Kubernetes Podcast from Google

Richard Belleville works at Google on gRPC, a high-performance, universal RPC framework. Richard used gRPC before joining Google to work on it; he talks to the hosts about its history and derivation from Google’s internal Stubby, how it works, and how it differs from other RPC and messaging systems. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Castlevania series 3 on Netflix Discussed in Episode 27 Bad video game adaptations Pac-Man (TV series) Super Mario Bros (film) Doom (film) Hitchhiker’s Guide to the Galaxy - 42nd anniversary Upcoming Hulu TV series News of the week Istio 1.5: Release announcement 2020 roadmap Extensibility through WebAssembly in Envoy and the Proxy-Wasm ABI Solo.io’s WebAssemblyHub Google Cloud’s new strategy for the telecommunications industry Managed Kubernetes pricing comparison HPE Container Platform is Generally Available Contour 1.2 and Velero 1.3 Case studies: HelloFresh running Istio in production Kudos on moving to Kubernetes A survey of Istio’s network security features by Jack Leadford at NCC Group TIKV security audit Adrian Colyer looks at the Firecracker paper EKS adds AWS Encryption Provider 2019 CNCF Survey results Sidecar containers not in 1.19 after all KubeCon EU not on in Mar/Apr after all Links from the interview gRPC What is gRPC? gRPC Basics meetup video: a recent presentation by Richard at the Orchestructure meetup RPC vs messaging What does the G stand for? NASA Robotic Mining Challenge Protocol Buffers Stubby became gRPC Abseil: an open source collection of C++ libraries drawn from the most fundamental pieces of Google’s internal codebase Chubby lock services (the inspiration for etcd) Bidirectional streaming Head-of-line blocking Polling engines Swagger/OpenAPI gRPC + JSON by Carl Mastrangelo HTTP/2 Supported languages gRPC Core gRPC-web HTTP/2 trailers Users Graduating the CNCF Richard Belleville on Twitter

Kubeflow, the Machine Learning toolkit for Kubernetes, has hit 1.0. Google software engineer Jeremy Lewi is a core contributor to Kubeflow and was a founder of the project. He joins the show to discuss what Kubeflow does, and what it means to have hit 1.0. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Over the Road Over The Top and its amazing poster 13 Minutes to the Moon With soundtrack by Hans Zimmer We love our theme music, but its composer has fewer Academy Awards. News of the week KubeCon Novel Coronavirus update Schedules announced for day 0 events Kubeflow 1.0 is out Google Cloud blog Kubernetes 1.18-beta.1 1.18 features list Poor unloved Sidecar Containers Screwdriver joins CD Foundation Episode 44, with Tracy Miranda Introducing Arkade by Alistair Hey Install Kubernetes to your Raspberry Pi in 15 minutes by Alex Ellis Weathervane 2.0 from VMware AKS: Spot node pools and container scanning Vulnerable Containers API by Jerry Gamblin Advanced Persistence Threats: The Future of Kubernetes Attacks by Ian Coldwater and Brad Geesaman Episode 65, with Ian Coldwater Everyone might be Cluster Admin in your Kubernetes cluster by Jeff Geerling Mirantis acquires Kontena Episode 31, with Jari Kolehmainen CSI driver for Google Cloud Storage by Ofek Lev Bring your ideas to the world with kubectl plugins by Cornelius Weig Optimizing I/O intensive containers by Jay Huang Links from the interview Kubeflow Episode 2, with David Aronchick About Use cases Jupyter and its use in Kubeflow kfserving 1.0 release Enabling GPUs and TPUs Community Member organisations MNIST tutorial Kubeflow on GitHub and on Twitter Jeremy Lewi on Twitter

GPUs do more than move shapes on a gamer’s screen - they increasingly move self-driving cars and 5G packets, running on Kubernetes. Pramod Ramarao is a Product Manager at NVIDIA, and joins your hosts to talk about accelerators, containers, drivers, machine learning and more. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Printer networking HP JetDirect USB Type B The mess that is USB Type-C The solution Adam wants software-defined faucets Glowing LED faucet - where does the electricity come from? Faucet, a SDN controller News of the week Google Cloud launches Application Manager for GKE in Beta GKE Surge Upgrades GA GKE Node Locations GA Anthos Ready Storage qualification Kafka disaster recovery with Supertubes from Banzai Cloud Episode 59, with Janos Matyas StackRox’s State of Container and Kubernetes Security report Cilium 1.7 Last week’s ode to eBPF, with Leonardo Di Donato Convox launches multi-cloud Pangolin, an experimental Kubernetes autoscaler by Damian Peckett Damian’s Reddit post Bang-bang control theory Bang-bang chicken Dell/EMC rack-in-a-box Jack-in-the-box The Hooli Box Platform9 now distributed by Promark But not Primark Episode 88, with Madhura Maskasky GKE security updates & defense-in-depth strategies Best practices for enterprise multi-tenancy with GKE Andrew Allbright contributes to Minikube Kubernetes Contributor Summit schedule announced That discount code again again again: KCEUGKP15 Links from the interview NVIDIA Graphics Processing Unit (GPU) Differences between CPU and GPU The math co-processor General-purpose computing on GPUs (commonly known as GPGPU) CUDA, with a C NVIDIA CUDA Zone CUDA C++ OpenGL and Vulkan, with a K Kubernetes on NVIDIA GPUs NVIDIA on Google Cloud Platform Device plugins for Kubernetes and scheduling GPUs NVIDIA device plugin Kubernetes on NVIDIA GPU documentation NDC Hub for drivers and containers NVIDIA EGX for Edge computing with Kubernetes Pramod’s announcement blog Deep Learning Training vs Inferencing NVIDIA GPU operator Pramod Ramarao

We dive into the Linux kernel this week with guest Leonardo Di Donato, Open Source engineer at Sysdig. Leonardo works full-time on the Falco project, a runtime security engine that listens to the Linux kernel using eBPF - the extended Berkeley Packet Filter. Leonardo tells the hosts about the architecture of eBPF, how he has used it before and now, and what’s coming up for Falco. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week University Challenge: can you guess the computer? Golf Peaks (Google Play, App Store) Desert Golfing News of the week Apache Flink v1.10 Linkerd v2.7 Azure Container Registry to require TLS 1.2 CPU limits and aggressive throttling in Kubernetes - Omio Engineering by Fayiz Musthafa from Omio Kiosk Reddit thread with Lukas Gentele Docker donates the cnab-to-oci library to cnab.io How-to Guide: Debugging a Kubernetes Application Nutanix Karbon 2.0 Childcare and COVID-19 at KubeCon EU That discount code again again: KCEUGKP15 Red Hat OpenShift is now available for IBM Z and LinuxONE Why Kubernetes on VMs? by Chip Zoller Securely Access AWS Services from Google Kubernetes Engine (GKE) Carbon Relay raises $63 million Links from the interview Traditional Linux tracing tools: perf and strace BPF and eBPF BPF paper by Steven McCanne and Van Jacobson eBPF: Alexei Starovoitov added the ’e’ Express Data Path (XDP) bpftrace InfluxDB Cloud kubectl-trace The IO Visor project Sysdig Loris Degioanni, co-founder, CTO, and author of Wireshark Falco Sysdig and Falco now powered by eBPF Falco joins CNCF Sandbox and moves to incubation Upcoming KubeCon EU talks by Leonardo: Going beyond CI/CD with Prow Designing a gRPC interface for kernel tracing with eBPF Falco community: GitHub Docs Mailing list Notes about community calls Community call recordings Slack Leonardo Di Donato on Twitter

Peter Mattis is a creator of the CockroachDB open source database and co-founder and CTO of Cockroach Labs. His history in open source goes back to the creation of the GIMP image editor and UI toolkit Gtk at university in 1995, and his history at Google saw him work on storage and build systems. Hosts Craig and Adam ask him about all of the above. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Storm Ciara: Trampoline Leaves Big jets News of the week Docker Index Apache Aurora: Proposal to archive Summary from Stephan Erb New GitHub repo announcement containerd Project Journey Report Episode 71, with Derek McGowan CoreOS End-of-Life Fedora CoreOS Flatcar Linux Episode 79, with Chris Kühl Developing in Production by Will Sargent at Terse Systems Thanos Operator from BanzaiCloud Kubernetes sidecars in 1.18 Clear Linux OS now Certified Kubernetes Helm 3 in Real Life by Dawid Ziolkowski Kubernetes storage patterns by Nitish Tiwari Integrate Cloud Foundry with Kubernetes using the cf-operator and kubecf kubecf Deploying External OpenStack Cloud Provider with Kubeadm Frame.io Falco case study Supporting developers as they scale: a free Kubernetes eBook from DigitalOcean Register Now: KubeCon + CloudNativeCon EU Day Zero Events That discount code again again: KCEUGKP15 Links from the interview GIMP, the GNU Image Manipulation Program Pre-history GTK, the GIMP Toolkit Inktomi Episode 49, with Eric Brewer Colossus Bazel Square Acquires Ex-Googler Team Behind Viewfinder To Help Grow Its NYC Presence CockroachDB article Spanner and F1 papers CAP theorem Google Cloud Spanner Ticktock Networks and the HUYGENS paper Cockroach Labs Orchestration with Kubernetes Relicensing CockroachDB Business Source License Geospatial indexing CockroachDB on GitHub Peter Mattis on Twitter

GitLab is a single application DevOps platform, including source code management and CI/CD tools for targets including Kubernetes. The application itself runs on Kubernetes, including in its largest installation, the SaaS version at gitlab.com. Marin Jankovski is an Engineering Manager at GitLab, where he was Employee #1. He joins Craig and Adam to talk about migrating to Kubernetes, remaining a monolith, and the company value of radical transparency. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Little Free Libraries Original discussion Simon Weckert’s Google Maps hack The canonical hand-cart Google responds News of the week CNCF TOC election results HPE acquires Scytale Episode 45, with Andrew Jessup CNCF announces KubeCon EU schedule The actual schedule That discount code again: KCEUGKP15 Run Windows Server Containers on GKE Episode 70, with Patrick Lang New Google Cloud certifications address the cloud skills gap Cisco Hyper-Accelerates Applications in a Hybrid Multicloud Hyper-World Updates to Google’s partnership with Cisco AKS 2020-01-27 release AWS Container Security Survey by Michael Hausenblas Infra.app A bit of Istio before tea-time by Alex Ellis Loan a cloud IP to your minikube cluster Building containers without Docker Building a Linux Desktop for Cloud Native Development The Long Dark Tea-Time of the Soul etcd blog on being tested by Jepsen Jepsen blog on testing etcd How Fluentd collects Kubernetes metadata by Brady Zuo Troubleshooting Kubernetes OOM by Carlos Arilla DNS Lookups in Kubernetes by Karan Sharma Community collaboration on Notary v2 by Justin Cormack CNCF Speaker’s Bureau: a great resource MayaData raises $26m Episode 56, with Evan Powell Links from the interview Marin Jankovski’s README GitLab Product features All remote company Radical transparency Postmortem of 2017 database outage Advantages of a single application Community and Enterprise Editions GitLab Open Source GitLab’s unconventional journey to CI/CD and Kubernetes Deployment to Kubernetes added in 2016 GitLab’s journey to GCP GitLab Serverless Tanuki logo The old logo was.. “threatening” Crossplane integration with GitLab Marin on GitLab

Madhura Maskasky is co-founder and VP of Product at Platform9, a company who manage both OpenStack and Kubernetes. She talks to Adam and Craig about the transition from VMs to containers, why OpenStack is still relevant, and what they have to do to be able to offer a 99.9% SLA on cloud-native applications. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Bad news from both Australia Day and Chinese New Year Schitt’s Creek News of the week VMware: Introducing Project Nautilus VMware Fusion on GitHub Google Cloud Config Connector Octarine open-sources the Kubernetes Common Configuration Scoring System (KCCSS) and kube-scan KubeNav, by Rico Berger Permission Manager by SIGHUP KubeInvaders: gamified chaos engineering Whack-a-Pod Kubernetes DOOM CSI inline ephemeral volumes Reviewing 2019 in Kubernetes docs Episode 5, with Zach Corleissen and Jared Bhatti CSI driver support for Dell/EMC Isilon CNCF annual report Sign up for KubeCon EU and get 15% off with discount code KCEUGKP15 TriggerMesh receives $3m seed funding Episode 28, with Sebastien Goasguen AWS lowers EKS price Links from the interview Platform9 Managed Kubernetes Managed OpenStack kubevirt Webinar recording: KubeVirt – Beyond Containers: Coming full circle back to VMs! OpenStack Ironic Cluster API Thick Edge and thin Edge Managed Apps with 99.9% SLA Kubernetes in Production: Operating etcd with etcdadm etcdadm etcd Operator 6 Enterprise Kubernetes Takeaways from KubeCon 2019, San Diego, and 5 from Barcelona before it Platform 9 and 3/4 Platform9 on Twitter Madhura Maskasky on Twitter

Self-driving cars need self-driving backend infrastructure. Karl Isenberg is the tech lead & manager of the platform team at Cruise, a self-driving car company backed by GM and Honda. He joins hosts Craig and Adam to discuss two years of running multitenant Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers Interpretive meme version Support for Windows 7 has ended: don’t use it for internet banking Stefanie Stuber’s uncommon The Voice performance News of the week Kubernetes bug bounty announcement, funded by the CNCF GKE CIS Benchmarks deliver security best practices Octopus: how Kyma does integration testing in Kubernetes Elastic Cloud on Kubernetes (ECK) now GA Red Hat OpenShift v4.3 now almost GA Fedora CoreOS now GA Istio as an Example of When Not to Do Microservices by Christian Posta Backyards 1.1 from Banzai Cloud k3c from Darren Shepherd at Rancher Labs Episode 57, with Darren Shepherd Continuous GitOps by Arun Ramakani Werf 1.0 by Flant New Anthos training from Google Cloud Dauntless case study KubeDR by Catalogic Kubernetes on MIPS by Inspur Links from the interview Cruise We Need To Move Beyond The Car, by CEO Dan Ammann Lombard St Karl’s KubeCon talk Slides Video Managing Kubernetes RBAC Groups by Stephen Day RBACSync on GitHub Open-Sourcing Isopod: An Expressive DSL Framework for Kubernetes Configuration by Charles Xu and Dmitry Ilyevskiy Isopod on GitHub Building a container platform at Cruise: Part 1: Overview by Karl Part 2: Security by Karl and Mike Ruth Part 3: Networking by Karl and Buck Wallander Cruise’s blog Karl Isenberg on Twitter

What do you do next when you have over 150 patents to your name? Write a book, of course! Lin Sun is a Senior Technical Staff Member and Master Inventor at IBM, where she has spent the past 14 years doing software engineering in areas including cloud and open technologies. She has worked on the Istio service mesh since 2017, and is on the Istio steering and technical oversight committees. Lin joins Adam and Craig to discuss invention, making Istio easier to use, and how being a mother has impacted both. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Snow in Seattle News of the week Tanka, from Grafana Hacker News commentary Jsonnet ksonnet archived Configula, from Brendan Burns Caligula, from Rome Falco moves to the CNCF incubator Falco’s biggest hit, Rock Me Amadeus CKAD is now valid for 3 years Contour 1.1.0 Getting serious about open-source security by Dan Lorenc Episode 39, with Dan Lorenc Designing and Building HA Kubernetes on Bare-Metal AKS Latency and performance/availability issues due to IO saturation and throttling under load Kubernetes Networking Demystified by Karen Bruner at StackRox How to Give Developers Access to Kubernetes During Development by Daniel Thiry How to deal with computing resource cost for Kubernetes-based development Key metrics for monitoring Istio from Datadog Deploying multiple Istio Ingress Gateways by Peter Jausovec Big Prometheus by Clay Smith from Monitoring Monitoring Breaking Changes in Helm 3 (and How to Fix Them) by Jack Morris Security advantages of pull-based CD pipelines by Alex Kaskasoli Zero touch authentication on Kubernetes by Peter Wilcsinszky at BanzaiCloud Vault replication across multiple datacenters on Kubernetes by Nandor Kracser OpenStack’s Complicated Kubernetes Relationship by Mike Vizard of ContainerJournal Kubernetes 1.15 security changes in GKE KubeCon + CloudNativeCon NA 2019 Transparency Report Zendesk case study Links from the interview IBM Master Inventor Lin’s patents Her favorites: Analyzing email content to determine potential intended recipients Ensuring a desired distribution of content in a multimedia document for different demographic groups utilizing demographic information Istio announcement blog and GlueCon talk from 2017 Lin at the IBM Cloud CTO Office IBM Research IBM Cloud, formerly known as Bluemix Bluemix Service Proxy Amalgam8 Envoy Istio 1.1, the “9 months” release The Sidecar resource, which lets you scope which services are known by a given sidecar to reduce resource usage Release cadence Istio 1.4 Mutual TLS New 1.4 features: Auto-mutual TLS client-go library istioctl analyze Requirement to declare containerPort removed in 1.3, automatic protocol selection added User Experience working group istioctl add-to-mesh istioctl describe-pod istioctl install Steering committee Technical oversight committee istiod Istio as an Example of When Not to Do Microservices by Christian Posta Minion cluster mode Istio Explained, by Lin and Dan Berg kui and iter8 Lin Sun on Twitter

Five years ago, Clayton Coleman took a bet on a new open source project that Google was about to announce. He became the first external contributor to Kubernetes, and the architect of Red Hat’s reinvention of OpenShift from PaaS to “enterprise Kubernetes”. Hosts Adam Glick and Craig Box return for 2020 with the story of OpenShift, and their picks for Game of the Holidays. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Arrods Minesweeper Kaboom Simon Tatham’s Mines Snake NIBBLES.BAS AI playing Snake News of the week Google describe its BeyondProd cloud native security paradigm: BeyondProd: How Google moved from perimeter-based to cloud-native security BeyondProd whitepaper Protecting programmatic access to user data with Binary Authorization for Borg Binary Authorization for Borg whitepaper Episode 8 with Maya Kaczorowski VMware completes acquisition of Pivotal Coverage at SiliconAngle and ContainerJournal Chaos Mesh from PingCap Episode 82 with Ana Medina Global access for internal load balancers now available on GKE Calico 3.11 CrunchyData Postgres Operator 4.2 kubectl tree Episode 66 with Ahmet Alp Balkan and Luk Burchard kubelive Consistent OIDC authentication across multiple EKS clusters Operating your BBQ meat smoker or your Christmas tree with Kubernetes Vendors make a splash in 2019 service mesh implementation rush 2019 Kubernetes certificate outage by Victor Adossi The poor state of Kubernetes horizontal pod autoscaling according to Wander Hillen Predictions and looks-back: opensource.com: 5 predictions for Kubernetes in 2020 SDXCentral: Kubernetes Opportunities, Challenges Escalated in 2019 DataCenterKnowledge: A Hyperconvergence Progress Report: Has Kubernetes Stolen the Show? IDG Connect: Kubernetes: the tech to take centre stage in 2020 SiliconAngle: Predictions 2020: Cloud, Kubernetes and cybersecurity will rule Forbes contributor: What Do Customers Want From The Kubernetes Ecosystem In 2020 The Enterprisers’ Project: 5 Kubernetes trends to watch in 2020 TechRepublic: Cloud computing in 2020: Predictions about security, AI, Kubernetes, more Christopher Tozzi: 4 ways Kubernetes could be improved Farewell from Kontena Links from the interview Red Hat OpenShift Why Red Hat chose Kubenretes for OpenShift by Joe Fernandes Early history of OpenShift Comparing OpenShift v2 and v3 Health checks OpenShift differences from Kubernetes: DeploymentConfig Builds Docker registry Routes Don’t turn off SELinux! CoreOS Clayton in his CoreOS t-shirt Tectonic The Operator model CoreOS acquired by Red Hat What’s new in OpenShift v4 Operator Framework and operator-lifecycle-manager Red Hat acquired by IBM Linux at IBM in the 90s The blonde kid PowerLinux PodDisruptionBudget Clayton Coleman on Twitter