Kubernetes Podcast from Google

Keptn, a control plane for continuous delivery, came out of the need to install Dynatrace’s software at their customer’s environments. Alois Reitbauer is Chief Technical Strategist at Dynatrace, reponsible for open source, and a co-chair of the CNCF App Delivery SIG. He talks to your hosts about Keptn, observability after deployment, and how owning a 40 year old sports car is more “curation” than “operation”. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Loved: Thinking, Fast and Slow Unloved: a pile of Sex and the City News of the week Anthos Attached Clusters New Anthos pricing GKE on The Keyword Cloudian introduces operator Canonical introduces Kubernetes 1.19 Portainer CE 2.0 Kuberntes client comparison by Yolan Vloeberghs and Pieter Vincken Distributed tracing overview by Jonathan Gold Links from the interview Dynatrace OpenTelemetry OpenMetrics Keptn What it is, how it works, and how to get started Blogs by Alois: Micro operations — A new operations model for the micro services age How your delivery pipeline will become your next big legacy-code challenge Related CI/CD tools: Spinnaker Jenkins Argo Flux GitLab CD Foundation SIG Interoperability CNCF SIG App Delivery Alois’s car marque of choice Alois Reitbauer on Twitter

Taylor Dolezal is a senior Developer Advocate at Hashicorp and the Kubernetes 1.19 release lead. His desire to give talks and join the CNCF Ambassadors led him to the release team and to his new job. He talks to Adam and Craig about how a TI-83 calculator started him on the path. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The Moon Disaster deepfake Mayfield Lavender Farm News of the week Kubernetes 1.19 release - deferred 24 hours Istio 1.7 release! New Istio Steering Committee charter k3s to join the CNCF Sandbox New networking features in GKE Anthos announcements from Google Cloud Next Google Cloud Code updates Serverless Framework Knative component VMware vRealize Operations 8.2 Moving forward from Beta in Kubernetes Palinurus, from Mailchannels What’s new in Falco 0.25 AWS Controllers for Kubernetes GCP Config Connector Carvel Operator SDK reaches 1.0 Thanos and Cortex are both incubating in the CNCF The Kubernetes Handbook by Farhan Hasin Chowdhury Links from the interview TI-83 Plus Silver Edition Walt Disney Studios “Deployed my blog on Kubernetes” Hashicorp Terraform CNCF Ambassador 1.14 release team 1.18 release team Episode 96, with Jorge Alarcon 1.19 enhancement sheet Ingress goes stable 12 month release support cycle Lauri Apple, PgM for SIG Release Sidecar containers.. still Jeremy Rickard is 1.20 release team lead Episode 61 with Jeremy Rickard and Ralph Squillace Nomad, from Hashicorp Hashicorp joins the CNCF CNCF Cape, as modeled by Lachie Evenson Reading list: Working in Public: The Making and Maintenance of Open Source Software by Nadia Eghbal An Elegant Puzzle: Systems of Engineering Management by Will Larsen The Art of Doing Science and Engineering by Richard Hamming Defending Jacob Taylor Dolezal on Twitter

Constance Caramanolis is the co-chair of this week’s virtual KubeCon EU, and a principal software engineer at Splunk. Her introduction to Cloud Native came as an Envoy maintainer working at Lyft; she talks to Craig and Adam about communication: techmical, programmatic, in-person and online. We also summarise all the news from KubeCon. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week KubeCon EU #kubernetes-podcast on CNCF Slack Get an invite to Slack Hamilton (musical) Watch on Disney Plus News of the week Red Hat OpenShift Virtualization is GA Red Hat news summary from SiliconAngle 5 years of Google Kubernetes Engine Announcement post from 2015 GKE Dataplane v2 Docker changes registry pricing and retention Hacker News commentary IBM introduced POWER10 Introducing hierarchical namespaces by Adrian Ludwin OpenEBS 2.0.0 containerd 1.4.0 VMware Tanzu Mission Control integrates VMware Tanzu Observability by Wavefront Mirantis acquires Lens Episode 110, with Adrian Ionel Pulumi adds new Kubernetes features Links from the interview Envoy Omnition, acquired by Splunk Splunk acquires Omnition OpenTelemetry Collector Constance’s talks: KubeCon NA 2018: Envoy Intro (with Matt Klein) Velocity 2018: Leveraging Envoy when responding to high-severity incidents SYN-ACK Constance’s KubeCon EU keynote The Five Whys KubeCon EU agenda KubeCon NA 2019 puppies Corgis Invite a llama Episode 80, with Vicki Cheung Greek food: Galaktoboureko Loukoumades Stroopwafels Poutine Constance Caramanolis on Twitter

Alex Ellis created serverless framework OpenFaaS while working a day job. It’s used by some big companies, but he’s resisted the temptation to join one. Instead, he’s offering consulting and seeking sponsorships, building a business from the ground up. He explains the pros and cons of independence to Craig and Adam. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Microsoft launches OpenServiceMesh Including a bit from Linkerd Kong releases Kong Mesh Tanzu Application Service 2.10, formerly known as Pivotal Cloud Foundry KubeCarrier Cube carrier Episode 109, with Sebastian Scheele Nestybox releaases Sysbox (GitHub) Palo Alto Networks discloses and fixes fault in KataContainers JenkinsX plugin for Octant Backyards gets FIPS compliant StarlingX 4.0 New AKS features etcd security audit Episode 95, with Xiang Li New Code of Conduct Committee Members Links from the interview Alex Ellis ADP Payroll Docker Captains program Lord Birt Lord Ernie DockerCon 2016 Ben Firshman funker funker-dispatch by Alex Ellis FaaS OpenFaaS Moby’s Cool Hacks - closing keynote Joining VMware to work on OpenFaaS VMware blog VMware Dispatch Acquisition of Heptio VEBA Leaving VMware and Alex going out on his own OpenFaaS Ltd Alex’s 2020 mission The world’s first managed k3s service First year accounts and end-of-year party Inlets Inlets PRO k3sup Brown sauce Arkade 5 years of Raspberry Pi and robots Insiders Subscription Treasure Trove archive The Five Pressures of Leadership in OSS A bit of Istio before tea-time Cards Against Containers for Black Girls Code Alex Ellis on Twitter

Since we last spoke about Minikube 18 months ago, the project has gone 1.0, and made large performance and usability improvements. Thomas Strömberg is the manager of the Container DevEx team at Google and a maintainer of Minikube. He talks to Craig and Adam about why system administrators are the best code reviewers, the importance of surveying users, and building bikes made of bamboo. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Baking hot Baking: Mary Berry’s Banana Loaf Caramel Slice Washington State Voters Guide Lord Buckethead Monty Python’s Election Night Special News of the week OpenSSF launched Nova from Fairwinds: monitor Helm charts for new releases Lifebelt by Gustav Westling Chaos Mesh joins the CNCF Sandbox As does the Serverless Workflow spec Announcing Vitess 7 Spinnaker Operator is GA AKS 2020-07-27 release GKE r25 Server side encryption for ECR Project report: Jaeger Episode 97 with Yuri Shkuro How Dropbox migrated from NGINX to Envoy by Alexey Ivanov and Oleg Guba Links from the interview Thomas Strömberg Minikube Episode 39, with Dan Lorenc DiRT: Disaster Recovery Testing Wheel of Misfortune Timex Sinclair ZX81 Bringing Minikube to the next Billion Users: Thomas’s talk at KubeCon China 2019 The mini Minikube Survey Other similar tools: Microk8s k3d kind Knoppix Pausing Minikube Running multiple nodes Triage Party Slow Jam Space Jam Bamboo bicycles A finished example A work in progress Thomas Strömberg on Twitter

We finally scheduled some time to talk to David Oppenheimer. David, a software engininer at Google, has been working on scheduling there since 2007, including on both Borg and Omega. That experience naturally led to him working on the Kubernetes scheduler, as well as starting SIG Scheduling. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Last week’s discussion about ice cream pies Vegemite ice cream, and a friendly reminder that New Zealand is not Australia Mutton ice cream is not a thing A bear in the kiddie pool News of the week Google Traffic Director supports proxyless gRPC New Relic open sources its agents Lyft drops the Clutch Conftest joins the Open Policy Agent project Emissary, from GitHub VS Code Docker extension can now run containers in Azure Container Instances Debugging Incidents in Google’s Distributed Systems by Beth Cooper and Charisma Chan Hashicorp Consul Service on Azure is GA Gloo Federation for gloo’ing your Gloos together with gloo The AWS EKS CIS ben chm ark Changes to Aqua Wave and Aqua Enterprise Snyk’s developer-first prioritization capabilities Carbonetes launch PR Prevasio launch PR DOMA: domain-oriented microservices architecture at Uber by Adam Gluck Links from the interview Papers co-written by David: Large-scale cluster management at Google with Borg Borg, Omega and Kubernetes SIG Scheduling WG Multi-Tenancy App Engine Interviews with David’s colleagues on Borg and Omega: Episode 22, with Dawn Chen Episode 43, with Brian Grant Episode 111, with Wojciech Tyczynski Omega features: The Omlet Pod disruption budgets Taints and Tolerations Optimistic concurrency control Scheduler features Predicates and priorities Labels and selectors Node affinity and anti-affinity Pod affinity and anti-affinity Pod priority and preemption Disruption budgets Taints and tolerations Two level scheduling Mesos optimistic offers Kubernetes scheduler in Bash Firmament and integration in Kubernetes via Poseidon Configuration tools kpt kustomize David Oppenheimer on Twitter

Released on the same day as Kubernetes, cadvisor is a container monitoring daemon that collects metrics and serves them to monitoring tools. It’s built into the Kubelet, and underpins many components in Kubernetes, such as eviction and autoscaling. David Ashpole of Google Cloud is TL of Kubernetes SIG Instrumentation, and the maintainer of cadvisor; he joins Adam and Craig this week to explain where instrumentation fits in the stack, and what you should do as a Kubernetes maintainer vs. a cluster administrator. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week In Craig’s neighbourhood: Books More books Some less popular items Masks Archie the Mammoth National Ice Cream Day Carmel Caramel News of the week GKE Ingress features: BackendConfig CRD Cloud CDN Backend service timeout Connection draining timeout HTTP access logging Identity-Aware Proxy (IAP) Session affinity User-defined request headers Cloud Armor security policies (Beta) FrontendConfig CRD (Beta) Custom GCLB health checks (Beta) SSL policies (Beta) Exposing services on GKE OpenShift 4.5 OKD4 Spring Cloud Data Flow for Kubernetes from VMware; part of the Spring Runtime package k8spin.cloud is closing and making their code open source Review of k8spin from launch Custom Pod Autoscaler (and docs) by Jamie Thompson Envoy 1.15 round-up from Tetrate; release notes from the team Fluent Bit 1.5 summary at the CNCF k3d v3.0 and new web site Best practices for creating a highly available GKE cluster Recommended alerts for AKS Ingress support added to AWS App Mesh Platform9 adds new apps to their Managed Kubernetes Service Episode 88, with Madhura Maskasky CVE-2020-8557: Node disk DOS by writing to container /etc/hosts CVE-2020-8559: Privilege escalation from compromised node to cluster Alcide write-up Threat Alert: Attacker Building Malicious Images Directly on Your Host from Aqua Security Certified Kubernetes Security Specialist (CKS) coming in November Sign up for a free pass to Virtual KubeCon EU keynotes Diving Into Istio 1.6 Certificate Rotation by Christian Posta Links from the interview SIG Instrumentation inodes Eviction on inodes cgroups cadvisor Launched on the same day as Kubernetes Monitoring metrics with Prometheus Victor Marmol and Vish Kannan Episode 22, with Dawn Chen CRI Resource metrics pipeline Heapster Metrics Server kube-state-metrics Managing Your Costs on Kubernetes by Karl Stoney from Autotrader Episode 52, with Russell Warman and Karl Stoney Metrics Stability Framework Structured logging Distributed tracing in Kubernetes Node out of memory eviction Pod priority David Ashpole on Twitter

An open source license grants rights on copyright and patents, but not trademarks. Chris DiBona has some ideas on how to address that. He has spent his career in open source, including over 15 years running Google’s Open Source Programs Office, and is one of the directors of the new Open Usage Commons. It launched last week with three projects - Angular, Gerrit and Istio - transferring their trademarks. Chris joins Adam and Craig to talk about Google’s work in open source, and why a new organisation is needed. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Software defined radio POGSAG The fuzz Talking to the International Space Station Breaker breaker News of the week SUSE to acquire Rancher Episode 57, with Darren Shepherd Open Usage Commons: OUC Board announcement Google announcement Istio blog post IBM opinion Governance updates Operator Framework and Contour accepted into the CNCF BigQuery Omni Kubernetes has caught up with YARN according to Datamechanics Kubernetes networking: why is this so dang hard? by Tim Hockin Episode 41 Announcing Kustomize support for Pulumi Cinderella clusters from Soluble Google’s Anthos comes to HPE Greenlake AWS: AWS partners with Docker Docker partners with AWS AWS Copilot for ECS cdk8s-plus AKS adds console RBAC and policy integration Kublr adds in-place upgrades and external clusters D2iQ want to teach you Links from the interview Chris DiBona VA Linux San Mehat Google Search Appliance Maintainer of Git Author of Git Ping pong balls on a bus AMP joined OpenJS Foundation and has now graduated WASM became a W3C standard Google Summer of Code Melange Open Usage Commons Apache Software License v2 and GPL v3 Open Source Definition Angular, Gerrit and Istio OUC board members Debian Free Software Guidelines Google Contributor License Agreement Apache Contributor License Agreement Developer Certificate of Origin Istio governance: Steering Committee and TOC Silicon Valley Chris’s IMDB page Palo Alto fiber ring (and today) Chris DiBona on Twitter Open Source at Google

Before Kubernetes was launched, it could have at most 25 nodes in a cluster. At 1.0, the target was 100. Meanwhile, Borg, Omega and Mesos were all running away at 10,000. What did it take to get Kubernetes to this number, and above? SIG Scalability and GKE Tech Lead Wojciech Tyczynski tells us. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Follow-up: Chairs, from Episode 107 Christmas trees, from Episode 104 Kids music The duck song The duck joke Autotune the News The duck song goes viral on TikTok Walmart Yodeling Kid News of the week KubeCon US goes virtual PromCon schedule AWS App2Container Episode 48, with Issy Ben-Shaul GKE brings Node Local DNS cache to GA Episode 106, with John Belamaric Update kernel and Kubelet config on GKE nodes AKS brings 1.17 to GA; adds containerd and priority placement group support Diamanti Spektra 3.0 Kubernetes WG Naming Introducing Cloud Native Community Groups Updated CNCF Storage whitepaper Presslabs moves to Kubernetes Presslabs Stack and WordPress Operator Links from the interview Omega Episode 43, with Brian Grant Defining scalability Original SLOs API-responsiveness: 99% of all our API calls return in less than 1 second Pod startup time: 99% of pods (with pre-pulled images) start within 5 seconds Target SLO doc - 25 nodes Borg - ~10,000 nodes Sep 2015, Kubernetes 1.0 - 100 nodes “Kubernetes Has A Ways To Go To Scale Like Google, Mesos” by Timothy Prickett Morgan March 2016, Kubernetes 1.2 - 1,000 nodes July 2016, Kubernetes 1.3 - 2,000 nodes Work by Clayton Coleman, guest of Episode 85 March 2017, Kubernetes 1.6 - 5000 nodes etcd v3 improvements for web scale Scalability Envelope Today’s scalability numbers EndpointSlices Episode 104, with Bowei Du JD.com’s 10,000 node clusters Alibaba’s 10,000 node clusters Episode 95, with Xiang Li Google’s 15,000 node GKE clusters Twitter session at the upcoming Google Cloud Next by Reza Motamedi and Maciek Różacki Poseidon and Firmament Wojciech Tyczynski: GitHub LinkedIn

Over the past 20 years, Mirantis has grown from an outsourcing company for semiconductor engineers to a product company that is the new home of Docker Enterprise. Past and present CEO and “co-founder” Adrian Ionel oversaw Mirantis’s adoption of OpenStack and purchase of Docker’s enterprise business, and he joins the show to discuss them both. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Hello Kitty, not a cat The Toys That Made Us Istanbul Not Constantinople News of the week New CNCF projects: Announcement The Future of Sandbox Sandbox project list KUDO Episode 78, with Gerred Dillon Crossplane CNI-Genie Keptn Cloud Custodian Dex Litmus Episode 56, with Evan Powell ArtifactHub Kuma Parsec BFE jFrog ChartCenter KubeCon “EU” schedule Gloo 1.4 Episode 55 with Idit Levine Frigate by Jacob Tomlinson Checkov by Bridgecrew Contour 1.6 ACI and Docker integration now public gRPC-Web for .NET now GA Episode 94, with Richard Belleville HP Ezmeral Codefresh raises $27m Links from the interview Mirantis OpenStack At Mirantis Built by NASA and Rackspace Fuel from Mirantis Adrian leaves Mirantis in 2015 Dorsal Did anyone call John Sculley? Adrian returns in 2018 Infrastructure as Code Mirantis Bring-your-own Kubernetes and Kubernetes as a Service Mirantis acquires Docker Enterprise ..and pledges to keep Docker Swarm alive Docker Enterprise Kontena closes and the team joins Mirantis Mirantis joins Airship project First release of Docker Enterprise from the merged team The Mirantis Bear Adrian Ionel on Twitter