Kubernetes Podcast from Google

Anna Belak learned about containers and security as a Gartner industry analyst. She is now the Director of Thought Leadership at Sysdig, who have just published their latest annual Cloud Native Security and Usage Report. Anna joins Craig to dicuss the report’s findings. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Chaos Mesh moves to Incubation in CNCF Episode 121, with Ed Huang Google raises payouts for Kubernetes vulnerabilities 2021 VRP roundup Sysdig teams up with Snyk, Snyk teams up with Sysdig $25m investment in KubeCost Episode 124, with Webb Brown Links from the interview Sysdig Cloud Native Security and Usage Report 2022 The last time we had a materials engineer on the show Tricking a rock into thinking Why Software is Eating The World Can analysis be worthwhile? Is the theater really dead? Industry analysts Anna Belak at Gartner Doge. Much wow Sysdig $2.5 billion valuation Beginnings Source code Episode 91, with Leonardo Di Donato Tectonic Summit, 2015 Loris Degioanni Episode 137, with Michael Gerstenhaber Sysdig’s changing reports: 2017 2018 2019 2020 2021 GKE Autopilot Are we human, or are we dancer? Anna Belak on Twitter

We’re back for 2022 with a look at Rancher Desktop, which recently hit 1.0. Its creator, Matt Farina, is today’s guest. Matt is a Distinguished Engineer at SUSE, was a founding chair of Kubernetes SIG Apps, and was recently appointed to the CNCF TOC. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes: The Documentary Sysdig Cloud Native Security and Usage Report Rancher Desktop 1.0 Microshift from Red Hat Docker’s second fiscal year Solo announces Bumblebee Istio 1.13 IstioCon announcement Google Cloud Deploy GA GKE Cost Optimization Insights GA Anthos Service Mesh on GKE Autopilot cluster OpenMetrics moves to Incubation phase Episode 37, with Richard Hartmann CNCF archives the OpenTracing project Kubernetes policy management paper CNCF 2021 survey results Links from the interview Matt Farina General Dynamics Land Systems Drupal Palintir (not that one) HP donates patents to support Linux HP acquires Stackato Cloud Foundry distribution CNCF Landscape Or not Helm SIG Apps Artifact Hub) What is the Artifact Hub? Rancher Labs acquired by SUSE Episode 57, with Darren Shepherd Open source from SUSE/Rancher Rio Longhorn Epinio Kubewarden Rancher Desktop Announcement 1.0 release Slashes kube-solo nerdctl k3s and k3d Matt Farina joins the CNCF TOC Cloud Native Podcast Episode 102, with Matt Butcher Matt Farina on Twitter

Learn all about what’s new in today’s Kubernetes 1.23 with its release team lead, Rey Lejano. Rey is a Field Engineer at SUSE/Rancher Labs, and a contributor to the Docs, Release and Security SIGs. Long time listener Adam also drops by to ask Craig what’s been happening with the hiatus. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Ted Lasso Filming locations Knative applies to become a CNCF project Links from the interview African clawed frog Cross-fertilization and structural comparison of egg extracellular matrix glycoproteins from Xenopus laevis and Xenopus tropicalis ITIL RX-M 1.18 release team 1.23 release team Kubernetes 1.23: The Next Frontier Odd numbered Star Trek movies Star Trek V: The Final Frontier SIG Release Charter Enhancements: Dual stack IPv4/IPv6 - Stable Pod security admission - Beta TTL After Finished Controller - Stable Auto delete PVCs created by StatefulSets - Alpha Skip Volume Ownership Change - Stable Generic Ephemeral Inline Volumes CronJobs Deprecation of FlexVolumes Deprecation of klog flags HorizontalPodAutoscaler v2 API - Stable Ephemeral containers - Beta kubectl events improvements - Alpha Kubelet CRI support - Beta 1.22 interview with Savitha Raghunathan 1.24 lead: James Laverack Kubernetes Contributor Celebration Rey Lejano on Twitter

We celebrate the launch of Knative 1.0 with Ville Aikas, who has been with the project since the beginning. He was also with the Kubernetes team at the beginning, and thus we cannot resist a Pete Best comparison. We also celebrate Jimmy’s last show as our guest host with a rapid-fire Kubernetes quiz. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Jimmy graduates! CNCF Landscape The menu at the Cheesecake Factory In-n-Out Secret Menu Links from the interview Important programmers from Finland Paddington Bear University of Washington Google Voice Google Cloud Storage Read-after-write consistency The Fifth Beatle Knative Serving Eventing Build, which became Tekton Pipelines Did we market Knative wrong? by Ahmet Alp Balkan Duck typing Rubber duck debugging Extending Knative for Fun and Profit, by Matt Moore & Ville Aikas Subresources Proposal for custom subresources for CRDs Google Cloud Run IBM Cloud Code Engine Knative steering committee and technical oversight committee Great artists steal Chainguard Episode 152, guest hosted by Dan Lorenc Episode 47, with Kim Lewandowski SLSA Sigstore Ville to present at Knative community meetup on November 17 Craig presented Knative at the Kubernetes Colorado meetup in July 2018 Seattle Kraken Ville Aikas on Twitter

Jasmine James is an Engineering Manager within the Engineering Effectiveness organization at Twitter, focused on their internal developer experience. She is also the latest co-chair of KubeCon + CloudNativeCon, starting with the North America event last week. Jasmine joins us to talk about being in the same room as other people - up to 3,000 of them - for the first time in a long while. The cover art for this show is courtesy of the CNCF and licensed under CC-BY. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the last wee while KubeCon NA 2021 Google Cloud Next ‘21 SREcon21 William Shatner’s words after touching the edge of the final frontier Adele to release a new album Common People Shatner’s new album “Bill” News of the recent past Google Cloud Next: Google Distributed Cloud Edge and Hosted BigQuery Omni is GA Anthos for VMs Managed Service for Prometheus VMworld VMware Tanzu Community Edition Cartographer for supply chain choreography KubeCon + CloudNativeCon CNCF announces record number of new silver members KCNA entry-level certification Cilium joins the CNCF Triggermesh becomes open source Codefresh replatforms on upstream Argo Cloud Native security microsurvey results Introducing Chainguard Episode 152, guest hosted by Dan Lorenc Episode 47, with Kim Lewandowski Kubernetes documentary trailer Links from the interview Atlanta AT&T Delta Air Lines Avoiding the weeds in the Cloud Native Landscape at KubeCon NA 2018 Q&A with Jasmine James, newest KubeCon co-chair The selection process for KubeCon NA 2021 Upcoming CNCF events Co-co-chairs: Episode 117, with Constance Caramanolis Episode 130, with Stephen Augustus Keynotes of note: Three Developer Experience keynotes from Constance, Jasmine, and Robert Duffy A Vulnerable Tale about Burnout by Julia Simon The Road to Multicluster by Kaslin Fields Episode 62, with Ricardo Rocha, Lukas Heinrch and Clemens Lange Interaction wristbands Horseback riding and fishing Jasmine James on Twitter

Red Hat maintains a full set of container tools and libraries, bringing their pedigree in security and operating system engineering. The most notable of those tools, Podman, has had a surge in popularity this month, after Docker announced changes in their subscription model. Daniel Walsh leads the Red Hat containers team, and Brent Baude is the architect and primary maintainer of Podman. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Ira Glass in the wardrobe News of the week Announcing Google Cloud Deploy DORA Accelerate State of DevOps 2021 report Mirantis Flow “reinvents the datacenter” Episode 110, with Adrian Ionel Deis Labs introduces Hippo Accelerating new features in Docker Desktop Distroless builds are now SLSA 2 Episode 155, with Priya Wadhwa CNCF DevSecOps radar Links from the interview Dan Walsh Brent Baude SELinux Stop Disabling SELinux SELinux Sandbox Project Atomic Red Hat patches for container registry rejected by Docker Docker client/server model Red Hat’s container suite: Podman CRI-O Buildah containers/storage containers/image Skopeo Open Container Initiative (OCI) Podman features: Drop-in Docker replacement play kube, run a pod from YAML generate kube, make YAML from local containers Running rootless systemd integration Socket activated services podman-compose Podman in Podman Podman in Kubernetes Builder in a Boston accent containerd, CRI-O and Docker in Kubernetes “Podman Desktop” Docker changes desktop subscription model Podman on Mac Podman on Windows with WSL2 Remote client Notes from the recent Podman Cabal meeting Quay GitHub discussion Daniel Walsh on Twitter Brent Baude on Twitter

Prodfiler is a new tool that provides fleet-wide full-system continuous profiling. It is in some ways the second act of its co-creator Thomas Dullien, who is an internationally-renowned reverse engineer and vulnerability researcher under the name Halvar Flake. Thomas joins us to discuss his career, what you should profile in a distributed system, and why you can’t sell something with a negative cost. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Container blocakges Container houses News of the week Crossplane moves to incubation in CNCF: CNCF coverage Crossplane coverage Episode 141, with Daniel Mangum Backup for GKE Google Cloud Next session catalog is live Register here Kubernetes multi-cluster panel on October 6 GKE updates: publishing with Private Service Connect, CSI driver for Filestore GA, SSL policies & HTTPS redirects for multi-cluster Ingress Azurescape: attack on Azure Container Instances by Unit 42 at Palo Alto Networks CVE-2021-25741 for subpath mount symlink attack (High) CVE-2020-8561 for webhook response logging (Medium) NCC Group weighs in on NSA guidance Snyk raises $530m Episode 140, with Kamil Potrec Sqlcommenter merges with OpenTelemetry Kubermatic 2.18 and KubeOne 1.3 Episode 109, with Sebastian Scheele Tanzu Kubernetes Grid 1.4 5 years of Envoy OSS Episode 33, with Matt Klein Links from the interview Thomas Dullien/Halvar Flake Mathematik, with a K Stages of life vs. maths ability required, by Pearls of Raw Nerdism Vicky the Viking TV show Assembly Language Masterclass GEOS copy protection by Michael Stiel Time travel debugging “German hacker denied entrance into US for Black Hat training” Zynamics acquired by Google BinDiff BinNavi Project Zero “For whom?”, asked R Morris Sr. optimyze.cloud’s original business model Introducing Prodfiler Profiling The Datacenter As A Computer: An Introduction to the Design of Warehouse-Scale Machines Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers Dapper, a Large-Scale Distributed Systems Tracing Infrastructure and Jaeger The mystery of Kubelet eating CPU and IOPS Fortran Web Framework: it’s not irrelevant, really! Halvar Flake on Twitter

The most popular Ingress controller for Kubernetes is ingress-nginx, created in 2015 by Alejandro de Brito Fontes. Alejandro stepped down earlier this year, and the project is now maintained by a team including Ricardo Katz. Learn the history and what’s in the new 1.0 release from a pair of South American self-proclaimed sysadmins. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week New Zealand cinema worker left red-faced after voicemail blooper Uncensored version on TikTok News of the week Amazon EKS Anywhere is GA and EKS Connector is in preview CNI 1.0.1 Red Kubes makes Otomi self-service features free of charge Scale down mode and custom policy for Microsoft AKS k8ssandra moves from Helm to operator API server tracing in Kubernetes 1.22 by David Ashpole Episode 113 How Docker Broke In Half, by Scott Carey] Episode 156, with Sebastien Pahl Episode 110, with Adrian Ionel Links from the interview ingress-nginx Early computing IBM PC/XT Windows 95 Pinball Flight simulator easter egg in Excel 97 Slackware Bible Foca Linux History of Ingress Ingress announced in Kubernetes 1.1 CoreOS Fleet Service loadbalancer kube-haproxy-router Kubernetes Ingress proposal issue ingress-gce ingress-nginx: Alejandro’s proposal for ingress-nginx Original PR Alejandro’s bare metal cluster - then and now Ricardo’s early contributions Note that NGINX Inc. have their own Ingress controller, for the open source or commercial versions of NGINX Their comparison of the two versions Supporting open source: Alejandro steps down as ingress-nginx maintainer He actually tried earlier, but no-one else stepped up! Core Infrastructure Initiative fund for supporting the Internet xkcd on internet dependencies Episode 116, with Alex Ellis The future: ingress-nginx 1.0.0 NGINX Inc. commits more to open source Gateway API IngressClass and upgrades to the v1 Ingress API ModSecurity and Curiefense Alejandro de Brito Fontes on Twitter Ricardo Katz on Twitter

Adevinta is an online classified ads company, operating many local brands. Daniel Megyesi is a DevOps engineer at Adevinta and maintainer of their central big data and Machine Learning platform, Unicron. Learn why they wanted to replace Mesos, how they aligned their engineering efforts to do so, and the choices that had to be made to provide an easy experience for their data engineers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Dolores Park The Garden at Buckingham Palace The fire at Windsor Castle Most currencies featuring the same individual News of the week Docker updates subscription plan Google commits $10 billion to advance cybersecurity Detail blog from previous guests Eric Brewer and Dan Lorenc Episode 155, with Priya Wadhwa ingress-nginx 1.0.0 NGINX Inc. commits to open source OpenTelemetry moves to Incubation phase IBM open sources Tornjak Tornjak dog SUSE Rancher 2.6 VMware announces Tanzu Application Platform Infoworld coverage Rafay Systems raises $25 million Grafana Labs raises $220 million Episode 122, with Torkel Ödegaard Links from the interview April Fools Proxy Adevinta, the world’s largest online classifieds group after acquiring eBay’s classifieds division Spark, Mesos, Chronos, AWS EMR Introducing Unicron, our big data and Machine Learning platform by Daniel Megyesi Not the logo Gardener GKE Autopilot Argo CD and Argo Workfloads Spark Operator and Luigi 1:8 scale model DeLorean 1:2 scale model Terminator Infrastructure Adventures, Daniel’s blog Daniel Megyesi on LinkedIn

KEDA, the Kubernetes Event-Driven Autoscaler, is a project that adds superpowers to the Kubernetes horizontal pod autoscaler, including zero-to-one scaling. Celebrate KEDA reaching Incubation in the CNCF by listening to an interview with maintainer Tom Kerkhove from Codit. But first, learn about Craig’s worst concert experience. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Correction to Episode 158: Mike Richards is no longer host of Jeopardy! Troy meets LeVar Burton The Chase (USA) The Chase (UK) The Judds Charlie Watts: Rolling Stones drummer dies at 80 The Rolling Stones: A Bigger Bang tour Moving stage News of the week KEDA moves to CNCF Incubation Kubescape from ARMO Security GKE adds OIDC identity provider and gVNIC support Gloo Mesh 1.1 Istio security announcement Envoy security announcement Cron jobs and timezones in Kubernetes Links from the interview KEDA: Kubernetes Event-Driven Autoscaling Bruges Codit Azure Service Fabric Azure Cloud Services Horizontal pod autoscaler Custom metrics in HPA (added in Kubernetes 1.6) Promitor: bridge between Azure Monitor and Prometheus KEDA announcement from Microsoft Scaling a deployment Scalers Microsoft moves KEDA to the CNCF Sandbox External scalers KEP for adding scale-to-zero to HPA Knative scale to zero CNCF Sandbox announcement Versions 1.0 and 2.0 Users KEDA on GitHub Tom Kerkhove on Twitter and his blog