When is it safe to run software? When is it safe to drink orange juice? Are we a better judge of one or the other? Santiago Torres-Arias is an Assistant Professor at Purdue University, the team lead of the in-toto project, and a contributor to The Update Framework. He joins Craig to talk security in both physical and software supply chains. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Don’t Forget The Lyrics Gettin’ Jiggy Wit It Explained on Genius Will Smith on Top Gear The Oscars thing (CW: violence, cuss words that Will Smith didn’t used to have to rap to sell records) He’s The Greatest Dancer by Sister Sledge; written by Bernard Edwards and Nile Rodgers of Chic News of the week New Cisco Intersight Kubernetes features Red Hat OpenShift v4.10 ChaosNative acquired by Harness Azure PlayFab launches Thundernetes Episode 26, with Cyril Tovena and Mark Mandel Hacker News commentary Weave GitOps v2022-03 Qumulo for Kubernetes SpectroCloud raises $40m Pinterest: 99% to 99.9% SLO, high performance control plane Uber: Avoiding CPU throttling in a containerized environment Links from the interview in-toto The Update Framework Purdue University Elmore Family School of Electrical and Computer Engineering Purdue Boilermakers Open Source Software Senior Design Projects NYU Tandon School of Engineering Justin Cappos PolyPasswordHasher Episode 155, with Priya Wadhwa apt-secure for Debian packages A keysigning and a signed PGP key Farm to table attestation Potato tracking An example of E. coli in lettuce in-toto record Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack by Trevor Rosen, Solarwinds Reflections on Trusting Trust by Ken Thompson Secure Publication of Datadog Agent Integrations with TUF and in-toto US Executive Order on Improving the Nation’s Cybersecurity Readout of White House Meeting on Software Security sigstore in-toto is the second most used format for sigstore SPIFFE SLSA in-toto moves to incubation in the CNCF CFSSL Math rock Covet: “falkor” TTNG: +3 Awesomeness Repels Water Bird of the Year The kea Breaking a police car Santiago Torres-Arias on Twitter and at badhomb.re

ThreatMapper is an open source tool that hunts for vulnerabilities in your production Kubernetes environment, and ranks them based on their risk of exploit. It is built by Deepfence, who also sell a commercial product based on it called ThreatStryker. Co-founder/CEO Sandeep Lahane and head of products/community Owen Garrett join Craig to discuss how to decide what to open and what to keep closed, and just how deep his fence needs to be. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 171, with Frederic Branczyk Ahmet Alp Balkan’s coffee beans French press Moka pot News of the week Go 1.18 released Go now with Google Cloud Continuous fuzzing in etcd Veritas says Kubernetes is an Achilles Heel in defense against ransomware attacks ARMO’s changelog for the NSA/CISA hardening guide KubeScape Cloud Native Developer Bootcamp Use the code K8SPC30 for 30% off, if it’s before April 19, 2022 when you read this Plural launches with $6m seed round Launch HN post Speed boost on Docker Desktop for Mac Track the Ever Forward Links from the interview Deepfence ThreatMapper: the open source project ThreatStryker: the commercial product A failed startup story Heartbleed Buffer overflow Address Sanitizer Intel SGX Chrome sandbox Intel MPX Spectre and Meltdown NGINX (the company) eBPF Forward secrecy Deepfence’s Series A announcement Shifting left Behind 2 proxies MITRE ATT&CK matrix Cyber Kill Chain ThreatMapper on GitHub What’s new in ThreatMapper 1.3.0? Sandeep Lahare and Owen Garrett on Twitter

The Argo project is a set of four tools to help “get stuff done” with Kubernetes: Workflows, CD, Rollouts and Events. Jesse Suen is a creator of the Argo project and co-founder and CTO of Akuity, a company set up to provide commercial support for it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Daylight saving time Container ship follow-up News of the week Backstage and in-toto join the CNCF Episode 136, with Lee Mills and Matt Clark Episode 155, with Priya Wadhwa Gloo Mesh 2.0 announced at SoloCon The New Stack coverage Linkerd failover operator cr8escape vulnerability in CRI-O GKE Autopilot vulnerabilities disclosed by Palo Alto Networks Updated Kubernetes hardening guide (PDF) KubeCon EU 2022 schedule Inside the numbers CNCF Observability micro-survey run:AI raises $75m Links from the interview Argo Project Argo (film) Jason and the Argonauts Applatix Pratik Wadher and Rahul Dhide Argo Workflows Applatix acquired by Intuit; Intuit acquired Applatix Marianna Tessel Alex Matyushentsev The archived Argo CI Argo CD Argo Rollouts GitOps Engine: Flux CD Argo and Flux joining forces First release of the GitOps Engine FAQ about why this didn’t work out Remote vs Core Argo Events Original BlackRock announcement Argo in the CNCF Akuity The many Aaron Court Motels App of Apps ApplicationSets Join the CNCF Slack Argo Workflows and CD community meetings Jesse Suen on Twitter

The fourth horseman of the apocalypse observability, according to Frederic Branczyk, is continuous profiling. Frederic is founder and CEO of Polar Signals and creator of the Parca open source project. He and Craig talk all things Cloud Native observability. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Bad news from Australia: Shane Warne died National emergency called over flooding Strange news Photoshopped fridge magnets Cookery books News of the week Knative accepted as a CNCF incubating project Google Cloud Managed Service for Prometheus is GA k8ssandra 2.0: operator boogaloo Merbridge: eBPF for Istio by DaoCloud New Kubernetes experience in New Relic CVE-2022-0492 coverage: Unit 42 by Palo Alto Networks Jordy Zomer Links from the interview Frederic Branczyk Over-engineering coffee: Niche Zero grinder Decent Espresso Prometheus Creation at SoundCloud Observing the Kubernetes stack: SIG Instrumentation kube-state-metrics Prometheus Operator Thanos Grafana Loki Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers Shades of blue are no joke when they make you $200m KubeCon EU 2019 Keynote: …What Does the Future Hold for Observability? - Tom Wilkie & Frederic Branczyk Polar Signals Parca Introducing Parca and getting funded Parca on GitHub Episode 163, with Thomas Dullien Flame graphs and icicle graphs PARCA: Program for Arctic Regional Climate Assessment Pyrra by Matthias Loibl Frederic Branczyk on Twitter

Six years after its creation, Kubernetes is the subject of its very own documentary film. Job platform Honeypot has released. Josiah McGarvie was Honeypot’s head of video, and the lead filmmaker for Kubernetes: The Documentary. Join us for the director’s commentary. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 21, with Ihor Dvoretski Ihor joins the army Donate to: Come Back Alive Ukrainian National Bank The International Committee of the Red Cross Red Cross Red Crescent News of the week Podman 4.0.0 Episode 164, with Daniel Walsh and Brent Baude Signadot announces public beta Okteto raises $15m Series A Episode 125, with Ramiro Berrelleza Platform9’s Enterprise Trends in Cloud Native report. Robin.io acquired by Rakuten Symphony TechCrunch coverage Superbowl ad Links from the interview Kubernetes: The Documentary Part 1 and Part 2 Honeypot What is Honeypot? Honeypot documentaries Elixir Ember GraphQL Vue.js Chad Torbin at Speakeasy Strategies Guillermo López Explaining Kubernetes to a child Bohemian Rhapsody (film) Docker’s 1-year anniversary Netflix Kanye West documentary Aspect ratios Some PHP source code Tim Hockin’s t-shirts A wild Kubernetes Podcast sticker Recommended on LinkedIn The Simpsons go to Australia Brisbane Documentary Company Josiah McGarvie on Twitter

Anna Belak learned about containers and security as a Gartner industry analyst. She is now the Director of Thought Leadership at Sysdig, who have just published their latest annual Cloud Native Security and Usage Report. Anna joins Craig to dicuss the report’s findings. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Chaos Mesh moves to Incubation in CNCF Episode 121, with Ed Huang Google raises payouts for Kubernetes vulnerabilities 2021 VRP roundup Sysdig teams up with Snyk, Snyk teams up with Sysdig $25m investment in KubeCost Episode 124, with Webb Brown Links from the interview Sysdig Cloud Native Security and Usage Report 2022 The last time we had a materials engineer on the show Tricking a rock into thinking Why Software is Eating The World Can analysis be worthwhile? Is the theater really dead? Industry analysts Anna Belak at Gartner Doge. Much wow Sysdig $2.5 billion valuation Beginnings Source code Episode 91, with Leonardo Di Donato Tectonic Summit, 2015 Loris Degioanni Episode 137, with Michael Gerstenhaber Sysdig’s changing reports: 2017 2018 2019 2020 2021 GKE Autopilot Are we human, or are we dancer? Anna Belak on Twitter

We’re back for 2022 with a look at Rancher Desktop, which recently hit 1.0. Its creator, Matt Farina, is today’s guest. Matt is a Distinguished Engineer at SUSE, was a founding chair of Kubernetes SIG Apps, and was recently appointed to the CNCF TOC. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes: The Documentary Sysdig Cloud Native Security and Usage Report Rancher Desktop 1.0 Microshift from Red Hat Docker’s second fiscal year Solo announces Bumblebee Istio 1.13 IstioCon announcement Google Cloud Deploy GA GKE Cost Optimization Insights GA Anthos Service Mesh on GKE Autopilot cluster OpenMetrics moves to Incubation phase Episode 37, with Richard Hartmann CNCF archives the OpenTracing project Kubernetes policy management paper CNCF 2021 survey results Links from the interview Matt Farina General Dynamics Land Systems Drupal Palintir (not that one) HP donates patents to support Linux HP acquires Stackato Cloud Foundry distribution CNCF Landscape Or not Helm SIG Apps Artifact Hub) What is the Artifact Hub? Rancher Labs acquired by SUSE Episode 57, with Darren Shepherd Open source from SUSE/Rancher Rio Longhorn Epinio Kubewarden Rancher Desktop Announcement 1.0 release Slashes kube-solo nerdctl k3s and k3d Matt Farina joins the CNCF TOC Cloud Native Podcast Episode 102, with Matt Butcher Matt Farina on Twitter

Learn all about what’s new in today’s Kubernetes 1.23 with its release team lead, Rey Lejano. Rey is a Field Engineer at SUSE/Rancher Labs, and a contributor to the Docs, Release and Security SIGs. Long time listener Adam also drops by to ask Craig what’s been happening with the hiatus. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Ted Lasso Filming locations Knative applies to become a CNCF project Links from the interview African clawed frog Cross-fertilization and structural comparison of egg extracellular matrix glycoproteins from Xenopus laevis and Xenopus tropicalis ITIL RX-M 1.18 release team 1.23 release team Kubernetes 1.23: The Next Frontier Odd numbered Star Trek movies Star Trek V: The Final Frontier SIG Release Charter Enhancements: Dual stack IPv4/IPv6 - Stable Pod security admission - Beta TTL After Finished Controller - Stable Auto delete PVCs created by StatefulSets - Alpha Skip Volume Ownership Change - Stable Generic Ephemeral Inline Volumes CronJobs Deprecation of FlexVolumes Deprecation of klog flags HorizontalPodAutoscaler v2 API - Stable Ephemeral containers - Beta kubectl events improvements - Alpha Kubelet CRI support - Beta 1.22 interview with Savitha Raghunathan 1.24 lead: James Laverack Kubernetes Contributor Celebration Rey Lejano on Twitter

We celebrate the launch of Knative 1.0 with Ville Aikas, who has been with the project since the beginning. He was also with the Kubernetes team at the beginning, and thus we cannot resist a Pete Best comparison. We also celebrate Jimmy’s last show as our guest host with a rapid-fire Kubernetes quiz. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Jimmy graduates! CNCF Landscape The menu at the Cheesecake Factory In-n-Out Secret Menu Links from the interview Important programmers from Finland Paddington Bear University of Washington Google Voice Google Cloud Storage Read-after-write consistency The Fifth Beatle Knative Serving Eventing Build, which became Tekton Pipelines Did we market Knative wrong? by Ahmet Alp Balkan Duck typing Rubber duck debugging Extending Knative for Fun and Profit, by Matt Moore & Ville Aikas Subresources Proposal for custom subresources for CRDs Google Cloud Run IBM Cloud Code Engine Knative steering committee and technical oversight committee Great artists steal Chainguard Episode 152, guest hosted by Dan Lorenc Episode 47, with Kim Lewandowski SLSA Sigstore Ville to present at Knative community meetup on November 17 Craig presented Knative at the Kubernetes Colorado meetup in July 2018 Seattle Kraken Ville Aikas on Twitter

Jasmine James is an Engineering Manager within the Engineering Effectiveness organization at Twitter, focused on their internal developer experience. She is also the latest co-chair of KubeCon + CloudNativeCon, starting with the North America event last week. Jasmine joins us to talk about being in the same room as other people - up to 3,000 of them - for the first time in a long while. The cover art for this show is courtesy of the CNCF and licensed under CC-BY. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the last wee while KubeCon NA 2021 Google Cloud Next ‘21 SREcon21 William Shatner’s words after touching the edge of the final frontier Adele to release a new album Common People Shatner’s new album “Bill” News of the recent past Google Cloud Next: Google Distributed Cloud Edge and Hosted BigQuery Omni is GA Anthos for VMs Managed Service for Prometheus VMworld VMware Tanzu Community Edition Cartographer for supply chain choreography KubeCon + CloudNativeCon CNCF announces record number of new silver members KCNA entry-level certification Cilium joins the CNCF Triggermesh becomes open source Codefresh replatforms on upstream Argo Cloud Native security microsurvey results Introducing Chainguard Episode 152, guest hosted by Dan Lorenc Episode 47, with Kim Lewandowski Kubernetes documentary trailer Links from the interview Atlanta AT&T Delta Air Lines Avoiding the weeds in the Cloud Native Landscape at KubeCon NA 2018 Q&A with Jasmine James, newest KubeCon co-chair The selection process for KubeCon NA 2021 Upcoming CNCF events Co-co-chairs: Episode 117, with Constance Caramanolis Episode 130, with Stephen Augustus Keynotes of note: Three Developer Experience keynotes from Constance, Jasmine, and Robert Duffy A Vulnerable Tale about Burnout by Julia Simon The Road to Multicluster by Kaslin Fields Episode 62, with Ricardo Rocha, Lukas Heinrch and Clemens Lange Interaction wristbands Horseback riding and fishing Jasmine James on Twitter