Kubernetes Podcast from Google

kpt (“kept”) is a new open-source tool for Kubernetes packaging built by Google Cloud. Morten Torkildsen is an engineer at Google, focusing on configuration management and the workloads APIs, and he worked on Kpt. He explains it to Adam, while Craig fills his mind with penguins. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The Easter Bunny is an Essential Worker in New Zealand From the archives: Dragon research (discussed in Episode 53) Keepers are letting the penguins run loose at Oregon Zoo Visiting the Beluga Whale at Shedd Aquarium News of the week CNCF projects: Volcano joins the Sandbox Dragonfly moves to incubation Argo moves to incubation Argo CVEs by Matt Hamilton of Soluble Docker announces Compose specification Nautilus: a tool for visualising Docker Compose files Show HN post Deis Labs introduces Krustlet: Introduction Why Rust? The Microsoft take Tekton now in Beta Episode 44, with Tracy Miranda Episode 47, with Kim Lewandowski Microsoft publishes attack matrix for Kubernetes Detecting a large-scale cryptocurrency mining attack Huawei announces Mindspore deep learning framework Service Mesh Hub from Solo Technical overview Mixerless Telemetry in Istio by Zsolt Varga of Banzai Cloud Amazon launches Fargate platform v1.4.0 Version primer Data plane, under the hood Elastic File Server (NFS) support Rook 1.3 Write-up by Vanilla Kola Red Hat: OpenShift Commons Gathering, April 27 Istio on OpenShift in 2020 Be careful when pulling images by short name Canonical launches managed apps When to use Helm and when to use Operators by Matt Butcher Controlling outbound traffic from Kubernetes by Jack Kleeman and Chongyang Shi at Monzo API Priority and Fairness Alpha by Min Kim, Mike Spreitzer and Daniel Smith Hubspot moves Zookeeper to Kubernetes Graceful shutdown in Kubernetes is not always trivial by Ilya Andreev from Flant Open Container Initiative icons Kubernetes Workshop in a Box by Pascal Widdershoven Links from the interview kpt Announcement What does it stand for? Kubernetes Resource Model helm template command kpt apply vs kubectl apply Configuration as Code Brian Grant Twitter thread on kpt kpt Setters Domain-specific languages Examples and Kubernetes examples you can use with kpt kpt functions Installing kpt kpt on GitHub Morten Torkildsen on Twitter

Apache Cassandra, a scale-out datastore, is becoming more Kubernetes-native. Sam Ramji is Chief Strategy Officer at DataStax, a company that builds Cassandra-based products. He explains how DataStax has pivoted back towards supporting upstream Cassandra, and how they’re making it easier to manage on Kubernetes. As always, we also cover the news of the week, and we look at what is and is not a dinosaur. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The return of the brontosaurus We’re going on a bear hunt News of the week kpt: Announcement Site Contributors: Episode 7, with Phillip Wittrock Episode 11, with Vic Iglesias Episode 29, with Janet Kuo Episode 43, with Brian Grant Possible meanings, thanks to Daniel Roth and Blender Fox What does it really stand for? Please tweet us at @kubernetespod. Wrong answers only! Kubernetes 1.18 deep-dives: Topology Manager Server-side Apply Ingress CSI: Redmond New GitLab features Episode 89, with Marin Jankovski Rancher 2.4 Episode 57, with Darren Shepherd Sidekick, from Minio Cortex 1.0 Kubernetes CVE-2019-11254 Kubernetes Kapsule: managed clusters from Scaleway Build your own Kubernetes controller by Nicolas Fränkel Kubie, by Simon Bernier St-Pierre Serving repository move from Google to community control mkit from Darkbit oneinfra by Rafael Fernández López Cost savings with Kubernetes by Henning Jacobs Episode 38 Planetscale goes multi-cloud Episode 81, with Jiten Vaidya and Sugu Sougoumarane 30 days of free training from Google Cloud Critical vulnerabilty in HAProxy Well-being tips from the CNCF Links from the interview Chief Strategy Officer Sam at Microsoft The West Wing Apache Cassandra Based on the Bigtable paper Created at Facebook in 2008 Paper published in 2009 A top-level Apache project since 2010 Wide columnar data store and NoSQL CAP theorem - Cassandra is AP, eventually consistent ACID and BASE NewSQL The road to Cassandra 4.0 by Patrick McFadin DataStax Riptano raising money becoming DataStax and losing the rhino DataStax Enterprise Cassandra Operator and Management API Announcement blog DataStax Astra 501c3 and 501c6 US organizations Cloud Foundry Foundation Cassandra Enhancement Proposals (CEP) Pluggable storage engines Instagram’s “Rocksandra” Cassandra fork and Amazon’s Rocksandra fork Sam Ramji on Twitter

Jaeger is a distributed tracing platform built at Uber, and open-sourced in 2016. It traces its evolution from a Google paper on distributed tracing, the OpenZipkin project, and the OpenTracing libraries. Yuri Shkuro, creator of Jaeger and author of Mastering Distributed Tracing, joins Craig and Adam to tell the story, and explain the hows and whys of distributed tracing. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Music from Home: Brian May Neil Finn You Don’t Know Jack Galaxy Trucker Free books from the Sesame Workshop Google Play Amazon Barnes and Noble Kobo The Monster At The End Of This Book News of the week Update on the update on the update on KubeCon EU: now 13 to 16 August, and possibly online. Virtual Rejekts on 1 April Datastax Cassandra Operator and Management API Announcement blog PromCat: Prometheus Catalog from Sysdig Evaluating Predictive Autoscaling in Kubernetes by Jamie Thompson Provision a certificate and key for an application without Istio sidecars by Lei Wang How to Secure Your Kubernetes Cluster on GKE by Lewis Marshall Upcoming changes to IP assignment for EKS Managed Node Groups and De-mystifying EKS networking by Nathan Taber Updated EKS SLA Ops tips by Ciro S. Costa: Quality of Service and OOM, and Kubernetes Secrets Google upgrades to Platinum membership of Cloud Foundry Foundation CNCF Case Study: Vodafone Links from the interview Yuri Shkuro Open Source at Uber Episode 84: Monitoring, Metrics and M3, with Martin Mao and Rob Skillington - another open source project from Uber Mastering Distributed Tracing - Yuri’s book Service-Oriented Architecture: Scaling the Uber Engineering Codebase As We Grow by Einas Haddad What is Distributed Tracing? Evolving Distributed Tracing at Uber Engineering - Yuri’s blog post OpenZipkin TChannel OpenTracing Towards Turnkey Distributed Tracing by Ben Sigelman Jaeger Get started in one container Deploying to Kubernetes gRPC OpenTracing library Jaeger agent and collectors Storage backends Jaeger in Istio and trace context propagation OpenTelemetry: merging OpenTracing and OpenCensus A Brief History of Tracing (So Far) by Ben Sigelman and Morgan McLean Jaeger and OpenTelemetry Now officially in Beta! Google Dapper paper OpenTracing joined CNCF in 2016 What is a jaeger? The logo Red Hat Hawkular Jaeger joins the CNCF in 2017 and graduates in 2019 Jaeger Analytics Yuri Shkuro on Twitter

Kubernetes 1.18 is out - almost! A bug has pushed it back a day. While you’re waiting, release team lead Jorge Alarcon will tell you all about the fit and finish you can expect in the release when it’s out tomorrow. Adam and Craig bring you the other community news of the week, as well as some podcast follow-up. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Shoe Dog What the fox really says News of the week Kubernetes 1.18 is out! Well, not quite yet: this regression is being fixed Enhancement tracker Windows features: containerd kubeadm RuntimeClass GMSA Ingress API kubectl diff and APIServer dry-run kubectl debug CNCF SIG Contributor Strategy Kong ingress controller and Istio service mesh by Kevin Chen KubeCF becomes a Cloud Foundry Foundation incubation project Platform9 adds two new tiers And adds free JFrog Private Container Registry Backyards 1.2 Red Hat adds support for installing OpenShift on top of RHV Google Cloud Game Servers Kubei, a new open source runtime vulnerabilty scanner by Portshift Azure Container Registry adds customer managed keys AKS adds Ubuntu 18.04 Kubernetes security announcements CVE-2020-8551 - kublet CVE-2020-8552 - API server Using Inspektor Gadget to add network policies okteto push D2iQ changes CEOs Spectro Cloud comes out of stealth Links from the interview Kubernetes 1.18 release blog 1.18.0 announcement e-mail Computational biology and folding proteins Data for Democracy Kubernetes Up and Running by Joe Beda, Kelsey Hightower, and “the other guy” The Kubernetes Slack Searchable.ai A bit about them Home slice Episode 72, with Lachlan Evenson Emeritus Adviser Release logo Sidecar containers Tim Hockin’s thoughts on Sidecar Containers not making 1.18 1.19 release lead: Taylor Dolezal Jorge on Twitter and alejandrox1 on the Kubernetes Slack

If you’re running Kubernetes, you’re running etcd. The distributed key-value store was started as an intern project at CoreOS by Xiang Li, who is still maintaining it but now working on infrastructure at Alibaba. Xiang joins your hosts to discuss. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Getting toilet paper be like So, stay at home and play with free synth apps! Korg Kaossilator: download for Android or iOS MiniMoog Model D: download for iOS iSongs on YouTube News of the week vSphere 7 and VMware Tanzu announcements Docker announces new strategy and roadmap Hitachi Vantara acquires Containership’s assets Containership’s since-removed “goodbye” post Lens, now from Lakend Labs KEDA and SMI join the CNCF Sandbox AWS Bottlerocket blog post and GitHub repo Enable encryption on App Mesh with custom or ACM certs EKS supports Kubernetes 1.15 Firecracker thread by Micah Hausler gVisor thread by Ian Lewis Kublr adds rolling upgrades Google Cloud moves to its own ACME certificate provider GKE Workload Identity is GA Analysis of Redis operators by Flant Bank Vaults 1.0 and HSM support by Banzai Cloud CNCF joins Google Summer of Code Lifemiles case study Rancher Labs raises $40m Episode 57, with Darren Shepherd Links from the interview etcd etcd on GitHub How Kubernetes uses etcd The history of etcd, including the famous garage Built to handle upgrading CoreOS Container Linux nodes Prior art: Zookeeper: too much JVM Doozer: not enough community Chubby: too private to Google Paxos The paper Paxos Made Live - An Engineering Perspective Multi-Paxos raft The paper Announcing etcd Ben and Blake etcd3 moved from a tree keyspace to flat keyspace Latest version: etcd 3.4 etcd and Kubernetes at Alibaba: Demystifying Kubernetes as a Service – How Alibaba Cloud Manages 10,000s of Kubernetes Clusters Performance optimization of etcd in web scale data scenario The first etcd operator created by Xiang Jepsen tests of 0.4.1 and 3.4.3 CNCF to host etcd in December 2018 etcd roadmap Xiang Li on GitHub Xiang Li on Twitter

Richard Belleville works at Google on gRPC, a high-performance, universal RPC framework. Richard used gRPC before joining Google to work on it; he talks to the hosts about its history and derivation from Google’s internal Stubby, how it works, and how it differs from other RPC and messaging systems. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Castlevania series 3 on Netflix Discussed in Episode 27 Bad video game adaptations Pac-Man (TV series) Super Mario Bros (film) Doom (film) Hitchhiker’s Guide to the Galaxy - 42nd anniversary Upcoming Hulu TV series News of the week Istio 1.5: Release announcement 2020 roadmap Extensibility through WebAssembly in Envoy and the Proxy-Wasm ABI Solo.io’s WebAssemblyHub Google Cloud’s new strategy for the telecommunications industry Managed Kubernetes pricing comparison HPE Container Platform is Generally Available Contour 1.2 and Velero 1.3 Case studies: HelloFresh running Istio in production Kudos on moving to Kubernetes A survey of Istio’s network security features by Jack Leadford at NCC Group TIKV security audit Adrian Colyer looks at the Firecracker paper EKS adds AWS Encryption Provider 2019 CNCF Survey results Sidecar containers not in 1.19 after all KubeCon EU not on in Mar/Apr after all Links from the interview gRPC What is gRPC? gRPC Basics meetup video: a recent presentation by Richard at the Orchestructure meetup RPC vs messaging What does the G stand for? NASA Robotic Mining Challenge Protocol Buffers Stubby became gRPC Abseil: an open source collection of C++ libraries drawn from the most fundamental pieces of Google’s internal codebase Chubby lock services (the inspiration for etcd) Bidirectional streaming Head-of-line blocking Polling engines Swagger/OpenAPI gRPC + JSON by Carl Mastrangelo HTTP/2 Supported languages gRPC Core gRPC-web HTTP/2 trailers Users Graduating the CNCF Richard Belleville on Twitter

Kubeflow, the Machine Learning toolkit for Kubernetes, has hit 1.0. Google software engineer Jeremy Lewi is a core contributor to Kubeflow and was a founder of the project. He joins the show to discuss what Kubeflow does, and what it means to have hit 1.0. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Over the Road Over The Top and its amazing poster 13 Minutes to the Moon With soundtrack by Hans Zimmer We love our theme music, but its composer has fewer Academy Awards. News of the week KubeCon Novel Coronavirus update Schedules announced for day 0 events Kubeflow 1.0 is out Google Cloud blog Kubernetes 1.18-beta.1 1.18 features list Poor unloved Sidecar Containers Screwdriver joins CD Foundation Episode 44, with Tracy Miranda Introducing Arkade by Alistair Hey Install Kubernetes to your Raspberry Pi in 15 minutes by Alex Ellis Weathervane 2.0 from VMware AKS: Spot node pools and container scanning Vulnerable Containers API by Jerry Gamblin Advanced Persistence Threats: The Future of Kubernetes Attacks by Ian Coldwater and Brad Geesaman Episode 65, with Ian Coldwater Everyone might be Cluster Admin in your Kubernetes cluster by Jeff Geerling Mirantis acquires Kontena Episode 31, with Jari Kolehmainen CSI driver for Google Cloud Storage by Ofek Lev Bring your ideas to the world with kubectl plugins by Cornelius Weig Optimizing I/O intensive containers by Jay Huang Links from the interview Kubeflow Episode 2, with David Aronchick About Use cases Jupyter and its use in Kubeflow kfserving 1.0 release Enabling GPUs and TPUs Community Member organisations MNIST tutorial Kubeflow on GitHub and on Twitter Jeremy Lewi on Twitter

GPUs do more than move shapes on a gamer’s screen - they increasingly move self-driving cars and 5G packets, running on Kubernetes. Pramod Ramarao is a Product Manager at NVIDIA, and joins your hosts to talk about accelerators, containers, drivers, machine learning and more. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Printer networking HP JetDirect USB Type B The mess that is USB Type-C The solution Adam wants software-defined faucets Glowing LED faucet - where does the electricity come from? Faucet, a SDN controller News of the week Google Cloud launches Application Manager for GKE in Beta GKE Surge Upgrades GA GKE Node Locations GA Anthos Ready Storage qualification Kafka disaster recovery with Supertubes from Banzai Cloud Episode 59, with Janos Matyas StackRox’s State of Container and Kubernetes Security report Cilium 1.7 Last week’s ode to eBPF, with Leonardo Di Donato Convox launches multi-cloud Pangolin, an experimental Kubernetes autoscaler by Damian Peckett Damian’s Reddit post Bang-bang control theory Bang-bang chicken Dell/EMC rack-in-a-box Jack-in-the-box The Hooli Box Platform9 now distributed by Promark But not Primark Episode 88, with Madhura Maskasky GKE security updates & defense-in-depth strategies Best practices for enterprise multi-tenancy with GKE Andrew Allbright contributes to Minikube Kubernetes Contributor Summit schedule announced That discount code again again again: KCEUGKP15 Links from the interview NVIDIA Graphics Processing Unit (GPU) Differences between CPU and GPU The math co-processor General-purpose computing on GPUs (commonly known as GPGPU) CUDA, with a C NVIDIA CUDA Zone CUDA C++ OpenGL and Vulkan, with a K Kubernetes on NVIDIA GPUs NVIDIA on Google Cloud Platform Device plugins for Kubernetes and scheduling GPUs NVIDIA device plugin Kubernetes on NVIDIA GPU documentation NDC Hub for drivers and containers NVIDIA EGX for Edge computing with Kubernetes Pramod’s announcement blog Deep Learning Training vs Inferencing NVIDIA GPU operator Pramod Ramarao

We dive into the Linux kernel this week with guest Leonardo Di Donato, Open Source engineer at Sysdig. Leonardo works full-time on the Falco project, a runtime security engine that listens to the Linux kernel using eBPF - the extended Berkeley Packet Filter. Leonardo tells the hosts about the architecture of eBPF, how he has used it before and now, and what’s coming up for Falco. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week University Challenge: can you guess the computer? Golf Peaks (Google Play, App Store) Desert Golfing News of the week Apache Flink v1.10 Linkerd v2.7 Azure Container Registry to require TLS 1.2 CPU limits and aggressive throttling in Kubernetes - Omio Engineering by Fayiz Musthafa from Omio Kiosk Reddit thread with Lukas Gentele Docker donates the cnab-to-oci library to cnab.io How-to Guide: Debugging a Kubernetes Application Nutanix Karbon 2.0 Childcare and COVID-19 at KubeCon EU That discount code again again: KCEUGKP15 Red Hat OpenShift is now available for IBM Z and LinuxONE Why Kubernetes on VMs? by Chip Zoller Securely Access AWS Services from Google Kubernetes Engine (GKE) Carbon Relay raises $63 million Links from the interview Traditional Linux tracing tools: perf and strace BPF and eBPF BPF paper by Steven McCanne and Van Jacobson eBPF: Alexei Starovoitov added the ’e’ Express Data Path (XDP) bpftrace InfluxDB Cloud kubectl-trace The IO Visor project Sysdig Loris Degioanni, co-founder, CTO, and author of Wireshark Falco Sysdig and Falco now powered by eBPF Falco joins CNCF Sandbox and moves to incubation Upcoming KubeCon EU talks by Leonardo: Going beyond CI/CD with Prow Designing a gRPC interface for kernel tracing with eBPF Falco community: GitHub Docs Mailing list Notes about community calls Community call recordings Slack Leonardo Di Donato on Twitter

Peter Mattis is a creator of the CockroachDB open source database and co-founder and CTO of Cockroach Labs. His history in open source goes back to the creation of the GIMP image editor and UI toolkit Gtk at university in 1995, and his history at Google saw him work on storage and build systems. Hosts Craig and Adam ask him about all of the above. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Storm Ciara: Trampoline Leaves Big jets News of the week Docker Index Apache Aurora: Proposal to archive Summary from Stephan Erb New GitHub repo announcement containerd Project Journey Report Episode 71, with Derek McGowan CoreOS End-of-Life Fedora CoreOS Flatcar Linux Episode 79, with Chris Kühl Developing in Production by Will Sargent at Terse Systems Thanos Operator from BanzaiCloud Kubernetes sidecars in 1.18 Clear Linux OS now Certified Kubernetes Helm 3 in Real Life by Dawid Ziolkowski Kubernetes storage patterns by Nitish Tiwari Integrate Cloud Foundry with Kubernetes using the cf-operator and kubecf kubecf Deploying External OpenStack Cloud Provider with Kubeadm Frame.io Falco case study Supporting developers as they scale: a free Kubernetes eBook from DigitalOcean Register Now: KubeCon + CloudNativeCon EU Day Zero Events That discount code again again: KCEUGKP15 Links from the interview GIMP, the GNU Image Manipulation Program Pre-history GTK, the GIMP Toolkit Inktomi Episode 49, with Eric Brewer Colossus Bazel Square Acquires Ex-Googler Team Behind Viewfinder To Help Grow Its NYC Presence CockroachDB article Spanner and F1 papers CAP theorem Google Cloud Spanner Ticktock Networks and the HUYGENS paper Cockroach Labs Orchestration with Kubernetes Relicensing CockroachDB Business Source License Geospatial indexing CockroachDB on GitHub Peter Mattis on Twitter