Kubernetes Podcast from Google

kind stands for Kubernetes in Docker. Originally built for continuous integration (CI) and testing of Kubernetes itself, kind has found many uses, including acting as a cluster for bootstrapping other clusters. Original author Ben Elder from Google Cloud joins Craig and Adam to talk about it. Want to see Adam’s puzzles? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam’s new Seattle office building Example Quick Cryptic from The Times Example USA Today crossword New York Times crossword puzzle case study The NYT mini crossword Craig’s record is 13 seconds! Times for the Times solver blog A puzzle in a tweet The answer Code Golf News of the week Introducing Kubernetes Academy Brought To You By VMware Kubernetes Academy Brought To You By VMware Knative serverless Kubernetes bypasses FaaS to revive PaaS Helm 3 Beta To Helm or not to Helm? by Stepan Stipl Announcing etcd 3.4 by Gyuho Lee and Jingyi Hu Blocking old Cert Manager versions from Lets Encrypt Linux Namespaces by Ifeanyi Ubah How kubectl exec works by Erkan Erol Announcing the CNCF Kubernetes Project Journey Report The report Adopting Istio for a multi-tenant kubernetes cluster in Production by Vishal Banthia StackRox 2.5 Platform9 raises $25m in Series D The first managed Kubernetes service on VMware? Dell previews data protection software for Kubernetes DNS spoofing in Kubernetes clusters by Daniel Sagi Dynamic Kubernetes informers by Robert Ross What’s next for Vault and Kubernetes? Consul 1.6 is now GA Kubernetes security audit: What GKE and Anthos users need to know Managed AD now in Beta on Google Cloud Introducing Red Hat OpenShift 4.2 in Developer Preview; releasing nightly builds Developer Preview now available on GCP Operational Insights for Containers and Containerized Applications Deploying GitOps with Weave Flux and Amazon EKS Links from the interview Ben’s GSoC proposal and first Kubernetes project: use iptables for proxying instead of userspace kind webpage Documentation kind on GitHub Privileged containers kubernetes CI Cluster API IPv6 on kind End to end testing Running Kubernetes in a CI pipeline by Loodse Cluster API logo - it’s turtles all the way down kubeadm cluster-api-provider-docker Other tools: kinder kindest Shoutouts to: Antonio Ojea from SUSE James Munnelly from JetStack SIG Cluster Lifecycle Ben Elder on Twitter

Container Camp is a series of independent conferences, spanning three continents and in their fifth year. “Camp mother” Angie Maguire is the co-organiser, and is also the founder of Ladies of Code. She joins Adam, who is yet to attend a Camp, but actually goes camping, and Craig, who has spoken at Camps in London and Sydney, and prefers hotels. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week The mound is moving The traffic isn’t News of the week VMware buys: Pivotal Carbon Black Intrinsic Greenland VMworld news: Introducing Project Pacific Project Pacific technical overview Reintroducing Project Bonneville? Joe Beda’s take Tanzu, VMware’s approach to modern applications Tanzu Mission Control Splunk acquires SignalFX 2019 Accelerate State of DevOps report Red Hat OpenShift Service Mesh is GA Maistra, the upstream of the operators Cilium 1.6 is out E2E Kubernetes testing with GitHub Actions Why does developing on Kubernetes suck? Hacker News says it doesn’t CNCF Google Summer of Code projects Links from the interview Container Camp Ladies of Code Women Who Code Black Girls Code Container Camp videos on YouTube Craig’s talk from London in 2016 Kaggle talk from San Francisco in 2016 IPFS Camp Digital nomads Angie’s Netflix recommendations: Blown Away Mindhunter When They See Us Ava DuVernay Container Camp and Angie Maguire on Twitter

Kubernetes and Docker might not seem the obvious choice for managing virtual macOS instances on hosted Apple hardware. Learn how they were used to build Orka - Orchestration for Kubernetes on Apple - a virtualisation layer for Mac build infrastructure offered by hosting company MacStadium. Craig and Adam ask MacStadium SVP of Software Chris Chapman about Orka, and how Kubernetes is useful in places you might not expect. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Letterboxing Geocaching Orienteering News of the week HTTP/2 security bulletin from Netflix New releases for: Kubernetes Istio Envoy gRPC NGINX And others CNCF archives the rkt project GitHub Actions is now a CI/CD service Announcing preview of GitHub Actions for Azure Kubernetes web UIs in 2019 and Kubernetes Web View by Henning Jacobs Episode 38: Kubernetes Failure Stories, with Henning Jacobs k3sup by Alex Ellis Episode 57: Rancher Labs, with Darren Shepherd Evolving Istio’s APIs, by Sandeep Parikh and Louis Ryan Episode 58: Istio 1.2, with Louis Ryan Istio 1.3 release branch cut Intel GPU Plugin for Kubernetes by Brian Carey Kubernetes Gated Deployments at GoDaddy CNCF now has 100 end user members VMware, Pivotal and Dell: VMware in talks to acquire Pivotal Pivotal CTO: Kubernetes means we’re all distributed systems programmers now Kubernetes is set to take over VMworld 2019 AT&T brings Dell into the Airship program Helm Summit EU 2019 Links from the interview MacStadium Orka Conference presentation videos from Chris: macOS in a Docker container for development - MacADUK 2019 Announcing Orka - AltConf 2019 Mac OS X Lion supports running additional OS X instances (up to two) 10.7 EULA (PDF) Device test labs Docker for Mac Virtual Command, Chris’s prior company acquired by MacStadium The orca kubevirt Mac hardware: Mac Pro (2013) - the “trashcan” The MacStadium sled Mac Pro 2019 - the return of the “cheesegrater” T2 security chip MacStadium in WWDC 2018 keynote Inside the MacStadium data center JenkinsWorld 2019 Orka plugin for Jenkins Docker for Mac in macOS on Docker Yo dawg, I hear you like Docker Spinning top Turducken MacStadium on Twitter

No matter how you say it, you probably use kubectl all the time. Did you know you can extend it with plugins? Did you know you can find and install those plugins using krew, a plugin manager for kubectl? krew was built by Luk Burchard, a student at TUBerlin, as an intern project. He was supervised by Ahmet Alp Balkan at Google Cloud, and they both join Craig and Adam to discuss it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Pluots Fox evidence News of the week “Open sourcing” the Kubernetes security audit CyberArk’s penetration testing methodology Docker reverse shells and making it rain shells in Kubernetes by Rory McCune Google Cloud Security Scanner: web application vulnerability scanner for GKE Knative 0.8 release notes Building a Kubernetes platform at Pinterest Octant by VMware Call to participate in the CNCF Survey Direct link Reannouncing the Kubernetes Forum Links from the interview kubectl overview Extend kubectl with plugins Sample CLI plugin Write your own kubectl subcommands and The case for a kubectl plugin manager by Ahmet Alp Balkan kustomize becoming a kubectl sub-command kubectl access-matrix (a.k.a. rakkess, as a stand-alone binary) krew krew plugin index Ahmet’s recruitment tweet Luk’s first day at Google Ahmet Alp Balkan: Web Twitter Luk Burchard: Web Twitter

Ian Coldwater specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. A pre-eminent voice in the Kubernetes security community, they are currently a Lead Platform Security Engineer at Heroku. Ian joins Adam and Craig to talk about the offensive and defensive arts. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Black Hat USA DEFCON Scavenger hunts An example of Spot the Fed An example of the Mystery Challenge News of the week Mesosphere becomes D2iQ Google Cloud launches Migrate for Anthos in Beta Google Cloud Game Servers coming soon Episode 26: Agones, with Mark Mandel and Cyril Tovena Announcing Kubernetes Summits in Seoul and Sydney Security updates of the week CVE-2019-11247: API server allows access to custom resources via wrong scope CVE-2019-11249: kubectl cp (round 3!) IBM and Red Hat: OpenShift on IBM Cloud OpenShift coming to Z Series and LinuxONE Cloud Paks and services Cisco Container Platform now supports Microsoft AKS Helm deployments at the Kubedex How Kubernetes can be used for genetic analysis by Mu Huan and Eric Li Alibaba Cloud Announcing CloudBees Jenkins X Distribution Episode 44, Continuous Delivery Foundation, with Tracy Miranda TiDB Operator now Generally Available Links from the interview Red teams and penetration testing Fuzzing Attacking Helm’s Tiller Black-box and white-box testing DevSecOps: guard rails, not gates OWASP - the Open Web Application Security Project The math behind calculating security risk CVSS score etcd: encrypt it at rest! Admission control Technologies for isolation: AppArmor Seccomp gVisor Firecracker (not yet supported with Kubernetes) “Kubernetes is powerful, and it’s insecure by design” Ian and Duffie Cooley’s BlackHat talk Cloud doesn’t make it better! Threat modelling hostpath - “a powerful escape hatch” Trail of Bits blog: understanding Docker container escapes Recommended watching: Ship of Fools by Ian Coldwater (slides) Hacking and Hardening Kubernetes by Example by Brad Geesaman (slides) A Hackers Guide to Kubernetes and the Cloud by Rory McCune (and his upcoming Black Hat training) DIY Pen Testing for your Kubernetes Cluster by Liz Rice (our guest on episode 19) Ian Coldwater on Twitter

Cloud Code provides everything you need to write, debug, and deploy Kubernetes applications, including extensions to IDEs such as Visual Studio Code and IntelliJ. Joining Craig and Adam are Sarah D’Angelo, a UX Researcher, and Patrick Flynn, an engineering lead, both on the Cloud Code team at Google. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week All-meat diet (do not try this at home) Warmest UK day on record News of the week Happy first birthday Knative! Episode 14, with Oren Teich Episode 47, with Kim Lewandowski Episode 44, with Tracy Miranda Grafana Labs: How a production outage was caused using Kubernetes pod priorities Episode 38 with Henning Jacobs Banzai Cloud: Kafka on Istio performance Docker Enteprise 3.0 is GA, and their new Technology Partner program Tim Hockin on reconcilation Episode 41, with Tim Hockin Fairwinds Polaris Container platform security with Cruise YuniKorn KubeCon China transparency report Kazuhm Kubernetes as a Service Morpheus v4 Links from the interview Cloud Code IntelliJ VS Code Skaffold Episode 6, with Matt Rickard Jib GitHub issues: IntelliJ VS Code Sign up for a Cloud Code research study

Owen Rogers is a Research Vice President at 451 Research, co-leading the cloud team. He gained a PhD in the economics of cloud computing in 2013. Owen joins Craig and Adam to discuss the economics of cloud computing generally, and Kubernetes specifically. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Apollo Guidance Computer Restoration Summary from Wall Street Journal CyberSquirrel1 global threat map Jellyfish attach power station News of the week IBM launches Kabanero Pivotal launches PAS for Kubernetes Weave Flux joins the CNCF Windows Container Unconference on Friday July 26th: Sign up Leave questions if you can’t attend Spinnaker for GCP launched Linkerd 2.4 Architecting with GKE course, free for podcast listeners! Deep dive into Virtual Kubelet by Brian Goff SIG Usability forming Google group GitHub Slack Cloud Provider SIGs moving to sub-projects Azure Monitor for containers adds Prometheus support Kubernetes API deprecations in 1.16 Links from the interview Owen Rogers 451 Research Cloud Price Index StackOverflow’s old scale-up strategy (2009) Large Scale Complex IT Systems Owen Rogers on Twitter

Back in 2012, CERN announced one of its most important achievements; the discovery of the Higgs boson. This work led to the 2013 Nobel Prize in Physics. Ricardo Rocha, Lukas Heinrich and Clemens Lang of CERN redid the data analysis on top of Kubernetes this year, which Ricardo and Lukas demonstrated at a keynote at KubeCon EU. All three join Adam and Craig for a short physics lesson and a view into computing at the largest scale, for particles at the smallest. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 50th anniversary of the launch of Apollo 11 by NASA’s Astronomy Picture of the Day, and as reported by CBS News in real time LEGO Saturn V - mid-completion 47th annual Seafair Milk Carton Derby Adam’s pictures, including the Saturn V rocket News of the week IBM announced it has closed its acquisition of Red Hat Hashicorp Consul 1.6 Benchmarking best practices for Istio by Megan O’Keefe, Mandar Jog and John Howard IPv6 enhancement proposal for Kubernetes Now passing tests! Architecting with Google Kubernetes Engine specialization Weave Ignite Cloud Native CI/CD with OpenShift Pipelines k3v Avoid time-of-measurement bias with Prometheus Prometheus client tracer for Ruby Links from the interview CERN LHC Computing Grid ATLAS experiment CMS experiment Standard model of particle physics Cosmos: A Spacetime Odyssey, with Neil deGrasse Tyson Dark Matter is a misnomer Baryonic matter Dark matter History of computing at CERN Where the web was born Large Hadron Collider Higgs boson Discovery of the Higgs boson Servicing the first web server - Tim Berners-Lee’s NeXT cube CERN Program Library (FORTRAN) KubeCon EU keynote: Reperforming a Nobel Prize Discovery on Kubernetes Slides YouTube video CERN openlab partnership ROOT Data Analysis Framework Particle physics is embarassingly parallel Kubeflow Spark Operator on Kubernetes Open Data Initiative Find a Higgs boson in LHC public data Clemens’ shirt Our guests on Twitter: Ricardo Rocha Lukas Heinrich Clemens Lange

The Cloud Native Application Bundle is a spec for packaging distributed apps, developed by Microsoft with support from Docker and Pivotal. Jeremy Rickard, a senior software engineer at Microsoft Azure, and Ralph Squillace, principal PM for open source/developer user experience at Microsoft Azure, join Craig and Adam to discuss it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Bloons TD 6 - made in New Zealand! Full Throttle Remastered News of the week Kiali 1.0 (and 1.1!) released Dockerfile best practices by Tibor Vaas Managed CockroachDB on Kubernetes by Josh Imhoff To run or not to run a database on Kubernetes: what to consider, by Benjamin Good Backyards: Istio multi-cluster, the easy way by Banzai Cloud Episode 59 with Janos Matyas KubeCon EU Transparency Report Links from the interview Cloud Native Application Bundles The spec Bundle descriptor The invocation image Chris Crone’s “intro to CNAB” talk MSI, aka Windows Installer Duffle (and on GitHub) Example VM driver Libraries cnab-go pycnab by Gareth Rushgrove libcnab-rust Porter (and on GitHub) Docker apps and Application in Docker Enteprise Helm and Helm 3 Deis Labs Unexpected uses: Adding extra verbs by Darren Pulsipher CNAB bundle for WSL distros by Nuno do Carmo Twitter: CNAB Jeremy Rickard Ralph Squillace

Mark Shuttleworth is the founder of Ubuntu and CEO of its parent company Canonical. Ubuntu is the Linux distribution of the Cloud. You can use it inside your containers, or you can use it as your node OS. Canonical packages Kubernetes for both the edge (MicroK8s) and the server (Charmed Kubernetes). Oh, and aside from that, Mark was the first African in space, spending 8 days on the International Space Station in 2002. Craig and Adam ask Mark about how this all happened, and how it has changed his perspective on technology. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Wicked, the musical +LIVE+, the band Craig’s video clips: All Over You, Run To The Water, Lightning Crashes News of the week KubeCon + CloudNativeCon China 2019 Linus Torvalds sees hardware headaches ahead DiDi wins Top End User award CKA and courses now in Chinese Introducing Workload Identity for GKE Keyless Entry: Securely Access GCP Services From Kubernetes (Cloud Next ‘19) Knative 0.7.0 Introducing Deep Learning Containers: Consistent and portable environments Launching Talos Systems Kubernetes Managed Apps from Platform9 Istio CVE in JWT handling AKS now supports Standard Load Balancing Links from the interview Mark Shuttleworth Blog Wikipedia The Shuttleworth Foundation Thawte Soyuz TM-34 mission to the International Space Station Ubuntu Wikipedia no-name-yet.com: Mark announces his intention to launch a Linux distribution at EuroPython 2004 Getting Ubuntu down to 30mb Snaps MicroK8s Charmed Kubernetes for larger-scale deployments OpenEBS, and Episode 56 with Evan Powell Anthos Sunrise and sunset from the ISS Mark Shuttleworth on Twitter