssandra v1.1 Cassandra Kubernetes SIG picks Cass Operator Docker Desktop for Apple Silicon Macs is GA Zerto for Kubernetes Three different multi-tenancy models Loft Labs open sources Vcluster CVE-2021-20291 in CRI-O and Podman Kubernetes blog updates: Volume health monitoring Indexed Jobs Graceful node shutdown Defining Network Policy conformance for CNI providers Evolving Kubernetes networking with the Gateway API Links from the interview Orbitera in 2016 - acquired by Google Why Orbitera was migrated to GKE Site Reliability Engineering Service level objectives Error budgets and risk Being too reliable SLOs, SLAs, SLIs SLOs explained in 90 seconds video by Kit Merker Nobl9 SLO Platform SLOconf Fly to SLO Fly to Oslo Beyond Seattle SRE meetup Slash at Wembley Arena Brian Singer on Twitter Kit Merker on Twitter

Celebrate the release of Kubernetes 1.21 with release team lead Nabarun Pal from VMware. Nabarun talks about choosing between “hardware” and software, additions and removals from Kubernetes 1.21, and how the Kubernetes project has become more welcoming to people outside the USA. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Moscone Center vaccination site Monday morning weather in London Before and after haircut World record barbering News of the week Kubernetes 1.21 CronJobs are GA Local Storage features go Beta Suspended Jobs in Alpha kube-state-metrics v2.0 emissary-ingress joins the CNCF Shell Operator v1 for Kubernetes operators kubesploit, from CyberArk CVE-2021-25735: Validating Admission Webhook does not observe some previous fields on Node objects Kubegres Minio adds Kubernetes operator and console Scaling Kubernetes with assurance at Pinterest by Anson Qian SUSE sponsors 300 scholarships in cloud native education A reprieve for Apache Mesos Links from the interview Nabarun Pal IIT Roorkee Logo ABU Robocon Models and Robotics Section, IIT Roorkee Rorodata/Algoshelf PyCon India Building microservices with Firefly at PyCon India 2017 Conference talks Linux Users’ Group of Durgapur (DGPLUG) and FOSS training Kubernetes Bangalore meetup Nabarun’s journey in the Kubernetes release team Applications for Kubernetes 1.21 release team are open Episode 130 with Stephen Augustus Kubernetes 1.21 release blog Kubernetes Enhancement Proposals (KEPs) 1.21 release page PodSecurityPolicy deprecation and KEP Making sure features don’t languish in Beta Volume health monitoring Command metadata in kubectl headers Tweet from @dims bribing people to test Release Candidate builds Savitha Raghunathan is release lead for 1.21 Lewis Hamilton tied with Michael Schumacher Mick Schumacher joins F1 Nabarun Pal on Twitter

We conclude our two-part conversation with Weaveworks co-founder Alexis Richardson, picking up when the company received Series A investment in December 2014. Since then, they built projects like Scope, Cortex and Flux as well as SaaS offerings based on them. We also look at Alexis’s role in the founding of the CNCF. Please be sure to listen to the first part before this one! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Educational YouTubers: Film Riot Mental Floss Animator Island Infrastructure for Entertainment by Justin Garrison at KubeCon NA 2020 Episode 20, with Justin Garrison News of the week Kubernetes 1.21 PodSecurityPolicy deprecation KubeVela 1.0 Argo Workflows 3.0 and Argo CD 2.0 Cilium launches NetworkPolicy site IBM Cloud Code Engine is GA Tanzu Cloud Native Runtimes public beta New security offerings from Tanzu Cisco Intersight Kubernetes Service is GA Tetrate Service Bridge is also GA Updates to Azure Arc enabled Kubernetes and OpenServiceMesh add-on for Azure in Preview etcd project journey report published Single sign-on guide for Kubernetes by Ben Dixon Apache Mesos moving to the Attic Links from the interview Last week’s episode Weaveworks Weaveworks takes a $5m Series A round Weave Scope and its annoucement Cortex Flux CD and its announcement as a service routing layer Weave Cloud Docker Swarm Mode kubernetes-anywhere kubeadm How we made kubeadm Brandon Philips’ newsletter Launching eksctl The August 2017 post introducing GitOps Peter Bourgon and Michael Bridgen Kelsey Hightower talk at GitOpsDays Guide to GitOps Steam engine centrifugal governor Flux joins the CNCF Flagger Announcement about Argo and Flux joining forces Weaveworks is a founding member of the CNCF Alexis elected as TOC chair Battlestar Galactica Weave Kubernetes Platform Series C funding Alexis Richardson on Twitter

We’re trying something new! In Part 1 of a two-part conversation with Weaveworks co-founder Alexis Richardson, we have a wide ranging conversation about career choices, finance, founding and selling tech companies, and the dangers of being pigeon-holed based on the first project your company releases. Next week we’ll finish the conversation by talking about Weave projects like Flux and Cortex, as well as their SaaS offerings, the founding of the CNCF, and whether Weave built the platform they set out to build when they started 7 years ago. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Evergiven Everywhere “Reply all” at the State Department Evergreen truck blocks Chineses highway Little ship stuck in Littlehampton harbour Vote for the name of the Seattle Tunnel Boring Machine Sir Mix-a-Lot News of the week Outdated; a new open source project from Replicated Episode 143, with Grant Miller Kubestr by Kasten by Veeam, by golly The Aerospike Kubernetes Operator Tanzu Kubernetes Grid v1.3 Red Hat OpenShift on AWS is GA Quay.io is changing login methods Container vulnerability scanning from Sophos Kubecost raises $5.5m in funding Episode 124, with Webb Brown Security Updates in Docker by Itamar Turner-Trauring Links from the interview Mathematical logic at Oxford University Stewart Butterfield on philosophy Computer Literacy Project Jeremy Ruston’s BBC Micro Revealed and 80s hair Haskell, Orwell and Miranda OCaml and Standard ML 1998 Russian financial crisis Metalogic Oy Cohesive Networks AMQP RabbitMQ NZ Easter Bunny hunt Matthias Radestock Erlang ejabberd Matthew Sackman and Tony Garnock-Jones Open Telecom Platform (OTP) VMware acquires Rabbit Technologies SpringSource previously Interface21 Weaveworks Introductory blog “Zettio introduces Weave” Weave Net Alexis Richardson on Twitter

Grant Miller is the co-founder and CEO of Replicated, which helps operationalize and scale the delivery of Kubernetes-based apps into the enterprise. We look at what it means to be enterprise software in a SaaS world, and we also get some 2021 predictions from guest host Liz Rice. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 19, with Liz Rice Episode 133, with Thomas Graf Cilium talk at DockerCon 2017 Liz’s 2021 predictions from KubeCon NA (Virtual) 2020 Cheese exports are down Autonomous driving levels Prince Harry joins a startup Nick Clegg joins Facebook News of the week SoloCon announcements Mesh7 to be acquired by VMware GKE adds runtime configuration of pod subnets and larger Internal Load Balancer support Amazon reduces EKS cluster create time from “glacial” to “slow” NetApp launches Spot Wave CircleCI Server 3.0 Diamanti Spektra 3.2 Sonatype launches Nexus Container Davanum Srinivas elected to the CNCF TOC “Unironically Using Kubernetes for my Personal Blog” Links from the interview SparkPeople Marc Campbell look.io acquired by LivePerson Replicated Open source from Replicated kurl KOTS Troubleshoot SchemaHero Donated to the CNCF EnterpriseReady and the EnterpriseReady Podcast Kubelist and the Kubelist Podcast Replicants, replicators and gremlins Grant Miller and Replicated on Twitter

If you’d like something more tangible than a virtual cloud instance, there’s always (still!) bare metal. Tinkerbell is a project from Equinix Metal to manage bare metal servers at scale, and Gianluca Arbezzano is one of its maintainers. We talk stacks, racks and MACs. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 11, with Vic Iglesias Vic lives here, but not here Pokémon Go social distancing News of the week Flux moves to incubation in the CNCF NetApp Astra goes GA; more information Fairwinds introduces Saffire Cosign, by Dan Lorenc Episode 39 Komodor beta and swag offer Announcing Private Clusters on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) Linkerd 2.10 The Money Section, with thanks to David Pait, guest of Episode 127 Docker takes $23m in Series “B” funding to get ship done Aqua Security takes $135m in Series E at $1b valuation Snyk raises $300m in Series E valuing company at $4.7 billion Tetrate raises $40m Series B Is Crossplane the Infrastructure LLVM? by Daniel Mangum Episode 141 Links from the interview PHP. and PHP in 2020 Turin InfluxData Episode 91, with Leonardo Di Donato Dropbox’s exodus from Amazon Equinix Metal Packet acquired by Equinix Tinkerbell OpenCompute and Open19 Server terminology: Next Unit of Computing (NUC) Baseboard management controller (BMC) Preboot Execution Environment (PXE) Floppy disks DIY Board management control for an Intel NUC: power control Tinkerbell services: Tink Boots OSIE Hook Hegel PB&J OVH fire How Tinkerbell Got Its Wings, including joining the CNCF Tinkerbell community Episode 136: Backstage, with Lee Mills and Matt Clarke Gianluca Arbezzano on Twitter and on the web Tinkerbell on Twitter

Crossplane lets you automate creation of infrastructure using Kubernetes APIs. Daniel Mangum is a Crossplane maintainer working at its creator Upbound, a TL of Kubernetes SIG Release, and a YouTube streaming star. He chats about tech with host Craig Box, who is helped this week by returning guest Ken Massada from GKE’s Support team. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 18, with Ken Massada Things We Don’t Say podcast Glow in the dark sharks Earthquakes and tsunamis News of the week Microsoft Ignite news: Azure Arc for Kubernetes Azure Migrate app containerization service AKS release notes Microsoft Mesh Helm second security audit Meet Brigade v2 Harbor 2.2 and roadmap Google Summer of Code 2021 KubeCon EU 2021 schedule launched and the selection process explained Issue #100000 on kubernetes/kubernetes Links from the interview Visual Basic for Applications NYT article on retro computing Compiler Explorer Rich Code for Tiny Computers by Jason Turner Upbound Episode 36, with Jared Watts Crossplane Crossplane vs Terraform blog by Nic Cope Compositions and XRDs Crossplane vs Cloud Infrastructure Add-ons TBS episode with Matt Moore of Knative Helm provider July 2020: Crossplane joins the CNCF LFX mentorship program Dec 2020: v1.0 Mar 2021: v1.1 Kubernetes SIG Release doc.crds.dev Upcoming KubeCon talk: FPGK8s: Consumer-Grade FPGAs on Kubernetes Cutting GTA loading times by 70% and how YAML parsing can become quadratic Daniel’s current hirsuteness The Binding Status Flake-Finder Fridays Daniel Mangum on Twitter and on the web

Kamil Potrec is a Senior Security Engineer at Snyk, working on security around Kubernetes and cloud platforms. He joins the show to discuss how to think about securing your infrastructure, the different arts (and colors) of offensive and defensive security, and what not to lose sleep over. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 23, with Andrew Philips and Lars Wander A pile of mail and a bike News of the week Red Hat OpenShift 4.7 is GA Fairwinds Insights 3.0 Envoy zero-day patched Istio security bulletin Sysdig contributes Falco modules to the CNCF StorageOS raises $10m in Series B Platform9 raises $12.5m in Series D CNCF relaunches Kubernetes Community Day with KCD Africa and Bengaluru Links from the interview Offensive unit in American Football Hand-egg Red and blue teams Unreal Tournament Capture the flag Kubernetes secrets Design document Encrypting secrets at the application layer Antivirus software Tracer-tee SolarWinds attack Reflections on Trusting Trust by Ken Thompson left-pad deleted from NPM Snyk Open Source The open source parts Snyk vulnerability database MITRE CVE database Kubernetes security at Snyk Deploy only trusted containers to GKE Application threat modeling Kubernetes security best practices, including security context, AppArmor, gVisor etc CVE-2020-8554: man-in-the-middle attack using ExternalIP services CVE-2020-14386: packet socket vulnerability with user namespaces enabled Earlier related work: CVE-2017-7308 and CVE-2016-8655 Project Zero writeup Rewrite it in Rust! Kamil Potrec on LinkedIn