Kubernetes Podcast from Google

Due to overwhelming submission numbers, 85% of talks proposed to KubeCon are rejected. Cloud Native Rejekts, a two-day community conference immediately before KubeCon, gives a second chance to some of those talks. Chris Kühl is CEO and co-founder of Kinvolk, a Berlin-based Linux company, who organise events including Cloud Native Rejekts. Hosts Adam and Craig ask him about this, and somehow the discussion includes both Pearl Jam and Mötley Crüe. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Listener meetup at KubeCon: 1.30pm at the Google Cloud Lounge Pineapple Lumps and Jaffas Adam’s TV recommendation of the week: The Expanse News of the week Skaffold is now GA Episode 6 with Matt Rickard VMware Tanzu updates from VMworld Europe Chronosphere founded with $11m investment to commercialise M3 Vitess graduates CNCF and releases v4.0 Azure Monitor Prometheus integration is now GA Quarkus 1.0rc Knative v0.10 Pachyderm Hub: ‘Kubernetes as a Service’ as a Service D2iQ Kommander Cruise releases security tool k-rail Kasten K10 v2.0 Helm security audit results Kubernetes: Grokkin’ the Docs Rancher releases container industry survey results Prometheus: CNCF project journey report Tim Hockin draws the kube-proxy iptables stack (direct link) Episode 41, with Tim Hockin Monzo builds network isolation for 1,500 services CFP for Google Cloud Next Links from the interview GNOME Planet GNOME gnome-system-monitor Kinvolk rkt CoreOS Container Linux Flatcar Container Linux Kinvolk announcement CoreOS acquired by Red Hat Kinvolk offer support for Flatcar Container Linux Omaha and Nebraska CoreRoller Cloud Native Rejekts B-side conferences Rejects.JS A- and B-side Yellow Ledbetter A look back at the first Cloud Native Rejekts in Barcelona All Systems Go conference 40 talks at this week’s Cloud Native Rejekts Get a ticket See Tim Hockin’s talk: “We’ve Made Quite a Mesh” Rock dots Chris Kühl on Twitter

KUDO is the Kubernetes Universal Declarative Operator, a toolkit for writing operators for Kubernetes. Gerred Dillon works on KUDO at D2IQ, formerly Mesosphere, and joins Craig and Adam to discuss KUDO, how Mesos frameworks relate to Kubernetes operators, and taking care of chickens. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Little Free Libraries Top moments of 50 years of the Internet by Vint Cert Television network news in NZ 50 years old History of TV in NZ News of the week Sysdig container usage report Longhorn donates to the CNCF Crossplane 0.4 Helm v3.0.0-rc.2 Episode 11 with Vic Iglesias CloudEvents reaches 1.0 Data Center Knowledge: What service meshes are, and why Istio is leading the pack Backyards 1.0 Contour 1.0 Envoy 1.12 New encryption options for Google Kubernetes Engine Azure services now run anywhere with new hybrid capabilities: Announcing Azure Arc ZDNet and TechCrunch coverage Brendan Burns’ explainer videos CNCF news: AlphaSense case study TiKV on building a distributed storage system CNCF meetup program SIG Docs survey results Better Kubernetes networking with Knative by Ahmet Alp Balkan Episode 66, with Luk Burchard and Ahmet Alp Balkan Why you don’t have to be afraid of Kubernetes by Scott McCarty Brad Childs has passed away Links from the interview D2IQ (formerly Mesosphere) Apache Mesos Mesos frameworks Marathon DC/OS DC/OS Commons KUDO Controllers Operator pattern Kubebuilder Operator SDK Omakase: Japanese for “I will leave that up to you” Tasks Getting started with KUDO Metacontroller Proposal to move under Kubebuilder Vitess operator Tekton Helm D2IQ’s Konvoy distribution of Kubernetes Operators using KUDO: Kafka Cassandra Spark OpenEBS operator Lightbend templates for Akka KUDO proposed to the CNCF CNCF SIG Application Delivery Gerred’s KUDO webinar for the CNCF Contributing to KUDO KUDO Slack Gerred’s bio Dry brining a chicken Gerred Dillon on GitHub

Katharine Berry works in the Engineering Productivity team at Google Cloud, and works in SIG Testing on the Kubernetes project. She joins Adam and Craig to discuss Prow, Pebble and ponies. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week SkyCity Convention Centre Fire A nice dinner out after a conference England knock NZ out of the Rugby World Cup Cards Against Humanity to open a restaurant The Holiday Hole News of the week GKE Release Channels are in Beta GKE usage metering is GA: use it to combat over-provisioning Episode 40 with Madhu Yennamani A new guide for PCI-DSS compliance on GKE Exploring container security: Vulnerability management in open-source Kubernetes Episode 34 with Jordan Liggitt Episode 17 with Jon Pulsifer HPE are set to deliver a Kubernetes platform for data analytics and ML How to bulid a kubectl plugin by Jonas-Taha El Sesiy Episode 66, with Luk Burchard and Ahmet Alp Balkan NVIDIA Aerial framework Red Hat partnership GPU Operator Red Hat releases OpenShift Container Storage 4.2 Kontena Lens 2.3 released New Octant.dev website and v0.8.0 Zoho Catalyst and coverage from Container Journal Links from the interview Pebble smartwatch Original $10m Kickstarter Sold to Fitbit Rebble Web Services and the Rebble Alliance What Rebble replaces How Pebble Users Are Keeping the Smartwatch Alive 3 Years After It Supposedly Died Google Engineering Productivity Kubernetes SIG Testing Prow The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience by Aaron Crickenberger and Ben Elder Prow: Keeping Kubernetes CI/CD Above Water Now in Jenkins-X Tests are moving to kind Episode 69 with Ben Elder The Kubernetes Prow instance Spyglass Flaky tests Automating away the test-infra role Episode 72 with Lachlan Evenson Testgrid Automating Slack Episode 74 with Jorge Castro Closed due to attacks Tempelis SIG Testing on Slack The pink pony Generative adversarial network AI generated ponies Katharine Berry on Twitter Katharine’s web site

Joe Duffy is the founder and CEO of Pulumi, an open-source cloud development platform. He joins Adam and Craig to explain why a general purpose programming language is a better tool for cloud infrastructure than a domain-specific language (or YAML), and how you can use Pulumi to provision cloud infrastructure and Kubernetes resources alike. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week DevOpsDays Auckland Craig’s talk In which 32 bit apps don’t work on macOS Catalina News of the week Dapr, OAM and Rudr Announcing Dapr, the Distributed Application Runtime Dapr homepage Announcing the Open Application Model Open App Model Ship without a Rudr’s like a ship without a Rudr’s like a ship without a Rudr Red Hat introduces OpenShift 4.2 Goldilocks from Fairwinds Ubuntu 19.10 Episode 60 with Mark Shuttleworth Introducing SPIRE 0.8.2 Episode 45 with Andrew Jessup Istio performance improvements noted by Pablo Moncada Isla Graboid: first cryptojacking worm for Docker found by Unit42 Analysis of two Kubernetes vulnerabiltiies by Palo Alto Networks Harbor 1.9 CNCF announces schedules for Forums in Seoul and Sydney Container Platform Networking at Cruise by Karl Isenberg and Buck Wallander Sugarkube and cattle clusters Links from the interview Pulumi Joe Duffy’s blog: Hello, Pulumi! Journey to Pulumi 1.0 WPF (Avalon) and WCF 10 Years of DevOpsDays Comparisons of Pulumi vs other platforms TypeScript Dark programming language Three business models of Open Source by Peter Levine and Jennifer Li $ for enterprises and free community edition AWS and Elasticsearch Inc. Pulumi on GitHub Joe Duffy and Pulumi on Twitter

cert-manager is a certificate management toolkit for Kubernetes, commonly used to get TLS certificates from Let’s Encrypt. Project founder James Munnelly of Jetstack joins hosts Craig and Adam to explain how how certificates are issued and managed, and how cert-manager automates it all. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Fast food-themed entertainment: Wendy’s Feast of Legends role-playing game KFC dating simulator Burger King Games M.C. Kids Taco Bell’s Tasty Temple Challenge The McDonalds board game KFC virtual escape room training Soda-themed entertainment: Cool Spot Pepsi Invaders Mad Mix: The Pepsi Challenge Stranger Things 3: The Game News of the week Rancher 2.3 released Episode 57, with Darren Shepherd Windows container support and Rancher 2.3 Amazon EKS now has Windows containers generally available Episode 70, with Patrick Lang New on DigitalOcean Kubernetes Service: cluster autoscaling Elastic Cloud on Kubernetes v1.0.0-beta1 released MuleSoft releases AnyPoint Service Mesh Container Journal interview Linkerd 2.6 A guide to distributed tracing with Linkerd Trackman, open source step-workflow tool from Cloud 66 Puppet announces public beta of Project Nebula KubeCon NA 2019 contributor summit schedule announced Kubernetes patterns for capacity planning by Mohamed Ahmed How Booz Allen Hamilton is helping modernize the Federal Government with Kubernetes Flant.com compares 11 ingress controllers for Kubernetes How Zalando manages over 140 Kubernetes clusters by Henning Jacobs Cluster API Simplifies Execution and Powers Projet Pacific at VMware Grant Shipley moves from Red Hat/IBM to VMware Kubernetes Wild West video game SUSE moves on from OpenStack and doubles down on Kubernetes SAP to make HANA database available on Kubernetes Links from the interview Jetstack The two Matts: founders Matt Bates and Matt Barker James’s Jetstack bio cert-manager Docs Co-evolved with kube-lego by Christian Simon How TLS encryption works: x509 for public key certificates Chains of trust Certificate authorities and root certificates Episode 60, with Mark Shuttleworth, founder of Thawte LetsEncrypt How it works ACME protocol HTTP-01 and DNS-01 validation cert-manager concepts: Issuers and Certificates Self-signing issuers Kubernetes and webhooks: Validating webhooks require TLS Kubebuilder supports cert-manager Chicken-and-egg problem for validating webhooks Conversion webhooks Mirror/static pods Kubernetes ingress quick-start tutorial Different solver types The ingress-shim controller Other issuer options: Vault, internal CA, CertificateRequests Lets Encrypt is blocking old cert-manager versions Edge cases where retry looping would start v0.11 release notes Upgrading to v0.11 Getting involved: cert-manager and cert-manager-dev Slack channel Bi-weekly community call cert-manager on GitHub James Munnelly on Twitter

Jorge Castro is a community manager employed by VMware to help keep the Kubernetes project running smoothly. He joins Adam and Craig to talk about the programs run by SIG Contributor Experience, the difference between supporting contributors and end users, and the recent steering committee election. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The Jordan Luck Band The Exponents Snippets from Who Loves Who The Most, Victoria and Why Does Love Do This To Me News of the week Kubernetes Steering Committee election results Envoy proxy journey report October updates to the StackRox Security Platform Protecting Kubernetes against a Billion Laughs attack by Stackrox Billion laughs attack on Wikipedia Open Source in VMware Tanzu Project Contour moves IngressRoute to HTTPProxy Sloop from Salesforce Kontena Lens: free desktop app GKE master on-prem routing AKS managed identity Envoy proxy perforamcne on Kubernetes by Ambassador Announcing Kubernetes Community Days WeaveWorks GitOps Manager and WKSctl Transmogrify Kubernetes APIs by David Young Links from the interview About Jorge Castro 11th Armored Cavalry Regiment John Wick horse scene (Ok, Bradley Fighting Vehicles, not horses) From Ubuntu to Heptio Community episodes & community managers: Episode 27 with Sarah Novotny Episode 1 with Paris Pittman Kubernetes Slack bot Contributor Experience properties: YouTube Office hours (and calendar) Meet our Contributors Kubernetes subreddit Kubernetes Users mailing list - now archived discuss.kubernetes.io Ask Ubuntu SIG Contributor Experience End user content: KEP for setting up discuss.kubernetes.io Proposal with steering for end user committee Kubernetes Failure Stories Kubernetes tag on Stack Overflow Bots fixing bugs, merging and celebrating with no humans needed Humans Need Not Apply WG Kubernetes Infrastructure Kubernetes Steering Committee 2019 Steering committee election Election process: no electioneering Condorcet method Three “chop wood/carry water” winners were elected Jorge himself was also a recipient! Self-organised community: “Kubeyland” Disneyland trip Cloud Native Rejekts Jorge and his many friends all hang out on #sig-contribex on Slack and the kubernetes-sig-contribex mailing list Jorge Castro on Twitter

Daniel Smith is co-Chair and co-TL of SIG API Machinery, as well as TL of the corresponding Google team. Daniel has been working on Kubernetes since before it was open sourced, and is one of the top overall contributors to the codebase. He joins Adam and Craig to discuss CRDs and extensibility. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Old Man’s Journey Rocketman Funeral For A Friend/Love Lies Bleeding Aladdin (2019) Aladdin (1992) News of the week Kubevirt joins the CNCF KubeCon San Diego Contributor Summit ServiceMeshCon 2019 schedule announced GKE Intranode Visibility #KUBE100; hosted k3s from Civo k8s vs k3s by Andy Jeffries Docker: Designing your first application on Kubernetes Docker raising funds IBM launches Apache CouchDB operator 90% of all PaaS and SaaS on IBM Cloud is on Kubernetes Kubecost: Requests and Limits by Webb Brown Kubeadvisor 1.0 from Magalix Kubernetes Liveness Probes are Dangerous! by Henning Jacobs Links from the interview DevStats says Daniel is number 2 or number 3 contributor to Kubernetes, in either case just behind Tim Hockin from Episode 41 Either way, someone is wrong on the Internet! Carina star constellation and having to rename it from that The Kubernetes API API Machinery First proposal for API plugins - issue 991! Third party resources (deprecated in 1.7) Operator packaging Custom Resources Moving TPRs to CRDs by Nikhita Raghunath API Aggregator Extension via webhooks 1.15 release blog talks about CRD extensibility Daniel’s KubeCon talks: Life of an API Request (slides) The hand-drawn trilogy: Kubernetes-Style APIs of the Future (slides) A Vision For API Machinery: Coming to Terms with the Platform We Built (slides) The Kubernetes Control Plane for Busy People Who Like Pictures (slides) The Nut That Ties Everything Together Daniel Smith on Twitter

Kubernetes 1.16 is out, and our guest this week is its release manager, Lachlan Evenson. Lachie is a Principal Program Manager at Microsoft and an Australian living in the US; Craig and Adam are therefore method-interviewing, being this week in those two countries respectively. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Zealand: man brings clown to redundancy meeting Cloud Summit Sydney and APIdays Melbourne News of the week Kubernetes 1.16 is released Traefik 2.0 Announcing .NET Core 3.0 gRPC on .NET Core GKE Container Native Load Balancing now GA Google makes €3 billion of data center investment CloudARK’s 5 takeaways from the Helm Summit Crossplane 0.3 Agones 1.0.0 Episode 26 with Cyril Tovena and Mark Mandel Spire TPM plugin from Bloomberg Episode 45 with Andrew Jessup Azure: EKS now GA in Government regions Egress lockdown now GA AKS Periscope open source released Monitor your Google Anthos clusters with the Sumo Logic Istio app Google Cloud Build named a Leader for Continuous Integration in the Forrester Wave Banzai Cloud updates Logging Operator and Istio Operator The problem with Cloud Native by Quentin Hardy of Google Cloud Citrix integrates its ADC portfolio with Istio ContainerShip shuts down Links from the interview Prison England Lithium Technologies Kubernetes 1.0 launch roster CrashLoopBackOff Helm Classic Deis acquired by Microsoft Deis Labs Episode 61, with Jeremy Rickard and Ralph Squillace Phippy and Captain Kube Childrens Illustrated Guide to Kubernetes 1.16 release blog What Lachie is excited about: Dual stack IPv4/IPv6 Endpoint slices What he’s looking at in Alpha: Ephemeral containers Distroless What slipped: Sidecar containers Breaking old APIs in Kubernetes 1.16 Deprecation policy 1.16 release team Emeritus Advisors KubeCon San Diego session on shadowing in releases Kubernetes 1.17: run by women Removing the Test-Infra release role Release notes from annotated PRs Community retrospective Release mascots: 1.16 Release patch 1.11 1.14 Olive Garden When you’re here, you’re family History of the breadstick Cutting people off from unlimited breadsticks 2019 Steering Committee elections are happening Lachlan Evenson on Twitter

containerd was born from community desire for a core, standalone runtime to act as a piece of plumbing that applications like Kubernetes could use. It sits between command line tools like Docker, which it was spun out from, and lower-level runtimes like runC or gVisor, which execute the container’s code. This week’s guest is Derek McGowan, a Software Engineer at Docker and a containerd maintainer-d. Along with the news of the week, Adam and Craig discuss the many Vancouvers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Vancouver, Vancouver, and George Vancouver South Bend, North Bend, and Bend Cosmpolis “50 Year Sensation: the Dave McMacken Retrospective” (album art show in Astoria, Oregon) News of the week Istio 1.3 is out Google’s Anthos now incudes Anthos Service Mesh, Cloud Run for Anthos and more Cloud Native Application Bundles hit 1.0 Episode 61 with Ralph Squillace and Jeremy Rickard Nominations for the annual CNCF Community Awards Bloomberg hits 90% utilization with Kubernetes Mistakes that “cost” thousands by Gajus Kuizinas Kubernetes Edge working group publishes whitepaper Isopod, by Cruise Pulumi 1.0 5 RBAC mistakes you must avoid (number 4 will shock you) OpenShift 4.2 disconnected install Red Hat Quay 3.1 Microsoft AKS brings Scale Sets and Standard LB to GA Upstream kernel bugs Amazom EKS adds cluster tagging and IAM roles for service accounts Deep dive into AWS Fargate by Abhisheck Ray from Amazon Kong introduces Kuma, “universal service mesh” Google introduces Cloud Dataproc for Kubernetes Apache Flink operator from Google Cloud Container runtime security bypasses on Falco by Mark “Antitree” Manning Rafay Systems lands $8m in Series A funding Links from the interview containerd Original announcement The many meanings of ‘container runtime’ kubelet and Container Runtime Interfaces runC, gVisor, Kata Containers, and the Windows Host Compute Service (HCS) ctr debug tool containerd’s graduation from the CNCF containerd shim API gVisor shim Firecracker containerd integration Kata Containers shim Windows Container shim rkt announced in 2014 with appC spec Open Container Initiative libcontainer, which became runC Web Assembly (WASM) BuildKit 1.3.0 releases are coming Contribution opportunities: Reporting issues Plugin ecosystem Derek McGowan and containerd on Twitter

Patrick Lang is the co-chair of the Kubernetes Windows SIG. He is a Senior Software Engineer at Microsoft, developing Kubernetes and related open-source projects supporting Windows Server Containers. Patrick joins Adam and Craig to tell the story of how containers came to Windows. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Getting to the Peak Tram News of the week KubeCon 2019 schedule Tim Hockin and Kal Henidak on dual stack IPv4 Building a 5G network live on stage GKE Shielded VM Nodes Mæsh Project Contour 0.15 Contour on Kind TechCrunch video: How Kubernetes Changed Everything Aaron Roydhouse reverse engineers release schedules as 1.15 hits Preview on Azure and Rapid Channel on GKE GKE Scalability best practices The Kubernetes scalability hypercube Cloud Foundry Networking Team Update Building a Continuous Delivery Pipeline for Symphony by Ivan Babenko The Cult of Kubernetes and Hacker News discussion Links from the interview Windows Server containers Windows Server Core and Nano Server Sessions on Windows Docker and Windows partnership announced in 2014 Active Directory Group Managed Service Accounts (GMSA) GMSAs for Windows containers Windows network namespaces Host Networking Service and Virtual Filtering Platform GMSA integration with Kubernetes GPU acceleration in Windows Containers Batch files! Patching: Patch Tuesday Windows base OS images on Docker Hub Windows container version compatibility Hyper-V isolation Docker for Windows Get started with Windows containers Windows Server Containers in preview on AKS, EKS or GKE SIG Windows and their Slack channel Patrick Lang on GitHub