Kubernetes Podcast from Google

When you think of a service mesh, you probably think of “sidecar containers running with each pod”. The Istio team has come up with a new approach, introduced recently as an experimental preview. Google Cloud software engineers Justin Pettit and Ethan Jackson join Craig to explore ambient mesh. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Listening immediately and listening on a 1 year delay Death and state funeral of Queen Elizabeth II The Queue What the queue says about our relationship with royalty News of the week Cloud Custodian becomes an incubating project Anthos VM support GKE control plane metrics CVE-2022-3172: Aggregated API server can cause clients to be redirected CVE-2021-25749: runAsNonRoot logic bypass for Windows containers Akuity Platform Episode 172, with Jesse Suen Weave GitOps 2022.09 Coroot Community Edition Constellation, by Edgeless Systems Register for Google Cloud Next Dell and Red Hat expand strategic collaboration Links from the interview Nicira Open vSwitch Introucing Ambient Mesh Service mesh First mention of Ambient in 2018 No first class support for sidecars in Kubernetes Istio working group meeting, August 2021 Remote proxy proposal HBONE: HTTP/2-based overlay network environment mTLS HTTP Connect GIF MASQUE and QUIC Get started with Ambient Mesh Ambient Mesh Security Deep Dive Justin Pettit and Ethan Jackson on Twitter

Kateryna Ivashchenko is a Senior Demand Generation Manager at Teleport, an organizer of community events, and a supporter of the developer community in her home country of Ukraine. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Introducing Ambient Mesh in Istio Istio 1.15 Linkerd 2.12 Linkerd and the Gateway API Symbiosis Cuber nay-tace Reddit discussion VMware Tanzu announcments from VMware Explore Isovalent raises $40m Series B Kubernetes Blog: PodSecurityPolicy: The Historical Context Pod Security Admission Controller in Stable CSI Inline Volumes have graduated to GA cgroup v2 graduates to GA Kubernetes was never designed for batch jobs by Kurt Schelfthout 7 years of GKE General Availability Links from the interview Portworx Teleport 24 February 2022: Russia invades Ukraine BeyondCorp Teleport open source hunter2 Okta breach Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg War in Ukraine Kateryna’s sister’s T-shirt Independence Day Chris Lentricchia and Operation Dvoretskyi CNCF crowdfunding DevOpsDays Kyiv International Snack Exchange Kateryna Ivashchenko on Twitter

It’s release day! We discuss today’s Kubernetes 1.25 with release team lead Cici Huang, Software Engineer at Google Cloud. What’s in, what’s out, and what is it like to lead a release you are also promoting a feature in? Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Nelson underwater England underwater A picture of a sheep Follow Craig on Twitter for more like that News of the week Kubernetes 1.25 release Introducing Acorn Acorn Labs: Rancher Co-Founders’ New Kubernetes Startup by Christine Hall Episode 57, with Darren Shepherd GKE updates: New observability metrics GKE Autopilot now default 256 pods per node KubeCon schedule published Cloud Native Rejekts Scaling Kubernetes to thousands of CRDs by Nic Cope Links from the interview IBM Watson Kubernetes Community Awards SIG API Machinery Chair & Cici’s hiring manager: Fede Bongiovanni Kubernetes 1.25 release team Release blog Highlights: PodSecurityPolicy is removed; Pod Security Admission is stable cgroups v2 KMS v2alpha1 CRD valdation experession language Registry change Kubernetes 1.24 delay Theme and logo Envelopes: 1.24 lead: Episode 178, with James Laverack 1.26 lead: Leonard Pahlke Cici Huang on GitHub

Three years after they were first proposed, the new Kubernetes Gateway APIs - the evolution of the Ingress API - are in Beta. Rob Scott is a software engineer at Google and a lead on the SIG Network Gateway API project. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Hot hot hot Stevenson screen Heathrow Airport Kew Gardens RAF Coningsby News of the week Argo security audit: Argo blog ADA Logics blog Episode 172, with Jesse Suen Kubernetes Cluster API integrates continuous fuzzing The report OSS Fuzz Cilium 1.12 GKE Cluster Autoscaler location policy The quest for neutrinos Ray traced Quake II Links from the interview Gateway API Spire Labs Fairwinds rbac-manager Polaris Episode 104, with Bowei Du Ingress Gateway API concepts and role-orientation Roles and resource model GatewayClass GKE implementation of GatewayClass Conformance tests Policy attachment Gateway Routes Gateway API goes to Beta GRPCRoute Gateway Enhancement Proposal (GEP) Istio APIs that influenced the Gateway API GAMMA Initiative Istio support for Gateway API SMI community joining Gateway API on GitHub Santa Cruz Moutains Rob Scott on Twitter and LinkedIn

Ian Miell, partner at consultancy Container Solutions, talks about the benefits of writing for learning and team effectiveness. Other topics include online gambling politics, building software for startups and enterprises, the benefits of being a tech consultant, and exploring finance topologies for technology transformation.

Why does a car manufacturer own an IT company? How did that IT company end up running 900 Kubernetes clusters, starting at version 0.9? Craig asks these questions and more of Sabine Wolz, Product Manager at Mercedes-Benz Tech Innovation. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Live UK political coverage on the day of recording. As predicted, news happened slightly faster than publication, and at the time of release, Boris Johnson is expected to resign as Conservative Party leader today. Shibboleth Lord of the Rings TV show moved to UK News of the week GKE Cost Allocation CubeFS accepted as CNCF incubating project Bare metal deployments for EKS Anywhere Episode 142, with Gianluca Arbezzano Cubernetes Episode 20, with Justin Garrison OpenShift Service Mesh 2.2 Tanzu Mission Control adds FluxCD Pixie plugins What GKE users need to know about Kubernetes’ new service account tokens, by Taahir Ahmed Kubernetes is a red flag signalling premature optimisation, by Jeremy Brown Hacker News discussion eBPF Summit 2022 Links from the interview Mercedes-Benz Tech Innovation Mercedes-Benz and Daimler Truck How should electric vehicles sound? Ulm and its church Sabine’s KubeCon keynote How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime: Tobias Giese & Sean Schneeweiss Game theory FOSS Manifesto Inner source CNCF End User Community The promise of flying cars Sabine Wolz on LinkedIn

Gone are the days of working at the same company for 50 years. Consultants and contractors bring specialised experience to many companies in short bursts. Steve Wade is an independent Kubernetes consultant and trainer, and he tells us how that became the life for him. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Queen Bourton-on-the-Water, fire in the sky Model village Model village inception News of the week New GKE features: eBPF and IP masquerading in GKE Autopilot Dual stack networking Time-shared GPUs Confidential GKE nodes Paralus (by Rafay) Furiko (by Shopee) New CNCF Sandbox projects: Clusterpedia OpenCost Aeraki Mesh Curve OpenFeature Kubewarden DevStream Traefik Hub Cyble’s exposed Kubernetes clusters Bitnami index FAQ Links from the interview Premier League Tesco Consultants and IR35 KSOC Indian food Steve Wade (1987) on Twitter

As we move further up the stack, we rely on many foundations – including storage. Alex Chircop is co-chair of the CNCF Storage Technical Advisory Group (TAG), as well as founder and CEO of Ondat (formerly StorageOS). Join us to learn why no app is truly stateless, and how data is the new storage. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Crowded House snippets: Distant Sun Sister Madly Don’t Dream It’s Over (you know this one) Weather With You Something So Strong How Will You Go News of the week Kubernetes 2021 annual report and blog post discussing it SUSECon news SLSA Level 4 The State of CD 2022 report Introducing OpenCost Spec Episode 124, with Webb Brown OSTIF and ADA Logics posts discussing the CRI-O project audit Bitnami Helm chart pruning and Reddit discussion Upcoming Code of Conduct changes at the CNCF Links from the interview Goldman Sachs on Google Cloud Episode 181, with Justin Santa Barbara KubeCon EU 2016 CNCF TAG Storage Data on Kubernetes community CNCF TAGs CNCF Storage WG talk at KubeCon EU 2019 CNCF TAG Storage talk at KubeCon EU 2022 Kubernetes SIG Storage Xing Yang CSI and COSI Quinton Hoole Federation, aka “Ubernetes” Whitepapers: Storage Disaster Recovery Ondat Updog Alex Chircop on Twitter

What is configuration as data, how is different from infrastructure as code, and why can’t anything just be itself anymore? We posed these questions and more to long-time Kubernetes contributor Justin Santa Barbara at KubeCon EU, and this episode is the result. Justin created the kOps project and now leads the team at Google that makes Kubernetes easier to consume. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week #kubecovid Alhambra La Alhambra Cats of the Alhambra News of the week Cloud Native at Microsoft Build Azure Container Apps are GA AKS updates Docker acquires Tilt Broadcom acquires VMware FT coverage Customer reaction from The Register Istio 1.14 GKE Cost Estimator Goodbye to Katacoda Take the DORA survey or read the 2021 report Links from the interview FathomDB Meteor acquires FathomDB for its development platform Sherlocking OpenStack kOps GitHub Configuration management tools Infrastructure as Code JSON, YAML, Proto and INI Helm values.yaml Kubernetes Resource Model (KRM) kustonize kpt Package management Configuration as Data announcement blog Porch kpt functions Backstage Config Sync and Config Connector Kubernetes component configuration Cluster API Justin Santa Barbara on Twitter

Live from Valencia, it’s KubeCon EU! Craig talks to conference co-chair and CERN computer scientist Ricardo Rocha about the event, and what it’s like to be in a room full of people again. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 9am Karaoke News of the week CNCF news from KubeCon EU: SlashData survey 800 members Boeing Coinbase Prometheus Certified Associate Google Cloud improves GitOps usability with Config Sync and Porch kpt Other Google news from KubeCon Tetragon from Isovalent Envoy Gateway Infra Ask HN with the creators Cloud Foundry launches Korifi SUSE NeuVector is open source CloudNativePG from EnterpriseDB All the other options Assured Open Source Software from Google Cloud Recent Guest news: Akuity announces $20m Series A (episode 172) Komodor raises $42 million Series B (episode 153) Deepfence launches Deepfence Cloud (episode 173) Lightning Round Armory announced public early access to their new Continuous Deployment-as-a-Service product Aserto announces its ”better together” approach to authorization by bringing together OPA, OCI, and Sigstore Bunnyshell Introduces support for multi-repository Terraform with full-stack drift management and GitOps Calyptia announces the General Availability of Calyptia for Fluent Bit, CAST AI introduces advanced Autoscaler for AKS Clastix launches Kamaji, a new open source tool for Managed Kubernetes Service CloudCasa by Catalogic expands to support Microosft AKS Codenotary combines Community Attestation Service with background vulnerability scanning CodeZero Launches Surf, a new developer tool for observability in pre-production Kubernetes environments CrateDB introduces Logical Replication D2iQ Partners with GitLab DataCore Bolt container-native storage software now GA; built on their acquisition of Mayadata Datadog launches Application Security Monitoring and support for OpenTelemetry Protocol in the Datadog Agent, Deepfactor partners with Synopsys to help developers resolve cloud native supply chain security risks env0 enables full-stack IaC deployment and management with native Kubernetes support Era Software introduces EraStreams Fairwinds Insights unifies DevSecOps with additional shift-left enhancements GitLab free tier adds pull-based Kubernetes deployments Google announced a new low-cost, high-usage pricing tier for Google Cloud Managed Service for Prometheus HCL Technologies launches Kubernetes migration platform Kasten by Veeam launches K10 v5.0 released Runecast adds CI/CD integration and image scanning Lacework introduces new Kubernetes Audit Logs monitoring Loft Labs announces a Cluster API provider for vcluster NetFoundry embeds zero trust into Prometheus New Relic introduces low-overhead Kubernetes monitoring and Pixie plug-in framework Pure Storage’s new Database as a Service platform is GA Replicated introduces community licensing and pre-flight checks SphereEx releases DB-Plus Suite Snapt announces security package to run Kubernetes in public cloud SPIRE now runs on Windows Sysdig launches new Advisor and Sysdig Open Source leverages Falco plugins SysEleven unveils MetaKube Operator Timescale announces OpenTelemetry Tracing support for Promscale Vultr Kubernetes Engine now Generally Available Zesty Disk for Kubernetes introduced Links from the interview Episode 62 Lukas Heinrich Clemens Lange CERN LHC Computing Grid Large Hadron Collider Kubeflow Data on Kubernetes Community CNCF Research User Group CNCF TOC Volcano moves to incubation KubeCon EU 2022 Episode 165, with Jasmine James Selection process report for KubeCon EU KubeCon China 2021 Research track Puppies at KubeCon NA 2019 Code, mountains and flying Kubernetes on an F/16 Ricardo Rocha on Twitter and on the web