Kubernetes Podcast from Google

Steven Kim is an engineering manager at Google, based in New York City, working on the Spinnaker project. In a companion piece to last week’s episode about CI and CD, Steven talks to Craig and Adam about how Spinnaker evolved from VMs to Kubernetes and support for other cloud native technologies. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Evoland 2 Stickers on the fridge Seat entertainment on Air New Zealand Link Last Week Tonight on the NZ flag Craig and Sir John Key News of the week Kubernetes for personal projects For - Caleb Doxsey and Hacker News discussion Against - Carlos Rodriguez and Hacker News discussion A developer onramp to Kubernetes with GKE Cloud Native Buildpacks enter the CNCF Sandbox AWS Service Operator for Kubernetes Limited availability of DigitalOcean Kubernetes etcdadm from Platform9 Introducing the Kubernetes Non-Code Contributors Guide Episode 21 interview with author Ihor Dvoretskyi Episode 5 on writing documentation Episode 11 on releases Pulumi explores how Kubernetes deployments work Health checking gRPC services in Kubernetes with grpc-health-probe Teleport v3 adds Kubernetes support Links from the interview Steven Kim on Twitter Spinnaker Slack Forums, please don’t troll Spinnaker Summit

Andrew Phillips (PM) and Lars Wander (Software Engineer) from Google Cloud talk to Adam and Craig about the difference between CI and CD, and how to apply these processes to your release and rollout processes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Scott Pilgrim vs. the World News of the week Kubernetes 1.12 released Google’s summary blog Kubecon NA 2018 schedule announced Rook moves to CNCF Incubator GSoC: Extending fuzzing coverage of Envoy News from Microsoft Ignite: Kubernetes support as the #1 networking feature of the upcoming Windows Server 2019 SQL Server 2019 Preview for Helm charts in Azure Container Registry Preview for OCI image formats Links from the interview The New Stack suggests the best CI/CD tool for Kubernetes doesn’t exist Weaveworks named the category of GitOps Jenkins X; Kubernetes-friendly Jenkins Spinnaker Kubernetes v2: Manifest support Spinnaker Slack Lars Wander Andrew Phillips

Dawn Chen, TL for SIG-Node and the Google Kubernetes Engine node team, joins Craig and Adam this week. She has worked on containers and container schedulers since 2007 - not a typo. We also bring you the news, in part from the echo chamber of Google Cloud Summit in Sydney. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Stickers! Google Cloud Summit in Hong Kong Google Cloud Next in London Gartner Symposium Orlando KubeCon Shanghai News of the week NetApp acquires StackPointCloud Cloud news: Sandbox pods on GKE Signup form Kubernetes tools for Azure Stack EKS can generate kubeconfig files! GSoC: katacontainer support in containerd, by Jian Liu linkerd 2.0 is GA Thomas Rampelberg tells you how to use it Cortex added to the CNCF sandbox Red Hat OpenShift Service Mesh, based on Istio Microservice observability with Istio at Trulia Contour 0.6 from Heptio Links from the interview Dawn Chen on GitHub The Borg paper Process containers (later ‘cgroups’): The first submission of containers to the Linux kernel Early coverage of process containers Paul Menage’s 2007 paper “Adding Generic Process Containers to the Linux Kernel” Dawn’s first job: tracking processes. Each job had its own GID - she would use netlink connection tracking to map processes and threads to GIDs, and, using procfs, figure out CPU and memory usage. Dawn’s second job: adjusting CPU usage using nice Today we just use memcg Fake NUMA - cut a machine into big chunks and assign them to groups of processes. Linux Plumbers Conference Tim Hockin’s presentation at the Linux Plumbers Conference in 2011, talking about the work Dawn’s team were doing lmctfy - Let Me Contain That For You In case you don’t get the joke It’s like runc and containerd SIG Node Node and lifecycle management Application management Container runtimes and kubelet Node problem detection Resource management GPU & TPU Security isolation gVisor and Sandbox Pods Logging and monitoring Was SIG Node the first SIG? Tied with SIG API Machinery How did we get to CRI? rktnetes was released with Kubernetes 1.3 Hyper_ containers (now Kata Containers) LXC and LXD kubevirt for running VMs instead of containers OCI CRI was released with Kubernetes 1.5 containerd and CRI-O Container RuntimeHandler, so some pods can run with one runtime and some with another

This week, your hosts talk to Ihor Dvoretskyi, Developer Advocate at the Cloud Native Computing Foundation, about SIG-PM, the Special Interest Group for Kubernetes Program, Product and Project Management. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter The Toto Washlet “Africa”, by Toto “Africa”, by Weezer feat. Weird Al Yankovic News of the week Tensor Processing Units (TPUs for short) are now available in Beta from Google Kubernetes Engine Tom Gallacher’s heart rate admission controller CNCF case study on Northwest Mutual Bank Pulumi released their Cloud Native SDK Join the Kubernetes 1.13 release team! Episode 10, on what the release team does Run Akka Cluster in Kubernetes Antony is trading in his Chevy for a Cadillac-ac-ac-ac-ac Elliot Forbes’ See-CAD notes Advanced health check patterns by Ahmet Alp Balkan Was Craig was referring to this, or this? Sysdig raises $68.5M Links from the interview Ihor Dvoretskyi on Twitter or GitHub SIG-PM - Program, Product and Project Management SIG-PM Intro Talk from KubeCon EU 2018

Justin Garrison is both a student and a teacher. A senior systems engineer in the media industry, he has boiled his experience and wisdom, as well as that of his co-author Kris Nova, into the book Cloud Native Infrastructure. He talks to Craig and Adam about the Kubernetes community and the process of writing. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter KubeCon NA ‘17 keynote: Your Philips Hue Light Bulbs Are Turned On By Kubernetes by Mark van Straten Philips Lighting case study on Google Cloud News of the week Cisco Hybrid Cloud Platform for Google Cloud is now generally available Enter the Cisco & Google Cloud Challenge! Win things! Consul + Kubernetes from Hashicorp Open Match announced by Google Cloud and Unity Agones 0.4.0 released Couchbase Autonomous Operator Amazon EKS now available in Ireland Google Cloud now available in Finland Platform9 introduces spot instance arbitrage External DNS 0.5.6 released Red Hat on Kubernetes and application servers Links from the interview mintCast, which featured Justin a long time ago Cloud Native Infrastructure book: website and O’Reilly The Economics of Writing a Technical Book Justin’s last KubeCon talk: Let’s Build Kubernetes, With a Spreadsheet and Volunteers! Justin Garrison on Twitter and GitHub Dashiell, rothgar/v2 Justin’s blog

Liz Rice from Aqua Security builds penetration testing tools for Kubernetes by day, and runs the KubeCon program by night. Adam and Craig dig into both topics. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam went to Battle Ground Lake State Park Adam and Craig are both going to Google Cloud Next in Tokyo (September 19-20) Craig is also going to Google Cloud Summits in Singapore (September 13), Sydney (September 26) and Hong Kong (October 10) News of the week Google Cloud grants $9M in credits for the operation of the Kubernetes project The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience CNCF to host TiKV in the Sandbox New CNCF members CNCF Survey Istio 1.0.1 Forbes contributor Janakiram MSV on Cloud Native TriggerMesh Amazon adds support for Horizontal Pod Autoscaler Kontena 1.3.0 Links from the interview Aqua Security kube-bench kube-hunter: GitHub Launch blog post Introduction video KubeCon & CloudNativeCon: Europe: Copenhagen, May China: Shanghai, November North America: Seattle, December

What does it take to support Kubernetes for other users? Kenneth Massada, a lead for GKE support at Google Cloud, tells Craig and Adam his story. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam lives in Seattle, which is on fire Craig baked some tasty cookies Using this recipe But not using Vegemite, British Marmite or New Zealand Marmite, which are three totally separate things. Only one of which is nice. Hint: it’s the last one News of the week 2018 Kubernetes Steering Committee Elections Binary Authorization on Google Kubernetes Engine kube-hunter from Aqua Security Video Blog Kubernetes issues and solutions from Alexander Lukyanchenko at Avito Cilium 1.2 released Accelerating Envoy with the Linux Kernel James Lee’s blogs on Kubernetes networking Amazon EKS supports GPU-Enabled EC2 instances Links from the interview etcd is hard: Configuration flags OpenAI suggestions on scaling Kubernetes to 2,500 nodes includes a separate events database Kubernetes docs on configuring and upgrading etcd Tina and Fred from Google SRE also discussed etcd on Episode 9 (Or use GKE, where we do it all for you) Other hard concepts: apiVersion: is hard spec: is hard Liveliness and readiness probes - don’t make them the same! Joe Beda thinks of YAML as machine code in Episode 12 What would Ken like to see changed in Kubernetes? Affinity and anti-affinity rules and topology keys Kenneth Massada on Twitter Or summon him with a GCP support case!

Jon Pulsifer is a Production Security Engineer at Shopify, and Canada’s biggest Kubernetes fan. Adam and Craig dig into why, and what Adam’s new mode of transport is going to be. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Sling TV using Kubernetes Tesla using Kubernetes? MITMproxy, Charles and Fiddler Intercept HTTP traffic exiting a docker container Adam has a lot of EconoLodge points Not as many as Software Defined Talk hosts Matt Ray and Michael Coté Craig thinks he should spend them on the Pepsi jet as seen in this wonderful video News of the week Service Networking in a Hybrid Infrastructure by Praveen Shukla from GoJek KubeCon and CloudNativeCon China Craig’s session 7 best practices for operating containers by Théo Chamley from Google Cloud kustomize on Homebrew for macOS Understanding the Container Storage Interface (CSI) by Anoop Vijayan Maniankara The Istio 1.0 Release Stream or jump straight to the part with Dan Ciruli from episode 15 Links from the interview Royal Canadian Navy - Canadian Forces NOC SANS institute and instructors Jon Pulsifer is a Production Security Engineer at Shopify Why Shopify Moved to The Production Engineering Model Production Engineering from Facebook SRE from Google They’re hiring! Shopify’s adopting Kubernetes and Google Cloud The evolution of Kubernetes security Before RBAC, you used to have to mount an empty directory over the service account to disable access to it seccomp and AppArmor RBAC PodSecurityPolicy gVisor and Kata Containers Planning for Secure Container Isolation in Kubernetes RuntimeClass enhancement proposal Binary Authorization Launch blog post Kritis - open source reference implementation of Binary Authorization (the judge) Grafaes - API spec for Container Analysis API Shopify Voucher, a tool that creates attestations for Binary Authorization and prevents the deployment of images that don’t meet Shopify’s security requirements. Jon’s talk on Binary Authorization at Google Cloud Next: Securing the Software Supply Chain Shopify’s $25,000 Kubernetes bug bounty payout What is a server-side request forgery? Getting started with security by reading kubesec.io Around Ottawa Kubernetes Ottawa meetup GDG Cloud Ottawa Jon’s car Jon Pulsifer on Twitter

Tim Kelton is co-founder and cloud architect for Descartes Labs. Prior to starting Descartes Labs, he was a R&D engineer for 15 years at Los Alamos National Laboratory, working on problem areas such as deep learning, space systems, nuclear non-proliferation, and counterterrorism. Tim talks to Craig and Adam about the use of Kubernetes and Istio in geopolitics, machine learning and food supply. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Cloud Native Computing Foundation Announces Prometheus Graduation OpenMetrics project accepted into CNCF Sandbox An Exciting New Direction for the Kubic project Demystifying RBAC in Kubernetes Kubebuilder 1.0 scaffolds (with a C) Kubernetes APIs and operators Getting Started GitHub Operator Lifecycle Management - it’s operators all the way down Links from the interview Descartes Labs Climate Change and Rising Food Prices Heightened Arab Spring Why DARPA Funded a Farm Tech Startup Announcing our $30M Series B Global-scale water monitoring in the cloud Beowulf clusters (a Slashdot meme) Omega and Borg papers Mountain biking in Sedona Descartes Labs Python client SRE books: Site Reliability Engineering The Site Reliability Workbook - free until August 23 Descartes Labs talks from Cloud Next ‘18: SRE Quality Operations for Your Services Using the Istio Service Mesh & Stackdriver - with Tim Kelton and Jay Judkowitz from Stackdriver Service Monitoring How Computers See the Earth: A ML Approach to Understanding Satellite Imagery with Kyle Story Building Multi-Tenancy ML Applications with GKE and Istio to Better Understand the Earth with Tim Kelton and Sam Skillman Descartes Labs GeoVisual Search - find the squares on the globe that look most like a given square Tim Kelton on Twitter

Istio has hit 1.0, and there’s no-one better to tell you about it than Jasmine Jaksic and Dan Ciruli from Google Cloud. Adam and Craig bring you this, as well as the news from the ecosystem. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes now in Docker Desktop Harbor enters the CNCF sandbox Azure Metrics Adapter CloudBees Core GA on AKS Red Hat OpenShift Container Platform 3.10 3.11 Codefresh Enterprise Synchronizing Kubernetes secrets with LastPass at Upside Istio nightly on EKS at Tetrate Links from the interview Announcing Istio 1.0 SRE Quality Operations for Your Services Using the Istio Service Mesh and Google Stackdriver, featuring Tim Kelton from Descartes Labs (who presented at the Toronto event two years ago, and has been using Istio in production since 0.2) Google’s Cloud Services Platform Kubernetes Podcast episode 13 on Cloud Services Platform with Aparna Sinha (It’s Dan’s favorite episode so far) Istio à la carte; a presentation by Dan Istio and the future of service meshes; an article by Jasmine The Istio project: The URL (The IP address is 104.198.14.52) Community page, listing Google Groups Rocket Chat for users Twitter Jasmine Jaksic and Dan Ciruli on Twitter