Red Hat maintains a full set of container tools and libraries, bringing their pedigree in security and operating system engineering. The most notable of those tools, Podman, has had a surge in popularity this month, after Docker announced changes in their subscription model. Daniel Walsh leads the Red Hat containers team, and Brent Baude is the architect and primary maintainer of Podman. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Ira Glass in the wardrobe News of the week Announcing Google Cloud Deploy DORA Accelerate State of DevOps 2021 report Mirantis Flow “reinvents the datacenter” Episode 110, with Adrian Ionel Deis Labs introduces Hippo Accelerating new features in Docker Desktop Distroless builds are now SLSA 2 Episode 155, with Priya Wadhwa CNCF DevSecOps radar Links from the interview Dan Walsh Brent Baude SELinux Stop Disabling SELinux SELinux Sandbox Project Atomic Red Hat patches for container registry rejected by Docker Docker client/server model Red Hat’s container suite: Podman CRI-O Buildah containers/storage containers/image Skopeo Open Container Initiative (OCI) Podman features: Drop-in Docker replacement play kube, run a pod from YAML generate kube, make YAML from local containers Running rootless systemd integration Socket activated services podman-compose Podman in Podman Podman in Kubernetes Builder in a Boston accent containerd, CRI-O and Docker in Kubernetes “Podman Desktop” Docker changes desktop subscription model Podman on Mac Podman on Windows with WSL2 Remote client Notes from the recent Podman Cabal meeting Quay GitHub discussion Daniel Walsh on Twitter Brent Baude on Twitter

Prodfiler is a new tool that provides fleet-wide full-system continuous profiling. It is in some ways the second act of its co-creator Thomas Dullien, who is an internationally-renowned reverse engineer and vulnerability researcher under the name Halvar Flake. Thomas joins us to discuss his career, what you should profile in a distributed system, and why you can’t sell something with a negative cost. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Container blocakges Container houses News of the week Crossplane moves to incubation in CNCF: CNCF coverage Crossplane coverage Episode 141, with Daniel Mangum Backup for GKE Google Cloud Next session catalog is live Register here Kubernetes multi-cluster panel on October 6 GKE updates: publishing with Private Service Connect, CSI driver for Filestore GA, SSL policies & HTTPS redirects for multi-cluster Ingress Azurescape: attack on Azure Container Instances by Unit 42 at Palo Alto Networks CVE-2021-25741 for subpath mount symlink attack (High) CVE-2020-8561 for webhook response logging (Medium) NCC Group weighs in on NSA guidance Snyk raises $530m Episode 140, with Kamil Potrec Sqlcommenter merges with OpenTelemetry Kubermatic 2.18 and KubeOne 1.3 Episode 109, with Sebastian Scheele Tanzu Kubernetes Grid 1.4 5 years of Envoy OSS Episode 33, with Matt Klein Links from the interview Thomas Dullien/Halvar Flake Mathematik, with a K Stages of life vs. maths ability required, by Pearls of Raw Nerdism Vicky the Viking TV show Assembly Language Masterclass GEOS copy protection by Michael Stiel Time travel debugging “German hacker denied entrance into US for Black Hat training” Zynamics acquired by Google BinDiff BinNavi Project Zero “For whom?”, asked R Morris Sr. optimyze.cloud’s original business model Introducing Prodfiler Profiling The Datacenter As A Computer: An Introduction to the Design of Warehouse-Scale Machines Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers Dapper, a Large-Scale Distributed Systems Tracing Infrastructure and Jaeger The mystery of Kubelet eating CPU and IOPS Fortran Web Framework: it’s not irrelevant, really! Halvar Flake on Twitter

The most popular Ingress controller for Kubernetes is ingress-nginx, created in 2015 by Alejandro de Brito Fontes. Alejandro stepped down earlier this year, and the project is now maintained by a team including Ricardo Katz. Learn the history and what’s in the new 1.0 release from a pair of South American self-proclaimed sysadmins. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Zealand cinema worker left red-faced after voicemail blooper Uncensored version on TikTok News of the week Amazon EKS Anywhere is GA and EKS Connector is in preview CNI 1.0.1 Red Kubes makes Otomi self-service features free of charge Scale down mode and custom policy for Microsoft AKS k8ssandra moves from Helm to operator API server tracing in Kubernetes 1.22 by David Ashpole Episode 113 How Docker Broke In Half, by Scott Carey] Episode 156, with Sebastien Pahl Episode 110, with Adrian Ionel Links from the interview ingress-nginx Early computing IBM PC/XT Windows 95 Pinball Flight simulator easter egg in Excel 97 Slackware Bible Foca Linux History of Ingress Ingress announced in Kubernetes 1.1 CoreOS Fleet Service loadbalancer kube-haproxy-router Kubernetes Ingress proposal issue ingress-gce ingress-nginx: Alejandro’s proposal for ingress-nginx Original PR Alejandro’s bare metal cluster - then and now Ricardo’s early contributions Note that NGINX Inc. have their own Ingress controller, for the open source or commercial versions of NGINX Their comparison of the two versions Supporting open source: Alejandro steps down as ingress-nginx maintainer He actually tried earlier, but no-one else stepped up! Core Infrastructure Initiative fund for supporting the Internet xkcd on internet dependencies Episode 116, with Alex Ellis The future: ingress-nginx 1.0.0 NGINX Inc. commits more to open source Gateway API IngressClass and upgrades to the v1 Ingress API ModSecurity and Curiefense Alejandro de Brito Fontes on Twitter Ricardo Katz on Twitter

Adevinta is an online classified ads company, operating many local brands. Daniel Megyesi is a DevOps engineer at Adevinta and maintainer of their central big data and Machine Learning platform, Unicron. Learn why they wanted to replace Mesos, how they aligned their engineering efforts to do so, and the choices that had to be made to provide an easy experience for their data engineers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Dolores Park The Garden at Buckingham Palace The fire at Windsor Castle Most currencies featuring the same individual News of the week Docker updates subscription plan Google commits $10 billion to advance cybersecurity Detail blog from previous guests Eric Brewer and Dan Lorenc Episode 155, with Priya Wadhwa ingress-nginx 1.0.0 NGINX Inc. commits to open source OpenTelemetry moves to Incubation phase IBM open sources Tornjak Tornjak dog SUSE Rancher 2.6 VMware announces Tanzu Application Platform Infoworld coverage Rafay Systems raises $25 million Grafana Labs raises $220 million Episode 122, with Torkel Ödegaard Links from the interview April Fools Proxy Adevinta, the world’s largest online classifieds group after acquiring eBay’s classifieds division Spark, Mesos, Chronos, AWS EMR Introducing Unicron, our big data and Machine Learning platform by Daniel Megyesi Not the logo Gardener GKE Autopilot Argo CD and Argo Workfloads Spark Operator and Luigi 1:8 scale model DeLorean 1:2 scale model Terminator Infrastructure Adventures, Daniel’s blog Daniel Megyesi on LinkedIn

KEDA, the Kubernetes Event-Driven Autoscaler, is a project that adds superpowers to the Kubernetes horizontal pod autoscaler, including zero-to-one scaling. Celebrate KEDA reaching Incubation in the CNCF by listening to an interview with maintainer Tom Kerkhove from Codit. But first, learn about Craig’s worst concert experience. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Correction to Episode 158: Mike Richards is no longer host of Jeopardy! Troy meets LeVar Burton The Chase (USA) The Chase (UK) The Judds Charlie Watts: Rolling Stones drummer dies at 80 The Rolling Stones: A Bigger Bang tour Moving stage News of the week KEDA moves to CNCF Incubation Kubescape from ARMO Security GKE adds OIDC identity provider and gVNIC support Gloo Mesh 1.1 Istio security announcement Envoy security announcement Cron jobs and timezones in Kubernetes Links from the interview KEDA: Kubernetes Event-Driven Autoscaling Bruges Codit Azure Service Fabric Azure Cloud Services Horizontal pod autoscaler Custom metrics in HPA (added in Kubernetes 1.6) Promitor: bridge between Azure Monitor and Prometheus KEDA announcement from Microsoft Scaling a deployment Scalers Microsoft moves KEDA to the CNCF Sandbox External scalers KEP for adding scale-to-zero to HPA Knative scale to zero CNCF Sandbox announcement Versions 1.0 and 2.0 Users KEDA on GitHub Tom Kerkhove on Twitter and his blog

Kubernetes lets us manage our infrastructure declaratively, so why do we still manage the underlying OS with a myriad of different text files? And why allow shell and SSH access to a machine that should be immutable? So asked Andrew Rynhard before creating Talos, a Linux distribution built for Kubernetes. He’s now CTO of Talos Systems, a company founded to take it to market. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week 40 years of the IBM PC 5150 emulator and docs What was it like to use? Twitter thread about the cost of add-ons 41 years ago: the story of the creation of the PC DONKEY.BAS Play it on the 5150 emulator Learn about it Play it on the iPhone or Apple Watch Commodore 64 Wheel of Fortune Little Computer People C64 vs IBM advertising 6502 and derivative CPUs: the C64 used a 6510 Bender News of the week Litmus 2.0.0 Episode 56, with Evan Powell SPIRE security audit Episode 45, with Andrew Jessup Bovine by Nick Gerace Rust Cloud Native Verify GKE services are up with dedicated uptime checks LFX projects open for (Northern) Fall term Links from the interview Talos (the OS) Linux from Scratch Talos (the robot) COSI Comparing k3s to vanilla Kubernetes on Talos Talos announcement on Reddit and Hacker News Talos Systems Launch blog Brazilian jiu-jitsu COSI announcement from KubeCon EU 2021 Andrew Rynhard on Twitter

What is a telecommunications provider, if not a very distributed system? Kubernetes is becoming an important engine for the world’s telcos, especially as they roll out 5G. Vuk Gojnic leads the team rolling out Kubernetes across Deutsche Telekom (the parent company of T-Mobile), and he tells us how the worlds of telco and cloud have converged. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Jeopardy! hosts The Price Is Right Bob Barker in Happy Gilmore Spay and neuter your pets News of the week eBPF Foundation announcement Episode 91, with Leonardo Di Donato Episode 133, with Thomas Graf Istio 1.11 NSA & CISA release Kubernetes hardening guidance PDF link Google Cloud Service Discovery adds GKE auto-discovery Troubleshoot GKE faster with monitoring data in your logs Sysdig announces new Prometheus integrations Nirmata takes $4m in funding CNCF Survey, part 2 Links from the interview History of Montenegro Balkans region Postal, telegraph and telephone services Cafe del Montenegro “archeological remains” (archeological remains of original Cafe del Montenegro) CdM today Crnogorski Telekom Deutsche Telekom Crossbar switches O-RAN Software Community and source code Network function virtualization Natural selection Mobile base station DSLAM 5G Das blinkenlights Das Schiff Das Boot Cluster API Flux CD OpenStack Ironic mIRC Vuk Gojnic on Twitter

It’s Kubernetes release day! The team that launched v1.22 of everyone’s favourite cluster management software was led by Savitha Raghunathan, Senior Platform Engineer at MathWorks. Savitha joins host Craig Box to talk contribution, containers and cricket. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Life before smartphones Dark Sky, hyperlocal weather app Karl the Fog Universal Studios Kubeyland 2021 The Simpsons Ride News of the week Kubernetes 1.22 announcement Sign up for the 1.23 release team Linkerd graduates* in the CNCF Cosign 1.0 Episode 152, guest host Dan Lorenc Episode 155, with Priya Wadwha Cloud Native Rejekts CFP Episode 79, with Chris Kühl Introducing Koncrete by the Kalm team Nestybox adds Kubernetes support Curiefense adds NGINX support Replicated announces $50M Series C Episode 143, with Grant Miller Kubernetes platform updates: Deckhouse, by Flant, is GA Red Hat OpenShift 4.8 Rafay adds new features to Kubernetes Management Cloud Carvel Package Manager for Kubernetes Porter and seed funding announcement Links from the interview Chennai Super Kings Stephen Fleming; coach, A/C salesman and Yellow Wiggle Royal Challengers Bangalore MathWorks MATLAB Math vs maths? (Doesn’t actually matter; MATLAB is short for Matrix Laboratory) Savitha’s first contribution Kubernetes GitHub workflow and pull request guide Kubernetes 1.22 release announcement Release Team Loki and WandaVision Enhancements of note: Seccomp by default Rootless Kubelet Pod admission control Node swap support Windows privileged containers 1.21 release interview with Nabarun Pal Do, Delegate and Defer Release lead for 1.23: Rey Lejano In memoriam: Peeyush Gupta Donate to Peeyush’s Family Education Fund Coffee art Amigurumi Savitha’s cat Savitha Raghunathan on Twitter

Sebastien Pahl is a pioneer of container technology, building the predecessor to Docker as a co-founder of Dotcloud. After working at some big tech companies, he’s back to the startup life as co-founder of Opstrace, a fully open source observability distribution, built on top of the tools you know and love. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Pictograms Korea on Italy Pita Taufatofua, the oily Tongan Olympic drones Inclement weather: Tokyo New York City London News of the week Kubernetes 1.22 release candidates is out Episode 146, with Nabarun Pal Cloud Foundry Foundation releases v5 Episode 105, with Chip Childers Connaisseur 2.0.0 Episode 155, with Priya Wadwha Chaos Mesh 2.0.0 Episode 121, with Ed Huang Spectro Cloud raises $20m Series A Nominate yourself for the 1.23 Release Team Links from the interview EPITECH Solomon Hykes Departure blog Dotcloud Y Combinator $10m funding round Cloudflare Mesosphere HD-DVD and Betamax Operator Framework/Operator SDK Opstrace Prometheus Cortex Grafana Loki Grafana relicensing OpenMetrics and OpenTelemetry Matter, for smart home devices Opstrace on GitHub Sebastien Pahl on Twitter

The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Virgin Galactic launch NBC News BBC News Blue Origin launch NBC News BBC News Rocket scene from Austin Powers: The Spy Who Shagged Me The memes News of the week Google Cloud Container Security webinar Register for Google Cloud Next 2021 Google Cloud IDS Windows Server support for Anthos on-prem Multi-Cluster Ingress for GKE CVE-2021-22555: Kernel code execution through Netfilter bug CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding CVE-2021-32690: Helm repository credentials passed to alternate domain Attacks on Argo Workflows discovered by Intezer Sysdig acquires Apolicy; Apolicy acquired by Sysdig CockroachDB Operator for Kubernetes Automatic remediation of Kubernetes nodes at Cloudflare Sciuro Kured CNCF App Delivery TAG publishes operator whitepaper Links from the interview Software supply chain Know, Prevent, Fix Reproducible builds Debian Project SolarWinds hack US Executive Order on Improving the Nation’s Cybersecurity Binary Authorization Provenance, in art and software in-toto “Farm to table” sigstore Announcement blog cosign Announcement blog Dan Lorenc’s blog Connaisseur Rekor Fulcio Key signing ceremony: Dan Lorenc on Episode 152 Announcement blog Video Tekton Tekton Chains Announcement blog, by Priya & Dan SBOM (Software Bill of Materials) Open Source Insights Announcement blog Nine Inch Nails’ Year Zero ARG Scorecards Announcement blog v2 blog SLSA Announcement blog GitHub SupplyChainSecurityCon sigstore Slack channel Priya Wadhwa on Twitter