Kubernetes Podcast from Google

Last week Loodse, the makers of the Kubermatic Kubernetes Platform, made that platform open source, and rebranded their company to match. Co-founder Sebastian Scheele joins us to explain how the company and platform came about, why they’ve made their changes, and what exactly a Loodse was anyway. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Docker for the new Arm Macs Tick Tock Keep Talking and Nobody Explodes Spaceteam News of the week Kubermatic 2.14 now Open Source HashiCorp Cloud Platform and new versions of Nomad, Terraform and Consul Flagger 1.0 OpenMatch 1.0 Harbor graduates at the CNCF SPIFFE and SPIRE move to incubation level CNCF post GKE goes to 15,000 nodes with Bayer Crop Science Tsunami: extensible network scanning from Google AWS App Mesh controller for Kubernetes is GA Dell announces PowerScale storage Gocker: a mini Docker written in Go by Shuveb Hussain The Kubernetes Goat by Madhu Akula Storpool and Sardina launching Kubernetes-as-a-Service Kubernetes website adopts Docsy Getting started with Oracle 18c on Kubernetes by Ron Ekins Links from the interview Kubermatic (f.k.a. Loodse) SAP HANA Julian Hansert Hamburg and Munich Kubernetes meetups ContainerDays Kubermatic Kubernetes Platform SAP Gardener Leibnitz KubeOne Loodse rebrands to Kubermatic Kubermatic Kubernetes Platform on GitHub Sebastian Scheele on Twitter

Two years ago, Sarah Wells from the Financial Times gave a KubeCon EU keynote about how the company moved from monolith to microservices, and how her Content and Metadata platform team moved to Kubernetes specifically. She joins hosts Adam and Craig to recap that migration, and what life has been like since. As Sarah has moved to a broader role in charge of all observability for The FT, she also invited Dimitar Terziev, the current platform lead for the CM team, to the conversation. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Duck eggs Green onions News of the week kube2hadoop from LinkedIn Kubera from Mayadata Episode 56, with Evan Powell Linkerd 2.8 Multi-cluster with Ambassador Consul 1.8 Intro to Istio Ingress from Banzai Cloud Cloudflow 2.0.0 Not the shoe Google internships go virtual to help Open Source Introducing the CNCF Technology Radar CNCF SIG Observability Episode 37, with Richard Hartmann Loft (and Reddit thread) Jib 2.4 announcement and Jib extensions Zerto for Kubernetes AKS 2020-06-08 adds node image upgrade and application gateway ingress controller Cloudera Data Platform for Private Clouds Cloudbees introduces DoD compliant CI, now with a CtF to deploy into an environment with an ATO, which meets DISA STIG and NIST RMF security guidelines Episode 44, with Tracy Miranda Microsoft discovers cryptojacking in Kubeflow clusters on Azure Gokul Chandra writes up Anthos Links from the interview Financial Times The pink pages Subscriber stats Coronavirus coverage The latest figures John Burn-Murdoch Added 50,000 subscribers since COVID-19 FT Crossword KubeCon EU 2018 keynote: “Switching Horses Midstream: The Challenges of Migrating 150+ Microservices to Kubernetes” by Sarah Wells Schedule Video Slides Monzo microservices graph CoreOS Fleet Innovation tokens: Choose Boring Technology by Dan McKinley Dashing from Shopify Sarah and Dimitar on Twitter

After 5 years at the helm of the CNCF, executive director Dan Kohn is stepping down to launch a new Public Health initiative. The new General Manager of the CNCF is Priyanka Sharma, who joins our show today. Priyanka tells Craig and Adam what to expect, talks about virtual events, and gives some hints on how to rename projects. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Frog Leap Studios Tubthumping (originally by Chumbawamba) Hello (originally by Adele) News of the week Rancher Longhorn is GA Fairwinds Polaris is GA AKS does new networking things Kubecost’s cluster-turndown saves you money Solo Developer Portal for Istio CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements CVE-2020-8555: Half-Blind SSRF in kube-controller-manager Write-up from “Reeverzax” and “Hach” Ambassador 1.5 released Microk8s for Windows and Mac Finding your GKE logs by Rami Shalom and Charles Baer Business continuity with Anthos CNCF Cloud Engineer Bootcamp CKA program changes Lessons learned by Noah Kantrowitz of Ridecell Links from the interview Lightstep Ben Sigelman Ben Cronin “Spoons” Dapper Monarch OpenTracing Episode 97, with Yuri Shkuro GitLab Sid Sijbrandij CNCF Charter Governing Board members Priyanka joins as GM Dan Kohn Chris Aniszczyk On 4 years at the Linux Foundation Jim Zemlin End User Community Cheryl Hung Episode 35, with Dan Kohn LF Public Health Events: Cloud Native Summit Online KubeCon EU KubeCon Boston CNCF Technical Oversight Committee Charter Members CNCF Projects Other projects: Ollie Priyanka Sharma on Twitter

In a world where pods (and IP addresses) come and go, DNS is a critical component. John Belamaric is a Senior SWE at Google, a co-chair of Kubernetes SIG Architecture, a Core Maintainer of the CoreDNS project and author of the O’Reilly Media book Learning CoreDNS: Configuring DNS for Cloud Native Environments. He joins Craig and Adam to discuss CoreDNS, the evolution of DNS in Kubernetes, and how name resolution has been made more reliable in recent releases. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Death of George Floyd SpaceX Crew Demo 2 launch Sunniest Spring on record in the UK A small test rocket launch in Scotland UK spaceport (proposed) New Zealand spaceport (active) News of the week Priyanka Sharma replaces Dan Kohn at the CNCF Episode 35, with Dan Kohn Starboard, by Aqua Security Episode 19, with Liz Rice Docker Enterprise 3.1 from Mirantis Docker and Microsoft; Microsoft and Docker Velero v1.4 Agones v1.6 Episode 26, with Mark Mandel and Cyril Tovena Chef adds Windows container migration for GKE Red Hat adds Quarkus to Red Hat Runtimes AWS encrypts Fargate ephemeral disks in v1.4 PlanetScale open sources a Vitess operator Episode 81, with Jiten Vaidya and Sugu Sougoumarane Kubernetes provider for Hashicorp Terraform Google Vulnerability Reporting Program adds GKE Tools for debugging apps on Google Kubernetes Engine by Charles Baer and Xiang Shen How Migrate for Anthos helps modernize Java apps Helm project journey report Episode 102, with Matt Butcher Helm 3: the Good, the Bad and the Ugly by Sandor Guba of BanzaiCloud NIST deployment guidelines for proxy-based Service Mesh by Ramaswamy Chandramouli of NIST and Zack Butcher of Tetrate The World of kubectl Plugins: a YouTube series by Ahmet Alp Balkan Episode 66, with Ahmet Alp Balkan and Luk Burchard Links from the interview Domain Name System Root zone Authoritative name server Recursive and caching name server Infoblox Kubernetes Service DNS for Serivices and Pods Customizing DNS for Kubernetes CoreDNS; the default DNS server for Kubernetes since 1.11 Introduction slides KEP for CoreDNS in Kubernetes SkyDNS Miek Gieben; author of CoreDNS and SkyDNS version 2 Caddy: the HTTP server upon which CoreDNS is based Dnsmasq CoreDNS plugins Rewriting DNS with CoreDNS redisc plugin: enables a networked cache using Redis ens plugin: serve DNS records from Ethereum Name Service Node Local DNS cache and KEP BIND Unbound DNS resolver Explanatory blog posts: Understanding ndots in Kubernetes Racy conntrack and DNS lookup timeouts Learning CoreDNS: Configuring DNS for Cloud Native Environments by John Belamaric and Cricket Liu Cricket Liu and his books Book cover: a Comber fish Policy integration Episode 101, with Tim Hinrichs and Torin Sandall CoreDNS policy plugin coredns-opa SIG Architecture Production Readiness Review and KEP A DNS haiku John Belamaric on Twitter

Over the last 10 years, Cloud Foundry has grown from “open Heroku clone” to “software used at your bank”. The Cloud Foundry Foundation and the CNCF launched within a few months of each other in 2015, and the two worlds are now colliding as Cloud Foundry replatforms on top of Kubernetes. Our guest this week is the Executive Director of the Cloud Foundry Foundation, Chip Childers. He talks to Adam and Craig about foundations, the boredom of infrastructure, and the cost of every line of code you write. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Memorial Day Spring Bank Holiday Sundar Day Cracking the Cryptic: Sudoku solving and more 4 million views Craig’s favourite: watch Simon’s excitement Guardian article cheat3: Lego puzzle boxes News of the week Istio 1.6 released Multiple control planes WorkloadEntry Azure Arc for Kubernetes now in preview New AKS features GKE introduces Container Threat Detection in Beta TriggerMesh makes EveryBridge available to EveryOne in Preview Introducing KES from MinIO Updates to StackRox Kubernetes security platform OPA survey results Styra DAS adds microservices authorization Episode 101, with Tim Hinrichs and Torin Sandall Rancher Academy Understanding Anthos on Bare Metal from Google Cloud Snyk partners with Docker and Docker partners with Snyk Kubernetes Apply vs. Replace vs. Patch by David Dooling from Atomist Links from the interview DMTF and DTMF 17 year old kids asked to use a rotary phone Apache CloudStack Wikipedia, with history Apache Software Foundation Officers and Project VPs Cloud Foundry Announcement of formation GitHub Wikipedia Boeing B-29 plane Pivotal Software Linux Foundation Collaborative Projects Open Container Initiative April 2020: Chip Childers, CFF CTO, becomes Executive Director Episode 98, with Sam Ramji (the founding CEO/Executive Director of the CFF) Project Eirini: announced by IBM in April 2019 Old architecture: Diego and Garden KubeCF Created at SUSE GitHub cf-for-k8s GitHub Chip Childers on Twitter

SIG Network is completely rethinking the way you define groupings of applications (Service) and get traffic sent to them (Ingress) by building the Service APIs, a new set of primitives which are better suited to how different groups of users interact with them. Bowei Du is a Tech Lead on GKE and a member of SIG Network who is leading the design and implementation of these new APIs, as well as working on getting Ingress to GA in Kubernetes 1.19. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Christmas trees Magic Puzzles News of the week Google Cloud Next On Air Sign up now Harbor 2.0 Azure introduces 10c/hr uptime SLA and Kubernetes 1.18 in preview Red Hat announces Amazon Red Hat OpenShift Linode Kubernetes Engine is Generally Available VMware to acquire Octarine Venafi to acquire Jetstack cert-manager 0.15 and beyond Episode 75, with James Munnelly Maesh 1.2 Grafana 7.0 AWS CDK for Kubernetes (cdk8s) Call to participate in CNCF survey Load balancing algorithms in Envoy by Tony Allen Links from the interview Bowei’s PhD: CAP theorem TIER project: Technologies and Infrastructure for Emerging Regions Delay-tolerant networking (DTN) Service EndpointSlices Coming to Istio and Knative Health checks: Liveness and readiness at pod level Pod Ready++ Ingress cert-manager ingress-nginx TLS is only on port 443 2018 Ingress survey Conformance profile Episode 41, with Tim Hockin Ingress moving to GA in 1.19 Service APIs Evolving the Kubernetes Ingress API to GA and beyond by Bowei and Christopher Luciano from IBM A sketch of the API GatewayClass and StorageClass KEP for adding L4 Multi-Cluster Services API proposal Bowei Du on Twitter

More gripping than a crime scene in Las Vegas, the Container Storage Interface (CSI) lets vendors interface with Kubernetes. Saad Ali from Google led development of Kubernetes storage, including the CSI and volume subsystem. He joins hosts Adam and Craig for an in-depth look at how storage works in Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam’s puzzle How they made The Mandalorian Unreal Engine: Project Spotlight Fraggle Rock: Rock On! Lockdown music videos: Crowded House: Something So Strong Mostar Diving Club: Quiet Hands News of the week IBM Cloud Satellite Google Cloud Buildpacks Anthos for app modernisation via CI/CD and transforming legacy Java applications Azure Container Registry adds dedicated data endpoints Amazon ECR: multi-architecture containers Amazon Cloudwatch adds Prometheus metrics run:AI creates fractional GPU sharing for Kubernetes The State of Cloud Native Development: CNCF survey (PDF) VMware’s State of Kubernetes 2020 (PDF) Gatekeeper Policy Management from SIGHUP Episode 101, with Tim Hinrichs and Torin Sandall Datastax Astra on GCP and Sam Ramji’s blog Episode 98 with Sam Ramji Introducing PodTopologySpread by Aldo Culquicondor and Wei Huang Pod Security Policies at Square by Jason Price Introduction to OpenTelemetry by Ran Ribenzaft Episode 97, with Yuri Shkuro Kubernetes and Istio on the F-16 jet: CNCF case study GKE logging introduction by Charles Baer and Xiang Shen Helm and Kustomize, better together Helm, with Matt Butcher Kustomize, with Phillip Wittrock Links from the interview SIG Storage KubeCon keynote: Debunking the Myth: Kubernetes Storage is Hard Episode 41 with Tim Hockin Docker: Volumes Volumes Persistent Volumes In-tree volume plugins (deprecated) FlexVolume Container Storage Interface Kubernetes CSI docs Design doc CSI GA announcement CSI sidecar containers Ephemeral CSI volumes (Beta) Secrets Store CSI driver Local persistent volumes Data populators KEP CSI topology Topology-aware volume provisioning CSI for Persistent Memory GKE on AWS CSI TV theme songs The Who: Substitute Saad Ali on Twitter

In celebration of Helm graduating to a top-level CNCF project, Adam and Craig. talk to its creator and primary architect, Matt Butcher of the Deis Labs team at Microsoft Azure. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam talks about these baby wipes Craig talks about these baby wipes News of the week Red Hat Virtual Summit news: OpenShift 4.4 OpenShift Serverless OpenShift Virtualization Advanced Cluster Management for Kubernetes Azure Red Hat OpenShift upgraded to v4 OpenShift 4.3 on IBM Power Red Hat Marketplace More ways Red Hat are here to help Azure Kubernetes Service: Windows Server Containers, Private Clusters and Managed Identities now GA Windows Server Containers are GA on GKE too Episode 70, with Patrick Lang Ingress for Anthos Kaggle writes about using it for gRPC Explore Anthos with a sample deployment Celebrating Helm’s graduation The Safety Boat: Kubernetes and Rust by Taylor Thomas from Deis Labs Announcing Vitess 6 Couchbase Autonomous Operator 2.0 Kong for Kubernetes 0.8 Tern 2.0 KubeCon + CloudNativeCon Europe 2020 Alcide look at Kubernetes as a Service Anthos Service Mesh deep-dive GigaOm Radars, by Enrico Signoretti Data Storage for Kubernetes Hosted Kubernetes solutions Federated Kubernetes Links from the interview Matt Butcher Doctor of Philosphy Why One Philosopher Left Academia Celebrating Helm’s graduation Helm A floppy disk History of Helm Introducing Helm Why Kubernetes Needs Helm Deis In 2016 The Illustrated Childrens Guide to Kubernetes k8splace Deployment Manager for Kubernetes Skippbox Bitnami Helm 3 transition by Matt Fisher Upgrading from Windows 1.0 to 8.0 Helm charts and Helm Hub TUF and in-toto Is there a Helm and Operators showdown? Operators blog by Brandon Philips First Helm Summit Episode 43, with Brian Grant Swag Helm coffee cup Deis socks Printed copy of The Illustrated Childrens Guide Deis gift satchel Tide pen Deis acquired by Microsoft, 3 years ago CNAB, Brigade and Krustlet Techne and Sophia Matt Butcher on Twitter

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The cupboard was bare Marmite is not a satisfactory substitute for baking yeast 4D jigsaw puzzles (or a picture, if not for sale in your location) News of the week Anthos for AWS is now Generally Available TechCrunch coverage Eurosys ‘20: Autopilot paper Borg: The Next Generation paper Cluster traces Cloud Foundry becomes more Kubernetes-native with cf-for-k8s Paketo Buildpacks Everything you need to know about them How they fit into the Cloud Native landscape Changes to Kubernetes release cycles for 2020 Aqua Security announces Dynamic Threat Analysis RHEL 8.2 adds new container tools Red Hat product life cycle changes Flatcar Linux now supported on VSphere Episode 79 with Chris Kühl sKan from Alcide kubeletctl from CyberArk xls-kubectl by Daniele Polencic of Learnk8s Microsoft’s new reverse proxy YARP Running decades-old games in containers by Misha Brukman TorchServe and TorchElastic for Kubernetes by Facebook and AWS Controller code Project Astra from NetApp Launch video Styra adds mutating webhooks to Declarative Authorization Service Simulating clock skew by PingCAP Links from the interview Open Policy Agent Styra Episode 42 with John Murray Plate smashing OASIS XACML OPA is… “easier” The origin of Open Policy Agent and Rego Founded in 2015: first commit Donated to the CNCF Sandbox in 2018 and moved to incubation in 2019 Rego configuration language Running as a Go API Bundles Admission controllers in Kubernetes Existing Kubernetes policies NetworkPolicy LimitRange OPA Gatekeeper: Policy and Governance for Kubernetes OPA and WebAssembly Hooli examples Tim Hinrichs and Torin Sandall on Twitter

To celebrate our 100th episode we welcome back our first ever guest, Paris Pittman, open source program manager at Google Cloud and member of the Kubernetes steering committee - among many other roles. Along with hosts Adam and Craig, Paris looks at how the community has changed and how it has stayed the same, and how other projects are able to adopt learnings from Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 100 episodes! Our introductory blog Our introductory KubeCon keynote News of the week New Tanzu announcements Surge upgrades for GKE Spot and system/user node pools on Azure Kubernetes Service Portworx Essentials OpenShift Container Storage 4.3 Magicpak by Hiromi Ogawa Pluto from Fairwinds Trow featured in the New Stack Using Apache SkyWalking to fix the blind spot of distributed tracing Lyft takes Envoy Mobile to production gRPC and Kotlin Episode 94 with Richard Belleville Gloo 1.3 Envoy Wasm filters at Banzai Cloud faasd by Alex Ellis Kubernetes Fury Distribution 1.1 NeuVector adds Vulnerability and Compliance Explorer Infra.app adds Linux support Node Local DNS cache by Povilas Versockas Cheeky Monkey by Rich Stokes Anthos: Under The Hood by the Google Cloud Developer Advocacy team Kubernetes Operators by Jason Dobies and Joshua Wood of Red Hat Cloud Foundry Platform Certification includes Kubernetes Announcing the Kubernetes Contributor Communications team How to join Lachlan Evenson joins the Kubernetes steering committee CFP opens for KubeCon US Fluentd project journey report Seven CNCF interns graduate the CommunityBridge program with more to come Links from the interview Episode 1, also with Paris Pittman! Kubernetes Slack Guidelines and Code of Conduct Moderator team SIGs and Working Groups Code of Conduct Committee Product Security Committee SIG Working Group Lifecycle doc SIG PM retirement Chairs and TL roles Not much love to go round? Subprojects - they rule everything around Paris CNCF Contributor Strategy SIG CNCF Observability SIG Kubernetes Community communication guidelines Zoom guidelines Kubernetes upstream marketing - Contributor Communications team YouTube PE Charter: Ethos and guidelines API conventions doc The Art of Community by Jono Bacon O’Reilly Linux Pocket Guide by Daniel Barrett Oh, The Places You’ll Go! by Dr Seuss Episode 74, with Jorge Castro Animal Crossing: New Horizons Find the games on Twitter Paris Pittman on Twitter