Kubernetes Podcast from Google

Adam and Craig end the year by talking to Jordan Liggitt, the member of the Kubernetes Product Security Team who fixed the recent critical security vulnerability in the Kubernetes API server. We also take a look at the news from KubeCon. This is our last episode for 2018. Thank you for your support this year, and we’ll be back on the 8th of January! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week etcd donated to the CNCF Chubby paper Raft paper Blog post on the relationship between Kubernetes and etcd by Gyuho Lee and Joe Betz Istio: Geekwire: Has Istio become the new cloud-native darling? Google launches Istio on GKE VMware NSX Service Mesh Aspen Mesh open beta In other service mesh news: A10 Secure Service Mesh Knative: Knative: bringing serverless to Kubernetes everywhere SAP: Extensibility on cloud-native stack Red Hat to deliver hybrid serverless workloads to the enterprise Pivotal launches Function Service GitLab and TriggerMesh announce GitLab Serverless Oracle Cloud Native Framework Microsoft: Osiris Azure Monitor for Containers is GA Phippy Goes To The Zoo Phippy, Captain Kube and friends now in the CNCF Digital Ocean Kubernetes now open to everyone Linode Kubernetes CLI Terraform scripts VMware closes its acquisition of Heptio For $550M Dell will go public again Quickfire Kubernetes security news NeuVector announced containerd and CRI-O runtime support in their container firewall Aqua’s Container Security Platform is now certified to cover the Kubernetes CIS benchmarks Lacework announced their configuration scanning platform covers Kubernetes Sysdig released Sysdig Secure 2.2, which adds Kubernetes audit events, and the ability to block deployments using Kubernetes admission controllers Twistlock released 18.11, which “introduces security visualization for Kubernetes, and compliance and security configuration checks for Istio, including new alerting integrations with PagerDuty, and cloud services Grafana Loki Thanos: Prometheus at scale Maestro – A declarative, no-code approach to Kubernetes Day 2 Operators rbacsync PlanetScale announces funding TechCrunch article Links from the interview Jordan’s suggested KubeCon talks to watch: Kelsey Hightower’s keynote, “Kubernetes and the path to serverless” Julia Evans’ keynote, “High Reliability Infrastructure Migrations” OpenShift before Kubernetes in 2014 Kubernetes Product Security Team CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections Listing in the National Vulnerability Database Originally filed as a bug against Rancher Rancher blog post How to report a vulnerability Proof of concept (third party) How it was fixed Distributor’s list Client certificate vulnerability in Kubernetes in 2016 Answering questions on Stack Overflow Jordan Liggitt on Twitter, GitHub, Slack or Stack Overflow

The Envoy proxy, a universal data plane for Cloud Native, has just graduated as the third top-level project in the CNCF. Craig and Adam talk to its author, Matt Klein from Lyft, about modern load balancing for microservices and pragmatically avoiding “second system” syndrome. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections Gravitational write up Proof of concept More cryptocurrency mining with exploited Kubernetes clusters Microsoft Connect(); AKS virtual nodes are in preview Virtual Kubelet joins CNCF GPU support for ACI ACS to be retired in favour of AKS Cloud Native Application Bundle Microsoft and Docker introduce Cloud Native Application Bundle CNAB spec Duffle DockerCon EU 2018: Docker releases Compose operator for Kubernetes Available on GitHub Docker Desktop Enterprise Hashicorp Vault 1.0 Upbound introduce Crossplane Available on GitHub GitLab moving to GKE Rook 0.9.0 — available you-guessed-where MicroK8s from Canonical: Announc4t Project p2e Available on G5b Links from the interview Envoy Recently graduated to top-level project at the CNCF Built at Lyft Replaces libraries like Finagle and Hystrix Introduction to modern network load balancing and proxying Envoy contributors Istio, built on Envoy Turning down the VC money: Why Matt isn’t starting an Envoy company Service mesh data plane vs. control plane Matt Klein on Twitter Matt’s blog

If you’re running on-prem, and you say set up a Service type=LoadBalancer, what happens? Does your cluster call your NOC and have them order you a Juniper router? MetalLB is a popular answer to that question. Your hosts discuss load balancing with MetalLB’s author, Google Cloud SRE David Anderson. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes 1.13 released Critical vulnerability in all Kubernetes versions Kubernetes is the most popular skill in tech, according to Indeed’s Hiring Lab Envoy graduates to a full CNCF project AWS re:Invent Firecracker MicroVM Integration with containerd Instructions for running on GCE with nested virtualisation AWS App Mesh In-place EKS upgrades! Windows support! (Citation needed) Istio on GKE released Agones 0.6.0 released Episode 26 with Mark Mandel and Cyril Tovena Links from the interview MetalLB BGP and OSPF Katran, a load balancer from Facebook David Anderson on Twitter

Kontena Pharos is a Kubernetes distribution which “just works”, even on bare metal. Adam and Craig talk to Kontena’s CTO, Jari Kolehmainen on the decisions required to distribute Kubernetes and heating your house with bare metal. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Wayne The Batman of China Dive Weave Scope releases 1.10 KubeCon US waitlist containerd Beta in GKE Cyber Monday savings on Kubernetes courses and certification from the Linux Foundation Links from the interview Kontena About Kontena Pharos 2.0 release announcement CoreOS Matchbox for PXE boot Heating houses with nerd power Jari Kolehmainen on Twitter

In some ways, China has a parallel Internet to the West. Is that Internet powered by Kubernetes? Of course! Joe Zou, PaaS Product Center Director at Tencent Cloud, talks to Craig and Adam about Kubernetes in China. Thanks to our translator, Rae Wang. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Container Storage Interface 1.0.0 Harbor moves to Incubator in CNCF JD.com wins CNCF Top End User award Google Cloud introduces Kubeflow Pipelines Submit a proposal to KubeCon EU 2019 Episode 19 with 2018 co-chair Liz Rice Episode 29 with 2019 co-chair Janet Kuo Rookout debugging for Kubernetes Stackdriver Debugger Scalyr adds more Kubernetes logging support CNCF Asia usage survey Links from the interview Tencent Products and Services Tencent Open Source TARS RPC framework Tencent Cloud Tencent Kubernetes Engine PUBG

On the eve of the first KubeCon in China, your hosts talk to co-chair and Google software engineer Janet Kuo about the program, and her work with SIG Apps. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week VMware acquires Heptio: VMware blog Heptio blog Madrona blog (one of their investors) Pivotal blog Cisco integrates on-prem Kubernetes with Amazon Web Services Kontena launches Pharos 2.0 Nabla Containers v0.2 The Kubernetes API Server by Dominik Tornow and Andrew Chen CNI Plugins for Kubernetes by Steven Acreman The Beginners Guide to the CNCF Landscape IceCubeCon from Mesosphere Tweet us your puns! Links from the interview SIG Apps Workloads API goes GA Garbage collection Application CRD KubeCon China 2018 Episode 19 with co-chair Liz Rice Talks on genetics and bicycles Janet Kuo on Twitter

TriggerMesh is a new serverless management platform built on top of Knative. Co-founder Sebastien Goasguen joins Adam and Craig to discuss serverless, and potential trips to space. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week James Acaster: Live or on Netflix Card game Gloom PC game Grim Fandango We’re on Spotify! Peter Benjamin’s list of Kubernetes resources News of the week TriggerMesh announced Istio 1.0.3 Contour 0.7.0 Peloton from Uber GSoC 2018: Building a Conditional Name Server Identifier for CoreDNS Azure news: Azure retiring old Kubernetes versions Azure launches OPA controller Kubernetes Dashboard via Azure Cloud Shell AKS now available in UK West, South India and East Asia are next Links from the interview Sebastien’s books: CloudStack, Docker, and Kubernetes Cookbooks Background: Computational science and Maxwell’s Equations Grid computing and Beowulf clusters Cloudstack European astronaut selection Kubeless, built with Nguyen Anh-Tu Other projects: Fission, Riff, Nuclio Knative Knative Build system Istio TriggerMesh The Triggerfish tm Knative client Runtime for OpenFaaS functions Runtime for Azure Functions Early Access Program signup Sebastien Goasguen on Twitter

Sarah Novotny is Head of Open Source Strategy at Google Cloud and a board member of the Linux Foundation (the parent of the CNCF). She joins Craig and Adam to talk about the evolution of the Kubernetes community, governance models and Codes of Conduct, and how nascent open source communities can learn from it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Cake! Lord’s Cricket Ground Tour The Play That Goes Wrong Bohemian Rhapsody Mr Robot (no link provided!) Castlevania and its video game News of the week IBM enters into agreement to acquire Red Hat: Joint press release IBM blog post Red Hat blog post OpenShift Container Platform 3.11 Introducing Red Hat OpenShift Container Engine IBM Container Service now available in Milan, Italy Mirantis Cloud Platform Edge Mesosphere Kubernetes Engine Kubedex On-Prem and Dolos gRPC-Web has gone GA Whose Pod Is It Anyway? FoundationDB Summit announced CNCF planning “Global South” outreach Links from the interview OSCON Announcement of Kubernetes 1.0 Announcement of the CNCF Raven Rock - a book Sarah read while setting up the CNCF Conway’s Law Paxos and Byzantine Generals CNCF Code of Conduct We Don’t Do That Here by Aja Hammerly Sarah’s 2017 KubeCon NA talk Hiding behind a Viewmaster Julian Cash, photographer Find Sarah: at KubeCon China or Kubecon NA as sarahnovotny on Twitter or LinkedIn

Ubisoft and Google Cloud have extended Kubernetes to support dedicated game servers. Cyril Tovena, a Technical Lead from Ubisoft in Montreal, and Mark Mandel a Developer Advocate at Google Cloud, lead the project. They talk to Adam and Craig about what they had to do, the Agones community, and how you can apply it to your Enterprise Software. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Pub quiz success News of the week Kubernetes v2 Provider for Spinnaker Episode 23: Spinnaker, with Steven Kim Episode 24: Continuous Integration and Continuous Delivery, with Andrew Philips and Lars Wander Spinnaker 1.10 Codelab: Continuous Delivery to Kubernetes Using Spinnaker KubeCon NA Contributor Summit The Forrester New Wave™: Enterprise Container Platform Software Suites, Q4 2018 Kubernetes Steering Committee election resutls Kubernetes High Availability, by Dominik Tornow from SAP and Andrew Chen from Google Cloud Kubernetes Deep Dive by Nigel Poulton on A Cloud Guru, from listener mail 1.12 Release Retrospective by Tim Pepper from VMware Admiralty’s Multicluster Controller The Lord High Admiral Best practices for building Kubernetes Operators and stateful apps by Palak Bhatia and Jun Xiang Tee from Google Cloud Pulumi raises $15M Links from the interview Agones website Agones on Twitter Ubisoft Montreal Mark’s blog Proper pronunciation Elbow Kubernetes Cluster Registry OpenMatch Joe Beda’s TGIK on writing a controller Mark and Cyril on Twitter

GKE container-native load balancing enables Google Cloud load balancers to target Pods directly, rather than the VMs that host them, and to evenly distribute their traffic. Product manager Ines Envid and staff software engineer Neha Pattan explain how. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Adam meets Orlando Craig meets a Banksy News of the week GKE Private Clusters are GA Announcing Cloud NAT and Container-Native Load Balancing Amazon Elastic Container Service for Kubernetes now supports dynamic admission controllers Fast Kubernetes development with Skaffold 0.16.0 New Cloud Foundry support for Kubernetes Managing Kubernetes from O’Reilly; sign up for a free e-book version courtesy of Heptio Days of Kubernetes 1.12 Past: Volume snapshots, RuntimeClass and topology-aware volume provisioning Kubedex: GKE vs EKS vs AKS vs IKS vs ACCSK New Relic acquires Coscale Links from the interview GKE container-native load balancing: Launch blog post Documentation Configuring services with an annotation to preserve source IP VPC-native clusters with Alias IPs Network Endpoint Groups