Kubernetes Podcast from Google

SIG Network is completely rethinking the way you define groupings of applications (Service) and get traffic sent to them (Ingress) by building the Service APIs, a new set of primitives which are better suited to how different groups of users interact with them. Bowei Du is a Tech Lead on GKE and a member of SIG Network who is leading the design and implementation of these new APIs, as well as working on getting Ingress to GA in Kubernetes 1.19. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Christmas trees Magic Puzzles News of the week Google Cloud Next On Air Sign up now Harbor 2.0 Azure introduces 10c/hr uptime SLA and Kubernetes 1.18 in preview Red Hat announces Amazon Red Hat OpenShift Linode Kubernetes Engine is Generally Available VMware to acquire Octarine Venafi to acquire Jetstack cert-manager 0.15 and beyond Episode 75, with James Munnelly Maesh 1.2 Grafana 7.0 AWS CDK for Kubernetes (cdk8s) Call to participate in CNCF survey Load balancing algorithms in Envoy by Tony Allen Links from the interview Bowei’s PhD: CAP theorem TIER project: Technologies and Infrastructure for Emerging Regions Delay-tolerant networking (DTN) Service EndpointSlices Coming to Istio and Knative Health checks: Liveness and readiness at pod level Pod Ready++ Ingress cert-manager ingress-nginx TLS is only on port 443 2018 Ingress survey Conformance profile Episode 41, with Tim Hockin Ingress moving to GA in 1.19 Service APIs Evolving the Kubernetes Ingress API to GA and beyond by Bowei and Christopher Luciano from IBM A sketch of the API GatewayClass and StorageClass KEP for adding L4 Multi-Cluster Services API proposal Bowei Du on Twitter

More gripping than a crime scene in Las Vegas, the Container Storage Interface (CSI) lets vendors interface with Kubernetes. Saad Ali from Google led development of Kubernetes storage, including the CSI and volume subsystem. He joins hosts Adam and Craig for an in-depth look at how storage works in Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam’s puzzle How they made The Mandalorian Unreal Engine: Project Spotlight Fraggle Rock: Rock On! Lockdown music videos: Crowded House: Something So Strong Mostar Diving Club: Quiet Hands News of the week IBM Cloud Satellite Google Cloud Buildpacks Anthos for app modernisation via CI/CD and transforming legacy Java applications Azure Container Registry adds dedicated data endpoints Amazon ECR: multi-architecture containers Amazon Cloudwatch adds Prometheus metrics run:AI creates fractional GPU sharing for Kubernetes The State of Cloud Native Development: CNCF survey (PDF) VMware’s State of Kubernetes 2020 (PDF) Gatekeeper Policy Management from SIGHUP Episode 101, with Tim Hinrichs and Torin Sandall Datastax Astra on GCP and Sam Ramji’s blog Episode 98 with Sam Ramji Introducing PodTopologySpread by Aldo Culquicondor and Wei Huang Pod Security Policies at Square by Jason Price Introduction to OpenTelemetry by Ran Ribenzaft Episode 97, with Yuri Shkuro Kubernetes and Istio on the F-16 jet: CNCF case study GKE logging introduction by Charles Baer and Xiang Shen Helm and Kustomize, better together Helm, with Matt Butcher Kustomize, with Phillip Wittrock Links from the interview SIG Storage KubeCon keynote: Debunking the Myth: Kubernetes Storage is Hard Episode 41 with Tim Hockin Docker: Volumes Volumes Persistent Volumes In-tree volume plugins (deprecated) FlexVolume Container Storage Interface Kubernetes CSI docs Design doc CSI GA announcement CSI sidecar containers Ephemeral CSI volumes (Beta) Secrets Store CSI driver Local persistent volumes Data populators KEP CSI topology Topology-aware volume provisioning CSI for Persistent Memory GKE on AWS CSI TV theme songs The Who: Substitute Saad Ali on Twitter

In celebration of Helm graduating to a top-level CNCF project, Adam and Craig. talk to its creator and primary architect, Matt Butcher of the Deis Labs team at Microsoft Azure. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam talks about these baby wipes Craig talks about these baby wipes News of the week Red Hat Virtual Summit news: OpenShift 4.4 OpenShift Serverless OpenShift Virtualization Advanced Cluster Management for Kubernetes Azure Red Hat OpenShift upgraded to v4 OpenShift 4.3 on IBM Power Red Hat Marketplace More ways Red Hat are here to help Azure Kubernetes Service: Windows Server Containers, Private Clusters and Managed Identities now GA Windows Server Containers are GA on GKE too Episode 70, with Patrick Lang Ingress for Anthos Kaggle writes about using it for gRPC Explore Anthos with a sample deployment Celebrating Helm’s graduation The Safety Boat: Kubernetes and Rust by Taylor Thomas from Deis Labs Announcing Vitess 6 Couchbase Autonomous Operator 2.0 Kong for Kubernetes 0.8 Tern 2.0 KubeCon + CloudNativeCon Europe 2020 Alcide look at Kubernetes as a Service Anthos Service Mesh deep-dive GigaOm Radars, by Enrico Signoretti Data Storage for Kubernetes Hosted Kubernetes solutions Federated Kubernetes Links from the interview Matt Butcher Doctor of Philosphy Why One Philosopher Left Academia Celebrating Helm’s graduation Helm A floppy disk History of Helm Introducing Helm Why Kubernetes Needs Helm Deis In 2016 The Illustrated Childrens Guide to Kubernetes k8splace Deployment Manager for Kubernetes Skippbox Bitnami Helm 3 transition by Matt Fisher Upgrading from Windows 1.0 to 8.0 Helm charts and Helm Hub TUF and in-toto Is there a Helm and Operators showdown? Operators blog by Brandon Philips First Helm Summit Episode 43, with Brian Grant Swag Helm coffee cup Deis socks Printed copy of The Illustrated Childrens Guide Deis gift satchel Tide pen Deis acquired by Microsoft, 3 years ago CNAB, Brigade and Krustlet Techne and Sophia Matt Butcher on Twitter

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The cupboard was bare Marmite is not a satisfactory substitute for baking yeast 4D jigsaw puzzles (or a picture, if not for sale in your location) News of the week Anthos for AWS is now Generally Available TechCrunch coverage Eurosys ‘20: Autopilot paper Borg: The Next Generation paper Cluster traces Cloud Foundry becomes more Kubernetes-native with cf-for-k8s Paketo Buildpacks Everything you need to know about them How they fit into the Cloud Native landscape Changes to Kubernetes release cycles for 2020 Aqua Security announces Dynamic Threat Analysis RHEL 8.2 adds new container tools Red Hat product life cycle changes Flatcar Linux now supported on VSphere Episode 79 with Chris Kühl sKan from Alcide kubeletctl from CyberArk xls-kubectl by Daniele Polencic of Learnk8s Microsoft’s new reverse proxy YARP Running decades-old games in containers by Misha Brukman TorchServe and TorchElastic for Kubernetes by Facebook and AWS Controller code Project Astra from NetApp Launch video Styra adds mutating webhooks to Declarative Authorization Service Simulating clock skew by PingCAP Links from the interview Open Policy Agent Styra Episode 42 with John Murray Plate smashing OASIS XACML OPA is… “easier” The origin of Open Policy Agent and Rego Founded in 2015: first commit Donated to the CNCF Sandbox in 2018 and moved to incubation in 2019 Rego configuration language Running as a Go API Bundles Admission controllers in Kubernetes Existing Kubernetes policies NetworkPolicy LimitRange OPA Gatekeeper: Policy and Governance for Kubernetes OPA and WebAssembly Hooli examples Tim Hinrichs and Torin Sandall on Twitter

To celebrate our 100th episode we welcome back our first ever guest, Paris Pittman, open source program manager at Google Cloud and member of the Kubernetes steering committee - among many other roles. Along with hosts Adam and Craig, Paris looks at how the community has changed and how it has stayed the same, and how other projects are able to adopt learnings from Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 100 episodes! Our introductory blog Our introductory KubeCon keynote News of the week New Tanzu announcements Surge upgrades for GKE Spot and system/user node pools on Azure Kubernetes Service Portworx Essentials OpenShift Container Storage 4.3 Magicpak by Hiromi Ogawa Pluto from Fairwinds Trow featured in the New Stack Using Apache SkyWalking to fix the blind spot of distributed tracing Lyft takes Envoy Mobile to production gRPC and Kotlin Episode 94 with Richard Belleville Gloo 1.3 Envoy Wasm filters at Banzai Cloud faasd by Alex Ellis Kubernetes Fury Distribution 1.1 NeuVector adds Vulnerability and Compliance Explorer Infra.app adds Linux support Node Local DNS cache by Povilas Versockas Cheeky Monkey by Rich Stokes Anthos: Under The Hood by the Google Cloud Developer Advocacy team Kubernetes Operators by Jason Dobies and Joshua Wood of Red Hat Cloud Foundry Platform Certification includes Kubernetes Announcing the Kubernetes Contributor Communications team How to join Lachlan Evenson joins the Kubernetes steering committee CFP opens for KubeCon US Fluentd project journey report Seven CNCF interns graduate the CommunityBridge program with more to come Links from the interview Episode 1, also with Paris Pittman! Kubernetes Slack Guidelines and Code of Conduct Moderator team SIGs and Working Groups Code of Conduct Committee Product Security Committee SIG Working Group Lifecycle doc SIG PM retirement Chairs and TL roles Not much love to go round? Subprojects - they rule everything around Paris CNCF Contributor Strategy SIG CNCF Observability SIG Kubernetes Community communication guidelines Zoom guidelines Kubernetes upstream marketing - Contributor Communications team YouTube PE Charter: Ethos and guidelines API conventions doc The Art of Community by Jono Bacon O’Reilly Linux Pocket Guide by Daniel Barrett Oh, The Places You’ll Go! by Dr Seuss Episode 74, with Jorge Castro Animal Crossing: New Horizons Find the games on Twitter Paris Pittman on Twitter

kpt (“kept”) is a new open-source tool for Kubernetes packaging built by Google Cloud. Morten Torkildsen is an engineer at Google, focusing on configuration management and the workloads APIs, and he worked on Kpt. He explains it to Adam, while Craig fills his mind with penguins. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The Easter Bunny is an Essential Worker in New Zealand From the archives: Dragon research (discussed in Episode 53) Keepers are letting the penguins run loose at Oregon Zoo Visiting the Beluga Whale at Shedd Aquarium News of the week CNCF projects: Volcano joins the Sandbox Dragonfly moves to incubation Argo moves to incubation Argo CVEs by Matt Hamilton of Soluble Docker announces Compose specification Nautilus: a tool for visualising Docker Compose files Show HN post Deis Labs introduces Krustlet: Introduction Why Rust? The Microsoft take Tekton now in Beta Episode 44, with Tracy Miranda Episode 47, with Kim Lewandowski Microsoft publishes attack matrix for Kubernetes Detecting a large-scale cryptocurrency mining attack Huawei announces Mindspore deep learning framework Service Mesh Hub from Solo Technical overview Mixerless Telemetry in Istio by Zsolt Varga of Banzai Cloud Amazon launches Fargate platform v1.4.0 Version primer Data plane, under the hood Elastic File Server (NFS) support Rook 1.3 Write-up by Vanilla Kola Red Hat: OpenShift Commons Gathering, April 27 Istio on OpenShift in 2020 Be careful when pulling images by short name Canonical launches managed apps When to use Helm and when to use Operators by Matt Butcher Controlling outbound traffic from Kubernetes by Jack Kleeman and Chongyang Shi at Monzo API Priority and Fairness Alpha by Min Kim, Mike Spreitzer and Daniel Smith Hubspot moves Zookeeper to Kubernetes Graceful shutdown in Kubernetes is not always trivial by Ilya Andreev from Flant Open Container Initiative icons Kubernetes Workshop in a Box by Pascal Widdershoven Links from the interview kpt Announcement What does it stand for? Kubernetes Resource Model helm template command kpt apply vs kubectl apply Configuration as Code Brian Grant Twitter thread on kpt kpt Setters Domain-specific languages Examples and Kubernetes examples you can use with kpt kpt functions Installing kpt kpt on GitHub Morten Torkildsen on Twitter

Apache Cassandra, a scale-out datastore, is becoming more Kubernetes-native. Sam Ramji is Chief Strategy Officer at DataStax, a company that builds Cassandra-based products. He explains how DataStax has pivoted back towards supporting upstream Cassandra, and how they’re making it easier to manage on Kubernetes. As always, we also cover the news of the week, and we look at what is and is not a dinosaur. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The return of the brontosaurus We’re going on a bear hunt News of the week kpt: Announcement Site Contributors: Episode 7, with Phillip Wittrock Episode 11, with Vic Iglesias Episode 29, with Janet Kuo Episode 43, with Brian Grant Possible meanings, thanks to Daniel Roth and Blender Fox What does it really stand for? Please tweet us at @kubernetespod. Wrong answers only! Kubernetes 1.18 deep-dives: Topology Manager Server-side Apply Ingress CSI: Redmond New GitLab features Episode 89, with Marin Jankovski Rancher 2.4 Episode 57, with Darren Shepherd Sidekick, from Minio Cortex 1.0 Kubernetes CVE-2019-11254 Kubernetes Kapsule: managed clusters from Scaleway Build your own Kubernetes controller by Nicolas Fränkel Kubie, by Simon Bernier St-Pierre Serving repository move from Google to community control mkit from Darkbit oneinfra by Rafael Fernández López Cost savings with Kubernetes by Henning Jacobs Episode 38 Planetscale goes multi-cloud Episode 81, with Jiten Vaidya and Sugu Sougoumarane 30 days of free training from Google Cloud Critical vulnerabilty in HAProxy Well-being tips from the CNCF Links from the interview Chief Strategy Officer Sam at Microsoft The West Wing Apache Cassandra Based on the Bigtable paper Created at Facebook in 2008 Paper published in 2009 A top-level Apache project since 2010 Wide columnar data store and NoSQL CAP theorem - Cassandra is AP, eventually consistent ACID and BASE NewSQL The road to Cassandra 4.0 by Patrick McFadin DataStax Riptano raising money becoming DataStax and losing the rhino DataStax Enterprise Cassandra Operator and Management API Announcement blog DataStax Astra 501c3 and 501c6 US organizations Cloud Foundry Foundation Cassandra Enhancement Proposals (CEP) Pluggable storage engines Instagram’s “Rocksandra” Cassandra fork and Amazon’s Rocksandra fork Sam Ramji on Twitter

Jaeger is a distributed tracing platform built at Uber, and open-sourced in 2016. It traces its evolution from a Google paper on distributed tracing, the OpenZipkin project, and the OpenTracing libraries. Yuri Shkuro, creator of Jaeger and author of Mastering Distributed Tracing, joins Craig and Adam to tell the story, and explain the hows and whys of distributed tracing. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Music from Home: Brian May Neil Finn You Don’t Know Jack Galaxy Trucker Free books from the Sesame Workshop Google Play Amazon Barnes and Noble Kobo The Monster At The End Of This Book News of the week Update on the update on the update on KubeCon EU: now 13 to 16 August, and possibly online. Virtual Rejekts on 1 April Datastax Cassandra Operator and Management API Announcement blog PromCat: Prometheus Catalog from Sysdig Evaluating Predictive Autoscaling in Kubernetes by Jamie Thompson Provision a certificate and key for an application without Istio sidecars by Lei Wang How to Secure Your Kubernetes Cluster on GKE by Lewis Marshall Upcoming changes to IP assignment for EKS Managed Node Groups and De-mystifying EKS networking by Nathan Taber Updated EKS SLA Ops tips by Ciro S. Costa: Quality of Service and OOM, and Kubernetes Secrets Google upgrades to Platinum membership of Cloud Foundry Foundation CNCF Case Study: Vodafone Links from the interview Yuri Shkuro Open Source at Uber Episode 84: Monitoring, Metrics and M3, with Martin Mao and Rob Skillington - another open source project from Uber Mastering Distributed Tracing - Yuri’s book Service-Oriented Architecture: Scaling the Uber Engineering Codebase As We Grow by Einas Haddad What is Distributed Tracing? Evolving Distributed Tracing at Uber Engineering - Yuri’s blog post OpenZipkin TChannel OpenTracing Towards Turnkey Distributed Tracing by Ben Sigelman Jaeger Get started in one container Deploying to Kubernetes gRPC OpenTracing library Jaeger agent and collectors Storage backends Jaeger in Istio and trace context propagation OpenTelemetry: merging OpenTracing and OpenCensus A Brief History of Tracing (So Far) by Ben Sigelman and Morgan McLean Jaeger and OpenTelemetry Now officially in Beta! Google Dapper paper OpenTracing joined CNCF in 2016 What is a jaeger? The logo Red Hat Hawkular Jaeger joins the CNCF in 2017 and graduates in 2019 Jaeger Analytics Yuri Shkuro on Twitter

Kubernetes 1.18 is out - almost! A bug has pushed it back a day. While you’re waiting, release team lead Jorge Alarcon will tell you all about the fit and finish you can expect in the release when it’s out tomorrow. Adam and Craig bring you the other community news of the week, as well as some podcast follow-up. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Shoe Dog What the fox really says News of the week Kubernetes 1.18 is out! Well, not quite yet: this regression is being fixed Enhancement tracker Windows features: containerd kubeadm RuntimeClass GMSA Ingress API kubectl diff and APIServer dry-run kubectl debug CNCF SIG Contributor Strategy Kong ingress controller and Istio service mesh by Kevin Chen KubeCF becomes a Cloud Foundry Foundation incubation project Platform9 adds two new tiers And adds free JFrog Private Container Registry Backyards 1.2 Red Hat adds support for installing OpenShift on top of RHV Google Cloud Game Servers Kubei, a new open source runtime vulnerabilty scanner by Portshift Azure Container Registry adds customer managed keys AKS adds Ubuntu 18.04 Kubernetes security announcements CVE-2020-8551 - kublet CVE-2020-8552 - API server Using Inspektor Gadget to add network policies okteto push D2iQ changes CEOs Spectro Cloud comes out of stealth Links from the interview Kubernetes 1.18 release blog 1.18.0 announcement e-mail Computational biology and folding proteins Data for Democracy Kubernetes Up and Running by Joe Beda, Kelsey Hightower, and “the other guy” The Kubernetes Slack Searchable.ai A bit about them Home slice Episode 72, with Lachlan Evenson Emeritus Adviser Release logo Sidecar containers Tim Hockin’s thoughts on Sidecar Containers not making 1.18 1.19 release lead: Taylor Dolezal Jorge on Twitter and alejandrox1 on the Kubernetes Slack

If you’re running Kubernetes, you’re running etcd. The distributed key-value store was started as an intern project at CoreOS by Xiang Li, who is still maintaining it but now working on infrastructure at Alibaba. Xiang joins your hosts to discuss. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Getting toilet paper be like So, stay at home and play with free synth apps! Korg Kaossilator: download for Android or iOS MiniMoog Model D: download for iOS iSongs on YouTube News of the week vSphere 7 and VMware Tanzu announcements Docker announces new strategy and roadmap Hitachi Vantara acquires Containership’s assets Containership’s since-removed “goodbye” post Lens, now from Lakend Labs KEDA and SMI join the CNCF Sandbox AWS Bottlerocket blog post and GitHub repo Enable encryption on App Mesh with custom or ACM certs EKS supports Kubernetes 1.15 Firecracker thread by Micah Hausler gVisor thread by Ian Lewis Kublr adds rolling upgrades Google Cloud moves to its own ACME certificate provider GKE Workload Identity is GA Analysis of Redis operators by Flant Bank Vaults 1.0 and HSM support by Banzai Cloud CNCF joins Google Summer of Code Lifemiles case study Rancher Labs raises $40m Episode 57, with Darren Shepherd Links from the interview etcd etcd on GitHub How Kubernetes uses etcd The history of etcd, including the famous garage Built to handle upgrading CoreOS Container Linux nodes Prior art: Zookeeper: too much JVM Doozer: not enough community Chubby: too private to Google Paxos The paper Paxos Made Live - An Engineering Perspective Multi-Paxos raft The paper Announcing etcd Ben and Blake etcd3 moved from a tree keyspace to flat keyspace Latest version: etcd 3.4 etcd and Kubernetes at Alibaba: Demystifying Kubernetes as a Service – How Alibaba Cloud Manages 10,000s of Kubernetes Clusters Performance optimization of etcd in web scale data scenario The first etcd operator created by Xiang Jepsen tests of 0.4.1 and 3.4.3 CNCF to host etcd in December 2018 etcd roadmap Xiang Li on GitHub Xiang Li on Twitter